SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:13937-1
Rating:             important
References:         #1031240 #1039803 #1066674 #1071021 #1094186 
                    #1094825 #1104070 #1104366 #1104367 #1107189 
                    #1108498 #1109200 #1113201 #1113751 #1113769 
                    #1114920 #1115007 #1115038 #1116412 #1116841 
                    #1117515 #1118152 #1118319 #1119255 #1119714 
                    #1120743 #905299 #936875 #968018 #990682 
                    
Cross-References:   CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273
                    CVE-2018-18281 CVE-2018-18386 CVE-2018-18710
                    CVE-2018-19407 CVE-2018-19824 CVE-2018-19985
                    CVE-2018-20169 CVE-2018-9516 CVE-2018-9568
                   
Affected Products:
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 18 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c,
     there is a possible out of bounds write due to a missing bounds check.
     This could lead to local escalation of privilege with System execution
     privileges needed. User interaction is not needed for exploitation
     (bnc#1108498).
   - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
     allowed local users to cause a denial of service (NULL pointer
     dereference and BUG) via crafted system calls that reach a situation
     where ioapic is uninitialized (bnc#1116841).
   - CVE-2018-19985: The function hso_probe read if_num from the USB device
     (as an u8) and used it without a length check to index an array,
     resulting in an OOB memory read in hso_probe or hso_get_config_data that
     could be used by local attackers (bnc#1120743).
   - CVE-2018-20169: The USB subsystem mishandled size checks during the
     reading of an extra descriptor, related to __usb_get_extra_descriptor in
     drivers/usb/core/usb.c (bnc#1119714).
   - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
     corruption due to type confusion. This could lead to local escalation of
     privilege with no additional execution privileges needed. User
     interaction is not needed for exploitation (bnc#1118319).
   - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
     driver by supplying a malicious USB Sound device (with zero interfaces)
     that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
   - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
     pagetable locks. If a syscall such as ftruncate() removes entries from
     the pagetables of a task that is in the middle of mremap(), a stale TLB
     entry can remain for a short time that permits access to a physical page
     after it has been released back to the page allocator and reused
     (bnc#1113769).
   - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
     drivers/cdrom/cdrom.c could be used by local attackers to read kernel
     memory because a cast from unsigned long to int interferes with bounds
     checking. This is similar to CVE-2018-10940 and CVE-2018-16658
     (bnc#1113751).
   - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
     able to access pseudo terminals) to hang/block further usage of any
     pseudo terminal devices due to an EXTPROC versus ICANON confusion in
     TIOCINQ (bnc#1094825).
   - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c
     allowed physically proximate attackers to cause a denial of service
     (integer underflow) or possibly have unspecified other impact via a
     crafted HID report (bnc#1031240).
   - CVE-2017-16533: The usbhid_parse function in
     drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
     service (out-of-bounds read and system crash) or possibly have
     unspecified other impact via a crafted USB device (bnc#1066674).
   - CVE-2017-1000407: Fixed a denial of service, which was caused by
     flooding the diagnostic port 0x80 an exception leading to a kernel panic
     (bnc#1071021).

   The following non-security bugs were fixed:

   - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018,
     bsc#1104366).
   - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets
     (bsc#1119255).
   - Drivers: scsi: storvsc: Change the limits to reflect the values on the
     host (bug#1107189).
   - drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure
     (bug#1107189).
   - Drivers: scsi: storvsc: Filter commands based on the storage protocol
     version (bug#1107189).
   - Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version
     (bug#1107189).
   - Drivers: scsi: storvsc: Implement a eh_timed_out handler (bug#1107189).
   - Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by
     the Host (bug#1107189).
   - drivers: scsi: storvsc: Set srb_flags in all cases (bug#1107189).
   - EHCI: improved logic for isochronous scheduling (bsc#1117515).
   - ipv4: remove the unnecessary variable in udp_mcast_next (bsc#1104070).
   - KEYS: prevent creating a different user's keyrings (bnc#1094186).
   - KVM: x86: Fix the duplicate failure path handling in vmx_init
     (bsc#1104367).
   - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#1116412).
   - MM/vmscan.c: avoid throttling reclaim for loop-back nfsd threads
     (bsc#1116412).
   - net/ipv6/udp: Fix ipv6 multicast socket filter regression (bsc#1104070).
   - NFS: avoid deadlocks with loop-back mounted NFS filesystems
     (bsc#1116412).
   - NFS: avoid waiting at all in nfs_release_page when congested
     (bsc#1116412).
   - NFS: Do not write enable new pages while an invalidation is proceeding
     (bsc#1116412).
   - NFS: Fix a regression in the read() syscall (bsc#1116412).
   - NFS: Fix races in nfs_revalidate_mapping (bsc#1116412).
   - NFS: fix the handling of NFS_INO_INVALID_DATA flag in
     nfs_revalidate_mapping (bsc#1116412).
   - NFS: Fix writeback performance issue on cache invalidation (bsc#1116412).
   - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).
   - reiserfs: fix race in readdir (bsc#1039803).
   - sched, isolcpu: make cpu_isolated_map visible outside scheduler
     (bsc#1119255).
   - scsi: storvsc: Always send on the selected outgoing channel
     (bug#1107189).
   - scsi: storvsc: Do not assume that the scatterlist is not chained
     (bug#1107189).
   - scsi: storvsc: Fix a bug in copy_from_bounce_buffer() (bug#1107189).
   - scsi: storvsc: Increase the ring buffer size (bug#1107189).
   - scsi: storvsc: Size the queue depth based on the ringbuffer size
     (bug#1107189).
   - storvsc: fix a bug in storvsc limits (bug#1107189).
   - storvsc: force discovery of LUNs that may have been removed
     (bug#1107189).
   - storvsc: get rid of overly verbose warning messages (bug#1107189).
   - storvsc: in responce to a scan event, scan the host (bug#1107189).
   - storvsc: Set the SRB flags correctly when no data transfer is needed
     (bug#1107189).
   - udp: ipv4: Add udp early demux (bsc#1104070).
   - udp: restore UDPlite many-cast delivery (bsc#1104070).
   - udp: Simplify __udp*_lib_mcast_deliver (bsc#1104070).
   - udp: Use hash2 for long hash1 chains in __udp*_lib_mcast_deliver
     (bsc#1104070).
   - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515).
   - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515).
   - USB: EHCI: add symbolic constants for QHs (bsc#1117515).
   - USB: EHCI: always scan each interrupt QH (bsc#1117515).
   - USB: EHCI: do not lose events during a scan (bsc#1117515).
   - USB: EHCI: do not refcount iso_stream structures (bsc#1117515).
   - USB: EHCI: do not refcount QHs (bsc#1117515).
   - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515).
   - USB: EHCI: fix up locking (bsc#1117515).
   - USB: EHCI: initialize data before resetting hardware (bsc#1117515).
   - USB: EHCI: introduce high-res timer (bsc#1117515).
   - USB: EHCI: remove PS3 status polling (bsc#1117515).
   - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515).
   - USB: EHCI: rename "reclaim" (bsc#1117515).
   - USB: EHCI: resolve some unlikely races (bsc#1117515).
   - USB: EHCI: return void instead of 0 (bsc#1117515).
   - USB: EHCI: simplify isochronous scanning (bsc#1117515).
   - USB: EHCI: unlink multiple async QHs together (bsc#1117515).
   - USB: EHCI: use hrtimer for async schedule (bsc#1117515).
   - USB: EHCI: use hrtimer for controller death (bsc#1117515).
   - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515).
   - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515).
   - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515).
   - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515).
   - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515).
   - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515).
   - XFS: do not BUG() on mixed direct and mapped I/O (bsc#1114920).
   - XFS: stop searching for free slots in an inode chunk when there are none
     (bsc#1115007).
   - XFS: validate sb_logsunit is a multiple of the fs blocksize
     (bsc#1115038).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-kernel-20190123-13937=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-20190123-13937=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-kernel-20190123-13937=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-kernel-20190123-13937=1



Package List:

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      kernel-default-3.0.101-0.47.106.59.1
      kernel-default-base-3.0.101-0.47.106.59.1
      kernel-default-devel-3.0.101-0.47.106.59.1
      kernel-source-3.0.101-0.47.106.59.1
      kernel-syms-3.0.101-0.47.106.59.1
      kernel-trace-3.0.101-0.47.106.59.1
      kernel-trace-base-3.0.101-0.47.106.59.1
      kernel-trace-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-0.47.106.59.1
      kernel-ec2-base-3.0.101-0.47.106.59.1
      kernel-ec2-devel-3.0.101-0.47.106.59.1
      kernel-xen-3.0.101-0.47.106.59.1
      kernel-xen-base-3.0.101-0.47.106.59.1
      kernel-xen-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

      kernel-bigsmp-3.0.101-0.47.106.59.1
      kernel-bigsmp-base-3.0.101-0.47.106.59.1
      kernel-bigsmp-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

      kernel-default-man-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

      kernel-pae-3.0.101-0.47.106.59.1
      kernel-pae-base-3.0.101-0.47.106.59.1
      kernel-pae-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-bigsmp-extra-3.0.101-0.47.106.59.1
      kernel-trace-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      kernel-default-3.0.101-0.47.106.59.1
      kernel-default-base-3.0.101-0.47.106.59.1
      kernel-default-devel-3.0.101-0.47.106.59.1
      kernel-ec2-3.0.101-0.47.106.59.1
      kernel-ec2-base-3.0.101-0.47.106.59.1
      kernel-ec2-devel-3.0.101-0.47.106.59.1
      kernel-pae-3.0.101-0.47.106.59.1
      kernel-pae-base-3.0.101-0.47.106.59.1
      kernel-pae-devel-3.0.101-0.47.106.59.1
      kernel-source-3.0.101-0.47.106.59.1
      kernel-syms-3.0.101-0.47.106.59.1
      kernel-trace-3.0.101-0.47.106.59.1
      kernel-trace-base-3.0.101-0.47.106.59.1
      kernel-trace-devel-3.0.101-0.47.106.59.1
      kernel-xen-3.0.101-0.47.106.59.1
      kernel-xen-base-3.0.101-0.47.106.59.1
      kernel-xen-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      kernel-default-debuginfo-3.0.101-0.47.106.59.1
      kernel-default-debugsource-3.0.101-0.47.106.59.1
      kernel-trace-debuginfo-3.0.101-0.47.106.59.1
      kernel-trace-debugsource-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-0.47.106.59.1
      kernel-ec2-debugsource-3.0.101-0.47.106.59.1
      kernel-xen-debuginfo-3.0.101-0.47.106.59.1
      kernel-xen-debugsource-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

      kernel-bigsmp-debuginfo-3.0.101-0.47.106.59.1
      kernel-bigsmp-debugsource-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

