Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

openSUSE Leap 42.3: 2018:0022-1 Critical: Mitigations for Kernel Attacks

opensuse
Calendar Grey January 5, 2018
Dist Opensuse Esm H88
Essential patch released for Fedora tackling numerous kernel flaws and enhancing overall system integrity.
An update that solves 5 vulnerabilities and has 35 fixes is An update that solves 5 vulnerabilities and has 35 fixes is An update that solves 5 vulnerabilities and has 35 fixes is ...

Description

The openSUSE Leap 42.3 kernel was updated to 4.4.104 to receive various

security and bugfixes.

This update adds mitigations for various side channel attacks against

modern CPUs that could disclose content of otherwise unreadable memory

(bnc#1068032).

- CVE-2017-5753 / "SpectreAttack": Local attackers on systems with modern

CPUs featuring deep instruction pipelining could use attacker

controllable speculative execution over code patterns in the Linux

Kernel to leak content from otherwise not readable memory in the same

address space, allowing retrieval of passwords, cryptographic keys and

other secrets.

This problem is mitigated by adding speculative fencing on affected code

paths throughout the Linux kernel.

- CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern

CPUs featuring branch prediction could use mispredicted branches to

speculatively execute code patterns that in turn could be made to...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-2=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.104-39.1

kernel-docs-4.4.104-39.1

kernel-docs-html-4.4.104-39.1

kernel-docs-pdf-4.4.104-39.1

kernel-macros-4.4.104-39.1

kernel-source-4.4.104-39.1

kernel-source-vanilla-4.4.104-39.1

- openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.104-39.1

kernel-debug-base-4.4.104-39.1

kernel-debug-base-debuginfo-4.4.104-39.1

kernel-debug-debuginfo-4.4.104-39.1

kernel-debug-debugsource-4.4.104-39.1

kernel-debug-devel-4.4.104-39.1

kernel-debug-devel-debuginfo-4.4.104-39.1

kernel-default-4.4.104-39.1

kernel-default-base-4.4.104-39.1

kernel-default-base-debuginfo-4.4.104-39.1

kernel-default-debuginfo-4.4.104-39.1

kernel-default-debugsource-4.4.104-39.1

kernel-default-devel-4.4.104-39.1

kernel-obs-build-4.4.104-39.1

kernel-obs-build-debugsource-4.4.104-39.1

kernel-obs-qa-4.4.104-39.1

kernel-syms-4.4.104-39.1

kernel-vanilla-4.4.104-39.1

kernel-vanilla-base-4.4.104-39.1

kernel-vanilla-base-debuginfo-4.4.104-39.1

kernel-vanilla-debuginfo-4.4.104-39.1

kernel-vanilla-debugsource-4.4.104-39.1

ke...

Read the Full Advisory

References

tag.

- nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951).

- nvme-fabrics: introduce init command check for a queue that is not alive

(bsc#1072890).

- nvme-fc: check if queue is ready in queue_rq (bsc#1072890).

- nvme-fc: do not use bit masks for set/test_bit() numbers (bsc#1072890).

- nvme-loop: check if queue is ready in queue_rq (bsc#1072890).

- nvmet-fc: cleanup nvmet add_port/remove_port (bsc#1072890).

- nvmet_fc: correct broken add_port (bsc#1072890).

- p54: prevent speculative execution (bnc#1068032).

- powerpc/barrier: add gmb.

- powerpc: Secure memory rfi flush (bsc#1068032).

- ptrace: Add a new thread access check (bsc#1068032).

- qla2xxx: prevent speculative execution (bnc#1068032).

- Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382).

- Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi).

- Revert "netlink: add a start callback for starting a netlink dump"

(kabi).

- s390: add ppa to system call and program check path (bsc#1068032).

- s390: introduce CPU...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:0022-1
Rating: important
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.