Sicherheit: Mehrere Probleme in Linux - Pro-Linux

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1855-2
Rating:             important
References:         #1068032 #1079152 #1082962 #1083650 #1083900 
                    #1085185 #1086400 #1087007 #1087012 #1087036 
                    #1087086 #1087095 #1089895 #1090534 #1090955 
                    #1092497 #1092552 #1092813 #1092904 #1094033 
                    #1094353 #1094823 #1095042 #1096140 #1096242 
                    #1096281 #1096728 #1097356 #973378 
Cross-References:   CVE-2017-13305 CVE-2017-18241 CVE-2017-18249
                    CVE-2018-1000199 CVE-2018-1000204 CVE-2018-1065
                    CVE-2018-1092 CVE-2018-1093 CVE-2018-1094
                    CVE-2018-1130 CVE-2018-3665 CVE-2018-5803
                    CVE-2018-5848 CVE-2018-7492
Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 15 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-5848: In the function wmi_set_ie(), the length validation code
     did not handle unsigned integer overflow properly. As a result, a large
     value of the 'ie_len' argument could have caused a buffer overflow
     (bnc#1097356)
   - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the
     SG_IO ioctl (bsc#1096728).
   - CVE-2017-18249: The add_free_nid function did not properly track an
     allocated nid, which allowed local users to cause a denial of service
     (race condition) or possibly have unspecified other impact via
     concurrent threads (bnc#1087036)
   - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and
     AVX registers) between processes. These registers might contain
     encryption keys when doing SSE accelerated AES enc/decryption
     (bsc#1087086)
   - CVE-2017-18241: Prevent a NULL pointer dereference by using a
     noflush_merge
     option that triggers a NULL value for a flush_cmd_control data structure
      (bnc#1086400)
   - CVE-2017-13305: Prevent information disclosure vulnerability in
     encrypted-keys (bsc#1094353).
   - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to
     cause a denial of service (out-of-bounds read and system crash) via a
     crafted ext4 image because balloc.c and ialloc.c did not validate bitmap
     block numbers (bsc#1087095).
   - CVE-2018-1094: The ext4_fill_super function did not always initialize
     the crc32c checksum driver, which allowed attackers to cause a denial of
     service (ext4_xattr_inode_hash NULL pointer dereference and system
     crash) via a crafted ext4 image (bsc#1087007).
   - CVE-2018-1092: The ext4_iget function mishandled the case of a root
     directory with a zero i_links_count, which allowed attackers to cause a
     denial of service (ext4_process_freed_data NULL pointer dereference and
     OOPS) via a crafted ext4 image (bsc#1087012).
   - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function
     that allowed a local user to cause a denial of service by a number of
     certain crafted system calls (bsc#1092904).
   - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule
     blob that contains a jump but lacks a user-defined chain, which allowed
     local users to cause a denial of service (NULL pointer dereference) by
     leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650).
   - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function
 when
     handling SCTP packets length that could have been exploited to cause a
     kernel crash (bnc#1083900).
   - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c
     __rds_rdma_map() function that allowed local attackers to cause a system
     panic and a denial-of-service, related to RDS_GET_MR and
     RDS_GET_MR_FOR_DEST (bsc#1082962).
   - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint()
     that could have caused a crash and possibly memory corruption
     (bsc#1089895).

   The following non-security bugs were fixed:

   - ALSA: timer: Fix pause event notification (bsc#973378).
   - Fix excessive newline in /proc/*/status (bsc#1094823).
   - Fix the patch content (bsc#1085185)
   - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure
     (bsc#1096242, bsc#1096281).
   - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts
 commit
     e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
   - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552).
   - ipv6: omit traffic class when calculating flow hash (bsc#1095042).
   - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread
     (bsc#1094033).
   - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
     (bsc#1079152, VM Functionality).
   - x86/boot: Fix early command-line parsing when partial word matches
     (bsc#1096140).
   - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281).
   - x86/bugs: Respect retpoline command line option (bsc#1068032).
   - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
   - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being
     disabled (bsc#1096140).
   - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
   - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955,
     bsc#1090534).
   - xfs: detect agfl count corruption and reset agfl (bsc#1090955,
     bsc#1090534).
   - xfs: do not log/recover swapext extent owner changes for deleted inodes
     (bsc#1090955).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation
 methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1251=1

Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      kernel-default-4.4.121-92.85.1
      kernel-default-base-4.4.121-92.85.1
      kernel-default-base-debuginfo-4.4.121-92.85.1
      kernel-default-debuginfo-4.4.121-92.85.1
      kernel-default-debugsource-4.4.121-92.85.1
      kernel-default-devel-4.4.121-92.85.1
      kernel-syms-4.4.121-92.85.1
      kgraft-patch-4_4_121-92_85-default-1-3.5.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      kernel-devel-4.4.121-92.85.1
      kernel-macros-4.4.121-92.85.1
      kernel-source-4.4.121-92.85.1

References:

   https://www.suse.com/security/cve/CVE-2017-13305.html
   https://www.suse.com/security/cve/CVE-2017-18241.html
   https://www.suse.com/security/cve/CVE-2017-18249.html
   https://www.suse.com/security/cve/CVE-2018-1000199.html
   https://www.suse.com/security/cve/CVE-2018-1000204.html
   https://www.suse.com/security/cve/CVE-2018-1065.html
   https://www.suse.com/security/cve/CVE-2018-1092.html
   https://www.suse.com/security/cve/CVE-2018-1093.html
   https://www.suse.com/security/cve/CVE-2018-1094.html
   https://www.suse.com/security/cve/CVE-2018-1130.html
   https://www.suse.com/security/cve/CVE-2018-3665.html
   https://www.suse.com/security/cve/CVE-2018-5803.html
   https://www.suse.com/security/cve/CVE-2018-5848.html
   https://www.suse.com/security/cve/CVE-2018-7492.html
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1079152
   https://bugzilla.suse.com/1082962
   https://bugzilla.suse.com/1083650
   https://bugzilla.suse.com/1083900
   https://bugzilla.suse.com/1085185
   https://bugzilla.suse.com/1086400
   https://bugzilla.suse.com/1087007
   https://bugzilla.suse.com/1087012
   https://bugzilla.suse.com/1087036
   https://bugzilla.suse.com/1087086
   https://bugzilla.suse.com/1087095
   https://bugzilla.suse.com/1089895
   https://bugzilla.suse.com/1090534
   https://bugzilla.suse.com/1090955
   https://bugzilla.suse.com/1092497
   https://bugzilla.suse.com/1092552
   https://bugzilla.suse.com/1092813
   https://bugzilla.suse.com/1092904
   https://bugzilla.suse.com/1094033
   https://bugzilla.suse.com/1094353
   https://bugzilla.suse.com/1094823
   https://bugzilla.suse.com/1095042
   https://bugzilla.suse.com/1096140
   https://bugzilla.suse.com/1096242
   https://bugzilla.suse.com/1096281
   https://bugzilla.suse.com/1096728
   https://bugzilla.suse.com/1097356
   https://bugzilla.suse.com/973378

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates