Recommended update for drbd, drbd-utils

Announcement ID:	SUSE-RU-2018:0821-1
Rating:	moderate
References:	bsc#1037109 bsc#1058770 bsc#1061145 bsc#1061147 bsc#1064402 bsc#1068032 bsc#1077176
Cross-References:	CVE-2017-5715
CVSS scores:	CVE-2017-5715 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2017-5715 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5715 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise High Availability Extension 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves one vulnerability and has six fixes can now be installed.

Description:

This update for drbd and drbd-utils provides the following fixes:

Changes in drbd-utils:

• Make sure the full bitmap gets properly propagated in drbdmeta. Also make sure the ID is kept when downgrading from v9 to v8. (bsc#1037109)
• Support passing "--force" to drbdadm dump-md. (bsc#1077176)
• Fix a possible kernel trace while starting the initial syncing of a stacked drbd. (bsc#1058770)
• Backport some fixes of peer_device objects.
• Do not hardcode loglevel local5 and make it possible to change that using --logfacility. (bsc#1064402)
• Update documentation and examples regarding fencing: it is now moved from the disk to the net section. (bsc#1061145)
• Skip running drbdadm sh-b-pri in drbd9. (bsc#1061147)
• The included kernel modules in the KMP packages were rebuilt using "retpoline" support to mitigate Spectre v2 (bsc#1068032 CVE-2017-5715)

Changes in drbd:

• Make sure the full bitmap gets properly propagated in drbdmeta. (bsc#1037109)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-HA-12-SP3-2018-551=1
• SUSE Linux Enterprise High Availability Extension 12 SP3
  zypper in -t patch SUSE-SLE-HA-12-SP3-2018-551=1

Package List:

• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • drbd-utils-debuginfo-9.0.0-2.8.1
  • drbd-9.0.8+git.c8bc3670-3.3.2
  • drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.114_94.14-3.3.2
  • drbd-debugsource-9.0.8+git.c8bc3670-3.3.2
  • drbd-utils-debugsource-9.0.0-2.8.1
  • drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.114_94.14-3.3.2
  • drbd-utils-9.0.0-2.8.1
• SUSE Linux Enterprise High Availability Extension 12 SP3 (ppc64le s390x x86_64)
  • drbd-utils-debuginfo-9.0.0-2.8.1
  • drbd-9.0.8+git.c8bc3670-3.3.2
  • drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.114_94.14-3.3.2
  • drbd-debugsource-9.0.8+git.c8bc3670-3.3.2
  • drbd-utils-debugsource-9.0.0-2.8.1
  • drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.114_94.14-3.3.2
  • drbd-utils-9.0.0-2.8.1

References:

• https://www.suse.com/security/cve/CVE-2017-5715.html
• https://bugzilla.suse.com/show_bug.cgi?id=1037109
• https://bugzilla.suse.com/show_bug.cgi?id=1058770
• https://bugzilla.suse.com/show_bug.cgi?id=1061145
• https://bugzilla.suse.com/show_bug.cgi?id=1061147
• https://bugzilla.suse.com/show_bug.cgi?id=1064402
• https://bugzilla.suse.com/show_bug.cgi?id=1068032
• https://bugzilla.suse.com/show_bug.cgi?id=1077176