Security update for kdump

Announcement ID:	SUSE-SU-2016:2553-1
Rating:	moderate
References:	bsc#927451 bsc#932339 bsc#943214 bsc#951844 bsc#964206 bsc#970708 bsc#973213 bsc#974270 bsc#976864 bsc#980328 bsc#984799 bsc#987862 bsc#989972 bsc#990200
Cross-References:	CVE-2016-5759
CVSS scores:	CVE-2016-5759 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1

An update that solves one vulnerability and has 13 security fixes can now be installed.

Description:

This update for kdump provides several fixes and enhancements:

• Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. (bsc#943214)
• Add a separate systemd service to rebuild kdumprd at boot. (bsc#943214)
• Improve network setup in the kdump environment by reading configuration from wicked by default (system configuration files are used as a fallback). (bsc#980328)
• Use the last mount entry in kdump_get_mountpoints(). (bsc#951844)
• Remove 'notsc' from the kdump kernel command line. (bsc#973213)
• Handle dump files with many program headers. (bsc#932339, bsc#970708)
• Fall back to stat() if file type is DT_UNKNOWN. (bsc#964206)
• Remove vm. sysctls from kdump initrd. (bsc#927451, bsc#987862)
• Use the exit code of kexec, not that of "local". (bsc#984799)
• Convert sysroot to a bind mount in kdump initrd. (bsc#976864)
• Distinguish between Xenlinux (aka Xenified or SUSE) and pvops Xen kernels, as the latter can run on bare metal. (bsc#974270)
• CVE-2016-5759: Use full path to dracut as argument to bash. (bsc#989972, bsc#990200)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1492=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1492=1
• SUSE Linux Enterprise Server 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1492=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • kdump-debuginfo-0.8.15-29.1
  • kdump-0.8.15-29.1
  • kdump-debugsource-0.8.15-29.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • kdump-debuginfo-0.8.15-29.1
  • kdump-0.8.15-29.1
  • kdump-debugsource-0.8.15-29.1
• SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
  • kdump-debuginfo-0.8.15-29.1
  • kdump-0.8.15-29.1
  • kdump-debugsource-0.8.15-29.1

References:

• https://www.suse.com/security/cve/CVE-2016-5759.html
• https://bugzilla.suse.com/show_bug.cgi?id=927451
• https://bugzilla.suse.com/show_bug.cgi?id=932339
• https://bugzilla.suse.com/show_bug.cgi?id=943214
• https://bugzilla.suse.com/show_bug.cgi?id=951844
• https://bugzilla.suse.com/show_bug.cgi?id=964206
• https://bugzilla.suse.com/show_bug.cgi?id=970708
• https://bugzilla.suse.com/show_bug.cgi?id=973213
• https://bugzilla.suse.com/show_bug.cgi?id=974270
• https://bugzilla.suse.com/show_bug.cgi?id=976864
• https://bugzilla.suse.com/show_bug.cgi?id=980328
• https://bugzilla.suse.com/show_bug.cgi?id=984799
• https://bugzilla.suse.com/show_bug.cgi?id=987862
• https://bugzilla.suse.com/show_bug.cgi?id=989972
• https://bugzilla.suse.com/show_bug.cgi?id=990200