openSUSE 42.3: 2018:0408-1 Important Kernel Security Fix
opensuse
February 9, 2018
An update that solves 9 vulnerabilities and has 70 fixes is now available.
Description
The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5715: Systems with microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized
disclosure
of information to an attacker with local user access via a side-channel
analysis (bnc#1068032).
The previous fix using CPU Microcode has been complemented by building
the Linux Kernel with return trampolines aka "retpolines".
- CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in
net/rds/rdma.c mishandled cases where page pinning fails or an invalid
address is supplied, leading to an rds_atomic_free_op NULL pointer
dereference (bnc#1075617).
- CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function
did not validate a value that is used during DMA page allocation,
leading to a heap-based out-of-bounds...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-153=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.3 (x86_64):
kernel-debug-4.4.114-42.1
kernel-debug-base-4.4.114-42.1
kernel-debug-base-debuginfo-4.4.114-42.1
kernel-debug-debuginfo-4.4.114-42.1
kernel-debug-debugsource-4.4.114-42.1
kernel-debug-devel-4.4.114-42.1
kernel-debug-devel-debuginfo-4.4.114-42.1
kernel-default-4.4.114-42.1
kernel-default-base-4.4.114-42.1
kernel-default-base-debuginfo-4.4.114-42.1
kernel-default-debuginfo-4.4.114-42.1
kernel-default-debugsource-4.4.114-42.1
kernel-default-devel-4.4.114-42.1
kernel-obs-build-4.4.114-42.1
kernel-obs-build-debugsource-4.4.114-42.1
kernel-obs-qa-4.4.114-42.1
kernel-syms-4.4.114-42.1
kernel-vanilla-4.4.114-42.1
kernel-vanilla-base-4.4.114-42.1
kernel-vanilla-base-debuginfo-4.4.114-42.1
kernel-vanilla-debuginfo-4.4.114-42.1
kernel-vanilla-debugsource-4.4.114-42.1
kernel-vanilla-devel-4.4.114-42.1
kselftests-kmp-debug-4.4.114-42.1
kselftests-kmp-debug-debuginfo-4.4.114-42.1
kselftests-kmp-default-4.4.114-42.1
kselftests-kmp-default-debuginfo-4.4.114-42.1
kselftests-kmp-vanilla-4.4.114-42.1...
Read the Full AdvisoryReferences
bsc#1076232 This causes undefined instruction abort on the smc call from
guest kernel. Disable until kvm is fixed.
- arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
(bsc#1068032).
- arm64: Turn on KPTI only on CPUs that need it (bsc#1076187).
- arm64: use alternative auto-nop (bsc#1068032).
- arm64: use RET instruction for exiting the trampoline (bsc#1068032).
- arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032).
- arm/arm64: KVM: Make default HYP mappings non-excutable (bsc#1068032).
- arm: avoid faulting on qemu (bnc#1012382).
- arm: BUG if jumping to usermode address in kernel mode (bnc#1012382).
- arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382).
- arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed
memory (bnc#1012382).
- arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382).
- arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
(bnc#1012382).
- arm: dts: ti: fix PCI bus dtc warnings...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2018:0408-1
Rating: important
Affected Products:
openSUSE Leap 42.3
le.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!