Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2018:1762-1
Rating: important
References: #1046610 #1079152 #1082962 #1083900 #1087007 #1087012 #1087082 #1087086 #1087095 #1092552 #1092813 #1092904 #1094033 #1094353 #1094823 #1096140 #1096242 #1096281 #1096480 #1096728 #1097356
Affected Products:
  • SUSE Linux Enterprise Server 12-LTSS
  • SUSE Linux Enterprise Module for Public Cloud 12

  • An update that solves 10 vulnerabilities and has 11 fixes is now available.

    Description:


    The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various
    security and bugfixes.

    The following security bugs were fixed:

    - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and
    AVX registers) between processes. These registers might contain
    encryption keys when doing SSE accelerated AES enc/decryption
    (bsc#1087086)
    - CVE-2018-5848: In the function wmi_set_ie(), the length validation code
    did not handle unsigned integer overflow properly. As a result, a large
    value of the 'ie_len' argument could have caused a buffer overflow
    (bnc#1097356)
    - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the
    SG_IO ioctl (bsc#1096728)
    - CVE-2017-13305: Prevent information disclosure vulnerability in
    encrypted-keys (bsc#1094353)
    - CVE-2018-1094: The ext4_fill_super function did not always initialize
    the crc32c checksum driver, which allowed attackers to cause a denial of
    service (ext4_xattr_inode_hash NULL pointer dereference and system
    crash) via a crafted ext4 image (bsc#1087007)
    - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to
    cause a denial of service (out-of-bounds read and system crash) via a
    crafted ext4 image because balloc.c and ialloc.c do not validate bitmap
    block numbers (bsc#1087095)
    - CVE-2018-1092: The ext4_iget function mishandled the case of a root
    directory with a zero i_links_count, which allowed attackers to cause a
    denial of service (ext4_process_freed_data NULL pointer dereference and
    OOPS) via a crafted ext4 image (bsc#1087012)
    - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function
    that allowed a local user to cause a denial of service by a number of
    certain crafted system calls (bsc#1092904)
    - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when
    handling SCTP packets length that could have been exploited to cause a
    kernel crash (bnc#1083900)
    - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c
    __rds_rdma_map() function that allowed local attackers to cause a system
    panic and a denial-of-service, related to RDS_GET_MR and
    RDS_GET_MR_FOR_DEST (bsc#1082962)

    The following non-security bugs were fixed:

    - Fix excessive newline in /proc/*/status (bsc#1094823).
    - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure
    (bsc#1096242, bsc#1096281).
    - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552).
    - kABI: work around BPF SSBD removal (bsc#1087082).
    - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread
    (bsc#1094033).
    - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
    (bsc#1079152).
    - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
    (bsc#1096480).
    - usbip: usbip_host: fix bad unlock balance during stub_probe()
    (bsc#1096480).
    - x86/boot: Fix early command-line parsing when matching at end
    (bsc#1096281).
    - x86/boot: Fix early command-line parsing when partial word matches
    (bsc#1096281).
    - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being
    disabled (bsc#1096140).
    - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
    - xen-netfront: fix req_prod check to avoid RX hang when index wraps
    (bsc#1046610).

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 12-LTSS:
      zypper in -t patch SUSE-SLE-SERVER-12-2018-1184=1
    • SUSE Linux Enterprise Module for Public Cloud 12:
      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1184=1

    Package List:

    • SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
      • kernel-default-3.12.61-52.136.1
      • kernel-default-base-3.12.61-52.136.1
      • kernel-default-base-debuginfo-3.12.61-52.136.1
      • kernel-default-debuginfo-3.12.61-52.136.1
      • kernel-default-debugsource-3.12.61-52.136.1
      • kernel-default-devel-3.12.61-52.136.1
      • kernel-syms-3.12.61-52.136.1
    • SUSE Linux Enterprise Server 12-LTSS (x86_64):
      • kernel-xen-3.12.61-52.136.1
      • kernel-xen-base-3.12.61-52.136.1
      • kernel-xen-base-debuginfo-3.12.61-52.136.1
      • kernel-xen-debuginfo-3.12.61-52.136.1
      • kernel-xen-debugsource-3.12.61-52.136.1
      • kernel-xen-devel-3.12.61-52.136.1
      • kgraft-patch-3_12_61-52_136-default-1-1.3.1
      • kgraft-patch-3_12_61-52_136-xen-1-1.3.1
    • SUSE Linux Enterprise Server 12-LTSS (noarch):
      • kernel-devel-3.12.61-52.136.1
      • kernel-macros-3.12.61-52.136.1
      • kernel-source-3.12.61-52.136.1
    • SUSE Linux Enterprise Server 12-LTSS (s390x):
      • kernel-default-man-3.12.61-52.136.1
    • SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
      • kernel-ec2-3.12.61-52.136.1
      • kernel-ec2-debuginfo-3.12.61-52.136.1
      • kernel-ec2-debugsource-3.12.61-52.136.1
      • kernel-ec2-devel-3.12.61-52.136.1
      • kernel-ec2-extra-3.12.61-52.136.1
      • kernel-ec2-extra-debuginfo-3.12.61-52.136.1

    References: