Security update for the Linux Kernel
SUSE Security Update: Security update for the Linux Kernel| Announcement ID: | SUSE-SU-2021:0737-1 |
| Rating: | important |
| References: | #1065600 #1163617 #1170442 #1176855 #1179082 #1179428 #1179660 #1180058 #1180262 #1180964 #1181671 #1181747 #1181753 #1181843 #1181854 #1182047 #1182130 #1182140 #1182175 |
| Cross-References: | CVE-2020-29368 CVE-2020-29374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 |
| Affected Products: |
|
An update that solves 5 vulnerabilities and has 14 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
- btrfs: Cleanup try_flush_qgroup (bsc#1182047).
- btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve (bsc#1182130)
- btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).
- Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ("rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).")
- libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442).
- net: bcmgenet: add support for ethtool rxnfc flows (git-fixes).
- net: bcmgenet: code movement (git-fixes).
- net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes).
- net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).
- net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).
- net: bcmgenet: set Rx mode before starting netif (git-fixes).
- net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes).
- net: bcmgenet: Use correct I/O accessors (git-fixes).
- net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).
- net/mlx4_en: Handle TX error CQE (bsc#1181854).
- net: moxa: Fix a potential double 'free_irq()' (git-fixes).
- net: sun: fix missing release regions in cas_init_one() (git-fixes).
- nvme-multipath: Early exit if no path is available (bsc#1180964).
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617).
- usb: dwc2: Abort transaction after errors with unknown reason (bsc#1180262).
- usb: dwc2: Do not update data length if it is 0 on inbound transfers (bsc#1180262).
- usb: dwc2: Make "trimming xfer length" a debug message (bsc#1180262).
- vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
- xen/netback: fix spurious event detection for common event case (bsc#1182175).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-737=1 - SUSE Manager Retail Branch Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-737=1 - SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-737=1 - SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-737=1 - SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-737=1 - SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-737=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-737=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-737=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-737=1 - SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-737=1 - SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-737=1 - SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
Package List:
- SUSE Manager Server 4.0 (ppc64le s390x x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- reiserfs-kmp-default-4.12.14-197.86.1
- reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Manager Server 4.0 (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE Manager Server 4.0 (s390x):
- kernel-default-man-4.12.14-197.86.1
- kernel-zfcpdump-debuginfo-4.12.14-197.86.1
- kernel-zfcpdump-debugsource-4.12.14-197.86.1
- SUSE Manager Retail Branch Server 4.0 (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE Manager Retail Branch Server 4.0 (x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- reiserfs-kmp-default-4.12.14-197.86.1
- reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Manager Proxy 4.0 (x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- reiserfs-kmp-default-4.12.14-197.86.1
- reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Manager Proxy 4.0 (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- reiserfs-kmp-default-4.12.14-197.86.1
- reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- reiserfs-kmp-default-4.12.14-197.86.1
- reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
- kernel-default-man-4.12.14-197.86.1
- kernel-zfcpdump-debuginfo-4.12.14-197.86.1
- kernel-zfcpdump-debugsource-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- reiserfs-kmp-default-4.12.14-197.86.1
- reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-livepatch-4.12.14-197.86.1
- kernel-default-livepatch-devel-4.12.14-197.86.1
- kernel-livepatch-4_12_14-197_86-default-1-3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
- cluster-md-kmp-default-4.12.14-197.86.1
- cluster-md-kmp-default-debuginfo-4.12.14-197.86.1
- dlm-kmp-default-4.12.14-197.86.1
- dlm-kmp-default-debuginfo-4.12.14-197.86.1
- gfs2-kmp-default-4.12.14-197.86.1
- gfs2-kmp-default-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- ocfs2-kmp-default-4.12.14-197.86.1
- ocfs2-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- reiserfs-kmp-default-4.12.14-197.86.1
- reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Enterprise Storage 6 (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE CaaS Platform 4.0 (noarch):
- kernel-devel-4.12.14-197.86.1
- kernel-docs-4.12.14-197.86.1
- kernel-macros-4.12.14-197.86.1
- kernel-source-4.12.14-197.86.1
- SUSE CaaS Platform 4.0 (x86_64):
- kernel-default-4.12.14-197.86.1
- kernel-default-base-4.12.14-197.86.1
- kernel-default-base-debuginfo-4.12.14-197.86.1
- kernel-default-debuginfo-4.12.14-197.86.1
- kernel-default-debugsource-4.12.14-197.86.1
- kernel-default-devel-4.12.14-197.86.1
- kernel-default-devel-debuginfo-4.12.14-197.86.1
- kernel-obs-build-4.12.14-197.86.1
- kernel-obs-build-debugsource-4.12.14-197.86.1
- kernel-syms-4.12.14-197.86.1
- reiserfs-kmp-default-4.12.14-197.86.1
- reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
References:
- https://www.suse.com/security/cve/CVE-2020-29368.html
- https://www.suse.com/security/cve/CVE-2020-29374.html
- https://www.suse.com/security/cve/CVE-2021-26930.html
- https://www.suse.com/security/cve/CVE-2021-26931.html
- https://www.suse.com/security/cve/CVE-2021-26932.html
- https://bugzilla.suse.com/1065600
- https://bugzilla.suse.com/1163617
- https://bugzilla.suse.com/1170442
- https://bugzilla.suse.com/1176855
- https://bugzilla.suse.com/1179082
- https://bugzilla.suse.com/1179428
- https://bugzilla.suse.com/1179660
- https://bugzilla.suse.com/1180058
- https://bugzilla.suse.com/1180262
- https://bugzilla.suse.com/1180964
- https://bugzilla.suse.com/1181671
- https://bugzilla.suse.com/1181747
- https://bugzilla.suse.com/1181753
- https://bugzilla.suse.com/1181843
- https://bugzilla.suse.com/1181854
- https://bugzilla.suse.com/1182047
- https://bugzilla.suse.com/1182130
- https://bugzilla.suse.com/1182140
- https://bugzilla.suse.com/1182175
Ejecute Soluciones SAP
Nube pública
Security
