Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: SUSE-SU-2018:3084-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise High Availability 12-SP2, SUSE OpenStack Cloud Magnum Orchestration 7, SUSE OpenStack Cloud 7, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Enterprise Storage 4, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL
Datum: Di, 9. Oktober 2018, 18:52
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14678
Applikationen: Linux

Originalnachricht

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:3084-1
Rating: important
References: #1012382 #1042286 #1062604 #1064232 #1065364
#1082519 #1082863 #1084536 #1085042 #1088810
#1089066 #1092903 #1094466 #1095344 #1096547
#1097104 #1099597 #1099811 #1099813 #1099844
#1099845 #1099846 #1099849 #1099863 #1099864
#1099922 #1099993 #1099999 #1100000 #1100001
#1100152 #1102517 #1102715 #1102870 #1103445
#1104319 #1104495 #1105292 #1105296 #1105322
#1105348 #1105396 #1105536 #1106016 #1106095
#1106369 #1106509 #1106511 #1106512 #1106594
#1107689 #1107735 #1107966 #1108239 #1108399
#1109333
Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877
CVE-2018-10878 CVE-2018-10879 CVE-2018-10880
CVE-2018-10881 CVE-2018-10882 CVE-2018-10883
CVE-2018-10902 CVE-2018-10938 CVE-2018-10940
CVE-2018-12896 CVE-2018-13093 CVE-2018-13094
CVE-2018-13095 CVE-2018-14617 CVE-2018-14678
CVE-2018-15572 CVE-2018-15594 CVE-2018-16276
CVE-2018-16658 CVE-2018-17182 CVE-2018-6554
CVE-2018-6555 CVE-2018-7480 CVE-2018-7757
CVE-2018-9363
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise High Availability 12-SP2
SUSE Enterprise Storage 4
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

An update that solves 28 vulnerabilities and has 28 fixes
is now available.

Description:



The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive
various security and bugfixes.

- CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated
instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current
privilege(CPL) level while emulating unprivileged instructions. An
unprivileged guest user/process could use this flaw to potentially
escalate privileges inside guest (bnc#1097104).
- CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem
code. A use-after-free is possible in ext4_ext_remove_space() function
when mounting and operating a crafted ext4 image. (bnc#1099811)
- CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an
out-of-bound access in the ext4_ext_drop_refs() function when operating
on a crafted ext4 filesystem image. (bnc#1099846)
- CVE-2018-10878: A flaw was found in the Linux kernel's ext4
filesystem.
A local user can cause an out-of-bounds write and a denial of service or
unspecified other impact is possible by mounting and operating a crafted
ext4 filesystem image. (bnc#1099813)
- CVE-2018-10879: A flaw was found in the Linux kernel's ext4
filesystem.
A local user can cause a use-after-free in ext4_xattr_set_entry function
and a denial of service or unspecified other impact may occur by
renaming a file in a crafted ext4 filesystem image. (bnc#1099844)
- CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds
write in the ext4 filesystem code when mounting and writing to a crafted
ext4 image in ext4_update_inline_data(). An attacker could use this to
cause a system crash and a denial of service. (bnc#1099845)
- CVE-2018-10881: A flaw was found in the Linux kernel's ext4
filesystem.
A local user can cause an out-of-bound access in ext4_get_group_info
function, a denial of service, and a system crash by mounting and
operating on a crafted ext4 filesystem image. (bnc#1099864)
- CVE-2018-10882: A flaw was found in the Linux kernel's ext4
filesystem.
A local user can cause an out-of-bound write in in fs/jbd2/transaction.c
code, a denial of service, and a system crash by unmounting a crafted
ext4 filesystem image. (bnc#1099849)
- CVE-2018-10883: A flaw was found in the Linux kernel's ext4
filesystem.
A local user can cause an out-of-bounds write in
jbd2_journal_dirty_metadata(), a denial of service, and a system crash
by mounting and operating on a crafted ext4 filesystem image.
(bnc#1099863)
- CVE-2018-10902: It was found that the raw midi kernel driver did not
protect against concurrent access which leads to a double realloc
(double free) in snd_rawmidi_input_params() and
snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()
handler in rawmidi.c file. A malicious local attacker could possibly use
this for privilege escalation (bnc#1105322).
- CVE-2018-10938: A crafted network packet sent remotely by an attacker
may force the kernel to enter an infinite loop in the cipso_v4_optptr()
function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A
certain non-default configuration of LSM (Linux Security Module) and
NetLabel should be set up on a system before an attacker could leverage
this flaw (bnc#1106016).
- CVE-2018-10940: The cdrom_ioctl_media_changed function in
drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds
check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel
memory (bnc#1092903).
- CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the
POSIX timer code is caused by the way the overrun accounting works.
Depending on interval and expiry time values, the overrun can be larger
than INT_MAX, but the accounting is int based. This basically made the
accounting values, which are visible to user space via
timer_getoverrun(2) and siginfo::si_overrun, random. For example, a
local user can cause a denial of service (signed integer overflow) via
crafted mmap, futex, timer_create, and timer_settime system calls
(bnc#1099922).
- CVE-2018-13093: There is a NULL pointer dereference and panic in
lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
corrupted xfs image. This occurs because of a lack of proper validation
that cached inodes are free during allocation (bnc#1100001).
- CVE-2018-13094: An OOPS may occur for a corrupted xfs image after
xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000).
- CVE-2018-13095: A denial of service (memory corruption and BUG) can
occur for a corrupted xfs image upon encountering an inode that is in
extent format, but has more extents than fit in the inode fork
(bnc#1099999).
- CVE-2018-14617: There is a NULL pointer dereference and panic in
hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
purportedly a hard link) in an hfs+ filesystem that has malformed
catalog data, and is mounted read-only without a metadata directory
(bnc#1102870).
- CVE-2018-14678: The xen_failsafe_callback entry point in
arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed
local users to cause a denial of service (uninitialized memory usage and
system crash). Within Xen, 64-bit x86 PV Linux guest OS users can
trigger a guest OS crash or possibly gain privileges (bnc#1102715).
- CVE-2018-15572: The spectre_v2_select_mitigation function in
arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context
switch, which made it easier for attackers to conduct
userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296).
- CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect
calls, which made it easier for attackers to conduct Spectre-v2 attacks
against paravirtual guests (bnc#1105348).
- CVE-2018-16276: Local attackers could use user access read/writes with
incorrect bounds checking in the yurex USB driver to crash the kernel or
potentially escalate privileges (bnc#1106095).
- CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in
drivers/cdrom/cdrom.c could be used by local attackers to read kernel
memory because a cast from unsigned long to int interferes with bounds
checking. This is similar to CVE-2018-10940 (bnc#1107689).
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bnc#1108399).
- CVE-2018-6554: Memory leak in the irda_bind function in
net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c
allowed local users to cause a denial of service (memory consumption) by
repeatedly binding an AF_IRDA socket (bnc#1106509).
- CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and
later in drivers/staging/irda/net/af_irda.c allowed local users to cause
a denial of service (ias_object use-after-free and system crash) or
possibly have unspecified other impact via an AF_IRDA socket
(bnc#1106511).
- CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
of service (memory consumption) via many read accesses to files in the
/sys/class/sas_phy directory, as demonstrated by the
/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).
- CVE-2018-9363: A buffer overflow in bluetooth HID report processing
could be used by malicious bluetooth devices to crash the kernel or
potentially execute code (bnc#1105292). The following security bugs were
fixed:
- CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c
allowed local users to cause a denial of service (double free) or
possibly have unspecified other impact by triggering a creation failure
(bnc#1082863).

The following non-security bugs were fixed:

- atm: Preserve value of skb->truesize when accounting to vcc
(bsc#1089066).
- bcache: avoid unncessary cache prefetch bch_btree_node_get()
(bsc#1064232).
- bcache: calculate the number of incremental GC nodes according to the
total of btree nodes (bsc#1064232).
- bcache: display rate debug parameters to 0 when writeback is not running
(bsc#1064232).
- bcache: do not check return value of debugfs_create_dir() (bsc#1064232).
- bcache: finish incremental GC (bsc#1064232).
- bcache: fix error setting writeback_rate through sysfs interface
(bsc#1064232).
- bcache: fix I/O significant decline while backend devices registering
(bsc#1064232).
- bcache: free heap cache_set->flush_btree in bch_journal_free
(bsc#1064232).
- bcache: make the pr_err statement used for ENOENT only in sysfs_attatch
section (bsc#1064232).
- bcache: release dc->writeback_lock properly in bch_writeback_thread()
(bsc#1064232).
- bcache: set max writeback rate when I/O request is idle (bsc#1064232).
- bcache: simplify the calculation of the total amount of flash dirty data
(bsc#1064232).
- ext4: check for allocation block validity with block group locked
(bsc#1104495).
- ext4: do not update checksum of new initialized bitmaps (bnc#1012382).
- ext4: fix check to prevent initializing reserved inodes (bsc#1104319).
- ext4: fix false negatives *and* false positives in
ext4_check_descriptors() (bsc#1103445).
- ibmvnic: Include missing return code checks in reset function
(bnc#1107966).
- kABI: protect struct x86_emulate_ops (kabi).
- kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)
- kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).
- kvm: MMU: always terminate page walks at level 1 (bsc#1062604).
- kvm: MMU: simplify last_pte_bitmap (bsc#1062604).
- kvm: nVMX: update last_nonleaf_level when initializing nested EPT
(bsc#1062604).
- kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).
- kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state'
(bsc#1106369).
- net: add skb_condense() helper (bsc#1089066).
- net: adjust skb->truesize in pskb_expand_head() (bsc#1089066).
- net: adjust skb->truesize in ___pskb_trim() (bsc#1089066).
- net: ena: Eliminate duplicate barriers on weakly-ordered archs
(bsc#1108239).
- net: ena: fix device destruction to gracefully free resources
(bsc#1108239).
- net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108239).
- net: ena: fix incorrect usage of memory barriers (bsc#1108239).
- net: ena: fix missing calls to READ_ONCE (bsc#1108239).
- net: ena: fix missing lock during device destruction (bsc#1108239).
- net: ena: fix potential double ena_destroy_device() (bsc#1108239).
- net: ena: fix surprise unplug NULL dereference kernel crash
(bsc#1108239).
- net: ena: Fix use of uninitialized DMA address bits field (bsc#1108239).
- netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382
bsc#1100152).
- netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286).
- nfs: Use an appropriate work queue for direct-write completion
(bsc#1082519).
- ovl: fix random return value on mount (bsc#1099993).
- ovl: fix uid/gid when creating over whiteout (bsc#1099993).
- ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512).
- ovl: override creds with the ones from the superblock mounter
(bsc#1099993).
- powerpc: Avoid code patching freed init sections (bnc#1107735).
- powerpc/livepatch: Fix livepatch stack access (bsc#1094466).
- powerpc/modules: Do not try to restore r2 after a sibling call
(bsc#1094466).
- powerpc/tm: Avoid possible userspace r1 corruption on reclaim
(bsc#1109333).
- powerpc/tm: Fix userspace r13 corruption (bsc#1109333).
- provide special timeout module parameters for EC2 (bsc#1065364).
- stop_machine: Atomically queue and wake stopper threads (git-fixes).
- stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
(bsc#1088810).
- usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).
- x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too much RAM (bnc#1105536).
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM
(bnc#1105536).
- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
(bsc#1106369).
- x86: Drop kernel trampoline stack. It is involved in breaking
kdump/kexec infrastucture. (bsc#1099597)
- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
- xen/blkback: do not keep persistent grants too long (bsc#1085042).
- xen/blkback: move persistent grants flags to bool (bsc#1085042).
- xen/blkfront: cleanup stale persistent grants (bsc#1085042).
- xen/blkfront: reorder tests in xlblk_init() (bsc#1085042).
- xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344).
- xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space
(bsc#1095344).
- xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).
- xfs: add a xfs_iext_update_extent helper (bsc#1095344).
- xfs: add comments documenting the rebalance algorithm (bsc#1095344).
- xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node
(bsc#1095344).
- xfs: add xfs_trim_extent (bsc#1095344).
- xfs: allow unaligned extent records in xfs_bmbt_disk_set_all
(bsc#1095344).
- xfs: borrow indirect blocks from freed extent when available
(bsc#1095344).
- xfs: cleanup xfs_bmap_last_before (bsc#1095344).
- xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real
(bsc#1095344).
- xfs: do not rely on extent indices in xfs_bmap_collapse_extents
(bsc#1095344).
- xfs: do not rely on extent indices in xfs_bmap_insert_extents
(bsc#1095344).
- xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344).
- xfs: during btree split, save new block key & ptr for future insertion
(bsc#1095344).
- xfs: factor out a helper to initialize a local format inode fork
(bsc#1095344).
- xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344).
- xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344).
- xfs: handle indlen shortage on delalloc extent merge (bsc#1095344).
- xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344).
- xfs: improve kmem_realloc (bsc#1095344).
- xfs: inline xfs_shift_file_space into callers (bsc#1095344).
- xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344).
- xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344).
- xfs: iterate over extents in xfs_iextents_copy (bsc#1095344).
- xfs: make better use of the 'state' variable in
xfs_bmap_del_extent_real
(bsc#1095344).
- xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344).
- xfs: move pre/post-bmap tracing into xfs_iext_update_extent
(bsc#1095344).
- xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344).
- xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344).
- xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344).
- xfs: move xfs_iext_insert tracepoint to report useful information
(bsc#1095344).
- xfs: new inode extent list lookup helpers (bsc#1095344).
- xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344).
- xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344).
- xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344).
- xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344).
- xfs: provide helper for counting extents from if_bytes (bsc#1095344).
- xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real
(bsc#1095344).
- xfs: refactor delalloc indlen reservation split into helper
(bsc#1095344).
- xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344).
- xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344).
- xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344).
- xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344).
- xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344).
- xfs: refactor xfs_bunmapi_cow (bsc#1095344).
- xfs: refactor xfs_del_extent_real (bsc#1095344).
- xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real
(bsc#1095344).
- xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all
(bsc#1095344).
- xfs: remove a superflous assignment in xfs_iext_remove_node
(bsc#1095344).
- xfs: Remove dead code from inode recover function (bsc#1105396).
- xfs: remove if_rdev (bsc#1095344).
- xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344).
- xfs: remove support for inlining data/extents into the inode fork
(bsc#1095344).
- xfs: remove the never fully implemented UUID fork format (bsc#1095344).
- xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344).
- xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344).
- xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).
- xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).
- xfs: remove xfs_bmbt_get_state (bsc#1095344).
- xfs: remove xfs_bmse_shift_one (bsc#1095344).
- xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).
- xfs: repair malformed inode items during log recovery (bsc#1105396).
- xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344).
- xfs: replace xfs_qm_get_rtblks with a direct call to
xfs_bmap_count_leaves (bsc#1095344).
- xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344).
- xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent
(bsc#1095344).
- xfs: rewrite xfs_bmap_first_unused to make better use of
xfs_iext_get_extent (bsc#1095344).
- xfs: simplify the xfs_getbmap interface (bsc#1095344).
- xfs: simplify validation of the unwritten extent bit (bsc#1095344).
- xfs: split indlen reservations fairly when under reserved (bsc#1095344).
- xfs: split xfs_bmap_shift_extents (bsc#1095344).
- xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344).
- xfs: update freeblocks counter after extent deletion (bsc#1095344).
- xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344).
- xfs: use a b+tree for the in-core extent list (bsc#1095344).
- xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay}
(bsc#1095344).
- xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344).
- xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344).
- xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344).
- xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344).
- xfs: use xfs_bmap_del_extent_delay for the data fork as well
(bsc#1095344).
- xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents
(bsc#1095344).
- xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at
(bsc#1095344).
- xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344).
- xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344).


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE OpenStack Cloud 7:

zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2188=1

- SUSE Linux Enterprise Server for SAP 12-SP2:

zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2188=1

- SUSE Linux Enterprise Server 12-SP2-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2188=1

- SUSE Linux Enterprise Server 12-SP2-BCL:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2188=1

- SUSE Linux Enterprise High Availability 12-SP2:

zypper in -t patch SUSE-SLE-HA-12-SP2-2018-2188=1

- SUSE Enterprise Storage 4:

zypper in -t patch SUSE-Storage-4-2018-2188=1

- OpenStack Cloud Magnum Orchestration 7:

zypper in -t patch
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2188=1



Package List:

- SUSE OpenStack Cloud 7 (s390x x86_64):

kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1

- SUSE OpenStack Cloud 7 (x86_64):

kgraft-patch-4_4_121-92_95-default-1-3.4.1
lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

- SUSE OpenStack Cloud 7 (noarch):

kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1

- SUSE OpenStack Cloud 7 (s390x):

kernel-default-man-4.4.121-92.95.1

- SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):

kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1
kgraft-patch-4_4_121-92_95-default-1-3.4.1

- SUSE Linux Enterprise Server for SAP 12-SP2 (noarch):

kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1

- SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64):

lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

- SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):

kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1

- SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64):

kgraft-patch-4_4_121-92_95-default-1-3.4.1

- SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64):

lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

- SUSE Linux Enterprise Server 12-SP2-LTSS (noarch):

kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1

- SUSE Linux Enterprise Server 12-SP2-LTSS (s390x):

kernel-default-man-4.4.121-92.95.1

- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1
lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

- SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1

- SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):

cluster-md-kmp-default-4.4.121-92.95.1
cluster-md-kmp-default-debuginfo-4.4.121-92.95.1
cluster-network-kmp-default-4.4.121-92.95.1
cluster-network-kmp-default-debuginfo-4.4.121-92.95.1
dlm-kmp-default-4.4.121-92.95.1
dlm-kmp-default-debuginfo-4.4.121-92.95.1
gfs2-kmp-default-4.4.121-92.95.1
gfs2-kmp-default-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
ocfs2-kmp-default-4.4.121-92.95.1
ocfs2-kmp-default-debuginfo-4.4.121-92.95.1

- SUSE Enterprise Storage 4 (noarch):

kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1

- SUSE Enterprise Storage 4 (x86_64):

kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1
kgraft-patch-4_4_121-92_95-default-1-3.4.1
lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

- OpenStack Cloud Magnum Orchestration 7 (x86_64):

kernel-default-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1


References:

https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-10876.html
https://www.suse.com/security/cve/CVE-2018-10877.html
https://www.suse.com/security/cve/CVE-2018-10878.html
https://www.suse.com/security/cve/CVE-2018-10879.html
https://www.suse.com/security/cve/CVE-2018-10880.html
https://www.suse.com/security/cve/CVE-2018-10881.html
https://www.suse.com/security/cve/CVE-2018-10882.html
https://www.suse.com/security/cve/CVE-2018-10883.html
https://www.suse.com/security/cve/CVE-2018-10902.html
https://www.suse.com/security/cve/CVE-2018-10938.html
https://www.suse.com/security/cve/CVE-2018-10940.html
https://www.suse.com/security/cve/CVE-2018-12896.html
https://www.suse.com/security/cve/CVE-2018-13093.html
https://www.suse.com/security/cve/CVE-2018-13094.html
https://www.suse.com/security/cve/CVE-2018-13095.html
https://www.suse.com/security/cve/CVE-2018-14617.html
https://www.suse.com/security/cve/CVE-2018-14678.html
https://www.suse.com/security/cve/CVE-2018-15572.html
https://www.suse.com/security/cve/CVE-2018-15594.html
https://www.suse.com/security/cve/CVE-2018-16276.html
https://www.suse.com/security/cve/CVE-2018-16658.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://www.suse.com/security/cve/CVE-2018-6554.html
https://www.suse.com/security/cve/CVE-2018-6555.html
https://www.suse.com/security/cve/CVE-2018-7480.html
https://www.suse.com/security/cve/CVE-2018-7757.html
https://www.suse.com/security/cve/CVE-2018-9363.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1062604
https://bugzilla.suse.com/1064232
https://bugzilla.suse.com/1065364
https://bugzilla.suse.com/1082519
https://bugzilla.suse.com/1082863
https://bugzilla.suse.com/1084536
https://bugzilla.suse.com/1085042
https://bugzilla.suse.com/1088810
https://bugzilla.suse.com/1089066
https://bugzilla.suse.com/1092903
https://bugzilla.suse.com/1094466
https://bugzilla.suse.com/1095344
https://bugzilla.suse.com/1096547
https://bugzilla.suse.com/1097104
https://bugzilla.suse.com/1099597
https://bugzilla.suse.com/1099811
https://bugzilla.suse.com/1099813
https://bugzilla.suse.com/1099844
https://bugzilla.suse.com/1099845
https://bugzilla.suse.com/1099846
https://bugzilla.suse.com/1099849
https://bugzilla.suse.com/1099863
https://bugzilla.suse.com/1099864
https://bugzilla.suse.com/1099922
https://bugzilla.suse.com/1099993
https://bugzilla.suse.com/1099999
https://bugzilla.suse.com/1100000
https://bugzilla.suse.com/1100001
https://bugzilla.suse.com/1100152
https://bugzilla.suse.com/1102517
https://bugzilla.suse.com/1102715
https://bugzilla.suse.com/1102870
https://bugzilla.suse.com/1103445
https://bugzilla.suse.com/1104319
https://bugzilla.suse.com/1104495
https://bugzilla.suse.com/1105292
https://bugzilla.suse.com/1105296
https://bugzilla.suse.com/1105322
https://bugzilla.suse.com/1105348
https://bugzilla.suse.com/1105396
https://bugzilla.suse.com/1105536
https://bugzilla.suse.com/1106016
https://bugzilla.suse.com/1106095
https://bugzilla.suse.com/1106369
https://bugzilla.suse.com/1106509
https://bugzilla.suse.com/1106511
https://bugzilla.suse.com/1106512
https://bugzilla.suse.com/1106594
https://bugzilla.suse.com/1107689
https://bugzilla.suse.com/1107735
https://bugzilla.suse.com/1107966
https://bugzilla.suse.com/1108239
https://bugzilla.suse.com/1108399
https://bugzilla.suse.com/1109333

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung