SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1220-1
Rating:             important
References:         #1076537 #1082299 #1083125 #1083242 #1083275 
                    #1084536 #1085279 #1085331 #1086162 #1086194 
                    #1087088 #1087260 #1088147 #1088260 #1088261 
                    #1089608 #1089752 #1090643 
Cross-References:   CVE-2017-0861 CVE-2017-11089 CVE-2017-13220
                    CVE-2017-18203 CVE-2018-10087 CVE-2018-10124
                    CVE-2018-1087 CVE-2018-7757 CVE-2018-8781
                    CVE-2018-8822 CVE-2018-8897
Affected Products:
                    SUSE OpenStack Cloud 6
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server 12-SP1-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 7 fixes is
   now available.

Description:



   The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to
     potentially escalate their privileges inside a guest. (bsc#1087088)
   - CVE-2018-8897: An unprivileged system user could use incorrect set up
     interrupt stacks to crash the Linux kernel resulting in DoS issue.
     (bsc#1087088)
   - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c
     had an integer-overflow vulnerability allowing local users with access
     to the udldrmfb driver to obtain full read and write permissions on
     kernel physical pages, resulting in a code execution in kernel space
     (bnc#1090643).
   - CVE-2018-10124: The kill_something_info function in kernel/signal.c
     might allow local users to cause a denial of service via an INT_MIN
     argument (bnc#1089752).
   - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c in might
     allow local users to cause a denial of service by triggering an
     attempted use of the -INT_MIN value (bnc#1089608).
   - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
     drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
     of service (memory consumption) via many read accesses to files in the
     /sys/class/sas_phy directory, as demonstrated by the
     /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).
   - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream
     kernel bluez was fixed. (bnc#1076537).
   - CVE-2017-11089: A buffer overread is observed in nl80211_set_station
     when user space application sends attribute
     NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes
     (bnc#1088261).
   - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function
     in the ALSA subsystem allowed attackers to gain privileges via
     unspecified vectors (bnc#1088260).
   - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel
     function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious
     NCPFS servers to crash the kernel or execute code (bnc#1086162).
   - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c
     allowed local users to cause a denial of service (BUG) by leveraging a
     race condition with __dm_destroy during creation and removal of DM
     devices (bnc#1083242).

   The following non-security bugs were fixed:

   - Integrate fixes resulting from bsc#1088147 More info in the respective
     commit messages.
   - kabi: x86/kaiser: properly align trampoline stack (bsc#1087260).
   - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194).
   - kGraft: fix small race in reversion code (bsc#1083125).
   - kabi/severities: Ignore kgr_shadow_* kABI changes
   - kvm/x86: fix icebp instruction handling (bsc#1087088).
   - livepatch: Allow to call a custom callback when freeing shadow variables
     (bsc#1082299 fate#313296).
   - livepatch: Initialize shadow variables safely by a custom callback
     (bsc#1082299 fate#313296).
   - usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275).
   - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
   - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279).
   - x86/kaiser: properly align trampoline stack (bsc#1087260).
   - x86/retpoline: do not perform thunk calls in ring3 vsyscall code
     (bsc#1085331).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2018-845=1

   - SUSE Linux Enterprise Server for SAP 12-SP1:

      zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-845=1

   - SUSE Linux Enterprise Server 12-SP1-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-845=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-845=1



Package List:

   - SUSE OpenStack Cloud 6 (x86_64):

      kernel-default-3.12.74-60.64.88.1
      kernel-default-base-3.12.74-60.64.88.1
      kernel-default-base-debuginfo-3.12.74-60.64.88.1
      kernel-default-debuginfo-3.12.74-60.64.88.1
      kernel-default-debugsource-3.12.74-60.64.88.1
      kernel-default-devel-3.12.74-60.64.88.1
      kernel-syms-3.12.74-60.64.88.1
      kernel-xen-3.12.74-60.64.88.1
      kernel-xen-base-3.12.74-60.64.88.1
      kernel-xen-base-debuginfo-3.12.74-60.64.88.1
      kernel-xen-debuginfo-3.12.74-60.64.88.1
      kernel-xen-debugsource-3.12.74-60.64.88.1
      kernel-xen-devel-3.12.74-60.64.88.1
      kgraft-patch-3_12_74-60_64_88-default-1-2.3.1
      kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1

   - SUSE OpenStack Cloud 6 (noarch):

      kernel-devel-3.12.74-60.64.88.1
      kernel-macros-3.12.74-60.64.88.1
      kernel-source-3.12.74-60.64.88.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

      kernel-default-3.12.74-60.64.88.1
      kernel-default-base-3.12.74-60.64.88.1
      kernel-default-base-debuginfo-3.12.74-60.64.88.1
      kernel-default-debuginfo-3.12.74-60.64.88.1
      kernel-default-debugsource-3.12.74-60.64.88.1
      kernel-default-devel-3.12.74-60.64.88.1
      kernel-syms-3.12.74-60.64.88.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):

      kernel-devel-3.12.74-60.64.88.1
      kernel-macros-3.12.74-60.64.88.1
      kernel-source-3.12.74-60.64.88.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

      kernel-xen-3.12.74-60.64.88.1
      kernel-xen-base-3.12.74-60.64.88.1
      kernel-xen-base-debuginfo-3.12.74-60.64.88.1
      kernel-xen-debuginfo-3.12.74-60.64.88.1
      kernel-xen-debugsource-3.12.74-60.64.88.1
      kernel-xen-devel-3.12.74-60.64.88.1
      kgraft-patch-3_12_74-60_64_88-default-1-2.3.1
      kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

      kernel-default-3.12.74-60.64.88.1
      kernel-default-base-3.12.74-60.64.88.1
      kernel-default-base-debuginfo-3.12.74-60.64.88.1
      kernel-default-debuginfo-3.12.74-60.64.88.1
      kernel-default-debugsource-3.12.74-60.64.88.1
      kernel-default-devel-3.12.74-60.64.88.1
      kernel-syms-3.12.74-60.64.88.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

      kernel-xen-3.12.74-60.64.88.1
      kernel-xen-base-3.12.74-60.64.88.1
      kernel-xen-base-debuginfo-3.12.74-60.64.88.1
      kernel-xen-debuginfo-3.12.74-60.64.88.1
      kernel-xen-debugsource-3.12.74-60.64.88.1
      kernel-xen-devel-3.12.74-60.64.88.1
      kgraft-patch-3_12_74-60_64_88-default-1-2.3.1
      kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):

      kernel-devel-3.12.74-60.64.88.1
      kernel-macros-3.12.74-60.64.88.1
      kernel-source-3.12.74-60.64.88.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x):

      kernel-default-man-3.12.74-60.64.88.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.74-60.64.88.1
      kernel-ec2-debuginfo-3.12.74-60.64.88.1
      kernel-ec2-debugsource-3.12.74-60.64.88.1
      kernel-ec2-devel-3.12.74-60.64.88.1
      kernel-ec2-extra-3.12.74-60.64.88.1
      kernel-ec2-extra-debuginfo-3.12.74-60.64.88.1


References:

   https://www.suse.com/security/cve/CVE-2017-0861.html
   https://www.suse.com/security/cve/CVE-2017-11089.html
   https://www.suse.com/security/cve/CVE-2017-13220.html
   https://www.suse.com/security/cve/CVE-2017-18203.html
   https://www.suse.com/security/cve/CVE-2018-10087.html
   https://www.suse.com/security/cve/CVE-2018-10124.html
   https://www.suse.com/security/cve/CVE-2018-1087.html
   https://www.suse.com/security/cve/CVE-2018-7757.html
   https://www.suse.com/security/cve/CVE-2018-8781.html
   https://www.suse.com/security/cve/CVE-2018-8822.html
   https://www.suse.com/security/cve/CVE-2018-8897.html
   https://bugzilla.suse.com/1076537
   https://bugzilla.suse.com/1082299
   https://bugzilla.suse.com/1083125
   https://bugzilla.suse.com/1083242
   https://bugzilla.suse.com/1083275
   https://bugzilla.suse.com/1084536
   https://bugzilla.suse.com/1085279
   https://bugzilla.suse.com/1085331
   https://bugzilla.suse.com/1086162
   https://bugzilla.suse.com/1086194
   https://bugzilla.suse.com/1087088
   https://bugzilla.suse.com/1087260
   https://bugzilla.suse.com/1088147
   https://bugzilla.suse.com/1088260
   https://bugzilla.suse.com/1088261
   https://bugzilla.suse.com/1089608
   https://bugzilla.suse.com/1089752
   https://bugzilla.suse.com/1090643

--

SUSE: 2018:1220-1: important: the Linux Kernel

May 11, 2018
An update that solves 11 vulnerabilities and has 7 fixes is now available.

Summary

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c in might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537). - CVE-2017-11089: A buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). The following non-security bugs were fixed: - Integrate fixes resulting from bsc#1088147 More info in the respective commit messages. - kabi: x86/kaiser: properly align trampoline stack (bsc#1087260). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bsc#1087088). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-845=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-845=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-845=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-845=1 Package List: - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.88.1 kernel-default-base-3.12.74-60.64.88.1 kernel-default-base-debuginfo-3.12.74-60.64.88.1 kernel-default-debuginfo-3.12.74-60.64.88.1 kernel-default-debugsource-3.12.74-60.64.88.1 kernel-default-devel-3.12.74-60.64.88.1 kernel-syms-3.12.74-60.64.88.1 kernel-xen-3.12.74-60.64.88.1 kernel-xen-base-3.12.74-60.64.88.1 kernel-xen-base-debuginfo-3.12.74-60.64.88.1 kernel-xen-debuginfo-3.12.74-60.64.88.1 kernel-xen-debugsource-3.12.74-60.64.88.1 kernel-xen-devel-3.12.74-60.64.88.1 kgraft-patch-3_12_74-60_64_88-default-1-2.3.1 kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1 - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.88.1 kernel-macros-3.12.74-60.64.88.1 kernel-source-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.88.1 kernel-default-base-3.12.74-60.64.88.1 kernel-default-base-debuginfo-3.12.74-60.64.88.1 kernel-default-debuginfo-3.12.74-60.64.88.1 kernel-default-debugsource-3.12.74-60.64.88.1 kernel-default-devel-3.12.74-60.64.88.1 kernel-syms-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.88.1 kernel-macros-3.12.74-60.64.88.1 kernel-source-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.88.1 kernel-xen-base-3.12.74-60.64.88.1 kernel-xen-base-debuginfo-3.12.74-60.64.88.1 kernel-xen-debuginfo-3.12.74-60.64.88.1 kernel-xen-debugsource-3.12.74-60.64.88.1 kernel-xen-devel-3.12.74-60.64.88.1 kgraft-patch-3_12_74-60_64_88-default-1-2.3.1 kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.88.1 kernel-default-base-3.12.74-60.64.88.1 kernel-default-base-debuginfo-3.12.74-60.64.88.1 kernel-default-debuginfo-3.12.74-60.64.88.1 kernel-default-debugsource-3.12.74-60.64.88.1 kernel-default-devel-3.12.74-60.64.88.1 kernel-syms-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.88.1 kernel-xen-base-3.12.74-60.64.88.1 kernel-xen-base-debuginfo-3.12.74-60.64.88.1 kernel-xen-debuginfo-3.12.74-60.64.88.1 kernel-xen-debugsource-3.12.74-60.64.88.1 kernel-xen-devel-3.12.74-60.64.88.1 kgraft-patch-3_12_74-60_64_88-default-1-2.3.1 kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.88.1 kernel-macros-3.12.74-60.64.88.1 kernel-source-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.88.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.88.1 kernel-ec2-debuginfo-3.12.74-60.64.88.1 kernel-ec2-debugsource-3.12.74-60.64.88.1 kernel-ec2-devel-3.12.74-60.64.88.1 kernel-ec2-extra-3.12.74-60.64.88.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.88.1

References

#1076537 #1082299 #1083125 #1083242 #1083275

#1084536 #1085279 #1085331 #1086162 #1086194

#1087088 #1087260 #1088147 #1088260 #1088261

#1089608 #1089752 #1090643

Cross- CVE-2017-0861 CVE-2017-11089 CVE-2017-13220

CVE-2017-18203 CVE-2018-10087 CVE-2018-10124

CVE-2018-1087 CVE-2018-7757 CVE-2018-8781

CVE-2018-8822 CVE-2018-8897

Affected Products:

SUSE OpenStack Cloud 6

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Module for Public Cloud 12

https://www.suse.com/security/cve/CVE-2017-0861.html

https://www.suse.com/security/cve/CVE-2017-11089.html

https://www.suse.com/security/cve/CVE-2017-13220.html

https://www.suse.com/security/cve/CVE-2017-18203.html

https://www.suse.com/security/cve/CVE-2018-10087.html

https://www.suse.com/security/cve/CVE-2018-10124.html

https://www.suse.com/security/cve/CVE-2018-1087.html

https://www.suse.com/security/cve/CVE-2018-7757.html

https://www.suse.com/security/cve/CVE-2018-8781.html

https://www.suse.com/security/cve/CVE-2018-8822.html

https://www.suse.com/security/cve/CVE-2018-8897.html

https://bugzilla.suse.com/1076537

https://bugzilla.suse.com/1082299

https://bugzilla.suse.com/1083125

https://bugzilla.suse.com/1083242

https://bugzilla.suse.com/1083275

https://bugzilla.suse.com/1084536

https://bugzilla.suse.com/1085279

https://bugzilla.suse.com/1085331

https://bugzilla.suse.com/1086162

https://bugzilla.suse.com/1086194

https://bugzilla.suse.com/1087088

https://bugzilla.suse.com/1087260

https://bugzilla.suse.com/1088147

https://bugzilla.suse.com/1088260

https://bugzilla.suse.com/1088261

https://bugzilla.suse.com/1089608

https://bugzilla.suse.com/1089752

https://bugzilla.suse.com/1090643

--

Severity
Announcement ID: SUSE-SU-2018:1220-1
Rating: important

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved