Security update for the Linux Kernel
| Announcement ID: | SUSE-SU-2018:1849-1 |
| Rating: | important |
| References: | #1065600 #1068032 #1075091 #1075994 #1087086 #1087088 #1096140 #1096242 #1096281 |
| Affected Products: |
An update that solves one vulnerability and has 8 fixes is now available.
Description:
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
various security and bugfixes.
The following security bug was fixed:
- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and
AVX registers) between processes. These registers might contain
encryption keys when doing SSE accelerated AES enc/decryption
(bsc#1087086)
The following non-security bugs were fixed:
- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure
(bsc#1096242, bsc#1096281).
- Xen counterparts of eager FPU implementation.
- x86/boot: Fix early command-line parsing when partial word matches
(bsc#1096140).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being
disabled (bsc#1096140).
- xen/x86/CPU: Check speculation control CPUID bit (bsc#1068032).
- xen/x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
- xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994
bsc#1075091).
- xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the
'clearcpuid=' command-line option (bsc#1065600).
- xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
- xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032).
- xen/x86/idle: Toggle IBRS when going idle (bsc#1068032).
- xen/x86/kaiser: Move feature detection up (bsc#1068032).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-kernel-default-13684=1 - SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-default-13684=1 - SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-kernel-default-13684=1 - SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-kernel-default-13684=1
Package List:
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
- kernel-default-3.0.101-0.47.106.35.1
- kernel-default-base-3.0.101-0.47.106.35.1
- kernel-default-devel-3.0.101-0.47.106.35.1
- kernel-source-3.0.101-0.47.106.35.1
- kernel-syms-3.0.101-0.47.106.35.1
- kernel-trace-3.0.101-0.47.106.35.1
- kernel-trace-base-3.0.101-0.47.106.35.1
- kernel-trace-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):
- kernel-ec2-3.0.101-0.47.106.35.1
- kernel-ec2-base-3.0.101-0.47.106.35.1
- kernel-ec2-devel-3.0.101-0.47.106.35.1
- kernel-xen-3.0.101-0.47.106.35.1
- kernel-xen-base-3.0.101-0.47.106.35.1
- kernel-xen-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):
- kernel-bigsmp-3.0.101-0.47.106.35.1
- kernel-bigsmp-base-3.0.101-0.47.106.35.1
- kernel-bigsmp-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):
- kernel-default-man-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586):
- kernel-pae-3.0.101-0.47.106.35.1
- kernel-pae-base-3.0.101-0.47.106.35.1
- kernel-pae-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
- kernel-default-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
- kernel-xen-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
- kernel-bigsmp-extra-3.0.101-0.47.106.35.1
- kernel-trace-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
- kernel-ppc64-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
- kernel-pae-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
- kernel-default-3.0.101-0.47.106.35.1
- kernel-default-base-3.0.101-0.47.106.35.1
- kernel-default-devel-3.0.101-0.47.106.35.1
- kernel-ec2-3.0.101-0.47.106.35.1
- kernel-ec2-base-3.0.101-0.47.106.35.1
- kernel-ec2-devel-3.0.101-0.47.106.35.1
- kernel-pae-3.0.101-0.47.106.35.1
- kernel-pae-base-3.0.101-0.47.106.35.1
- kernel-pae-devel-3.0.101-0.47.106.35.1
- kernel-source-3.0.101-0.47.106.35.1
- kernel-syms-3.0.101-0.47.106.35.1
- kernel-trace-3.0.101-0.47.106.35.1
- kernel-trace-base-3.0.101-0.47.106.35.1
- kernel-trace-devel-3.0.101-0.47.106.35.1
- kernel-xen-3.0.101-0.47.106.35.1
- kernel-xen-base-3.0.101-0.47.106.35.1
- kernel-xen-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
- kernel-default-debuginfo-3.0.101-0.47.106.35.1
- kernel-default-debugsource-3.0.101-0.47.106.35.1
- kernel-trace-debuginfo-3.0.101-0.47.106.35.1
- kernel-trace-debugsource-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):
- kernel-ec2-debuginfo-3.0.101-0.47.106.35.1
- kernel-ec2-debugsource-3.0.101-0.47.106.35.1
- kernel-xen-debuginfo-3.0.101-0.47.106.35.1
- kernel-xen-debugsource-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):
- kernel-bigsmp-debuginfo-3.0.101-0.47.106.35.1
- kernel-bigsmp-debugsource-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586):
- kernel-pae-debuginfo-3.0.101-0.47.106.35.1
- kernel-pae-debugsource-3.0.101-0.47.106.35.1
References:
- https://www.suse.com/security/cve/CVE-2018-3665.html
- https://bugzilla.suse.com/1065600
- https://bugzilla.suse.com/1068032
- https://bugzilla.suse.com/1075091
- https://bugzilla.suse.com/1075994
- https://bugzilla.suse.com/1087086
- https://bugzilla.suse.com/1087088
- https://bugzilla.suse.com/1096140
- https://bugzilla.suse.com/1096242
- https://bugzilla.suse.com/1096281
SAP-Lösungen ausführen
SUSE for Public Cloud
Security
