Security update for the Linux Kernel

Announcement ID: SUSE-SU-2018:1855-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-13305 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2017-13305 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2017-18241 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-18249 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-1000199 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2018-1000199 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1000204 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2018-1000204 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2018-1065 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1065 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1092 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1092 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-1093 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1093 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-1094 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1094 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-1094 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-1130 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1130 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-3665 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  • CVE-2018-3665 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-5803 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-5803 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-5848 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-5848 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-7492 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-7492 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • Magnum Orchestration 7
  • SUSE Enterprise Storage 4
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Point of Service Image Server 12 12-SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE OpenStack Cloud 7

An update that solves 14 vulnerabilities and has 15 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)
  • CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728).
  • CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036)
  • CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086)
  • CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400)
  • CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353).
  • CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095).
  • CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007).
  • CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012).
  • CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904).
  • CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650).
  • CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900).
  • CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962).
  • CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895).

The following non-security bugs were fixed:

  • ALSA: timer: Fix pause event notification (bsc#973378).
  • Fix excessive newline in /proc/*/status (bsc#1094823).
  • Fix the patch content (bsc#1085185)
  • KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
  • Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
  • ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552).
  • ipv6: omit traffic class when calculating flow hash (bsc#1095042).
  • kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033).
  • mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality).
  • x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140).
  • x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281).
  • x86/bugs: Respect retpoline command line option (bsc#1068032).
  • x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
  • x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).
  • x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
  • xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534).
  • xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534).
  • xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE OpenStack Cloud 7
    zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1251=1
  • Magnum Orchestration 7
    zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1251=1
  • SUSE Linux Enterprise Point of Service Image Server 12 12-SP2
    zypper in -t patch SUSE-SLE-POS-12-SP2-CLIENT-2018-1251=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
    zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1251=1
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1251=1
  • SUSE Enterprise Storage 4
    zypper in -t patch SUSE-Storage-4-2018-1251=1

Package List:

  • SUSE OpenStack Cloud 7 (nosrc x86_64)
    • kernel-default-4.4.121-92.85.1
  • SUSE OpenStack Cloud 7 (x86_64)
    • kernel-default-devel-4.4.121-92.85.1
    • kernel-default-base-4.4.121-92.85.1
    • kernel-default-base-debuginfo-4.4.121-92.85.1
    • kernel-default-debugsource-4.4.121-92.85.1
    • kernel-syms-4.4.121-92.85.1
    • kernel-default-debuginfo-4.4.121-92.85.1
    • kgraft-patch-4_4_121-92_85-default-1-3.5.1
  • SUSE OpenStack Cloud 7 (noarch)
    • kernel-macros-4.4.121-92.85.1
    • kernel-source-4.4.121-92.85.1
    • kernel-devel-4.4.121-92.85.1
  • Magnum Orchestration 7 (nosrc x86_64)
    • kernel-default-4.4.121-92.85.1
  • Magnum Orchestration 7 (x86_64)
    • kernel-default-debugsource-4.4.121-92.85.1
    • kernel-default-debuginfo-4.4.121-92.85.1
  • SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 (nosrc x86_64)
    • kernel-default-4.4.121-92.85.1
  • SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 (x86_64)
    • kernel-default-devel-4.4.121-92.85.1
    • kernel-default-base-4.4.121-92.85.1
    • kernel-default-base-debuginfo-4.4.121-92.85.1
    • kernel-default-debugsource-4.4.121-92.85.1
    • kernel-syms-4.4.121-92.85.1
    • kernel-default-debuginfo-4.4.121-92.85.1
    • kgraft-patch-4_4_121-92_85-default-1-3.5.1
  • SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 (noarch)
    • kernel-macros-4.4.121-92.85.1
    • kernel-source-4.4.121-92.85.1
    • kernel-devel-4.4.121-92.85.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (nosrc ppc64le x86_64)
    • kernel-default-4.4.121-92.85.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
    • kernel-default-devel-4.4.121-92.85.1
    • kernel-default-base-4.4.121-92.85.1
    • kernel-default-base-debuginfo-4.4.121-92.85.1
    • kernel-default-debugsource-4.4.121-92.85.1
    • kernel-syms-4.4.121-92.85.1
    • kernel-default-debuginfo-4.4.121-92.85.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
    • kernel-macros-4.4.121-92.85.1
    • kernel-source-4.4.121-92.85.1
    • kernel-devel-4.4.121-92.85.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
    • kgraft-patch-4_4_121-92_85-default-1-3.5.1
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (nosrc ppc64le s390x x86_64)
    • kernel-default-4.4.121-92.85.1
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (ppc64le s390x x86_64)
    • kernel-default-devel-4.4.121-92.85.1
    • kernel-default-base-4.4.121-92.85.1
    • kernel-default-base-debuginfo-4.4.121-92.85.1
    • kernel-default-debugsource-4.4.121-92.85.1
    • kernel-syms-4.4.121-92.85.1
    • kernel-default-debuginfo-4.4.121-92.85.1
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (noarch)
    • kernel-macros-4.4.121-92.85.1
    • kernel-source-4.4.121-92.85.1
    • kernel-devel-4.4.121-92.85.1
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (s390x)
    • kernel-default-man-4.4.121-92.85.1
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (x86_64)
    • kgraft-patch-4_4_121-92_85-default-1-3.5.1
  • SUSE Enterprise Storage 4 (nosrc x86_64)
    • kernel-default-4.4.121-92.85.1
  • SUSE Enterprise Storage 4 (x86_64)
    • kernel-default-devel-4.4.121-92.85.1
    • kernel-default-base-4.4.121-92.85.1
    • kernel-default-base-debuginfo-4.4.121-92.85.1
    • kernel-default-debugsource-4.4.121-92.85.1
    • kernel-syms-4.4.121-92.85.1
    • kernel-default-debuginfo-4.4.121-92.85.1
    • kgraft-patch-4_4_121-92_85-default-1-3.5.1
  • SUSE Enterprise Storage 4 (noarch)
    • kernel-macros-4.4.121-92.85.1
    • kernel-source-4.4.121-92.85.1
    • kernel-devel-4.4.121-92.85.1

References: