Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:0737-1
Rating: important
References: #1065600 #1163617 #1170442 #1176855 #1179082
#1179428 #1179660 #1180058 #1180262 #1180964
#1181671 #1181747 #1181753 #1181843 #1181854
#1182047 #1182130 #1182140 #1182175
Cross-References: CVE-2020-29368 CVE-2020-29374 CVE-2021-26930
CVE-2021-26931 CVE-2021-26932
CVSS scores:
CVE-2020-29368 (NVD) : 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-29368 (SUSE): 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-29374 (NVD) : 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-29374 (SUSE): 6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-26930 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-26930 (SUSE): 7.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-26931 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-26931 (SUSE): 6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-26932 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-26932 (SUSE): 5.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected Products:
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise High Performance Computing
15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing
15-SP1-ESPOS
SUSE Linux Enterprise High Availability 15-SP1
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that solves 5 vulnerabilities and has 14 fixes is
now available.

Description:

The SUSE Linux Enterprise 15 SP1 kernel was updated receive various
security and bugfixes.

The following security bugs were fixed:

- CVE-2021-26930: Fixed an improper error handling in blkback's grant
mapping (XSA-365 bsc#1181843).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant
mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant
mapping (XSA-361 bsc#1181747). by remote attackers to read or write
files via directory traversal in an XCOPY request (bsc#178372).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write
implementation which could have granted unintended write access because
of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).

The following non-security bugs were fixed:

- btrfs: Cleanup try_flush_qgroup (bsc#1182047).
- btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata
(bsc#1182047).
- btrfs: fix data bytes_may_use underflow with fallocate due to failed
quota reserve (bsc#1182130)
- btrfs: Free correct amount of space in
btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata
(bsc#1182047).
- btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata
(bsc#1182047).
- btrfs: Unlock extents in btrfs_zero_range in case of errors
(bsc#1182047).
- Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind()
(git-fixes).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist
(bsc#1182140). Fixes: 76a9256314c3 ("rpm/kernel-{source,binary}.spec:
do
not include ghost symlinks (boo#1179082).")
- libnvdimm/dimm: Avoid race between probe and available_slots_show()
(bsc#1170442).
- net: bcmgenet: add support for ethtool rxnfc flows (git-fixes).
- net: bcmgenet: code movement (git-fixes).
- net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes).
- net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).
- net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).
- net: bcmgenet: set Rx mode before starting netif (git-fixes).
- net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes).
- net: bcmgenet: Use correct I/O accessors (git-fixes).
- net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).
- net/mlx4_en: Handle TX error CQE (bsc#1181854).
- net: moxa: Fix a potential double 'free_irq()' (git-fixes).
- net: sun: fix missing release regions in cas_init_one() (git-fixes).
- nvme-multipath: Early exit if no path is available (bsc#1180964).
- rpm/post.sh: Avoid purge-kernel for the first installed kernel
(bsc#1180058)
- scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617).
- usb: dwc2: Abort transaction after errors with unknown reason
(bsc#1180262).
- usb: dwc2: Do not update data length if it is 0 on inbound transfers
(bsc#1180262).
- usb: dwc2: Make "trimming xfer length" a debug message
(bsc#1180262).
- vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).
- xen/netback: avoid race in xenvif_rx_ring_slots_available()
(bsc#1065600).
- xen/netback: fix spurious event detection for common event case
(bsc#1182175).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Manager Server 4.0:

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-737=1

- SUSE Manager Retail Branch Server 4.0:

zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-737=1

- SUSE Manager Proxy 4.0:

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-737=1

- SUSE Linux Enterprise Server for SAP 15-SP1:

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-737=1

- SUSE Linux Enterprise Server 15-SP1-LTSS:

zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-737=1

- SUSE Linux Enterprise Server 15-SP1-BCL:

zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-737=1

- SUSE Linux Enterprise Module for Live Patching 15-SP1:

zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-737=1

- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-737=1

- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-737=1

- SUSE Linux Enterprise High Availability 15-SP1:

zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-737=1

- SUSE Enterprise Storage 6:

zypper in -t patch SUSE-Storage-6-2021-737=1

- SUSE CaaS Platform 4.0:

To install this update, use the SUSE CaaS Platform 'skuba' tool.
It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.

