SUSE: 2019:13979-1 important: the Linux Kernel

    Date15 Mar 2019
    Posted ByLinuxSecurity Advisories
    An update that solves 8 vulnerabilities and has 73 fixes is now available.
       SUSE Security Update: Security update for the Linux Kernel
    Announcement ID:    SUSE-SU-2019:13979-1
    Rating:             important
    References:         #1012382 #1031572 #1068032 #1086695 #1087081 
                        #1094244 #1098658 #1104098 #1104367 #1104684 
                        #1104818 #1105536 #1106105 #1106886 #1107371 
                        #1109330 #1109806 #1110006 #1112963 #1113667 
                        #1114440 #1114672 #1114920 #1115007 #1115038 
                        #1115827 #1115828 #1115829 #1115830 #1115831 
                        #1115832 #1115833 #1115834 #1115835 #1115836 
                        #1115837 #1115838 #1115839 #1115840 #1115841 
                        #1115842 #1115843 #1115844 #1116841 #1117796 
                        #1117802 #1117805 #1117806 #1117943 #1118152 
                        #1118319 #1118760 #1119255 #1119714 #1120056 
                        #1120077 #1120086 #1120093 #1120094 #1120105 
                        #1120107 #1120109 #1120217 #1120223 #1120226 
                        #1120336 #1120347 #1120743 #1120950 #1121872 
                        #1121997 #1122874 #1123505 #1123702 #1123706 
                        #1124010 #1124735 #1125931 #931850 #969471 
    Cross-References:   CVE-2016-10741 CVE-2017-18360 CVE-2018-19407
                        CVE-2018-19824 CVE-2018-19985 CVE-2018-20169
                        CVE-2018-9568 CVE-2019-7222
    Affected Products:
                        SUSE Linux Enterprise Software Development Kit 11-SP4
                        SUSE Linux Enterprise Server 11-SP4
                        SUSE Linux Enterprise Server 11-EXTRA
                        SUSE Linux Enterprise Real Time Extension 11-SP4
                        SUSE Linux Enterprise High Availability Extension 11-SP4
                        SUSE Linux Enterprise Debuginfo 11-SP4
       An update that solves 8 vulnerabilities and has 73 fixes is
       now available.
       The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
       security and bugfixes.
       The following security bugs were fixed:
       - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial
         of service (system crash) because there is a race condition between
         direct and memory-mapped I/O (associated with a hole) that is handled
         with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010).
       - CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c
         local users could cause a denial of service by division-by-zero in the
         serial device layer by trying to set very high baud rates (bnc#1123706).
       - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
         corruption due to type confusion. This could lead to local escalation of
         privilege with no additional execution privileges needed. User
         interaction is not needed for exploitation. (bnc#1118319).
       - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
         allowed local users to cause a denial of service (NULL pointer
         dereference and BUG) via crafted system calls that reach a situation
         where ioapic is uninitialized (bnc#1116841).
       - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
         driver by supplying a malicious USB Sound device (with zero interfaces)
         that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
       - CVE-2018-19985: The function hso_probe read if_num from the USB device
         (as an u8) and used it without a length check to index an array,
         resulting in an OOB memory read in hso_probe or hso_get_config_data that
         could be used by local attackers (bnc#1120743).
       - CVE-2018-20169: The USB subsystem mishandled size checks during the
         reading of an extra descriptor, related to __usb_get_extra_descriptor in
         drivers/usb/core/usb.c (bnc#1119714).
       - CVE-2019-7222: A information leak in exception handling in KVM could be
         used to expose host memory to guests. (bnc#1124735).
       The following non-security bugs were fixed:
       - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827).
       - arcmsr: upper 32 of dma address lost (bsc#1115828).
       - block/swim3: Fix -EBUSY error when re-opening device after unmount
       - block/swim: Fix array bounds check (Git-fix).
       - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency
         for bsc#1113667).
       - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).
       - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets
       - dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111).
       - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
       - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
       - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
       - ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
       - ext4: avoid buffer leak in ext4_orphan_add() after prior errors
       - ext4: avoid possible double brelse() in add_new_gdb() on error path
       - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
       - ext4: release before re-using in ext4_xattr_block_find()
       - fbdev: fbcon: Fix unregister crash when more than one framebuffer
       - fbdev: fbmem: behave better with small rotated displays and many CPUs
       - Fix kabi break cased by NFS: Cache state owners after files are closed
       - fork: record start_time late (bsc#1121872).
       - fscache: Fix dead object requeue (bsc#1107371).
       - fscache: Fix race in fscache_op_complete() due to split atomic_sub &
         read (git-fixes).
       - fs-cache: Move fscache_report_unexpected_submission() to make it more
         available (bsc#1107371).
       - fs-cache: When submitting an op, cancel it if the target object is dying
       - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes).
       - fuse: fix blocked_waitq wakeup (git-fixes).
       - fuse: fix leaked notify reply (git-fixes).
       - fuse: Fix oops at process_init_reply() (git-fixes).
       - fuse: fix possibly missed wake-up after abort (git-fixes).
       - fuse: umount should wait for all requests (git-fixes).
       - igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702).
       - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382)
       - iommu/amd: Fix IOMMU page flush when detach device from a domain
       - kvm: x86: Fix the duplicated failure path handling in vmx_init
       - lib: add "on"/"off" support to strtobool (bsc#1125931).
       - megaraid_sas: Fix probing cards without io port (bsc#1115829).
       - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440,
       - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440,
       - nfs: Cache state owners after files are closed (bsc#1031572).
       - nfs: Do not drop CB requests with invalid principals (git-fixes).
       - nfsv4.1: Fix a kfree() of uninitialised pointers in
         decode_cb_sequence_args (git-fixes).
       - nfsv4: Do not exit the state manager without clearing
         NFS4CLNT_MANAGER_RUNNING (git-fixes).
       - nfsv4: Keep dropped state owners on the LRU list for a while
       - nlm: Ensure callback code also checks that the files match (git-fixes).
       - ocfs2: fix three small problems in the patch (bsc#1086695)
       - omap2fb: Fix stack memory disclosure (bsc#1106886)
       - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806).
       - powerpc/fadump: handle crash memory ranges array index overflow
       - powerpc/fadump: Return error when fadump registration fails (git-fixes).
       - powerpc/fadump: Unregister fadump on kexec down path (git-fixes).
       - powerpc/traps: restore recoverability of machine_check interrupts
       - Revert "NFS: Make close(2) asynchronous when closing NFS O_DIRECT files"
       - ring-buffer: Always reset iterator to reader page (bsc#1120107).
       - ring-buffer: Fix first commit on sub-buffer having non-zero delta
       - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107).
       - ring-buffer: Have ring_buffer_iter_empty() return true when empty
       - ring-buffer: Mask out the info bits when returning buffer page length
       - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105).
       - rpm/modprobe-xen.conf: Add --ignore-install.
       - s390: always save and restore all registers on context switch
       - s390/dasd: fix using offset into zero size array error (git-fixes).
       - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes).
       - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes).
       - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525).
       - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its
         function (bnc#1114440, LTC#172682).
       - s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657).
       - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440,
       - s390/qeth: invoke softirqs after napi_schedule() (git-fixes).
       - s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960).
       - s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960).
       - sched, isolcpu: make cpu_isolated_map visible outside scheduler
       - scsi: aacraid: Fix typo in blink status (bsc#1115830).
       - scsi: aacraid: Reorder Adapter status check (bsc#1115830).
       - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831).
       - scsi: bfa: integer overflow in debugfs (bsc#1115832).
       - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833).
       - scsi: fas216: fix sense buffer initialization (bsc#1115834).
       - scsi: libfc: Revert " libfc: use offload EM instance again instead
         jumping to next EM" (bsc#1115835).
       - scsi: libsas: fix ata xfer length (bsc#1115836).
       - scsi: libsas: fix error when getting phy events (bsc#1115837).
       - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function
       - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
         devices (bsc#1115839).
       - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
       - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840).
       - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841).
       - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()'
       - scsi: scsi_dh_emc: return success in clariion_std_inquiry()
       - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
       - scsi: zfcp: fix posting too many status read buffers leading to adapter
         shutdown (bsc#1123505, LTC#174581).
       - sg: fix dxferp in from_to case (bsc#1115844).
       - sunrpc: Fix a potential race in xprt_connect() (git-fixes).
       - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
       - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes).
       - tracepoints: Do not trace when cpu is offline (bsc#1120109).
       - tracing: Add #undef to fix compile error (bsc#1120226).
       - tracing: Allow events to have NULL strings (bsc#1120056).
       - tracing: Do not add event files for modules that fail tracepoints
       - tracing: Fix check for cpu online when event is disabled (bsc#1120109).
       - tracing: Fix regex_match_front() to not over compare the test string
       - tracing/kprobes: Allow to create probe with a module name starting with
         a digit (bsc#1120336).
       - tracing: Move mutex to protect against resetting of seq data
       - tracing: probeevent: Fix to support minus offset from symbol
       - usb: keyspan: fix overrun-error reporting (bsc#1114672).
       - usb: keyspan: fix tty line-status reporting (bsc#1114672).
       - usb: option: fix Cinterion AHxx enumeration (bsc#1114672).
       - usb: serial: ark3116: fix open error handling (bsc#1114672).
       - usb: serial: ch341: fix control-message error handling (bsc#1114672).
       - usb: serial: ch341: fix initial modem-control state (bsc#1114672).
       - usb: serial: ch341: fix modem-status handling (bsc#1114672).
       - usb: serial: ch341: fix open and resume after B0 (bsc#1114672).
       - usb: serial: ch341: fix resume after reset (bsc#1114672).
       - usb: serial: ch341: fix type promotion bug in ch341_control_in()
       - usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672).
       - usb: serial: fix tty-device error handling at probe (bsc#1114672).
       - usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672).
       - usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672).
       - usb: serial: io_ti: fix NULL-deref at open (bsc#1114672).
       - usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672).
       - usb: serial: kl5kusb105: abort on open exception path (bsc#1114672).
       - usb: serial: kl5kusb105: fix open error path (bsc#1114672).
       - usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672).
       - usb: serial: mct_u232: fix modem-status error handling (bsc#1114672).
       - usb: serial: omninet: fix NULL-derefs at open and disconnect.
       - usb: serial: pl2303: fix NULL-deref at open (bsc#1114672).
       - usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672).
       - vmcore: Remove "weak" from function declarations (git-fixes).
       - x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850).
       - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684).
       - xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
       - xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup
         (bnc#1104684, bnc#1104818).
       - xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y
       - xen/x86/mm: Set IBPB upon context switch (bsc#1068032).
       - xen/x86/process: Re-export start_thread() (bsc#1110006).
       - xen/x86/speculation/l1tf: Fix off-by-one error when warning that system
         has too much RAM (bnc#1105536).
       - xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
       - xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
       - xen/x86/traps: add missing kernel CR3 switch in bad_iret path
       - xfrm: use complete IPv6 addresses for hash (bsc#1109330).
       - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920).
       - xfs: fix the logspace waiting algorithm (bsc#1122874).
       - xfs: stop searching for free slots in an inode chunk when there are none
       - xfs: validate sb_logsunit is a multiple of the fs blocksize
    Special Instructions and Notes:
       Please reboot the system after installing this update.
    Patch Instructions:
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
       Alternatively you can run the command listed for your product:
       - SUSE Linux Enterprise Software Development Kit 11-SP4:
          zypper in -t patch sdksp4-kernel-20190225-13979=1
       - SUSE Linux Enterprise Server 11-SP4:
          zypper in -t patch slessp4-kernel-20190225-13979=1
       - SUSE Linux Enterprise Server 11-EXTRA:
          zypper in -t patch slexsp3-kernel-20190225-13979=1
       - SUSE Linux Enterprise Real Time Extension 11-SP4:
          zypper in -t patch slertesp4-kernel-20190225-13979=1
       - SUSE Linux Enterprise High Availability Extension 11-SP4:
          zypper in -t patch slehasp4-kernel-20190225-13979=1
       - SUSE Linux Enterprise Debuginfo 11-SP4:
          zypper in -t patch dbgsp4-kernel-20190225-13979=1
    Package List:
       - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
       - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
       - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
       - SUSE Linux Enterprise Server 11-SP4 (ppc64):
       - SUSE Linux Enterprise Server 11-SP4 (s390x):
       - SUSE Linux Enterprise Server 11-SP4 (i586):
       - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
       - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
       - SUSE Linux Enterprise Server 11-EXTRA (x86_64):
       - SUSE Linux Enterprise Server 11-EXTRA (ppc64):
       - SUSE Linux Enterprise Server 11-EXTRA (i586):
       - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):
       - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):
       - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):
       - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):
       - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):
       - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
       - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
       - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
       - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
       - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.