SUSE: 2019:13937-1 important: the Linux Kernel

    Date29 Jan 2019
    398
    Posted ByAnthony Pell
    An update that solves 12 vulnerabilities and has 18 fixes is now available.
       SUSE Security Update: Security update for the Linux Kernel
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:13937-1
    Rating:             important
    References:         #1031240 #1039803 #1066674 #1071021 #1094186 
                        #1094825 #1104070 #1104366 #1104367 #1107189 
                        #1108498 #1109200 #1113201 #1113751 #1113769 
                        #1114920 #1115007 #1115038 #1116412 #1116841 
                        #1117515 #1118152 #1118319 #1119255 #1119714 
                        #1120743 #905299 #936875 #968018 #990682 
                        
    Cross-References:   CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273
                        CVE-2018-18281 CVE-2018-18386 CVE-2018-18710
                        CVE-2018-19407 CVE-2018-19824 CVE-2018-19985
                        CVE-2018-20169 CVE-2018-9516 CVE-2018-9568
                       
    Affected Products:
                        SUSE Linux Enterprise Server 11-SP3-LTSS
                        SUSE Linux Enterprise Server 11-EXTRA
                        SUSE Linux Enterprise Point of Sale 11-SP3
                        SUSE Linux Enterprise Debuginfo 11-SP3
    ______________________________________________________________________________
    
       An update that solves 12 vulnerabilities and has 18 fixes
       is now available.
    
    Description:
    
    
       The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive
       various security and bugfixes.
    
       The following security bugs were fixed:
    
       - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c,
         there is a possible out of bounds write due to a missing bounds check.
         This could lead to local escalation of privilege with System execution
         privileges needed. User interaction is not needed for exploitation
         (bnc#1108498).
       - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
         allowed local users to cause a denial of service (NULL pointer
         dereference and BUG) via crafted system calls that reach a situation
         where ioapic is uninitialized (bnc#1116841).
       - CVE-2018-19985: The function hso_probe read if_num from the USB device
         (as an u8) and used it without a length check to index an array,
         resulting in an OOB memory read in hso_probe or hso_get_config_data that
         could be used by local attackers (bnc#1120743).
       - CVE-2018-20169: The USB subsystem mishandled size checks during the
         reading of an extra descriptor, related to __usb_get_extra_descriptor in
         drivers/usb/core/usb.c (bnc#1119714).
       - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
         corruption due to type confusion. This could lead to local escalation of
         privilege with no additional execution privileges needed. User
         interaction is not needed for exploitation (bnc#1118319).
       - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
         driver by supplying a malicious USB Sound device (with zero interfaces)
         that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
       - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
         pagetable locks. If a syscall such as ftruncate() removes entries from
         the pagetables of a task that is in the middle of mremap(), a stale TLB
         entry can remain for a short time that permits access to a physical page
         after it has been released back to the page allocator and reused
         (bnc#1113769).
       - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
         drivers/cdrom/cdrom.c could be used by local attackers to read kernel
         memory because a cast from unsigned long to int interferes with bounds
         checking. This is similar to CVE-2018-10940 and CVE-2018-16658
         (bnc#1113751).
       - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
         able to access pseudo terminals) to hang/block further usage of any
         pseudo terminal devices due to an EXTPROC versus ICANON confusion in
         TIOCINQ (bnc#1094825).
       - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c
         allowed physically proximate attackers to cause a denial of service
         (integer underflow) or possibly have unspecified other impact via a
         crafted HID report (bnc#1031240).
       - CVE-2017-16533: The usbhid_parse function in
         drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
         service (out-of-bounds read and system crash) or possibly have
         unspecified other impact via a crafted USB device (bnc#1066674).
       - CVE-2017-1000407: Fixed a denial of service, which was caused by
         flooding the diagnostic port 0x80 an exception leading to a kernel panic
         (bnc#1071021).
    
       The following non-security bugs were fixed:
    
       - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018,
         bsc#1104366).
       - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets
         (bsc#1119255).
       - Drivers: scsi: storvsc: Change the limits to reflect the values on the
         host (bug#1107189).
       - drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure
         (bug#1107189).
       - Drivers: scsi: storvsc: Filter commands based on the storage protocol
         version (bug#1107189).
       - Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version
         (bug#1107189).
       - Drivers: scsi: storvsc: Implement a eh_timed_out handler (bug#1107189).
       - Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by
         the Host (bug#1107189).
       - drivers: scsi: storvsc: Set srb_flags in all cases (bug#1107189).
       - EHCI: improved logic for isochronous scheduling (bsc#1117515).
       - ipv4: remove the unnecessary variable in udp_mcast_next (bsc#1104070).
       - KEYS: prevent creating a different user's keyrings (bnc#1094186).
       - KVM: x86: Fix the duplicate failure path handling in vmx_init
         (bsc#1104367).
       - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#1116412).
       - MM/vmscan.c: avoid throttling reclaim for loop-back nfsd threads
         (bsc#1116412).
       - net/ipv6/udp: Fix ipv6 multicast socket filter regression (bsc#1104070).
       - NFS: avoid deadlocks with loop-back mounted NFS filesystems
         (bsc#1116412).
       - NFS: avoid waiting at all in nfs_release_page when congested
         (bsc#1116412).
       - NFS: Do not write enable new pages while an invalidation is proceeding
         (bsc#1116412).
       - NFS: Fix a regression in the read() syscall (bsc#1116412).
       - NFS: Fix races in nfs_revalidate_mapping (bsc#1116412).
       - NFS: fix the handling of NFS_INO_INVALID_DATA flag in
         nfs_revalidate_mapping (bsc#1116412).
       - NFS: Fix writeback performance issue on cache invalidation (bsc#1116412).
       - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).
       - reiserfs: fix race in readdir (bsc#1039803).
       - sched, isolcpu: make cpu_isolated_map visible outside scheduler
         (bsc#1119255).
       - scsi: storvsc: Always send on the selected outgoing channel
         (bug#1107189).
       - scsi: storvsc: Do not assume that the scatterlist is not chained
         (bug#1107189).
       - scsi: storvsc: Fix a bug in copy_from_bounce_buffer() (bug#1107189).
       - scsi: storvsc: Increase the ring buffer size (bug#1107189).
       - scsi: storvsc: Size the queue depth based on the ringbuffer size
         (bug#1107189).
       - storvsc: fix a bug in storvsc limits (bug#1107189).
       - storvsc: force discovery of LUNs that may have been removed
         (bug#1107189).
       - storvsc: get rid of overly verbose warning messages (bug#1107189).
       - storvsc: in responce to a scan event, scan the host (bug#1107189).
       - storvsc: Set the SRB flags correctly when no data transfer is needed
         (bug#1107189).
       - udp: ipv4: Add udp early demux (bsc#1104070).
       - udp: restore UDPlite many-cast delivery (bsc#1104070).
       - udp: Simplify __udp*_lib_mcast_deliver (bsc#1104070).
       - udp: Use hash2 for long hash1 chains in __udp*_lib_mcast_deliver
         (bsc#1104070).
       - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515).
       - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515).
       - USB: EHCI: add symbolic constants for QHs (bsc#1117515).
       - USB: EHCI: always scan each interrupt QH (bsc#1117515).
       - USB: EHCI: do not lose events during a scan (bsc#1117515).
       - USB: EHCI: do not refcount iso_stream structures (bsc#1117515).
       - USB: EHCI: do not refcount QHs (bsc#1117515).
       - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515).
       - USB: EHCI: fix up locking (bsc#1117515).
       - USB: EHCI: initialize data before resetting hardware (bsc#1117515).
       - USB: EHCI: introduce high-res timer (bsc#1117515).
       - USB: EHCI: remove PS3 status polling (bsc#1117515).
       - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515).
       - USB: EHCI: rename "reclaim" (bsc#1117515).
       - USB: EHCI: resolve some unlikely races (bsc#1117515).
       - USB: EHCI: return void instead of 0 (bsc#1117515).
       - USB: EHCI: simplify isochronous scanning (bsc#1117515).
       - USB: EHCI: unlink multiple async QHs together (bsc#1117515).
       - USB: EHCI: use hrtimer for async schedule (bsc#1117515).
       - USB: EHCI: use hrtimer for controller death (bsc#1117515).
       - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515).
       - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515).
       - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515).
       - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515).
       - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515).
       - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515).
       - XFS: do not BUG() on mixed direct and mapped I/O (bsc#1114920).
       - XFS: stop searching for free slots in an inode chunk when there are none
         (bsc#1115007).
       - XFS: validate sb_logsunit is a multiple of the fs blocksize
         (bsc#1115038).
    
    
    Special Instructions and Notes:
    
       Please reboot the system after installing this update.
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Server 11-SP3-LTSS:
    
          zypper in -t patch slessp3-kernel-20190123-13937=1
    
       - SUSE Linux Enterprise Server 11-EXTRA:
    
          zypper in -t patch slexsp3-kernel-20190123-13937=1
    
       - SUSE Linux Enterprise Point of Sale 11-SP3:
    
          zypper in -t patch sleposp3-kernel-20190123-13937=1
    
       - SUSE Linux Enterprise Debuginfo 11-SP3:
    
          zypper in -t patch dbgsp3-kernel-20190123-13937=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
    
          kernel-default-3.0.101-0.47.106.59.1
          kernel-default-base-3.0.101-0.47.106.59.1
          kernel-default-devel-3.0.101-0.47.106.59.1
          kernel-source-3.0.101-0.47.106.59.1
          kernel-syms-3.0.101-0.47.106.59.1
          kernel-trace-3.0.101-0.47.106.59.1
          kernel-trace-base-3.0.101-0.47.106.59.1
          kernel-trace-devel-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):
    
          kernel-ec2-3.0.101-0.47.106.59.1
          kernel-ec2-base-3.0.101-0.47.106.59.1
          kernel-ec2-devel-3.0.101-0.47.106.59.1
          kernel-xen-3.0.101-0.47.106.59.1
          kernel-xen-base-3.0.101-0.47.106.59.1
          kernel-xen-devel-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):
    
          kernel-bigsmp-3.0.101-0.47.106.59.1
          kernel-bigsmp-base-3.0.101-0.47.106.59.1
          kernel-bigsmp-devel-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):
    
          kernel-default-man-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Server 11-SP3-LTSS (i586):
    
          kernel-pae-3.0.101-0.47.106.59.1
          kernel-pae-base-3.0.101-0.47.106.59.1
          kernel-pae-devel-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
    
          kernel-default-extra-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
    
          kernel-xen-extra-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Server 11-EXTRA (x86_64):
    
          kernel-bigsmp-extra-3.0.101-0.47.106.59.1
          kernel-trace-extra-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Server 11-EXTRA (ppc64):
    
          kernel-ppc64-extra-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Server 11-EXTRA (i586):
    
          kernel-pae-extra-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
    
          kernel-default-3.0.101-0.47.106.59.1
          kernel-default-base-3.0.101-0.47.106.59.1
          kernel-default-devel-3.0.101-0.47.106.59.1
          kernel-ec2-3.0.101-0.47.106.59.1
          kernel-ec2-base-3.0.101-0.47.106.59.1
          kernel-ec2-devel-3.0.101-0.47.106.59.1
          kernel-pae-3.0.101-0.47.106.59.1
          kernel-pae-base-3.0.101-0.47.106.59.1
          kernel-pae-devel-3.0.101-0.47.106.59.1
          kernel-source-3.0.101-0.47.106.59.1
          kernel-syms-3.0.101-0.47.106.59.1
          kernel-trace-3.0.101-0.47.106.59.1
          kernel-trace-base-3.0.101-0.47.106.59.1
          kernel-trace-devel-3.0.101-0.47.106.59.1
          kernel-xen-3.0.101-0.47.106.59.1
          kernel-xen-base-3.0.101-0.47.106.59.1
          kernel-xen-devel-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
    
          kernel-default-debuginfo-3.0.101-0.47.106.59.1
          kernel-default-debugsource-3.0.101-0.47.106.59.1
          kernel-trace-debuginfo-3.0.101-0.47.106.59.1
          kernel-trace-debugsource-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):
    
          kernel-ec2-debuginfo-3.0.101-0.47.106.59.1
          kernel-ec2-debugsource-3.0.101-0.47.106.59.1
          kernel-xen-debuginfo-3.0.101-0.47.106.59.1
          kernel-xen-debugsource-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):
    
          kernel-bigsmp-debuginfo-3.0.101-0.47.106.59.1
          kernel-bigsmp-debugsource-3.0.101-0.47.106.59.1
    
       - SUSE Linux Enterprise Debuginfo 11-SP3 (i586):
    
          kernel-pae-debuginfo-3.0.101-0.47.106.59.1
          kernel-pae-debugsource-3.0.101-0.47.106.59.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-1000407.html
       https://www.suse.com/security/cve/CVE-2017-16533.html
       https://www.suse.com/security/cve/CVE-2017-7273.html
       https://www.suse.com/security/cve/CVE-2018-18281.html
       https://www.suse.com/security/cve/CVE-2018-18386.html
       https://www.suse.com/security/cve/CVE-2018-18710.html
       https://www.suse.com/security/cve/CVE-2018-19407.html
       https://www.suse.com/security/cve/CVE-2018-19824.html
       https://www.suse.com/security/cve/CVE-2018-19985.html
       https://www.suse.com/security/cve/CVE-2018-20169.html
       https://www.suse.com/security/cve/CVE-2018-9516.html
       https://www.suse.com/security/cve/CVE-2018-9568.html
       https://bugzilla.suse.com/1031240
       https://bugzilla.suse.com/1039803
       https://bugzilla.suse.com/1066674
       https://bugzilla.suse.com/1071021
       https://bugzilla.suse.com/1094186
       https://bugzilla.suse.com/1094825
       https://bugzilla.suse.com/1104070
       https://bugzilla.suse.com/1104366
       https://bugzilla.suse.com/1104367
       https://bugzilla.suse.com/1107189
       https://bugzilla.suse.com/1108498
       https://bugzilla.suse.com/1109200
       https://bugzilla.suse.com/1113201
       https://bugzilla.suse.com/1113751
       https://bugzilla.suse.com/1113769
       https://bugzilla.suse.com/1114920
       https://bugzilla.suse.com/1115007
       https://bugzilla.suse.com/1115038
       https://bugzilla.suse.com/1116412
       https://bugzilla.suse.com/1116841
       https://bugzilla.suse.com/1117515
       https://bugzilla.suse.com/1118152
       https://bugzilla.suse.com/1118319
       https://bugzilla.suse.com/1119255
       https://bugzilla.suse.com/1119714
       https://bugzilla.suse.com/1120743
       https://bugzilla.suse.com/905299
       https://bugzilla.suse.com/936875
       https://bugzilla.suse.com/968018
       https://bugzilla.suse.com/990682
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.