SUSE: 2019:0470-1 important: the Linux Kernel

    Date22 Feb 2019
    CategorySuSE
    595
    Posted ByLinuxSecurity Advisories
    An update that solves three vulnerabilities and has 24 fixes is now available.
       SUSE Security Update: Security update for the Linux Kernel
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:0470-1
    Rating:             important
    References:         #1012382 #1023175 #1087036 #1094823 #1102875 
                        #1102877 #1102879 #1102882 #1102896 #1106105 
                        #1106929 #1107866 #1109695 #1114893 #1116653 
                        #1119680 #1120722 #1120758 #1120902 #1121726 
                        #1122650 #1122651 #1122779 #1122885 #1123321 
                        #1123323 #1123357 
    Cross-References:   CVE-2017-18249 CVE-2019-3459 CVE-2019-3460
                       
    Affected Products:
                        SUSE Linux Enterprise Real Time Extension 12-SP3
    ______________________________________________________________________________
    
       An update that solves three vulnerabilities and has 24
       fixes is now available.
    
    Description:
    
       The SUSE Linux Enterprise 12 realtime kernel was updated to receive
       various security and bugfixes.
    
       The following security bugs were fixed:
    
       - CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid
         function fs/f2fs/node.c, which previously allowed local users to cause a
         denial of service (bnc#1087036).
       - CVE-2019-3459: Fixed remote heap address information leak in use of
         l2cap_get_conf_opt (bnc#1120758).
       - CVE-2019-3460: Fixed remote data leak in multiple location in the
         function l2cap_parse_conf_rsp (bnc#1120758).
    
       The following non-security bugs were fixed:
    
       - Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).
       - Fix problem with sharetransport= and NFSv4 (bsc#1114893).
       - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit
         e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
       - Yama: Check for pid death before checking ancestry (bnc#1012382).
       - acpi / processor: Fix the return value of acpi_processor_ids_walk() (git
         fixes (acpi)).
       - acpi/nfit: Block function zero DSMs (bsc#1123321).
       - acpi/nfit: Fix command-supported detection (bsc#1123323).
       - acpi: power: Skip duplicate power resource references in _PRx
         (bnc#1012382).
       - alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).
       - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
         (bnc#1012382).
       - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).
       - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).
       - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).
       - ata: Fix racy link clearance (bsc#1107866).
       - block/loop: Use global lock for ioctl() operation (bnc#1012382).
       - block/swim3: Fix -EBUSY error when re-opening device after unmount
         (Git-fixes).
       - Btrfs: tree-check: reduce stack consumption in check_dir_item
         (bnc#1012382).
       - Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
       - Btrfs: tree-checker: Do not check max block group size as current max
         chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875
         bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).
       - Btrfs: tree-checker: Fix misleading group system information
         (bnc#1012382).
       - Btrfs: validate type when reading a chunk (bnc#1012382).
       - Btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
       - can: gw: ensure DLC boundaries after CAN frame modification
         (bnc#1012382).
       - cifs: Do not hide EINTR after sending network packets (bnc#1012382).
       - cifs: Fix potential OOB access of lock element array (bnc#1012382).
       - clk: imx6q: reset exclusive gates on init (bnc#1012382).
       - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).
       - crypto: authencesn - Avoid twice completion call in decrypt path
         (bnc#1012382).
       - crypto: cts - fix crash on short inputs (bnc#1012382).
       - crypto: user - support incremental algorithm dumps (bsc#1120902).
       - dm crypt: add cryptographic data integrity protection (authenticated
         encryption) (Git-fixes).
       - dm crypt: factor IV constructor out to separate function (Git-fixes).
       - dm crypt: fix crash by adding missing check for auth key size
         (git-fixes).
       - dm crypt: fix error return code in crypt_ctr() (git-fixes).
       - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).
       - dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes).
       - dm crypt: wipe kernel key copy after IV initialization (Git-fixes).
       - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).
       - dm snapshot: Fix excessive memory usage and workqueue stalls
         (bnc#1012382).
       - dm: do not allow readahead to limit IO size (git fixes (readahead)).
       - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).
       - edac: Raise the maximum number of memory controllers (bsc#1120722).
       - efi/libstub/arm64: Use hidden attribute for struct screen_info reference
         (bsc#1122650).
       - ext4: Fix crash during online resizing (bsc#1122779).
       - ext4: fix a potential fiemap/page fault deadlock w/ inline_data
         (bnc#1012382).
       - f2fs: Add sanity_check_inode() function (bnc#1012382).
       - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).
       - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).
       - f2fs: clean up argument of recover_data (bnc#1012382).
       - f2fs: clean up with is_valid_blkaddr() (bnc#1012382).
       - f2fs: detect wrong layout (bnc#1012382).
       - f2fs: enhance sanity_check_raw_super() to avoid potential overflow
         (bnc#1012382).
       - f2fs: factor out fsync inode entry operations (bnc#1012382).
       - f2fs: fix inode cache leak (bnc#1012382).
       - f2fs: fix invalid memory access (bnc#1012382).
       - f2fs: fix missing up_read (bnc#1012382).
       - f2fs: fix to avoid reading out encrypted data in page cache
         (bnc#1012382).
       - f2fs: fix to convert inline directory correctly (bnc#1012382).
       - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).
       - f2fs: fix to do sanity check with block address in main area
         (bnc#1012382).
       - f2fs: fix to do sanity check with block address in main area v2
         (bnc#1012382).
       - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).
       - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).
       - f2fs: fix to do sanity check with reserved blkaddr of inline inode
         (bnc#1012382).
       - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).
       - f2fs: fix to do sanity check with user_block_count (bnc#1012382).
       - f2fs: fix validation of the block count in sanity_check_raw_super
         (bnc#1012382).
       - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).
       - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).
       - f2fs: introduce and spread verify_blkaddr (bnc#1012382).
       - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).
       - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).
       - f2fs: not allow to write illegal blkaddr (bnc#1012382).
       - f2fs: put directory inodes before checkpoint in roll-forward recovery
         (bnc#1012382).
       - f2fs: remove an obsolete variable (bnc#1012382).
       - f2fs: return error during fill_super (bnc#1012382).
       - f2fs: sanity check on sit entry (bnc#1012382).
       - f2fs: use crc and cp version to determine roll-forward recovery
         (bnc#1012382).
       - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).
       - i2c: dev: prevent adapter retries and timeout being set as minus value
         (bnc#1012382).
       - ibmveth: Do not process frames after calling napi_reschedule
         (bcs#1123357).
       - ibmvnic: Add ethtool private flag for driver-defined queue limits
         (bsc#1121726).
       - ibmvnic: Increase maximum queue size limit (bsc#1121726).
       - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
       - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
       - iommu/amd: Fix IOMMU page flush when detach device from a domain
         (bsc#1106105).
       - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
       - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()
         (bsc#1106105).
       - ip: on queued skb use skb_header_pointer instead of pskb_may_pull
         (bnc#1012382).
       - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).
       - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped
         address (bnc#1012382).
       - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
         (bnc#1012382).
       - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).
       - jffs2: Fix use of uninitialized delayed_work, lockdep breakage
         (bnc#1012382).
       - kabi: reorder new slabinfo fields in struct kmem_cache_node
         (bnc#1116653).
       - kconfig: fix file name and line number of warn_ignored_character()
         (bnc#1012382).
       - kconfig: fix memory leak when EOF is encountered in quotation
         (bnc#1012382).
       - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
         (bnc#1012382).
       - loop: Fold __loop_release into loop_release (bnc#1012382).
       - loop: Get rid of loop_index_mutex (bnc#1012382).
       - lsm: Check for NULL cred-security on free (bnc#1012382).
       - md: batch flush requests (bsc#1119680).
       - media: em28xx: Fix misplaced reset of dev->v4l::field_count
         (bnc#1012382).
       - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
         (bnc#1012382).
       - media: vb2: be sure to unlock mutex on errors (bnc#1012382).
       - media: vb2: vb2_mmap: move lock up (bnc#1012382).
       - media: vivid: fix error handling of kthread_run (bnc#1012382).
       - media: vivid: set min width/height to a value > 0 (bnc#1012382).
       - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).
       - mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
         (bnc#1012382).
       - mips: fix n32 compat_ipc_parse_version (bnc#1012382).
       - mm, proc: be more verbose about unstable VMA flags in
         /proc/<pid>/smaps (bnc#1012382).
       - mm, slab: faster active and free stats (bsc#1116653, VM Performance).
       - mm, slab: maintain total slab count instead of active count
         (bsc#1116653, VM Performance).
       - mm/page-writeback.c: do not break integrity writeback on ->writepage()
         error (bnc#1012382).
       - mm/slab: improve performance of gathering slabinfo stats (bsc#1116653,
         VM Performance).
       - mm: only report isolation failures when offlining memory (generic
         hotplug debugability).
       - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).
       - net: bridge: fix a bug on using a neighbour cache entry without checking
         its state (bnc#1012382).
       - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).
       - net: speed up skb_rbtree_purge() (bnc#1012382).
       - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).
       - omap2fb: Fix stack memory disclosure (bsc#1106929)
       - packet: Do not leak dev refcounts on error exit (bnc#1012382).
       - pci: altera: Check link status before retrain link (bnc#1012382).
       - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).
       - pci: altera: Move retrain from fixup to altera_pcie_host_init()
         (bnc#1012382).
       - pci: altera: Poll for link training status after retraining the link
         (bnc#1012382).
       - pci: altera: Poll for link up status after retraining the link
         (bnc#1012382).
       - pci: altera: Reorder read/write functions (bnc#1012382).
       - pci: altera: Rework config accessors for use without a struct pci_bus
         (bnc#1012382).
       - perf intel-pt: Fix error with config term "pt=0" (bnc#1012382).
       - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).
       - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).
       - platform/x86: asus-wmi: Tell the EC the OS will handle the display off
         hotkey (bnc#1012382).
       - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).
       - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores
         (bsc#1109695).
       - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).
       - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
       - powerpc/smp: Add Power9 scheduler topology (bsc#1109695).
       - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
       - powerpc/smp: Rework CPU topology construction (bsc#1109695).
       - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).
       - powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
       - powerpc: Detect the presence of big-cores via "ibm, thread-groups"
         (bsc#1109695).
       - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores
         (bsc#1109695).
       - powerpc: make use of for_each_node_by_type() instead of open-coding it
         (bsc#1109695).
       - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).
       - pstore/ram: Do not treat empty buffers as valid (bnc#1012382).
       - r8169: Add support for new Realtek Ethernet (bnc#1012382).
       - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).
       - scsi: sd: Fix cache_type_store() (bnc#1012382).
       - scsi: target: use consistent left-aligned ASCII INQUIRY data
         (bnc#1012382).
       - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).
       - selinux: fix GPF on invalid policy (bnc#1012382).
       - slab: alien caches must not be initialized if the allocation of the
         alien cache failed (bnc#1012382).
       - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).
       - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).
       - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).
       - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).
       - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).
       - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).
       - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).
       - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).
       - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
         (bnc#1012382).
       - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).
       - usb: storage: add quirk for SMI SM3350 (bnc#1012382).
       - usb: storage: do not insert sane sense for SPC3+ when bad sense
         specified (bnc#1012382).
       - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes
         (writeback)).
       - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).
    
    
    Special Instructions and Notes:
    
       Please reboot the system after installing this update.
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Real Time Extension 12-SP3:
    
          zypper in -t patch SUSE-SLE-RT-12-SP3-2019-470=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch):
    
          kernel-devel-rt-4.4.172-3.35.1
          kernel-source-rt-4.4.172-3.35.1
    
       - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64):
    
          cluster-md-kmp-rt-4.4.172-3.35.1
          cluster-md-kmp-rt-debuginfo-4.4.172-3.35.1
          dlm-kmp-rt-4.4.172-3.35.1
          dlm-kmp-rt-debuginfo-4.4.172-3.35.1
          gfs2-kmp-rt-4.4.172-3.35.1
          gfs2-kmp-rt-debuginfo-4.4.172-3.35.1
          kernel-rt-4.4.172-3.35.1
          kernel-rt-base-4.4.172-3.35.1
          kernel-rt-base-debuginfo-4.4.172-3.35.1
          kernel-rt-debuginfo-4.4.172-3.35.1
          kernel-rt-debugsource-4.4.172-3.35.1
          kernel-rt-devel-4.4.172-3.35.1
          kernel-rt_debug-debuginfo-4.4.172-3.35.1
          kernel-rt_debug-debugsource-4.4.172-3.35.1
          kernel-rt_debug-devel-4.4.172-3.35.1
          kernel-rt_debug-devel-debuginfo-4.4.172-3.35.1
          kernel-syms-rt-4.4.172-3.35.1
          ocfs2-kmp-rt-4.4.172-3.35.1
          ocfs2-kmp-rt-debuginfo-4.4.172-3.35.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-18249.html
       https://www.suse.com/security/cve/CVE-2019-3459.html
       https://www.suse.com/security/cve/CVE-2019-3460.html
       https://bugzilla.suse.com/1012382
       https://bugzilla.suse.com/1023175
       https://bugzilla.suse.com/1087036
       https://bugzilla.suse.com/1094823
       https://bugzilla.suse.com/1102875
       https://bugzilla.suse.com/1102877
       https://bugzilla.suse.com/1102879
       https://bugzilla.suse.com/1102882
       https://bugzilla.suse.com/1102896
       https://bugzilla.suse.com/1106105
       https://bugzilla.suse.com/1106929
       https://bugzilla.suse.com/1107866
       https://bugzilla.suse.com/1109695
       https://bugzilla.suse.com/1114893
       https://bugzilla.suse.com/1116653
       https://bugzilla.suse.com/1119680
       https://bugzilla.suse.com/1120722
       https://bugzilla.suse.com/1120758
       https://bugzilla.suse.com/1120902
       https://bugzilla.suse.com/1121726
       https://bugzilla.suse.com/1122650
       https://bugzilla.suse.com/1122651
       https://bugzilla.suse.com/1122779
       https://bugzilla.suse.com/1122885
       https://bugzilla.suse.com/1123321
       https://bugzilla.suse.com/1123323
       https://bugzilla.suse.com/1123357
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.