SUSE: 2019:1823-1 important: the Linux Kernel

    Date12 Jul 2019
    CategorySuSE
    625
    Posted ByLinuxSecurity Advisories
    An update that solves 11 vulnerabilities and has two fixes is now available.
    
       SUSE Security Update: Security update for the Linux Kernel
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:1823-1
    Rating:             important
    References:         #1096254 #1108382 #1109137 #1127155 #1133190 
                        #1133738 #1134395 #1134701 #1136922 #1136935 
                        #1137194 #1138291 #1140575 
    Cross-References:   CVE-2018-20836 CVE-2019-10126 CVE-2019-10638
                        CVE-2019-10639 CVE-2019-11487 CVE-2019-11599
                        CVE-2019-12380 CVE-2019-12456 CVE-2019-12614
                        CVE-2019-12818 CVE-2019-12819
    Affected Products:
                        SUSE OpenStack Cloud 7
                        SUSE Linux Enterprise Server for SAP 12-SP2
                        SUSE Linux Enterprise Server 12-SP2-LTSS
                        SUSE Linux Enterprise Server 12-SP2-BCL
                        SUSE Enterprise Storage 4
    ______________________________________________________________________________
    
       An update that solves 11 vulnerabilities and has two fixes
       is now available.
    
    Description:
    
    
       The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various
       security and bugfixes.
    
       The following security bugs were fixed:
    
       - CVE-2019-10638: In the Linux kernel, a device could be tracked by an
         attacker using the IP ID values the kernel produces for connection-less
         protocols (e.g., UDP and ICMP). When such traffic was sent to multiple
         destination IP addresses, it was possible to obtain hash collisions (of
         indices to the counter array) and thereby obtain the hashing key (via
         enumeration). An attack may be conducted by hosting a crafted web page
         that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP
         addresses. (bnc#1140575)
       - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial
         kernel address disclosure), leading to a KASLR bypass. Specifically, it
         was possible to extract the KASLR kernel image offset using the IP ID
         values the kernel produces for connection-less protocols (e.g., UDP and
         ICMP). When such traffic was sent to multiple destination IP addresses,
         it was possible to obtain hash collisions (of indices to the counter
         array) and thereby obtain the hashing key (via enumeration). This key
         contains enough bits from a kernel address (of a static variable) so
         when the key was extracted (via enumeration), the offset of the kernel
         image is exposed. This attack can be carried out remotely, by the
         attacker forcing the target device to send UDP or ICMP (or certain
         other) traffic to attacker-controlled IP addresses. Forcing a server to
         send UDP traffic is trivial if the server is a DNS server. ICMP traffic
         is trivial if the server answers ICMP Echo requests (ping). For client
         targets, if the target visited the attacker's web page, then WebRTC or
         gQUIC could be used to force UDP traffic to attacker-controlled IP
         addresses. NOTE: this attack against KASLR became viable because IP ID
         generation was changed to have a dependency on an address associated
         with a network namespace. (bnc#)
       - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to
         memory corruption in the marvell mwifiex driver. (bnc#1136935)
       - CVE-2018-20836: An issue was discovered in the Linux kernel There was a
         race condition in smp_task_timedout() and smp_task_done() in
         drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
         (bnc#1134395)
       - CVE-2019-11599: The coredump implementation in the Linux kernel did not
         use locking or other mechanisms to prevent vma layout or vma flags
         changes while it ran, which allowed local users to obtain sensitive
         information, cause a denial of service, or possibly have unspecified
         other impact by triggering a race condition with mmget_not_zero or
         get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,
         fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
         (bnc#1133738)
       - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in
         arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an
         unchecked kstrdup of prop-name, which might allow an attacker to cause a
         denial of service (NULL pointer dereference and system crash). (bnc#)
       - CVE-2019-12818: An issue was discovered in the Linux kernel The
         nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL.
         If the caller did not check for this, it will trigger a NULL pointer
         dereference. This will cause denial of service. This affects
         nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194)
       - CVE-2019-12819: An issue was discovered in the Linux kernel The function
         __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(),
         which would trigger a fixed_mdio_bus_init use-after-free. This would
         cause a denial of service. (bnc#1138291)
       - CVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local
         users to create a denial of service (bsc#1136922).
       - CVE-2019-12380: An issue was discovered in the efi subsystem in the
         Linux kernel phys_efi_set_virtual_address_map in
         arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
         arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.
         NOTE: This id is disputed as not being an issue because All the code
         touched by the referenced commit runs only at boot, before any user
         processes are started. Therefore, there is no possibility for an
         unprivileged user to control it. (bnc#)
       - CVE-2019-11487: The Linux kernel allowed page-_refcount reference count
         to overflow, with resultant use-after-free issues, if about 140 GiB of
         RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
         include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c,
         mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
         (bnc#1133190)
    
       The following non-security bugs were fixed:
    
       - Drop multiversion(kernel) from the KMP template (bsc#1127155).
       - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155,
         bsc#1109137)." This reverts commit
         4cc83da426b53d47f1fde9328112364eab1e9a19.
       - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254).
       - x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701).
       - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382).
       - x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y
         (bsc#1134701).
       - x86/microcode/AMD: Fix load of builtin microcode with randomized memory
         (bsc#1134701).
       - x86/microcode/AMD: Reload proper initrd start address (bsc#1134701).
       - x86/microcode/amd: Hand down the CPU family (bsc#1134701).
       - x86/microcode/amd: Move private inlines to .c and mark local functions
         static (bsc#1134701).
       - x86/microcode/intel: Drop stashed AP patch pointer optimization
         (bsc#1134701).
       - x86/microcode/intel: Fix allocation size of struct ucode_patch
         (bsc#1134701).
       - x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y
         (bsc#1134701).
       - x86/microcode/intel: Remove intel_lib.c (bsc#1134701).
       - x86/microcode/intel: Remove unused arg of get_matching_model_microcode()
         (bsc#1134701).
       - x86/microcode/intel: Rename load_microcode_early() to
         find_microcode_patch() (bsc#1134701).
       - x86/microcode/intel: Rename local variables of type struct mc_saved_data
         (bsc#1134701).
       - x86/microcode/intel: Rename mc_intel variable to mc (bsc#1134701).
       - x86/microcode/intel: Rename mc_saved_in_initrd (bsc#1134701).
       - x86/microcode/intel: Simplify generic_load_microcode() (bsc#1134701).
       - x86/microcode/intel: Unexport save_mc_for_early() (bsc#1134701).
       - x86/microcode/intel: Use correct buffer size for saving microcode data
         (bsc#1134701).
       - x86/microcode: Collect CPU info on resume (bsc#1134701).
       - x86/microcode: Export the microcode cache linked list (bsc#1134701).
       - x86/microcode: Fix loading precedence (bsc#1134701).
       - x86/microcode: Get rid of find_cpio_data()'s dummy offset arg
         (bsc#1134701).
       - x86/microcode: Issue the debug printk on resume only on success
         (bsc#1134701).
       - x86/microcode: Rework microcode loading (bsc#1134701).
       - x86/microcode: Run the AP-loading routine only on the application
         processors (bsc#1134701).
    
    
    Special Instructions and Notes:
    
       Please reboot the system after installing this update.
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE OpenStack Cloud 7:
    
          zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1823=1
    
       - SUSE Linux Enterprise Server for SAP 12-SP2:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1823=1
    
       - SUSE Linux Enterprise Server 12-SP2-LTSS:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1823=1
    
       - SUSE Linux Enterprise Server 12-SP2-BCL:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1823=1
    
       - SUSE Enterprise Storage 4:
    
          zypper in -t patch SUSE-Storage-4-2019-1823=1
    
    
    
    Package List:
    
       - SUSE OpenStack Cloud 7 (s390x x86_64):
    
          kernel-default-4.4.121-92.117.1
          kernel-default-base-4.4.121-92.117.1
          kernel-default-base-debuginfo-4.4.121-92.117.1
          kernel-default-debuginfo-4.4.121-92.117.1
          kernel-default-debugsource-4.4.121-92.117.1
          kernel-default-devel-4.4.121-92.117.1
          kernel-syms-4.4.121-92.117.1
    
       - SUSE OpenStack Cloud 7 (noarch):
    
          kernel-devel-4.4.121-92.117.1
          kernel-macros-4.4.121-92.117.1
          kernel-source-4.4.121-92.117.1
    
       - SUSE OpenStack Cloud 7 (x86_64):
    
          kgraft-patch-4_4_121-92_117-default-1-3.3.1
    
       - SUSE OpenStack Cloud 7 (s390x):
    
          kernel-default-man-4.4.121-92.117.1
    
       - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
    
          kernel-default-4.4.121-92.117.1
          kernel-default-base-4.4.121-92.117.1
          kernel-default-base-debuginfo-4.4.121-92.117.1
          kernel-default-debuginfo-4.4.121-92.117.1
          kernel-default-debugsource-4.4.121-92.117.1
          kernel-default-devel-4.4.121-92.117.1
          kernel-syms-4.4.121-92.117.1
          kgraft-patch-4_4_121-92_117-default-1-3.3.1
    
       - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch):
    
          kernel-devel-4.4.121-92.117.1
          kernel-macros-4.4.121-92.117.1
          kernel-source-4.4.121-92.117.1
    
       - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):
    
          kernel-default-4.4.121-92.117.1
          kernel-default-base-4.4.121-92.117.1
          kernel-default-base-debuginfo-4.4.121-92.117.1
          kernel-default-debuginfo-4.4.121-92.117.1
          kernel-default-debugsource-4.4.121-92.117.1
          kernel-default-devel-4.4.121-92.117.1
          kernel-syms-4.4.121-92.117.1
    
       - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64):
    
          kgraft-patch-4_4_121-92_117-default-1-3.3.1
    
       - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch):
    
          kernel-devel-4.4.121-92.117.1
          kernel-macros-4.4.121-92.117.1
          kernel-source-4.4.121-92.117.1
    
       - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x):
    
          kernel-default-man-4.4.121-92.117.1
    
       - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    
          kernel-devel-4.4.121-92.117.1
          kernel-macros-4.4.121-92.117.1
          kernel-source-4.4.121-92.117.1
    
       - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    
          kernel-default-4.4.121-92.117.1
          kernel-default-base-4.4.121-92.117.1
          kernel-default-base-debuginfo-4.4.121-92.117.1
          kernel-default-debuginfo-4.4.121-92.117.1
          kernel-default-debugsource-4.4.121-92.117.1
          kernel-default-devel-4.4.121-92.117.1
          kernel-syms-4.4.121-92.117.1
    
       - SUSE Enterprise Storage 4 (noarch):
    
          kernel-devel-4.4.121-92.117.1
          kernel-macros-4.4.121-92.117.1
          kernel-source-4.4.121-92.117.1
    
       - SUSE Enterprise Storage 4 (x86_64):
    
          kernel-default-4.4.121-92.117.1
          kernel-default-base-4.4.121-92.117.1
          kernel-default-base-debuginfo-4.4.121-92.117.1
          kernel-default-debuginfo-4.4.121-92.117.1
          kernel-default-debugsource-4.4.121-92.117.1
          kernel-default-devel-4.4.121-92.117.1
          kernel-syms-4.4.121-92.117.1
          kgraft-patch-4_4_121-92_117-default-1-3.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-20836.html
       https://www.suse.com/security/cve/CVE-2019-10126.html
       https://www.suse.com/security/cve/CVE-2019-10638.html
       https://www.suse.com/security/cve/CVE-2019-10639.html
       https://www.suse.com/security/cve/CVE-2019-11487.html
       https://www.suse.com/security/cve/CVE-2019-11599.html
       https://www.suse.com/security/cve/CVE-2019-12380.html
       https://www.suse.com/security/cve/CVE-2019-12456.html
       https://www.suse.com/security/cve/CVE-2019-12614.html
       https://www.suse.com/security/cve/CVE-2019-12818.html
       https://www.suse.com/security/cve/CVE-2019-12819.html
       https://bugzilla.suse.com/1096254
       https://bugzilla.suse.com/1108382
       https://bugzilla.suse.com/1109137
       https://bugzilla.suse.com/1127155
       https://bugzilla.suse.com/1133190
       https://bugzilla.suse.com/1133738
       https://bugzilla.suse.com/1134395
       https://bugzilla.suse.com/1134701
       https://bugzilla.suse.com/1136922
       https://bugzilla.suse.com/1136935
       https://bugzilla.suse.com/1137194
       https://bugzilla.suse.com/1138291
       https://bugzilla.suse.com/1140575
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.