      kernel-pae-debuginfo-3.0.101-0.47.106.59.1
      kernel-pae-debugsource-3.0.101-0.47.106.59.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000407.html
   https://www.suse.com/security/cve/CVE-2017-16533.html
   https://www.suse.com/security/cve/CVE-2017-7273.html
   https://www.suse.com/security/cve/CVE-2018-18281.html
   https://www.suse.com/security/cve/CVE-2018-18386.html
   https://www.suse.com/security/cve/CVE-2018-18710.html
   https://www.suse.com/security/cve/CVE-2018-19407.html
   https://www.suse.com/security/cve/CVE-2018-19824.html
   https://www.suse.com/security/cve/CVE-2018-19985.html
   https://www.suse.com/security/cve/CVE-2018-20169.html
   https://www.suse.com/security/cve/CVE-2018-9516.html
   https://www.suse.com/security/cve/CVE-2018-9568.html
   https://bugzilla.suse.com/1031240
   https://bugzilla.suse.com/1039803
   https://bugzilla.suse.com/1066674
   https://bugzilla.suse.com/1071021
   https://bugzilla.suse.com/1094186
   https://bugzilla.suse.com/1094825
   https://bugzilla.suse.com/1104070
   https://bugzilla.suse.com/1104366
   https://bugzilla.suse.com/1104367
   https://bugzilla.suse.com/1107189
   https://bugzilla.suse.com/1108498
   https://bugzilla.suse.com/1109200
   https://bugzilla.suse.com/1113201
   https://bugzilla.suse.com/1113751
   https://bugzilla.suse.com/1113769
   https://bugzilla.suse.com/1114920
   https://bugzilla.suse.com/1115007
   https://bugzilla.suse.com/1115038
   https://bugzilla.suse.com/1116412
   https://bugzilla.suse.com/1116841
   https://bugzilla.suse.com/1117515
   https://bugzilla.suse.com/1118152
   https://bugzilla.suse.com/1118319
   https://bugzilla.suse.com/1119255
   https://bugzilla.suse.com/1119714
   https://bugzilla.suse.com/1120743
   https://bugzilla.suse.com/905299
   https://bugzilla.suse.com/936875
   https://bugzilla.suse.com/968018
   https://bugzilla.suse.com/990682

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2019:13937-1 important: the Linux Kernel

January 29, 2019
An update that solves 12 vulnerabilities and has 18 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1108498). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). - CVE-2017-1000407: Fixed a denial of service, which was caused by flooding the diagnostic port 0x80 an exception leading to a kernel panic (bnc#1071021). The following non-security bugs were fixed: - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018, bsc#1104366). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - Drivers: scsi: storvsc: Change the limits to reflect the values on the host (bug#1107189). - drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure (bug#1107189). - Drivers: scsi: storvsc: Filter commands based on the storage protocol version (bug#1107189). - Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version (bug#1107189). - Drivers: scsi: storvsc: Implement a eh_timed_out handler (bug#1107189). - Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host (bug#1107189). - drivers: scsi: storvsc: Set srb_flags in all cases (bug#1107189). - EHCI: improved logic for isochronous scheduling (bsc#1117515). - ipv4: remove the unnecessary variable in udp_mcast_next (bsc#1104070). - KEYS: prevent creating a different user's keyrings (bnc#1094186). - KVM: x86: Fix the duplicate failure path handling in vmx_init (bsc#1104367). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#1116412). - MM/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#1116412). - net/ipv6/udp: Fix ipv6 multicast socket filter regression (bsc#1104070). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#1116412). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#1116412). - NFS: Do not write enable new pages while an invalidation is proceeding (bsc#1116412). - NFS: Fix a regression in the read() syscall (bsc#1116412). - NFS: Fix races in nfs_revalidate_mapping (bsc#1116412). - NFS: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#1116412). - NFS: Fix writeback performance issue on cache invalidation (bsc#1116412). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - reiserfs: fix race in readdir (bsc#1039803). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: storvsc: Always send on the selected outgoing channel (bug#1107189). - scsi: storvsc: Do not assume that the scatterlist is not chained (bug#1107189). - scsi: storvsc: Fix a bug in copy_from_bounce_buffer() (bug#1107189). - scsi: storvsc: Increase the ring buffer size (bug#1107189). - scsi: storvsc: Size the queue depth based on the ringbuffer size (bug#1107189). - storvsc: fix a bug in storvsc limits (bug#1107189). - storvsc: force discovery of LUNs that may have been removed (bug#1107189). - storvsc: get rid of overly verbose warning messages (bug#1107189). - storvsc: in responce to a scan event, scan the host (bug#1107189). - storvsc: Set the SRB flags correctly when no data transfer is needed (bug#1107189). - udp: ipv4: Add udp early demux (bsc#1104070). - udp: restore UDPlite many-cast delivery (bsc#1104070). - udp: Simplify __udp*_lib_mcast_deliver (bsc#1104070). - udp: Use hash2 for long hash1 chains in __udp*_lib_mcast_deliver (bsc#1104070). - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515). - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515). - USB: EHCI: add symbolic constants for QHs (bsc#1117515). - USB: EHCI: always scan each interrupt QH (bsc#1117515). - USB: EHCI: do not lose events during a scan (bsc#1117515). - USB: EHCI: do not refcount iso_stream structures (bsc#1117515). - USB: EHCI: do not refcount QHs (bsc#1117515). - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515). - USB: EHCI: fix up locking (bsc#1117515). - USB: EHCI: initialize data before resetting hardware (bsc#1117515). - USB: EHCI: introduce high-res timer (bsc#1117515). - USB: EHCI: remove PS3 status polling (bsc#1117515). - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515). - USB: EHCI: rename "reclaim" (bsc#1117515). - USB: EHCI: resolve some unlikely races (bsc#1117515). - USB: EHCI: return void instead of 0 (bsc#1117515). - USB: EHCI: simplify isochronous scanning (bsc#1117515). - USB: EHCI: unlink multiple async QHs together (bsc#1117515). - USB: EHCI: use hrtimer for async schedule (bsc#1117515). - USB: EHCI: use hrtimer for controller death (bsc#1117515). - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515). - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515). - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515). - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515). - XFS: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - XFS: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - XFS: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038).

References

#1031240 #1039803 #1066674 #1071021 #1094186

#1094825 #1104070 #1104366 #1104367 #1107189

#1108498 #1109200 #1113201 #1113751 #1113769

#1114920 #1115007 #1115038 #1116412 #1116841

#1117515 #1118152 #1118319 #1119255 #1119714

#1120743 #905299 #936875 #968018 #990682

Cross- CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273

CVE-2018-18281 CVE-2018-18386 CVE-2018-18710

CVE-2018-19407 CVE-2018-19824 CVE-2018-19985

CVE-2018-20169 CVE-2018-9516 CVE-2018-9568

Affected Products:

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Server 11-EXTRA

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2017-1000407.html

https://www.suse.com/security/cve/CVE-2017-16533.html

https://www.suse.com/security/cve/CVE-2017-7273.html

https://www.suse.com/security/cve/CVE-2018-18281.html

https://www.suse.com/security/cve/CVE-2018-18386.html

https://www.suse.com/security/cve/CVE-2018-18710.html

https://www.suse.com/security/cve/CVE-2018-19407.html

https://www.suse.com/security/cve/CVE-2018-19824.html

https://www.suse.com/security/cve/CVE-2018-19985.html

https://www.suse.com/security/cve/CVE-2018-20169.html

https://www.suse.com/security/cve/CVE-2018-9516.html

https://www.suse.com/security/cve/CVE-2018-9568.html

https://bugzilla.suse.com/1031240

https://bugzilla.suse.com/1039803

https://bugzilla.suse.com/1066674

https://bugzilla.suse.com/1071021

https://bugzilla.suse.com/1094186

https://bugzilla.suse.com/1094825

https://bugzilla.suse.com/1104070

https://bugzilla.suse.com/1104366

https://bugzilla.suse.com/1104367

https://bugzilla.suse.com/1107189

https://bugzilla.suse.com/1108498

https://bugzilla.suse.com/1109200

https://bugzilla.suse.com/1113201

https://bugzilla.suse.com/1113751

https://bugzilla.suse.com/1113769

https://bugzilla.suse.com/1114920

https://bugzilla.suse.com/1115007

https://bugzilla.suse.com/1115038

https://bugzilla.suse.com/1116412

https://bugzilla.suse.com/1116841

https://bugzilla.suse.com/1117515

https://bugzilla.suse.com/1118152

https://bugzilla.suse.com/1118319

https://bugzilla.suse.com/1119255

https://bugzilla.suse.com/1119714

https://bugzilla.suse.com/1120743

https://bugzilla.suse.com/905299

https://bugzilla.suse.com/936875

https://bugzilla.suse.com/968018

https://bugzilla.suse.com/990682

Severity
Announcement ID: SUSE-SU-2019:13937-1
Rating: important

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved