Security update for the Linux Kernel

Announcement ID: SUSE-SU-2018:0525-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2015-1142857 ( SUSE ): 4.8 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-13215 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2017-13215 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-17741 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2017-17741 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-17805 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2017-17805 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-17805 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-17806 ( SUSE ): 3.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
  • CVE-2017-17806 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-17806 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-18079 ( SUSE ): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2017-18079 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-18079 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-5715 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-1000004 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1000004 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • Public Cloud Module 12
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE OpenStack Cloud 6

An update that solves eight vulnerabilities and has 19 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).

The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines".

  • CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).
  • CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355).
  • CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311).
  • CVE-2017-13215: Prevent elevation of privilege (bnc#1075908).
  • CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017).
  • CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874).
  • CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792).

The following non-security bugs were fixed:

  • NFS: only invalidate dentrys that are clearly invalid (bsc#1047118).
  • bcache.txt: standardize document format (bsc#1076110).
  • bcache: Abstract out stuff needed for sorting (bsc#1076110).
  • bcache: Add a cond_resched() call to gc (bsc#1076110).
  • bcache: Add a real GC_MARK_RECLAIMABLE (bsc#1076110).
  • bcache: Add bch_bkey_equal_header() (bsc#1076110).
  • bcache: Add bch_btree_keys_u64s_remaining() (bsc#1076110).
  • bcache: Add bch_keylist_init_single() (bsc#1047626).
  • bcache: Add btree_insert_node() (bnc#951638).
  • bcache: Add btree_map() functions (bsc#1047626).
  • bcache: Add btree_node_write_sync() (bsc#1076110).
  • bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
  • bcache: Add make_btree_freeing_key() (bsc#1076110).
  • bcache: Add on error panic/unregister setting (bsc#1047626).
  • bcache: Add struct bset_sort_state (bsc#1076110).
  • bcache: Add struct btree_keys (bsc#1076110).
  • bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110).
  • bcache: Avoid deadlocking in garbage collection (bsc#1076110).
  • bcache: Avoid nested function definition (bsc#1076110).
  • bcache: Better alloc tracepoints (bsc#1076110).
  • bcache: Better full stripe scanning (bsc#1076110).
  • bcache: Bkey indexing renaming (bsc#1076110).
  • bcache: Break up struct search (bsc#1076110).
  • bcache: Btree verify code improvements (bsc#1076110).
  • bcache: Bypass torture test (bsc#1076110).
  • bcache: Change refill_dirty() to always scan entire disk if necessary (bsc#1076110).
  • bcache: Clean up cache_lookup_fn (bsc#1076110).
  • bcache: Clean up keylist code (bnc#951638).
  • bcache: Convert bch_btree_insert() to bch_btree_map_leaf_nodes() (bsc#1076110).
  • bcache: Convert bch_btree_read_async() to bch_btree_map_keys() (bsc#1076110).
  • bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638).
  • bcache: Convert btree_iter to struct btree_keys (bsc#1076110).
  • bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
  • bcache: Convert debug code to btree_keys (bsc#1076110).
  • bcache: Convert gc to a kthread (bsc#1047626).
  • bcache: Convert sorting to btree_keys (bsc#1076110).
  • bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
  • bcache: Convert writeback to a kthread (bsc#1076110).
  • bcache: Correct return value for sysfs attach errors (bsc#1076110).
  • bcache: Debug code improvements (bsc#1076110).
  • bcache: Delete some slower inline asm (bsc#1047626).
  • bcache: Do bkey_put() in btree_split() error path (bsc#1076110).
  • bcache: Do not bother with bucket refcount for btree node allocations (bsc#1076110).
  • bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110).
  • bcache: Do not return -EINTR when insert finished (bsc#1076110).
  • bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110).
  • bcache: Do not use op->insert_collision (bsc#1076110).
  • bcache: Drop some closure stuff (bsc#1076110).
  • bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).
  • bcache: Explicitly track btree node's parent (bnc#951638).
  • bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).
  • bcache: Fix a bug when detaching (bsc#951638).
  • bcache: Fix a journal replay bug (bsc#1076110).
  • bcache: Fix a journalling performance bug (bnc#893777).
  • bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).
  • bcache: Fix a lockdep splat (bnc#893777).
  • bcache: Fix a lockdep splat in an error path (bnc#951638).
  • bcache: Fix a null ptr deref in journal replay (bsc#1047626).
  • bcache: Fix a race when freeing btree nodes (bsc#1076110).
  • bcache: Fix a shutdown bug (bsc#951638).
  • bcache: Fix an infinite loop in journal replay (bsc#1047626).
  • bcache: Fix another bug recovering from unclean shutdown (bsc#1076110).
  • bcache: Fix another compiler warning on m68k (bsc#1076110).
  • bcache: Fix auxiliary search trees for key size greater than cacheline size (bsc#1076110).
  • bcache: Fix bch_ptr_bad() (bsc#1047626).
  • bcache: Fix building error on MIPS (bsc#1076110).
  • bcache: Fix dirty_data accounting (bsc#1076110).
  • bcache: Fix discard granularity (bsc#1047626).
  • bcache: Fix flash_dev_cache_miss() for real this time (bsc#1076110).
  • bcache: Fix for can_attach_cache() (bsc#1047626).
  • bcache: Fix heap_peek() macro (bsc#1047626).
  • bcache: Fix leak of bdev reference (bsc#1076110).
  • bcache: Fix more early shutdown bugs (bsc#951638).
  • bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110).
  • bcache: Fix moving_pred() (bsc#1047626).
  • bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
  • bcache: Fix to remove the rcu_sched stalls (bsc#1047626).
  • bcache: Have btree_split() insert into parent directly (bsc#1076110).
  • bcache: Improve bucket_prio() calculation (bsc#1047626).
  • bcache: Improve priority_stats (bsc#1047626).
  • bcache: Incremental gc (bsc#1076110).
  • bcache: Insert multiple keys at a time (bnc#951638).
  • bcache: Kill bch_next_recurse_key() (bsc#1076110).
  • bcache: Kill btree_io_wq (bsc#1076110).
  • bcache: Kill bucket->gc_gen (bsc#1076110).
  • bcache: Kill dead cgroup code (bsc#1076110).
  • bcache: Kill op->cl (bsc#1076110).
  • bcache: Kill op->replace (bsc#1076110).
  • bcache: Kill sequential_merge option (bsc#1076110).
  • bcache: Kill unaligned bvec hack (bsc#1076110).
  • bcache: Kill unused freelist (bsc#1076110).
  • bcache: Make bch_keylist_realloc() take u64s, not nptrs (bsc#1076110).
  • bcache: Make gc wakeup sane, remove set_task_state() (bsc#1076110).
  • bcache: Minor btree cache fix (bsc#1047626).
  • bcache: Minor fixes from kbuild robot (bsc#1076110).
  • bcache: Move insert_fixup() to btree_keys_ops (bsc#1076110).
  • bcache: Move keylist out of btree_op (bsc#1047626).
  • bcache: Move sector allocator to alloc.c (bsc#1076110).
  • bcache: Move some stuff to btree.c (bsc#1076110).
  • bcache: Move spinlock into struct time_stats (bsc#1076110).
  • bcache: New writeback PD controller (bsc#1047626).
  • bcache: PRECEDING_KEY() (bsc#1047626).
  • bcache: Performance fix for when journal entry is full (bsc#1047626).
  • bcache: Prune struct btree_op (bsc#1076110).
  • bcache: Pull on disk data structures out into a separate header (bsc#1076110).
  • bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power of two (bsc#1076110).
  • bcache: Really show state of work pending bit (bsc#1076110).
  • bcache: Refactor bset_tree sysfs stats (bsc#1076110).
  • bcache: Refactor journalling flow control (bnc#951638).
  • bcache: Refactor read request code a bit (bsc#1076110).
  • bcache: Refactor request_write() (bnc#951638).
  • bcache: Remove deprecated create_workqueue (bsc#1076110).
  • bcache: Remove redundant block_size assignment (bsc#1047626).
  • bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).
  • bcache: Remove redundant set_capacity (bsc#1076110).
  • bcache: Remove unnecessary check in should_split() (bsc#1076110).
  • bcache: Remove/fix some header dependencies (bsc#1047626).
  • bcache: Rename/shuffle various code around (bsc#1076110).
  • bcache: Rework allocator reserves (bsc#1076110).
  • bcache: Rework btree cache reserve handling (bsc#1076110).
  • bcache: Split out sort_extent_cmp() (bsc#1076110).
  • bcache: Stripe size isn't necessarily a power of two (bnc#893949).
  • bcache: Trivial error handling fix (bsc#1047626).
  • bcache: Update continue_at() documentation (bsc#1076110).
  • bcache: Use a mempool for mergesort temporary space (bsc#1076110).
  • bcache: Use blkdev_issue_discard() (bnc#951638).
  • bcache: Use ida for bcache block dev minor (bsc#1047626).
  • bcache: Use uninterruptible sleep in writeback (bsc#1076110).
  • bcache: Zero less memory (bsc#1076110).
  • bcache: add a comment in journal bucket reading (bsc#1076110).
  • bcache: add mutex lock for bch_is_open (bnc#902893).
  • bcache: allows use of register in udev to avoid "device_busy" error (bsc#1047626).
  • bcache: bcache_write tracepoint was crashing (bsc#1076110).
  • bcache: bch_(btree|extent)_ptr_invalid() (bsc#1076110).
  • bcache: bch_allocator_thread() is not freezable (bsc#1047626).
  • bcache: bch_gc_thread() is not freezable (bsc#1047626).
  • bcache: bch_writeback_thread() is not freezable (bsc#1076110).
  • bcache: btree locking rework (bsc#1076110).
  • bcache: bugfix - gc thread now gets woken when cache is full (bsc#1047626).
  • bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).
  • bcache: bugfix for race between moving_gc and bucket_invalidate (bsc#1076110).
  • bcache: check ca->alloc_thread initialized before wake up it (bsc#1076110).
  • bcache: check return value of register_shrinker (bsc#1076110).
  • bcache: cleaned up error handling around register_cache() (bsc#1047626).
  • bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device (bsc#1047626).
  • bcache: correct cache_dirty_target in __update_writeback_rate() (bsc#1076110).
  • bcache: defensively handle format strings (bsc#1047626).
  • bcache: do not embed 'return' statements in closure macros (bsc#1076110).
  • bcache: do not subtract sectors_to_gc for bypassed IO (bsc#1076110).
  • bcache: do not write back data if reading it failed (bsc#1076110).
  • bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110).
  • bcache: documentation updates and corrections (bsc#1076110).
  • bcache: explicitly destroy mutex while exiting (bsc#1076110).
  • bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED (bsc#1047626).
  • bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).
  • bcache: fix a livelock when we cause a huge number of cache misses (bsc#1047626).
  • bcache: fix bch_hprint crash and improve output (bsc#1076110).
  • bcache: fix crash in bcache_btree_node_alloc_fail tracepoint (bsc#1047626).
  • bcache: fix crash on shutdown in passthrough mode (bsc#1076110).
  • bcache: fix for gc and write-back race (bsc#1076110).
  • bcache: fix for gc and writeback race (bsc#1047626).
  • bcache: fix for gc crashing when no sectors are used (bsc#1047626).
  • bcache: fix race of writeback thread starting before complete initialization (bsc#1076110).
  • bcache: fix sequential large write IO bypass (bsc#1076110).
  • bcache: fix sparse non static symbol warning (bsc#1076110).
  • bcache: fix typo in bch_bkey_equal_header (bsc#1076110).
  • bcache: fix uninterruptible sleep in writeback thread (bsc#1076110).
  • bcache: fix use-after-free in btree_gc_coalesce() (bsc#1076110).
  • bcache: fix wrong cache_misses statistics (bsc#1076110).
  • bcache: gc does not work when triggering by manual command (bsc#1076110).
  • bcache: implement PI controller for writeback rate (bsc#1076110).
  • bcache: increase the number of open buckets (bsc#1076110).
  • bcache: initialize dirty stripes in flash_dev_run() (bsc#1076110).
  • bcache: kill closure locking code (bsc#1076110).
  • bcache: kill closure locking usage (bnc#951638).
  • bcache: kill index() (bsc#1047626).
  • bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110).
  • bcache: only permit to recovery read error when cache device is clean (bsc#1076110).
  • bcache: partition support: add 16 minors per bcacheN device (bsc#1076110).
  • bcache: pr_err: more meaningful error message when nr_stripes is invalid (bsc#1076110).
  • bcache: prevent crash on changing writeback_running (bsc#1076110).
  • bcache: rearrange writeback main thread ratelimit (bsc#1076110).
  • bcache: recover data from backing when data is clean (bsc#1076110).
  • bcache: register_bcache(): call blkdev_put() when cache_alloc() fails (bsc#1047626).
  • bcache: remove nested function usage (bsc#1076110).
  • bcache: remove unused parameter (bsc#1076110).
  • bcache: rewrite multiple partitions support (bsc#1076110).
  • bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).
  • bcache: silence static checker warning (bsc#1076110).
  • bcache: smooth writeback rate control (bsc#1076110).
  • bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).
  • bcache: try to set b->parent properly (bsc#1076110).
  • bcache: update bch_bkey_try_merge (bsc#1076110).
  • bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110).
  • bcache: update bucket_in_use in real time (bsc#1076110).
  • bcache: update document info (bsc#1076110).
  • bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).
  • bcache: use kvfree() in various places (bsc#1076110).
  • bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110).
  • bcache: wait for buckets when allocating new btree root (bsc#1076110).
  • bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).
  • bcache: writeback rate shouldn't artifically clamp (bsc#1076110).
  • block: bump BLK_DEF_MAX_SECTORS to 2560 (bsc#1073246)
  • fork: clear thread stack upon allocation (bsc#1077560).
  • gcov: disable for COMPILE_TEST (bnc#1012382).
  • kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).
  • md: more open-coded offset_in_page() (bsc#1076110).
  • nfsd: do not share group_info among threads (bsc@1070623).
  • powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1077182).
  • powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1077182).
  • powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1077182).
  • powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1077182).
  • powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1077182).
  • powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1077182).
  • powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1077182).
  • powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1077182).
  • powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1077182).
  • powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).
  • powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1077182).
  • powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1077182).
  • powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags > wrapper (bsc#1068032, bsc#1077182).
  • powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1077182).
  • powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1077182).
  • powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1077182).
  • powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1077182).
  • powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1077182).
  • powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1077182).
  • storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075411).
  • sysfs/cpu: Add vulnerability folder (bnc#1012382).
  • sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
  • x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
  • x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).
  • x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).
  • x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).
  • x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).
  • x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032).
  • x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091).
  • x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE OpenStack Cloud 6
    zypper in -t patch SUSE-OpenStack-Cloud-6-2018-348=1
  • Public Cloud Module 12
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-348=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
    zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-348=1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-348=1

Package List:

  • SUSE OpenStack Cloud 6 (nosrc x86_64)
    • kernel-default-3.12.74-60.64.82.1
    • kernel-xen-3.12.74-60.64.82.1
  • SUSE OpenStack Cloud 6 (x86_64)
    • kernel-xen-devel-3.12.74-60.64.82.1
    • kernel-default-base-debuginfo-3.12.74-60.64.82.1
    • kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1
    • kernel-default-debugsource-3.12.74-60.64.82.1
    • kernel-default-devel-3.12.74-60.64.82.1
    • kernel-xen-base-3.12.74-60.64.82.1
    • kernel-syms-3.12.74-60.64.82.1
    • kernel-xen-base-debuginfo-3.12.74-60.64.82.1
    • kernel-xen-debuginfo-3.12.74-60.64.82.1
    • kernel-xen-debugsource-3.12.74-60.64.82.1
    • kernel-default-base-3.12.74-60.64.82.1
    • kgraft-patch-3_12_74-60_64_82-default-1-2.9.1
    • kernel-default-debuginfo-3.12.74-60.64.82.1
  • SUSE OpenStack Cloud 6 (noarch)
    • kernel-macros-3.12.74-60.64.82.1
    • kernel-source-3.12.74-60.64.82.1
    • kernel-devel-3.12.74-60.64.82.1
  • Public Cloud Module 12 (nosrc x86_64)
    • kernel-ec2-3.12.74-60.64.82.1
  • Public Cloud Module 12 (x86_64)
    • kernel-ec2-debugsource-3.12.74-60.64.82.1
    • kernel-ec2-extra-debuginfo-3.12.74-60.64.82.1
    • kernel-ec2-devel-3.12.74-60.64.82.1
    • kernel-ec2-extra-3.12.74-60.64.82.1
    • kernel-ec2-debuginfo-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
    • kernel-xen-devel-3.12.74-60.64.82.1
    • kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1
    • kernel-xen-base-3.12.74-60.64.82.1
    • kernel-xen-base-debuginfo-3.12.74-60.64.82.1
    • kernel-xen-debuginfo-3.12.74-60.64.82.1
    • kernel-xen-debugsource-3.12.74-60.64.82.1
    • kgraft-patch-3_12_74-60_64_82-default-1-2.9.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc ppc64le x86_64)
    • kernel-default-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
    • kernel-default-base-debuginfo-3.12.74-60.64.82.1
    • kernel-default-debugsource-3.12.74-60.64.82.1
    • kernel-default-devel-3.12.74-60.64.82.1
    • kernel-syms-3.12.74-60.64.82.1
    • kernel-default-base-3.12.74-60.64.82.1
    • kernel-default-debuginfo-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
    • kernel-macros-3.12.74-60.64.82.1
    • kernel-source-3.12.74-60.64.82.1
    • kernel-devel-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc x86_64)
    • kernel-xen-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (nosrc ppc64le s390x x86_64)
    • kernel-default-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (ppc64le s390x x86_64)
    • kernel-default-base-debuginfo-3.12.74-60.64.82.1
    • kernel-default-debugsource-3.12.74-60.64.82.1
    • kernel-default-devel-3.12.74-60.64.82.1
    • kernel-syms-3.12.74-60.64.82.1
    • kernel-default-base-3.12.74-60.64.82.1
    • kernel-default-debuginfo-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (noarch)
    • kernel-macros-3.12.74-60.64.82.1
    • kernel-source-3.12.74-60.64.82.1
    • kernel-devel-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (s390x)
    • kernel-default-man-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (nosrc x86_64)
    • kernel-xen-3.12.74-60.64.82.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (x86_64)
    • kernel-xen-devel-3.12.74-60.64.82.1
    • kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1
    • kernel-xen-base-3.12.74-60.64.82.1
    • kernel-xen-base-debuginfo-3.12.74-60.64.82.1
    • kernel-xen-debuginfo-3.12.74-60.64.82.1
    • kernel-xen-debugsource-3.12.74-60.64.82.1
    • kgraft-patch-3_12_74-60_64_82-default-1-2.9.1

References: