   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1247-1
Rating:             important
References:         #1003077 #1015703 #1021256 #1021762 #1023377 
                    #1023762 #1023992 #1024938 #1025235 #1026024 
                    #1026722 #1026914 #1027066 #1027149 #1027178 
                    #1027189 #1027190 #1028415 #1028895 #1029986 
                    #1030118 #1030213 #1030901 #1031003 #1031052 
                    #1031440 #1031579 #1032344 #1033336 #914939 
                    #954763 #968697 #979215 #983212 #989056 
Cross-References:   CVE-2015-1350 CVE-2016-10044 CVE-2016-10200
                    CVE-2016-10208 CVE-2016-2117 CVE-2016-3070
                    CVE-2016-5243 CVE-2016-7117 CVE-2016-9588
                    CVE-2017-2671 CVE-2017-5669 CVE-2017-5897
                    CVE-2017-5970 CVE-2017-5986 CVE-2017-6074
                    CVE-2017-6214 CVE-2017-6345 CVE-2017-6346
                    CVE-2017-6348 CVE-2017-6353 CVE-2017-7187
                    CVE-2017-7261 CVE-2017-7294 CVE-2017-7308
                    CVE-2017-7616
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server 12-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that solves 25 vulnerabilities and has 10 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an
     incomplete set of requirements for setattr operations that
     underspecifies removing extended privilege attributes, which allowed
     local users to cause a denial of service (capability stripping) via a
     failed invocation of a system call, as demonstrated by using chown to
     remove a capability from the ping or Wireshark dumpcap program
     (bnc#914939).
   - CVE-2016-2117: The atl2_probe function in
     drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly
     enabled scatter/gather I/O, which allowed remote attackers to obtain
     sensitive information from kernel memory by reading packet data
     (bnc#968697).
   - CVE-2016-3070: The trace_writeback_dirty_page implementation in
     include/trace/events/writeback.h in the Linux kernel improperly
     interacted with mm/migrate.c, which allowed local users to cause a
     denial of service (NULL pointer dereference and system crash) or
     possibly have unspecified other impact by triggering a certain page move
     (bnc#979215).
   - CVE-2016-5243: The tipc_nl_compat_link_dump function in
     net/tipc/netlink_compat.c in the Linux kernel did not properly copy a
     certain string, which allowed local users to obtain sensitive
     information from kernel stack memory by reading a Netlink message
     (bnc#983212).
   - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
     function in net/socket.c in the Linux kernel allowed remote attackers to
     execute arbitrary code via vectors involving a recvmmsg system call that
     is mishandled during error processing (bnc#1003077).
   - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP
     and #OF exceptions, which allowed guest OS users to cause a denial of
     service (guest OS crash) by declining to handle an exception thrown by
     an L2 guest (bnc#1015703).
   - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel
     did not properly restrict execute access, which made it easier for local
     users to bypass intended SELinux W^X policy restrictions, and
     consequently gain privileges, via an io_setup system call (bnc#1023992).
   - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in
     the Linux kernel allowed local users to gain privileges or cause a
     denial of service (use-after-free) by making multiple bind system calls
     without properly ascertaining whether a socket has the SOCK_ZAPPED
     status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c
     (bnc#1028415).
   - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the
     Linux kernel did not properly validate meta block groups, which allowed
     physically proximate attackers to cause a denial of service
     (out-of-bounds read and system crash) via a crafted ext4 image
     (bnc#1023377).
   - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux
     kernel is too late in obtaining a certain lock and consequently cannot
     ensure that disconnect function calls are safe, which allowed local
     users to cause a denial of service (panic) by leveraging access to the
     protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).
   - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel
     did not restrict the address calculated by a certain rounding operation,
     which allowed local users to map page zero, and consequently bypass a
     protection mechanism that exists for the mmap system call, by making
     crafted shmget and shmat system calls in a privileged context
     (bnc#1026914).
   - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the
     Linux kernel allowed remote attackers to have unspecified impact via
     vectors involving GRE flags in an IPv6 packet, which trigger an
     out-of-bounds access (bnc#1023762).
   - CVE-2017-5970: The ipv4_pktinfo_prepare function in
     net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a
     denial of service (system crash) via (1) an application that made
     crafted system calls or possibly (2) IPv4 traffic with invalid IP
     options (bnc#1024938).
   - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in
     net/sctp/socket.c in the Linux kernel allowed local users to cause a
     denial of service (assertion failure and panic) via a multithreaded
     application that peels off an association in a certain buffer-full state
     (bnc#1025235).
   - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c
     in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures
     in the LISTEN state, which allowed local users to obtain root privileges
     or cause a denial of service (double free) via an application that made
     an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).
   - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the
     Linux kernel allowed remote attackers to cause a denial of service
     (infinite loop and soft lockup) via vectors involving a TCP packet with
     the URG flag (bnc#1026722).
   - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that
     a certain destructor exists in required circumstances, which allowed
     local users to cause a denial of service (BUG_ON) or possibly have
     unspecified other impact via crafted system calls (bnc#1027190).
   - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux
     kernel allowed local users to cause a denial of service (use-after-free)
     or possibly have unspecified other impact via a multithreaded
     application that made PACKET_FANOUT setsockopt system calls
     (bnc#1027189).
   - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the
     Linux kernel improperly managed lock dropping, which allowed local users     to cause a denial of service (deadlock) via crafted operations on IrDA
     devices (bnc#1027178).
   - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly
     restrict association peel-off operations during certain wait states,
     which allowed local users to cause a denial of service (invalid unlock
     and double free) via a multithreaded application.  NOTE: this
     vulnerability exists because of an incorrect fix for CVE-2017-5986
     (bnc#1027066).
   - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux
     kernel allowed local users to cause a denial of service (stack-based
     buffer overflow) or possibly have unspecified other impact via a large
     command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds
     write access in the sg_write function (bnc#1030213).
   - CVE-2017-7261: The vmw_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     check for a zero value of certain levels data, which allowed local users     to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and
     possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device
     (bnc#1031052).
   - CVE-2017-7294: The vmw_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     validate addition of certain levels data, which allowed local users to
     trigger an integer overflow and out-of-bounds write, and cause a denial
     of service (system hang or crash) or possibly gain privileges, via a
     crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).
   - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
     the Linux kernel did not properly validate certain block-size data,
     which allowed local users to cause a denial of service (overflow) or
     possibly have unspecified other impact via crafted system calls
     (bnc#1031579).
   - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind
     compat syscalls in mm/mempolicy.c in the Linux kernel allowed local
     users to obtain sensitive information from uninitialized stack data by
     triggering failure of a certain bitmap operation (bnc#1033336).

   The following non-security bugs were fixed:

   - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).
   - hwrng: virtio - ensure reads happen after successful probe (bsc#954763
     bsc#1032344).
   - kgr/module: make a taint flag module-specific (fate#313296).
   - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).
   - l2tp: fix lookup for sockets not bound to a device in l2tp_ip
     (bsc#1028415).
   - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()
     (bsc#1028415).
   - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()
     (bsc#1028415).
   - l2tp: hold tunnel socket when handling control frames in l2tp_ip and
     l2tp_ip6 (bsc#1028415).
   - l2tp: lock socket before checking flags in connect() (bsc#1028415).
   - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).
   - module: move add_taint_module() to a header file (fate#313296).
   - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149).
   - nfs: flush out dirty data on file fput() (bsc#1021762).
   - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).
   - powerpc: Reject binutils 2.24 when building little endian (boo#1028895).
   - revert "procfs: mark thread stack correctly in proc//maps"
     (bnc#1030901).
   - taint/module: Clean up global and module taint flags handling
     (fate#313296).
   - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).
   - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).
   - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2017-749=1

   - SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2017-749=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-749=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server for SAP 12 (x86_64):

      kernel-default-3.12.61-52.72.1
      kernel-default-base-3.12.61-52.72.1
      kernel-default-base-debuginfo-3.12.61-52.72.1
      kernel-default-debuginfo-3.12.61-52.72.1
      kernel-default-debugsource-3.12.61-52.72.1
      kernel-default-devel-3.12.61-52.72.1
      kernel-syms-3.12.61-52.72.1
      kernel-xen-3.12.61-52.72.1
      kernel-xen-base-3.12.61-52.72.1
      kernel-xen-base-debuginfo-3.12.61-52.72.1
      kernel-xen-debuginfo-3.12.61-52.72.1
      kernel-xen-debugsource-3.12.61-52.72.1
      kernel-xen-devel-3.12.61-52.72.1
      kgraft-patch-3_12_61-52_72-default-1-2.1
      kgraft-patch-3_12_61-52_72-xen-1-2.1

   - SUSE Linux Enterprise Server for SAP 12 (noarch):

      kernel-devel-3.12.61-52.72.1
      kernel-macros-3.12.61-52.72.1
      kernel-source-3.12.61-52.72.1

   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

      kernel-default-3.12.61-52.72.1
      kernel-default-base-3.12.61-52.72.1
      kernel-default-base-debuginfo-3.12.61-52.72.1
      kernel-default-debuginfo-3.12.61-52.72.1
      kernel-default-debugsource-3.12.61-52.72.1
      kernel-default-devel-3.12.61-52.72.1
      kernel-syms-3.12.61-52.72.1

   - SUSE Linux Enterprise Server 12-LTSS (noarch):

      kernel-devel-3.12.61-52.72.1
      kernel-macros-3.12.61-52.72.1
      kernel-source-3.12.61-52.72.1

   - SUSE Linux Enterprise Server 12-LTSS (x86_64):

      kernel-xen-3.12.61-52.72.1
      kernel-xen-base-3.12.61-52.72.1
      kernel-xen-base-debuginfo-3.12.61-52.72.1
      kernel-xen-debuginfo-3.12.61-52.72.1
      kernel-xen-debugsource-3.12.61-52.72.1
      kernel-xen-devel-3.12.61-52.72.1
      kgraft-patch-3_12_61-52_72-default-1-2.1
      kgraft-patch-3_12_61-52_72-xen-1-2.1

   - SUSE Linux Enterprise Server 12-LTSS (s390x):

      kernel-default-man-3.12.61-52.72.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.61-52.72.1
      kernel-ec2-debuginfo-3.12.61-52.72.1
      kernel-ec2-debugsource-3.12.61-52.72.1
      kernel-ec2-devel-3.12.61-52.72.1
      kernel-ec2-extra-3.12.61-52.72.1
      kernel-ec2-extra-debuginfo-3.12.61-52.72.1


References:

   https://www.suse.com/security/cve/CVE-2015-1350.html
   https://www.suse.com/security/cve/CVE-2016-10044.html
   https://www.suse.com/security/cve/CVE-2016-10200.html
   https://www.suse.com/security/cve/CVE-2016-10208.html
   https://www.suse.com/security/cve/CVE-2016-2117.html
   https://www.suse.com/security/cve/CVE-2016-3070.html
   https://www.suse.com/security/cve/CVE-2016-5243.html
   https://www.suse.com/security/cve/CVE-2016-7117.html
   https://www.suse.com/security/cve/CVE-2016-9588.html
   https://www.suse.com/security/cve/CVE-2017-2671.html
   https://www.suse.com/security/cve/CVE-2017-5669.html
   https://www.suse.com/security/cve/CVE-2017-5897.html
   https://www.suse.com/security/cve/CVE-2017-5970.html
   https://www.suse.com/security/cve/CVE-2017-5986.html
   https://www.suse.com/security/cve/CVE-2017-6074.html
   https://www.suse.com/security/cve/CVE-2017-6214.html
   https://www.suse.com/security/cve/CVE-2017-6345.html
   https://www.suse.com/security/cve/CVE-2017-6346.html
   https://www.suse.com/security/cve/CVE-2017-6348.html
   https://www.suse.com/security/cve/CVE-2017-6353.html
   https://www.suse.com/security/cve/CVE-2017-7187.html
   https://www.suse.com/security/cve/CVE-2017-7261.html
   https://www.suse.com/security/cve/CVE-2017-7294.html
   https://www.suse.com/security/cve/CVE-2017-7308.html
   https://www.suse.com/security/cve/CVE-2017-7616.html
   https://bugzilla.suse.com/1003077
   https://bugzilla.suse.com/1015703
   https://bugzilla.suse.com/1021256
   https://bugzilla.suse.com/1021762
   https://bugzilla.suse.com/1023377
   https://bugzilla.suse.com/1023762
   https://bugzilla.suse.com/1023992
   https://bugzilla.suse.com/1024938
   https://bugzilla.suse.com/1025235
   https://bugzilla.suse.com/1026024
   https://bugzilla.suse.com/1026722
   https://bugzilla.suse.com/1026914
   https://bugzilla.suse.com/1027066
   https://bugzilla.suse.com/1027149
   https://bugzilla.suse.com/1027178
   https://bugzilla.suse.com/1027189
   https://bugzilla.suse.com/1027190
   https://bugzilla.suse.com/1028415
   https://bugzilla.suse.com/1028895
   https://bugzilla.suse.com/1029986
   https://bugzilla.suse.com/1030118
   https://bugzilla.suse.com/1030213
   https://bugzilla.suse.com/1030901
   https://bugzilla.suse.com/1031003
   https://bugzilla.suse.com/1031052
   https://bugzilla.suse.com/1031440
   https://bugzilla.suse.com/1031579
   https://bugzilla.suse.com/1032344
   https://bugzilla.suse.com/1033336
   https://bugzilla.suse.com/914939
   https://bugzilla.suse.com/954763
   https://bugzilla.suse.com/968697
   https://bugzilla.suse.com/979215
   https://bugzilla.suse.com/983212
   https://bugzilla.suse.com/989056

SuSE: 2017:1247-1: important: the Linux Kernel

May 11, 2017

An update that solves 25 vulnerabilities and has 10 fixes An update that solves 25 vulnerabilities and has 10 fixes An update that solves 25 vulnerabilities and has 10 fixes is now...

Summary

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703). - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). The following non-security bugs were fixed: - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - hwrng: virtio - ensure reads happen after successful probe (bsc#954763 bsc#1032344). - kgr/module: make a taint flag module-specific (fate#313296). - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415). - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118). - module: move add_taint_module() to a header file (fate#313296). - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149). - nfs: flush out dirty data on file fput() (bsc#1021762). - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895). - powerpc: Reject binutils 2.24 when building little endian (boo#1028895). - revert "procfs: mark thread stack correctly in proc//maps" (bnc#1030901). - taint/module: Clean up global and module taint flags handling (fate#313296). - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-749=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-749=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-749=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.72.1 kernel-default-base-3.12.61-52.72.1 kernel-default-base-debuginfo-3.12.61-52.72.1 kernel-default-debuginfo-3.12.61-52.72.1 kernel-default-debugsource-3.12.61-52.72.1 kernel-default-devel-3.12.61-52.72.1 kernel-syms-3.12.61-52.72.1 kernel-xen-3.12.61-52.72.1 kernel-xen-base-3.12.61-52.72.1 kernel-xen-base-debuginfo-3.12.61-52.72.1 kernel-xen-debuginfo-3.12.61-52.72.1 kernel-xen-debugsource-3.12.61-52.72.1 kernel-xen-devel-3.12.61-52.72.1 kgraft-patch-3_12_61-52_72-default-1-2.1 kgraft-patch-3_12_61-52_72-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.72.1 kernel-macros-3.12.61-52.72.1 kernel-source-3.12.61-52.72.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.72.1 kernel-default-base-3.12.61-52.72.1 kernel-default-base-debuginfo-3.12.61-52.72.1 kernel-default-debuginfo-3.12.61-52.72.1 kernel-default-debugsource-3.12.61-52.72.1 kernel-default-devel-3.12.61-52.72.1 kernel-syms-3.12.61-52.72.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.72.1 kernel-macros-3.12.61-52.72.1 kernel-source-3.12.61-52.72.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.72.1 kernel-xen-base-3.12.61-52.72.1 kernel-xen-base-debuginfo-3.12.61-52.72.1 kernel-xen-debuginfo-3.12.61-52.72.1 kernel-xen-debugsource-3.12.61-52.72.1 kernel-xen-devel-3.12.61-52.72.1 kgraft-patch-3_12_61-52_72-default-1-2.1 kgraft-patch-3_12_61-52_72-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.72.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.72.1 kernel-ec2-debuginfo-3.12.61-52.72.1 kernel-ec2-debugsource-3.12.61-52.72.1 kernel-ec2-devel-3.12.61-52.72.1 kernel-ec2-extra-3.12.61-52.72.1 kernel-ec2-extra-debuginfo-3.12.61-52.72.1

References

#1003077 #1015703 #1021256 #1021762 #1023377

#1023762 #1023992 #1024938 #1025235 #1026024

#1026722 #1026914 #1027066 #1027149 #1027178

#1027189 #1027190 #1028415 #1028895 #1029986

#1030118 #1030213 #1030901 #1031003 #1031052

#1031440 #1031579 #1032344 #1033336 #914939

#954763 #968697 #979215 #983212 #989056

Cross- CVE-2015-1350 CVE-2016-10044 CVE-2016-10200

CVE-2016-10208 CVE-2016-2117 CVE-2016-3070

CVE-2016-5243 CVE-2016-7117 CVE-2016-9588

CVE-2017-2671 CVE-2017-5669 CVE-2017-5897

CVE-2017-5970 CVE-2017-5986 CVE-2017-6074

CVE-2017-6214 CVE-2017-6345 CVE-2017-6346

CVE-2017-6348 CVE-2017-6353 CVE-2017-7187

CVE-2017-7261 CVE-2017-7294 CVE-2017-7308

CVE-2017-7616

Affected Products:

SUSE Linux Enterprise Server for SAP 12

SUSE Linux Enterprise Server 12-LTSS

SUSE Linux Enterprise Module for Public Cloud 12

https://www.suse.com/security/cve/CVE-2015-1350.html

https://www.suse.com/security/cve/CVE-2016-10044.html

https://www.suse.com/security/cve/CVE-2016-10200.html

https://www.suse.com/security/cve/CVE-2016-10208.html

https://www.suse.com/security/cve/CVE-2016-2117.html

https://www.suse.com/security/cve/CVE-2016-3070.html

https://www.suse.com/security/cve/CVE-2016-5243.html

https://www.suse.com/security/cve/CVE-2016-7117.html

https://www.suse.com/security/cve/CVE-2016-9588.html

https://www.suse.com/security/cve/CVE-2017-2671.html

https://www.suse.com/security/cve/CVE-2017-5669.html

https://www.suse.com/security/cve/CVE-2017-5897.html

https://www.suse.com/security/cve/CVE-2017-5970.html

https://www.suse.com/security/cve/CVE-2017-5986.html

https://www.suse.com/security/cve/CVE-2017-6074.html

https://www.suse.com/security/cve/CVE-2017-6214.html

https://www.suse.com/security/cve/CVE-2017-6345.html

https://www.suse.com/security/cve/CVE-2017-6346.html

https://www.suse.com/security/cve/CVE-2017-6348.html

https://www.suse.com/security/cve/CVE-2017-6353.html

https://www.suse.com/security/cve/CVE-2017-7187.html

https://www.suse.com/security/cve/CVE-2017-7261.html

https://www.suse.com/security/cve/CVE-2017-7294.html

https://www.suse.com/security/cve/CVE-2017-7308.html

https://www.suse.com/security/cve/CVE-2017-7616.html

https://bugzilla.suse.com/1003077

https://bugzilla.suse.com/1015703

https://bugzilla.suse.com/1021256

https://bugzilla.suse.com/1021762

https://bugzilla.suse.com/1023377

https://bugzilla.suse.com/1023762

https://bugzilla.suse.com/1023992

https://bugzilla.suse.com/1024938

https://bugzilla.suse.com/1025235

https://bugzilla.suse.com/1026024

https://bugzilla.suse.com/1026722

https://bugzilla.suse.com/1026914

https://bugzilla.suse.com/1027066

https://bugzilla.suse.com/1027149

https://bugzilla.suse.com/1027178

https://bugzilla.suse.com/1027189

https://bugzilla.suse.com/1027190

https://bugzilla.suse.com/1028415

https://bugzilla.suse.com/1028895

https://bugzilla.suse.com/1029986

https://bugzilla.suse.com/1030118

https://bugzilla.suse.com/1030213

https://bugzilla.suse.com/1030901

https://bugzilla.suse.com/1031003

https://bugzilla.suse.com/1031052

https://bugzilla.suse.com/1031440

https://bugzilla.suse.com/1031579

https://bugzilla.suse.com/1032344

https://bugzilla.suse.com/1033336

https://bugzilla.suse.com/914939

https://bugzilla.suse.com/954763

https://bugzilla.suse.com/968697

https://bugzilla.suse.com/979215

https://bugzilla.suse.com/983212

https://bugzilla.suse.com/989056

Severity

Announcement ID: SUSE-SU-2017:1247-1

Rating: important

Get the Latest News & Insights

SuSE: 2017:1247-1: important: the Linux Kernel

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By