Package List:

- SUSE Manager Server 4.0 (ppc64le s390x x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1
reiserfs-kmp-default-4.12.14-197.86.1
reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

- SUSE Manager Server 4.0 (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE Manager Server 4.0 (s390x):

kernel-default-man-4.12.14-197.86.1
kernel-zfcpdump-debuginfo-4.12.14-197.86.1
kernel-zfcpdump-debugsource-4.12.14-197.86.1

- SUSE Manager Retail Branch Server 4.0 (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE Manager Retail Branch Server 4.0 (x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1
reiserfs-kmp-default-4.12.14-197.86.1
reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

- SUSE Manager Proxy 4.0 (x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1
reiserfs-kmp-default-4.12.14-197.86.1
reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

- SUSE Manager Proxy 4.0 (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1
reiserfs-kmp-default-4.12.14-197.86.1
reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1
reiserfs-kmp-default-4.12.14-197.86.1
reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):

kernel-default-man-4.12.14-197.86.1
kernel-zfcpdump-debuginfo-4.12.14-197.86.1
kernel-zfcpdump-debugsource-4.12.14-197.86.1

- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1
reiserfs-kmp-default-4.12.14-197.86.1
reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):

kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-livepatch-4.12.14-197.86.1
kernel-default-livepatch-devel-4.12.14-197.86.1
kernel-livepatch-4_12_14-197_86-default-1-3.3.1

- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1

- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1

- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x
x86_64):

cluster-md-kmp-default-4.12.14-197.86.1
cluster-md-kmp-default-debuginfo-4.12.14-197.86.1
dlm-kmp-default-4.12.14-197.86.1
dlm-kmp-default-debuginfo-4.12.14-197.86.1
gfs2-kmp-default-4.12.14-197.86.1
gfs2-kmp-default-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
ocfs2-kmp-default-4.12.14-197.86.1
ocfs2-kmp-default-debuginfo-4.12.14-197.86.1

- SUSE Enterprise Storage 6 (aarch64 x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1
reiserfs-kmp-default-4.12.14-197.86.1
reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

- SUSE Enterprise Storage 6 (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE CaaS Platform 4.0 (noarch):

kernel-devel-4.12.14-197.86.1
kernel-docs-4.12.14-197.86.1
kernel-macros-4.12.14-197.86.1
kernel-source-4.12.14-197.86.1

- SUSE CaaS Platform 4.0 (x86_64):

kernel-default-4.12.14-197.86.1
kernel-default-base-4.12.14-197.86.1
kernel-default-base-debuginfo-4.12.14-197.86.1
kernel-default-debuginfo-4.12.14-197.86.1
kernel-default-debugsource-4.12.14-197.86.1
kernel-default-devel-4.12.14-197.86.1
kernel-default-devel-debuginfo-4.12.14-197.86.1
kernel-obs-build-4.12.14-197.86.1
kernel-obs-build-debugsource-4.12.14-197.86.1
kernel-syms-4.12.14-197.86.1
reiserfs-kmp-default-4.12.14-197.86.1
reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

References:

https://www.suse.com/security/cve/CVE-2020-29368.html
https://www.suse.com/security/cve/CVE-2020-29374.html
https://www.suse.com/security/cve/CVE-2021-26930.html
https://www.suse.com/security/cve/CVE-2021-26931.html
https://www.suse.com/security/cve/CVE-2021-26932.html
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1163617
https://bugzilla.suse.com/1170442
https://bugzilla.suse.com/1176855
https://bugzilla.suse.com/1179082
https://bugzilla.suse.com/1179428
https://bugzilla.suse.com/1179660
https://bugzilla.suse.com/1180058
https://bugzilla.suse.com/1180262
https://bugzilla.suse.com/1180964
https://bugzilla.suse.com/1181671
https://bugzilla.suse.com/1181747
https://bugzilla.suse.com/1181753
https://bugzilla.suse.com/1181843
https://bugzilla.suse.com/1181854
https://bugzilla.suse.com/1182047
https://bugzilla.suse.com/1182130
https://bugzilla.suse.com/1182140
https://bugzilla.suse.com/1182175