SUSE Security Update: Security update for kernel modules packages
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1784-1
Rating:             moderate
References:         #1068032 #926856 
Cross-References:   CVE-2017-5715
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Real Time Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:



   The following kernel modules were rebuild with "retpoline" enablement to
   allow full mitigation of the Spectre Variant 2 (CVE-2017-5715, bsc#1068032)

   OFED was adjusted to add an entry to control the loading/unloading of
   cxgb4 to /etc/sysconf/infiniband (bsc#926856).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-kmps-20180611-13671=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kmps-20180611-13671=1

   - SUSE Linux Enterprise Real Time Extension 11-SP4:

      zypper in -t patch slertesp4-kmps-20180611-13671=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kmps-20180611-13671=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 x86_64):

      ofed-devel-1.5.4.1-22.3.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      iscsitarget-1.4.20-0.43.2.1
      iscsitarget-kmp-default-1.4.20_3.0.101_108.52-0.43.2.1
      iscsitarget-kmp-trace-1.4.20_3.0.101_108.52-0.43.2.1
      ofed-1.5.4.1-22.3.1
      ofed-doc-1.5.4.1-22.3.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64):

      ofed-kmp-default-1.5.4.1_3.0.101_108.52-22.3.1
      ofed-kmp-trace-1.5.4.1_3.0.101_108.52-22.3.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      iscsitarget-kmp-xen-1.4.20_3.0.101_108.52-0.43.2.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      iscsitarget-kmp-bigmem-1.4.20_3.0.101_108.52-0.43.2.1
      iscsitarget-kmp-ppc64-1.4.20_3.0.101_108.52-0.43.2.1
      ofed-kmp-bigmem-1.5.4.1_3.0.101_108.52-22.3.1
      ofed-kmp-ppc64-1.5.4.1_3.0.101_108.52-22.3.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      iscsitarget-kmp-pae-1.4.20_3.0.101_108.52-0.43.2.1
      ofed-kmp-pae-1.5.4.1_3.0.101_108.52-22.3.1

   - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

      iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_69.24-0.43.2.1
      iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_69.24-0.43.2.1
      ofed-kmp-rt-1.5.4.1_3.0.101_rt130_69.24-22.3.1
      ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_69.24-22.3.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      iscsitarget-debuginfo-1.4.20-0.43.2.1
      iscsitarget-debugsource-1.4.20-0.43.2.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64):

      ofed-debuginfo-1.5.4.1-22.3.1
      ofed-debugsource-1.5.4.1-22.3.1


References:

   https://www.suse.com/security/cve/CVE-2017-5715.html
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/926856

SUSE: 2018:1784-1 moderate: kernel modules packages

June 22, 2018
An update that solves one vulnerability and has one errata is now available

Summary

The following kernel modules were rebuild with "retpoline" enablement to allow full mitigation of the Spectre Variant 2 (CVE-2017-5715, bsc#1068032) OFED was adjusted to add an entry to control the loading/unloading of cxgb4 to /etc/sysconf/infiniband (bsc#926856). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kmps-20180611-13671=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kmps-20180611-13671=1 - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kmps-20180611-13671=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kmps-20180611-13671=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 x86_64): ofed-devel-1.5.4.1-22.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): iscsitarget-1.4.20-0.43.2.1 iscsitarget-kmp-default-1.4.20_3.0.101_108.52-0.43.2.1 iscsitarget-kmp-trace-1.4.20_3.0.101_108.52-0.43.2.1 ofed-1.5.4.1-22.3.1 ofed-doc-1.5.4.1-22.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): ofed-kmp-default-1.5.4.1_3.0.101_108.52-22.3.1 ofed-kmp-trace-1.5.4.1_3.0.101_108.52-22.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): iscsitarget-kmp-xen-1.4.20_3.0.101_108.52-0.43.2.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): iscsitarget-kmp-bigmem-1.4.20_3.0.101_108.52-0.43.2.1 iscsitarget-kmp-ppc64-1.4.20_3.0.101_108.52-0.43.2.1 ofed-kmp-bigmem-1.5.4.1_3.0.101_108.52-22.3.1 ofed-kmp-ppc64-1.5.4.1_3.0.101_108.52-22.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586): iscsitarget-kmp-pae-1.4.20_3.0.101_108.52-0.43.2.1 ofed-kmp-pae-1.5.4.1_3.0.101_108.52-22.3.1 - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_69.24-0.43.2.1 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_69.24-0.43.2.1 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_69.24-22.3.1 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_69.24-22.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): iscsitarget-debuginfo-1.4.20-0.43.2.1 iscsitarget-debugsource-1.4.20-0.43.2.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64): ofed-debuginfo-1.5.4.1-22.3.1 ofed-debugsource-1.5.4.1-22.3.1

References

#1068032 #926856

Cross- CVE-2017-5715

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Real Time Extension 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2017-5715.html

https://bugzilla.suse.com/1068032

https://bugzilla.suse.com/926856

Severity
Announcement ID: SUSE-SU-2018:1784-1
Rating: moderate

Related News