SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:1821-1
Rating: important
References: #1046610 #1052351 #1068054 #1079152 #1080837
#1083347 #1087086 #1087088 #1088997 #1088998
#1088999 #1089000 #1089001 #1089002 #1089003
#1089004 #1089005 #1089006 #1089007 #1089008
#1089010 #1089011 #1089012 #1089013 #1089016
#1089192 #1089199 #1089200 #1089201 #1089202
#1089203 #1089204 #1089205 #1089206 #1089207
#1089208 #1089209 #1089210 #1089211 #1089212
#1089213 #1089214 #1089215 #1089216 #1089217
#1089218 #1089219 #1089220 #1089221 #1089222
#1089223 #1089224 #1089225 #1089226 #1089227
#1089228 #1089229 #1089230 #1089231 #1089232
#1089233 #1089234 #1089235 #1089236 #1089237
#1089238 #1089239 #1089240 #1089241 #1093194
#1093195 #1093196 #1093197 #1093198 #1094244
#1094421 #1094422 #1094423 #1094424 #1094425
#1094436 #1094437 #1095241 #1096140 #1096242
#1096281 #1096746 #1097443 #1097445 #1097948
#973378 #989401
Cross-References: CVE-2018-3665
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves one vulnerability and has 91 fixes is
now available.
Description:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.
This new feature was added:
- Btrfs: Remove empty block groups in the background
The following security bugs were fixed:
- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and
AVX registers) between processes. These registers might contain
encryption keys when doing SSE accelerated AES enc/decryption
(bsc#1087086)
The following non-security bugs were fixed:
- ALSA: timer: Fix pause event notification (bsc#973378).
- Btrfs: Avoid trucating page or punching hole in a already existed hole
(bsc#1088998).
- Btrfs: Avoid truncate tailing page if fallocate range does not exceed
inode size (bsc#1094424).
- Btrfs: Fix lost-data-profile caused by auto removing bg.
- Btrfs: Fix misuse of chunk mutex
- Btrfs: Fix out-of-space bug (bsc#1089231).
- Btrfs: Set relative data on clear btrfs_block_group_cache->pinned.
- Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239).
- Btrfs: add alloc_fs_devices and switch to it (bsc#1089205).
- Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204).
- Btrfs: add missing discards when unpinning extents with -o discard.
- Btrfs: add missing inode update when punching hole (bsc#1089006).
- Btrfs: add support for asserts (bsc#1089207).
- Btrfs: avoid syncing log in the fast fsync path when not necessary
(bsc#1089010).
- Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector
boundaries.
- Btrfs: check pending chunks when shrinking fs to avoid corruption
(bsc#1089235).
- Btrfs: cleanup backref search commit root flag stuff (bsc#1089200).
- Btrfs: delete chunk allocation attemp when setting block group ro.
- Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210).
- Btrfs: do not mix the ordered extents of all files together during
logging the inodes (bsc#1089214).
- Btrfs: do not remove extents and xattrs when logging new names
(bsc#1089005).
- Btrfs: eliminate races in worker stopping code (bsc#1089211).
- Btrfs: ensure deletion from pinned_chunks list is protected.
- Btrfs: explictly delete unused block groups in close_ctree and
ro-remount.
- Btrfs: fix -ENOSPC on block group removal.
- Btrfs: fix -ENOSPC when finishing block group creation.
- Btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group.
- Btrfs: fix NULL pointer crash when running balance and scrub
concurrently (bsc#1089220).
- Btrfs: fix chunk allocation regression leading to transaction abort
(bsc#1089236).
- Btrfs: fix crash caused by block group removal.
- Btrfs: fix data loss in the fast fsync path (bsc#1089007).
- Btrfs: fix deadlock caused by fsync when logging directory entries
(bsc#1093194).
- Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001).
- Btrfs: fix directory recovery from fsync log (bsc#1088999).
- Btrfs: fix empty symlink after creating symlink and fsync parent dir
(bsc#1093195).
- Btrfs: fix file loss on log replay after renaming a file and fsync
(bsc#1093196).
- Btrfs: fix file/data loss caused by fsync after rename and new inode
(bsc#1089241).
- Btrfs: fix find_free_dev_extent() malfunction in case device tree has
hole (bsc#1089232).
- Btrfs: fix fitrim discarding device area reserved for boot loader's use.
- Btrfs: fix freeing used extent after removing empty block group.
- Btrfs: fix freeing used extents after removing empty block group.
- Btrfs: fix fs mapping extent map leak (bsc#1089229).
- Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221).
- Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004).
- Btrfs: fix fsync data loss after append write (bsc#1089238).
- Btrfs: fix fsync log replay for inodes with a mix of regular refs and
extrefs (bsc#1089003).
- Btrfs: fix fsync race leading to invalid data after log replay
(bsc#1089000).
- Btrfs: fix fsync when extend references are added to an inode
(bsc#1089002).
- Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423).
- Btrfs: fix invalid extent maps due to hole punching (bsc#1094425).
- Btrfs: fix kernel oops while reading compressed data (bsc#1089192).
- Btrfs: fix log replay failure after linking special file and fsync
(bsc#1089016).
- Btrfs: fix memory leak after block remove + trimming.
- Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197).
- Btrfs: fix race between balance and unused block group deletion
(bsc#1089237).
- Btrfs: fix race between fs trimming and block group remove/allocation.
- Btrfs: fix race between scrub and block group deletion.
- Btrfs: fix race between transaction commit and empty block group removal.
- Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206).
- Btrfs: fix racy system chunk allocation when setting block group ro
(bsc#1089233).
- Btrfs: fix regression in raid level conversion (bsc#1089234).
- Btrfs: fix skipped error handle when log sync failed (bsc#1089217).
- Btrfs: fix stale dir entries after removing a link and fsync
(bsc#1089011).
- Btrfs: fix the number of transaction units needed to remove a block
group.
- Btrfs: fix the skipped transaction commit during the file sync
(bsc#1089216).
- Btrfs: fix unprotected alloc list insertion during the finishing
procedure of replace (bsc#1089215).
- Btrfs: fix unprotected assignment of the target device (bsc#1089222).
- Btrfs: fix unprotected deletion from pending_chunks list.
- Btrfs: fix unprotected device list access when getting the fs
information (bsc#1089228).
- Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227).
- Btrfs: fix unprotected device->bytes_used update (bsc#1089225).
- Btrfs: fix unreplayable log after snapshot delete + parent dir fsync
(bsc#1089240).
- Btrfs: fix up read_tree_block to return proper error (bsc#1080837).
- Btrfs: fix wrong device bytes_used in the super block (bsc#1089224).
- Btrfs: fix wrong disk size when writing super blocks (bsc#1089223).
- Btrfs: fix xattr loss after power failure (bsc#1094436).
- Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013).
- Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437).
- Btrfs: iterate over unused chunk space in FITRIM.
- Btrfs: make btrfs_issue_discard return bytes discarded.
- Btrfs: make btrfs_search_forward return with nodes unlocked
(bsc#1094422).
- Btrfs: make sure to copy everything if we rename (bsc#1088997).
- Btrfs: make the chunk allocator completely tree lockless (bsc#1089202).
- Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of
btrfs_truncate (bsc#1089201).
- Btrfs: nuke write_super from comments (bsc#1089199).
- Btrfs: only drop modified extents if we logged the whole inode
(bsc#1089213).
- Btrfs: only update disk_i_size as we remove extents (bsc#1089209).
- Btrfs: qgroup: return EINVAL if level of parent is not higher than
child's (bsc#1089012).
- Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008).
- Btrfs: remove empty block groups automatically.
- Btrfs: remove non-sense btrfs_error_discard_extent() function
(bsc#1089230).
- Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837).
- Btrfs: remove transaction from send (bsc#1089218).
- Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock.
- Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421).
- Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212).
- Btrfs: set inode's logged_trans/last_log_commit after ranged fsync
(bsc#1093198).
- Btrfs: skip superblocks during discard.
- Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208).
- Btrfs: update free_chunk_space during allocting a new chunk
(bsc#1089226).
- Btrfs: use global reserve when deleting unused block group after ENOSPC.
- Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837).
- Btrfs: wait ordered range before doing direct io (bsc#1089203).
- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure
(bsc#1096242, bsc#1096281).
- Xen counterparts of eager FPU implementation.
- balloon: do not BUG() when balloon is empty (bsc#1083347).
- fs: btrfs: volumes.c: Fix for possible null pointer dereference
(bsc#1089219).
- kernel: Fix memory leak on EP11 target list processing (bnc#1096746).
- kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244).
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
(bsc#1079152, VM Functionality).
- module: Fix locking in symbol_put_addr() (bsc#1097445).
- netfront: make req_prod check properly deal with index wraps
(bsc#1046610).
- powerpc/64s: Fix compiler store ordering to SLB shadow area
(bsc#1094244).
- powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
(bsc#1094244).
- powerpc/pseries: Define MCE error event section (bsc#1094244).
- powerpc/pseries: Display machine check error details (bsc#1094244).
- powerpc/pseries: Dump and flush SLB contents on SLB MCE errors (bsc#1094244).
- powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244).
- qla2xxx: Mask off Scope bits in retry delay (bsc#1068054).
- s390/cpum_sf: ensure sample frequency of perf event attributes is
non-zero (bnc#1096746).
- s390/dasd: fix failing path verification (bnc#1096746).
- trace: module: Maintain a valid user count (bsc#1097443).
- x86/boot: Fix early command-line parsing when partial word matches
(bsc#1096140).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being
disabled (bsc#1096140).
- x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351).
- xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
- xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401).
- xfs: only update the last_sync_lsn when a transaction completes
(bsc#989401).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-kernel-source-13680=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-kernel-source-13680=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-source-13680=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-source-13680=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
kernel-docs-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-3.0.101-108.57.1
kernel-default-base-3.0.101-108.57.1
kernel-default-devel-3.0.101-108.57.1
kernel-source-3.0.101-108.57.1
kernel-syms-3.0.101-108.57.1
kernel-trace-3.0.101-108.57.1
kernel-trace-base-3.0.101-108.57.1
kernel-trace-devel-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
kernel-ec2-3.0.101-108.57.1
kernel-ec2-base-3.0.101-108.57.1
kernel-ec2-devel-3.0.101-108.57.1
kernel-xen-3.0.101-108.57.1
kernel-xen-base-3.0.101-108.57.1
kernel-xen-devel-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (s390x):
kernel-default-man-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64):
kernel-bigmem-3.0.101-108.57.1
kernel-bigmem-base-3.0.101-108.57.1
kernel-bigmem-devel-3.0.101-108.57.1
kernel-ppc64-3.0.101-108.57.1
kernel-ppc64-base-3.0.101-108.57.1
kernel-ppc64-devel-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
kernel-pae-3.0.101-108.57.1
kernel-pae-base-3.0.101-108.57.1
kernel-pae-devel-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-trace-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-debuginfo-3.0.101-108.57.1
kernel-default-debugsource-3.0.101-108.57.1
kernel-trace-debuginfo-3.0.101-108.57.1
kernel-trace-debugsource-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
kernel-default-devel-debuginfo-3.0.101-108.57.1
kernel-trace-devel-debuginfo-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-108.57.1
kernel-ec2-debugsource-3.0.101-108.57.1
kernel-xen-debuginfo-3.0.101-108.57.1
kernel-xen-debugsource-3.0.101-108.57.1
kernel-xen-devel-debuginfo-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
kernel-bigmem-debuginfo-3.0.101-108.57.1
kernel-bigmem-debugsource-3.0.101-108.57.1
kernel-ppc64-debuginfo-3.0.101-108.57.1
kernel-ppc64-debugsource-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
kernel-pae-debuginfo-3.0.101-108.57.1
kernel-pae-debugsource-3.0.101-108.57.1
kernel-pae-devel-debuginfo-3.0.101-108.57.1
References:
https://www.suse.com/security/cve/CVE-2018-3665.html
https://bugzilla.suse.com/1046610
https://bugzilla.suse.com/1052351
https://bugzilla.suse.com/1068054
https://bugzilla.suse.com/1079152
https://bugzilla.suse.com/1080837
https://bugzilla.suse.com/1083347
https://bugzilla.suse.com/1087086
https://bugzilla.suse.com/1087088
https://bugzilla.suse.com/1088997
https://bugzilla.suse.com/1088998
https://bugzilla.suse.com/1088999
https://bugzilla.suse.com/1089000
https://bugzilla.suse.com/1089001
https://bugzilla.suse.com/1089002
https://bugzilla.suse.com/1089003
https://bugzilla.suse.com/1089004
https://bugzilla.suse.com/1089005
https://bugzilla.suse.com/1089006
https://bugzilla.suse.com/1089007
https://bugzilla.suse.com/1089008
https://bugzilla.suse.com/1089010
https://bugzilla.suse.com/1089011
https://bugzilla.suse.com/1089012
https://bugzilla.suse.com/1089013
https://bugzilla.suse.com/1089016
https://bugzilla.suse.com/1089192
https://bugzilla.suse.com/1089199
https://bugzilla.suse.com/1089200
https://bugzilla.suse.com/1089201
https://bugzilla.suse.com/1089202
https://bugzilla.suse.com/1089203
https://bugzilla.suse.com/1089204
https://bugzilla.suse.com/1089205
https://bugzilla.suse.com/1089206
https://bugzilla.suse.com/1089207
https://bugzilla.suse.com/1089208
https://bugzilla.suse.com/1089209
https://bugzilla.suse.com/1089210
https://bugzilla.suse.com/1089211
https://bugzilla.suse.com/1089212
https://bugzilla.suse.com/1089213
https://bugzilla.suse.com/1089214
https://bugzilla.suse.com/1089215
https://bugzilla.suse.com/1089216
https://bugzilla.suse.com/1089217
https://bugzilla.suse.com/1089218
https://bugzilla.suse.com/1089219
https://bugzilla.suse.com/1089220
https://bugzilla.suse.com/1089221
https://bugzilla.suse.com/1089222
https://bugzilla.suse.com/1089223
https://bugzilla.suse.com/1089224
https://bugzilla.suse.com/1089225
https://bugzilla.suse.com/1089226
https://bugzilla.suse.com/1089227
https://bugzilla.suse.com/1089228
https://bugzilla.suse.com/1089229
https://bugzilla.suse.com/1089230
https://bugzilla.suse.com/1089231
https://bugzilla.suse.com/1089232
https://bugzilla.suse.com/1089233
https://bugzilla.suse.com/1089234
https://bugzilla.suse.com/1089235
https://bugzilla.suse.com/1089236
https://bugzilla.suse.com/1089237
https://bugzilla.suse.com/1089238
https://bugzilla.suse.com/1089239
https://bugzilla.suse.com/1089240
https://bugzilla.suse.com/1089241
https://bugzilla.suse.com/1093194
https://bugzilla.suse.com/1093195
https://bugzilla.suse.com/1093196
https://bugzilla.suse.com/1093197
https://bugzilla.suse.com/1093198
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1094421
https://bugzilla.suse.com/1094422
https://bugzilla.suse.com/1094423
https://bugzilla.suse.com/1094424
https://bugzilla.suse.com/1094425
https://bugzilla.suse.com/1094436
https://bugzilla.suse.com/1094437
https://bugzilla.suse.com/1095241
https://bugzilla.suse.com/1096140
https://bugzilla.suse.com/1096242
https://bugzilla.suse.com/1096281
https://bugzilla.suse.com/1096746
https://bugzilla.suse.com/1097443
https://bugzilla.suse.com/1097445
https://bugzilla.suse.com/1097948
https://bugzilla.suse.com/973378
https://bugzilla.suse.com/989401
SUSE: 2018:1821-1 important: the Linux Kernel
June 27, 2018
An update that solves one vulnerability and has 91 fixes is now available
Summary
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added: - Btrfs: Remove empty block groups in the background The following security bugs were fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Btrfs: Avoid trucating page or punching hole in a already existed hole (bsc#1088998). - Btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1094424). - Btrfs: Fix lost-data-profile caused by auto removing bg. - Btrfs: Fix misuse of chunk mutex - Btrfs: Fix out-of-space bug (bsc#1089231). - Btrfs: Set relative data on clear btrfs_block_group_cache->pinned. - Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239). - Btrfs: add alloc_fs_devices and switch to it (bsc#1089205). - Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204). - Btrfs: add missing discards when unpinning extents with -o discard. - Btrfs: add missing inode update when punching hole (bsc#1089006). - Btrfs: add support for asserts (bsc#1089207). - Btrfs: avoid syncing log in the fast fsync path when not necessary (bsc#1089010). - Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries. - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#1089235). - Btrfs: cleanup backref search commit root flag stuff (bsc#1089200). - Btrfs: delete chunk allocation attemp when setting block group ro. - Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210). - Btrfs: do not mix the ordered extents of all files together during logging the inodes (bsc#1089214). - Btrfs: do not remove extents and xattrs when logging new names (bsc#1089005). - Btrfs: eliminate races in worker stopping code (bsc#1089211). - Btrfs: ensure deletion from pinned_chunks list is protected. - Btrfs: explictly delete unused block groups in close_ctree and ro-remount. - Btrfs: fix -ENOSPC on block group removal. - Btrfs: fix -ENOSPC when finishing block group creation. - Btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group. - Btrfs: fix NULL pointer crash when running balance and scrub concurrently (bsc#1089220). - Btrfs: fix chunk allocation regression leading to transaction abort (bsc#1089236). - Btrfs: fix crash caused by block group removal. - Btrfs: fix data loss in the fast fsync path (bsc#1089007). - Btrfs: fix deadlock caused by fsync when logging directory entries (bsc#1093194). - Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001). - Btrfs: fix directory recovery from fsync log (bsc#1088999). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#1093195). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#1093196). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#1089241). - Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bsc#1089232). - Btrfs: fix fitrim discarding device area reserved for boot loader's use. - Btrfs: fix freeing used extent after removing empty block group. - Btrfs: fix freeing used extents after removing empty block group. - Btrfs: fix fs mapping extent map leak (bsc#1089229). - Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221). - Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004). - Btrfs: fix fsync data loss after append write (bsc#1089238). - Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bsc#1089003). - Btrfs: fix fsync race leading to invalid data after log replay (bsc#1089000). - Btrfs: fix fsync when extend references are added to an inode (bsc#1089002). - Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423). - Btrfs: fix invalid extent maps due to hole punching (bsc#1094425). - Btrfs: fix kernel oops while reading compressed data (bsc#1089192). - Btrfs: fix log replay failure after linking special file and fsync (bsc#1089016). - Btrfs: fix memory leak after block remove + trimming. - Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197). - Btrfs: fix race between balance and unused block group deletion (bsc#1089237). - Btrfs: fix race between fs trimming and block group remove/allocation. - Btrfs: fix race between scrub and block group deletion. - Btrfs: fix race between transaction commit and empty block group removal. - Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206). - Btrfs: fix racy system chunk allocation when setting block group ro (bsc#1089233). - Btrfs: fix regression in raid level conversion (bsc#1089234). - Btrfs: fix skipped error handle when log sync failed (bsc#1089217). - Btrfs: fix stale dir entries after removing a link and fsync (bsc#1089011). - Btrfs: fix the number of transaction units needed to remove a block group. - Btrfs: fix the skipped transaction commit during the file sync (bsc#1089216). - Btrfs: fix unprotected alloc list insertion during the finishing procedure of replace (bsc#1089215). - Btrfs: fix unprotected assignment of the target device (bsc#1089222). - Btrfs: fix unprotected deletion from pending_chunks list. - Btrfs: fix unprotected device list access when getting the fs information (bsc#1089228). - Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227). - Btrfs: fix unprotected device->bytes_used update (bsc#1089225). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#1089240). - Btrfs: fix up read_tree_block to return proper error (bsc#1080837). - Btrfs: fix wrong device bytes_used in the super block (bsc#1089224). - Btrfs: fix wrong disk size when writing super blocks (bsc#1089223). - Btrfs: fix xattr loss after power failure (bsc#1094436). - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013). - Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437). - Btrfs: iterate over unused chunk space in FITRIM. - Btrfs: make btrfs_issue_discard return bytes discarded. - Btrfs: make btrfs_search_forward return with nodes unlocked (bsc#1094422). - Btrfs: make sure to copy everything if we rename (bsc#1088997). - Btrfs: make the chunk allocator completely tree lockless (bsc#1089202). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate (bsc#1089201). - Btrfs: nuke write_super from comments (bsc#1089199). - Btrfs: only drop modified extents if we logged the whole inode (bsc#1089213). - Btrfs: only update disk_i_size as we remove extents (bsc#1089209). - Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#1089012). - Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008). - Btrfs: remove empty block groups automatically. - Btrfs: remove non-sense btrfs_error_discard_extent() function (bsc#1089230). - Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837). - Btrfs: remove transaction from send (bsc#1089218). - Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock. - Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421). - Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212). - Btrfs: set inode's logged_trans/last_log_commit after ranged fsync (bsc#1093198). - Btrfs: skip superblocks during discard. - Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208). - Btrfs: update free_chunk_space during allocting a new chunk (bsc#1089226). - Btrfs: use global reserve when deleting unused block group after ENOSPC. - Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837). - Btrfs: wait ordered range before doing direct io (bsc#1089203). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Xen counterparts of eager FPU implementation. - balloon: do not BUG() when balloon is empty (bsc#1083347). - fs: btrfs: volumes.c: Fix for possible null pointer dereference (bsc#1089219). - kernel: Fix memory leak on EP11 target list processing (bnc#1096746). - kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - module: Fix locking in symbol_put_addr() (bsc#1097445). - netfront: make req_prod check properly deal with index wraps (bsc#1046610). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump and flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096746). - s390/dasd: fix failing path verification (bnc#1096746). - trace: module: Maintain a valid user count (bsc#1097443). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: only update the last_sync_lsn when a transaction completes (bsc#989401). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-13680=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-13680=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-13680=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-13680=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.57.1 kernel-default-base-3.0.101-108.57.1 kernel-default-devel-3.0.101-108.57.1 kernel-source-3.0.101-108.57.1 kernel-syms-3.0.101-108.57.1 kernel-trace-3.0.101-108.57.1 kernel-trace-base-3.0.101-108.57.1 kernel-trace-devel-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.57.1 kernel-ec2-base-3.0.101-108.57.1 kernel-ec2-devel-3.0.101-108.57.1 kernel-xen-3.0.101-108.57.1 kernel-xen-base-3.0.101-108.57.1 kernel-xen-devel-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.57.1 kernel-bigmem-base-3.0.101-108.57.1 kernel-bigmem-devel-3.0.101-108.57.1 kernel-ppc64-3.0.101-108.57.1 kernel-ppc64-base-3.0.101-108.57.1 kernel-ppc64-devel-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.57.1 kernel-pae-base-3.0.101-108.57.1 kernel-pae-devel-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.57.1 kernel-default-debugsource-3.0.101-108.57.1 kernel-trace-debuginfo-3.0.101-108.57.1 kernel-trace-debugsource-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.57.1 kernel-trace-devel-debuginfo-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.57.1 kernel-ec2-debugsource-3.0.101-108.57.1 kernel-xen-debuginfo-3.0.101-108.57.1 kernel-xen-debugsource-3.0.101-108.57.1 kernel-xen-devel-debuginfo-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.57.1 kernel-bigmem-debugsource-3.0.101-108.57.1 kernel-ppc64-debuginfo-3.0.101-108.57.1 kernel-ppc64-debugsource-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.57.1 kernel-pae-debugsource-3.0.101-108.57.1 kernel-pae-devel-debuginfo-3.0.101-108.57.1
References
#1046610 #1052351 #1068054 #1079152 #1080837
#1083347 #1087086 #1087088 #1088997 #1088998
#1088999 #1089000 #1089001 #1089002 #1089003
#1089004 #1089005 #1089006 #1089007 #1089008
#1089010 #1089011 #1089012 #1089013 #1089016
#1089192 #1089199 #1089200 #1089201 #1089202
#1089203 #1089204 #1089205 #1089206 #1089207
#1089208 #1089209 #1089210 #1089211 #1089212
#1089213 #1089214 #1089215 #1089216 #1089217
#1089218 #1089219 #1089220 #1089221 #1089222
#1089223 #1089224 #1089225 #1089226 #1089227
#1089228 #1089229 #1089230 #1089231 #1089232
#1089233 #1089234 #1089235 #1089236 #1089237
#1089238 #1089239 #1089240 #1089241 #1093194
#1093195 #1093196 #1093197 #1093198 #1094244
#1094421 #1094422 #1094423 #1094424 #1094425
#1094436 #1094437 #1095241 #1096140 #1096242
#1096281 #1096746 #1097443 #1097445 #1097948
#973378 #989401
Cross- CVE-2018-3665
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2018-3665.html
https://bugzilla.suse.com/1046610
https://bugzilla.suse.com/1052351
https://bugzilla.suse.com/1068054
https://bugzilla.suse.com/1079152
https://bugzilla.suse.com/1080837
https://bugzilla.suse.com/1083347
https://bugzilla.suse.com/1087086
https://bugzilla.suse.com/1087088
https://bugzilla.suse.com/1088997
https://bugzilla.suse.com/1088998
https://bugzilla.suse.com/1088999
https://bugzilla.suse.com/1089000
https://bugzilla.suse.com/1089001
https://bugzilla.suse.com/1089002
https://bugzilla.suse.com/1089003
https://bugzilla.suse.com/1089004
https://bugzilla.suse.com/1089005
https://bugzilla.suse.com/1089006
https://bugzilla.suse.com/1089007
https://bugzilla.suse.com/1089008
https://bugzilla.suse.com/1089010
https://bugzilla.suse.com/1089011
https://bugzilla.suse.com/1089012
https://bugzilla.suse.com/1089013
https://bugzilla.suse.com/1089016
https://bugzilla.suse.com/1089192
https://bugzilla.suse.com/1089199
https://bugzilla.suse.com/1089200
https://bugzilla.suse.com/1089201
https://bugzilla.suse.com/1089202
https://bugzilla.suse.com/1089203
https://bugzilla.suse.com/1089204
https://bugzilla.suse.com/1089205
https://bugzilla.suse.com/1089206
https://bugzilla.suse.com/1089207
https://bugzilla.suse.com/1089208
https://bugzilla.suse.com/1089209
https://bugzilla.suse.com/1089210
https://bugzilla.suse.com/1089211
https://bugzilla.suse.com/1089212
https://bugzilla.suse.com/1089213
https://bugzilla.suse.com/1089214
https://bugzilla.suse.com/1089215
https://bugzilla.suse.com/1089216
https://bugzilla.suse.com/1089217
https://bugzilla.suse.com/1089218
https://bugzilla.suse.com/1089219
https://bugzilla.suse.com/1089220
https://bugzilla.suse.com/1089221
https://bugzilla.suse.com/1089222
https://bugzilla.suse.com/1089223
https://bugzilla.suse.com/1089224
https://bugzilla.suse.com/1089225
https://bugzilla.suse.com/1089226
https://bugzilla.suse.com/1089227
https://bugzilla.suse.com/1089228
https://bugzilla.suse.com/1089229
https://bugzilla.suse.com/1089230
https://bugzilla.suse.com/1089231
https://bugzilla.suse.com/1089232
https://bugzilla.suse.com/1089233
https://bugzilla.suse.com/1089234
https://bugzilla.suse.com/1089235
https://bugzilla.suse.com/1089236
https://bugzilla.suse.com/1089237
https://bugzilla.suse.com/1089238
https://bugzilla.suse.com/1089239
https://bugzilla.suse.com/1089240
https://bugzilla.suse.com/1089241
https://bugzilla.suse.com/1093194
https://bugzilla.suse.com/1093195
https://bugzilla.suse.com/1093196
https://bugzilla.suse.com/1093197
https://bugzilla.suse.com/1093198
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1094421
https://bugzilla.suse.com/1094422
https://bugzilla.suse.com/1094423
https://bugzilla.suse.com/1094424
https://bugzilla.suse.com/1094425
https://bugzilla.suse.com/1094436
https://bugzilla.suse.com/1094437
https://bugzilla.suse.com/1095241
https://bugzilla.suse.com/1096140
https://bugzilla.suse.com/1096242
https://bugzilla.suse.com/1096281
https://bugzilla.suse.com/1096746
https://bugzilla.suse.com/1097443
https://bugzilla.suse.com/1097445
https://bugzilla.suse.com/1097948
https://bugzilla.suse.com/973378
https://bugzilla.suse.com/989401
Severity
Announcement ID: SUSE-SU-2018:1821-1
Rating: important
News
HOWTOs
About Us
Powered By
