Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3)

Announcement ID:	SUSE-SU-2018:1024-1
Rating:	important
References:	bsc#1073230 bsc#1076017 bsc#1083488 bsc#1085114 bsc#1085447
Cross-References:	CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566
CVSS scores:	CVE-2017-13166 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-13166 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000004 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-1000004 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-1068 ( SUSE ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1068 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-1068 ( NVD ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-7566 ( SUSE ): 7.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2018-7566 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves four vulnerabilities and has one security fix can now be installed.

Description:

This update for the Linux Kernel 4.4.82-6_3 fixes several issues.

The following security issues were fixed:

• CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447).
• CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114).
• CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488).
• CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 12-SP3
  zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-684=1 SUSE-SLE-Live-Patching-12-SP3-2018-683=1 SUSE-SLE-Live-Patching-12-SP3-2018-682=1 SUSE-SLE-Live-Patching-12-SP3-2018-681=1 SUSE-SLE-Live-Patching-12-SP3-2018-680=1 SUSE-SLE-Live-Patching-12-SP3-2018-679=1 SUSE-SLE-Live-Patching-12-SP3-2018-678=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-674=1 SUSE-SLE-SAP-12-SP2-2018-671=1 SUSE-SLE-SAP-12-SP2-2018-672=1 SUSE-SLE-SAP-12-SP2-2018-670=1 SUSE-SLE-SAP-12-SP2-2018-669=1 SUSE-SLE-SAP-12-SP2-2018-712=1 SUSE-SLE-SAP-12-SP2-2018-668=1 SUSE-SLE-SAP-12-SP2-2018-666=1 SUSE-SLE-SAP-12-SP2-2018-711=1 SUSE-SLE-SAP-12-SP2-2018-665=1 SUSE-SLE-SAP-12-SP2-2018-675=1
• SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-674=1 SUSE-SLE-SERVER-12-SP2-2018-671=1 SUSE-SLE-SERVER-12-SP2-2018-672=1 SUSE-SLE-SERVER-12-SP2-2018-670=1 SUSE-SLE-SERVER-12-SP2-2018-669=1 SUSE-SLE-SERVER-12-SP2-2018-712=1 SUSE-SLE-SERVER-12-SP2-2018-668=1 SUSE-SLE-SERVER-12-SP2-2018-666=1 SUSE-SLE-SERVER-12-SP2-2018-711=1 SUSE-SLE-SERVER-12-SP2-2018-665=1 SUSE-SLE-SERVER-12-SP2-2018-675=1

Package List:

• SUSE Linux Enterprise Live Patching 12-SP3 (x86_64)
  • kgraft-patch-4_4_92-6_18-default-5-2.1
  • kgraft-patch-4_4_82-6_6-default-debuginfo-6-2.1
  • kgraft-patch-4_4_82-6_3-default-7-2.1
  • kgraft-patch-4_4_82-6_6-default-6-2.1
  • kgraft-patch-4_4_82-6_9-default-debuginfo-6-2.1
  • kgraft-patch-4_4_82-6_9-default-6-2.1
  • kgraft-patch-4_4_82-6_3-default-debuginfo-7-2.1
  • kgraft-patch-4_4_92-6_18-default-debuginfo-5-2.1
• SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64)
  • kgraft-patch-4_4_103-6_33-default-4-2.1
  • kgraft-patch-4_4_103-6_33-default-debuginfo-4-2.1
  • kgraft-patch-4_4_92-6_30-default-debuginfo-4-2.1
  • kgraft-patch-4_4_103-6_38-default-4-2.1
  • kgraft-patch-4_4_92-6_30-default-4-2.1
  • kgraft-patch-4_4_103-6_38-default-debuginfo-4-2.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
  • kgraft-patch-4_4_74-92_35-default-8-2.2
  • kgraft-patch-4_4_74-92_29-default-9-2.2
  • kgraft-patch-4_4_90-92_45-default-5-2.2
  • kgraft-patch-4_4_74-92_38-default-7-2.2
  • kgraft-patch-4_4_59-92_17-default-10-2.2
  • kgraft-patch-4_4_59-92_24-default-9-2.2
  • kgraft-patch-4_4_59-92_20-default-10-2.2
  • kgraft-patch-4_4_74-92_32-default-8-2.2
  • kgraft-patch-4_4_103-92_53-default-4-2.2
  • kgraft-patch-4_4_103-92_56-default-4-2.2
  • kgraft-patch-4_4_90-92_50-default-5-2.2
• SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (x86_64)
  • kgraft-patch-4_4_74-92_35-default-8-2.2
  • kgraft-patch-4_4_74-92_29-default-9-2.2
  • kgraft-patch-4_4_90-92_45-default-5-2.2
  • kgraft-patch-4_4_74-92_38-default-7-2.2
  • kgraft-patch-4_4_59-92_17-default-10-2.2
  • kgraft-patch-4_4_59-92_24-default-9-2.2
  • kgraft-patch-4_4_59-92_20-default-10-2.2
  • kgraft-patch-4_4_74-92_32-default-8-2.2
  • kgraft-patch-4_4_103-92_53-default-4-2.2
  • kgraft-patch-4_4_103-92_56-default-4-2.2
  • kgraft-patch-4_4_90-92_50-default-5-2.2

References:

• https://www.suse.com/security/cve/CVE-2017-13166.html
• https://www.suse.com/security/cve/CVE-2018-1000004.html
• https://www.suse.com/security/cve/CVE-2018-1068.html
• https://www.suse.com/security/cve/CVE-2018-7566.html
• https://bugzilla.suse.com/show_bug.cgi?id=1073230
• https://bugzilla.suse.com/show_bug.cgi?id=1076017
• https://bugzilla.suse.com/show_bug.cgi?id=1083488
• https://bugzilla.suse.com/show_bug.cgi?id=1085114
• https://bugzilla.suse.com/show_bug.cgi?id=1085447