Explore top 10 tips to secure your open-source projects now. Read More
×
The openSUSE Leap 42.3 kernel was updated to 4.4.104 to receive various
security and bugfixes.
This update adds mitigations for various side channel attacks against
modern CPUs that could disclose content of otherwise unreadable memory
(bnc#1068032).
- CVE-2017-5753 / "SpectreAttack": Local attackers on systems with modern
CPUs featuring deep instruction pipelining could use attacker
controllable speculative execution over code patterns in the Linux
Kernel to leak content from otherwise not readable memory in the same
address space, allowing retrieval of passwords, cryptographic keys and
other secrets.
This problem is mitigated by adding speculative fencing on affected code
paths throughout the Linux kernel.
- CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern
CPUs featuring branch prediction could use mispredicted branches to
speculatively execute code patterns that in turn could be made to...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-2=1
To bring your system up-to-date, use "zypper patch".
- openSUSE Leap 42.3 (noarch):
kernel-devel-4.4.104-39.1
kernel-docs-4.4.104-39.1
kernel-docs-html-4.4.104-39.1
kernel-docs-pdf-4.4.104-39.1
kernel-macros-4.4.104-39.1
kernel-source-4.4.104-39.1
kernel-source-vanilla-4.4.104-39.1
- openSUSE Leap 42.3 (x86_64):
kernel-debug-4.4.104-39.1
kernel-debug-base-4.4.104-39.1
kernel-debug-base-debuginfo-4.4.104-39.1
kernel-debug-debuginfo-4.4.104-39.1
kernel-debug-debugsource-4.4.104-39.1
kernel-debug-devel-4.4.104-39.1
kernel-debug-devel-debuginfo-4.4.104-39.1
kernel-default-4.4.104-39.1
kernel-default-base-4.4.104-39.1
kernel-default-base-debuginfo-4.4.104-39.1
kernel-default-debuginfo-4.4.104-39.1
kernel-default-debugsource-4.4.104-39.1
kernel-default-devel-4.4.104-39.1
kernel-obs-build-4.4.104-39.1
kernel-obs-build-debugsource-4.4.104-39.1
kernel-obs-qa-4.4.104-39.1
kernel-syms-4.4.104-39.1
kernel-vanilla-4.4.104-39.1
kernel-vanilla-base-4.4.104-39.1
kernel-vanilla-base-debuginfo-4.4.104-39.1
kernel-vanilla-debuginfo-4.4.104-39.1
kernel-vanilla-debugsource-4.4.104-39.1
ke...
Read the Full Advisorytag.
- nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951).
- nvme-fabrics: introduce init command check for a queue that is not alive
(bsc#1072890).
- nvme-fc: check if queue is ready in queue_rq (bsc#1072890).
- nvme-fc: do not use bit masks for set/test_bit() numbers (bsc#1072890).
- nvme-loop: check if queue is ready in queue_rq (bsc#1072890).
- nvmet-fc: cleanup nvmet add_port/remove_port (bsc#1072890).
- nvmet_fc: correct broken add_port (bsc#1072890).
- p54: prevent speculative execution (bnc#1068032).
- powerpc/barrier: add gmb.
- powerpc: Secure memory rfi flush (bsc#1068032).
- ptrace: Add a new thread access check (bsc#1068032).
- qla2xxx: prevent speculative execution (bnc#1068032).
- Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382).
- Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi).
- Revert "netlink: add a start callback for starting a netlink dump"
(kabi).
- s390: add ppa to system call and program check path (bsc#1068032).
- s390: introduce CPU...
Read the Full AdvisoryGet the latest Linux and open source security news straight to your inbox.