Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2018:2858-1
Rating:	important
References:	bsc#1012382 bsc#1015342 bsc#1015343 bsc#1017967 bsc#1019695 bsc#1019699 bsc#1020412 bsc#1021121 bsc#1022604 bsc#1024361 bsc#1024365 bsc#1024376 bsc#1027968 bsc#1030552 bsc#1033962 bsc#1042286 bsc#1048317 bsc#1050431 bsc#1053685 bsc#1055014 bsc#1056596 bsc#1062604 bsc#1063646 bsc#1064232 bsc#1065364 bsc#1066223 bsc#1068032 bsc#1068075 bsc#1069138 bsc#1078921 bsc#1080157 bsc#1083663 bsc#1085042 bsc#1085536 bsc#1085539 bsc#1086457 bsc#1087092 bsc#1089066 bsc#1090888 bsc#1091171 bsc#1091860 bsc#1092903 bsc#1096254 bsc#1096748 bsc#1097105 bsc#1098253 bsc#1098822 bsc#1099597 bsc#1099810 bsc#1099811 bsc#1099813 bsc#1099832 bsc#1099844 bsc#1099845 bsc#1099846 bsc#1099849 bsc#1099863 bsc#1099864 bsc#1099922 bsc#1099999 bsc#1100000 bsc#1100001 bsc#1100132 bsc#1101822 bsc#1101841 bsc#1102346 bsc#1102486 bsc#1102517 bsc#1102715 bsc#1102797 bsc#1103269 bsc#1103445 bsc#1104319 bsc#1104485 bsc#1104494 bsc#1104495 bsc#1104683 bsc#1104897 bsc#1105271 bsc#1105292 bsc#1105322 bsc#1105392 bsc#1105396 bsc#1105524 bsc#1105536 bsc#1105769 bsc#1106016 bsc#1106105 bsc#1106185 bsc#1106229 bsc#1106271 bsc#1106275 bsc#1106276 bsc#1106278 bsc#1106281 bsc#1106283 bsc#1106369 bsc#1106509 bsc#1106511 bsc#1106594 bsc#1106697 bsc#1106929 bsc#1106934 bsc#1106995 bsc#1107060 bsc#1107078 bsc#1107319 bsc#1107320 bsc#1107689 bsc#1107735 bsc#1107966 bsc#963575 bsc#966170 bsc#966172 bsc#969470 bsc#969476 bsc#969477 bsc#970506
Cross-References:	CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-10940 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 CVE-2018-9363
CVSS scores:	CVE-2018-10876 ( SUSE ): 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2018-10876 ( NVD ): 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2018-10877 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2018-10877 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2018-10878 ( SUSE ): 6.6 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H CVE-2018-10878 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-10878 ( NVD ): 4.8 CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2018-10879 ( SUSE ): 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2018-10879 ( NVD ): 4.2 CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-10880 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H CVE-2018-10880 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-10881 ( SUSE ): 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2018-10881 ( NVD ): 4.2 CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-10882 ( SUSE ): 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2018-10882 ( NVD ): 4.8 CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2018-10883 ( SUSE ): 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2018-10883 ( NVD ): 4.8 CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2018-10902 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-10902 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-10938 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-10938 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-10940 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-10940 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-1128 ( SUSE ): 8.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2018-1128 ( NVD ): 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1129 ( SUSE ): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2018-1129 ( NVD ): 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2018-12896 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2018-12896 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-13093 ( SUSE ): 6.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2018-13093 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-13094 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-13094 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-13095 ( SUSE ): 6.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2018-13095 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-15572 ( SUSE ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-15572 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-16658 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2018-16658 ( NVD ): 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2018-6554 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2018-6554 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-6555 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2018-6555 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-9363 ( SUSE ): 8.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2018-9363 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-9363 ( NVD ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3

An update that solves 22 vulnerabilities and has 96 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 azure kernel was updated to 4.4.155 to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001)
CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999)
CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000)
CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922)
CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689)
CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)
CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511)
CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509)
CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748)
CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748)
CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016)
CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attack