Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
patchinfo.7437
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7437
<patchinfo incident="7437"> <issue id="1087082" tracker="bnc">VUL-0: EMBARGOED: CVE-2018-3639: V4 – Speculative Store Bypass aka "Memory Disambiguation"</issue> <issue id="1087845" tracker="bnc">SKL processor be add in blacklist of microcode broken in SLE12SP3 MU kernel branch</issue> <issue id="1089895" tracker="bnc">VUL-0: CVE-2018-1000199: kernel: ptrace() bug leading to DoS or possibly corruption</issue> <issue id="1091755" tracker="bnc">VUL-0: CVE-2018-10675: kernel-source: denial of service (use-after-free) in do_get_mempolicy function in mm/mempolicy.c</issue> <issue id="1092497" tracker="bnc">L3: ibrs used instead of retpoline on Haswell processor with spectre_v2=retpoline</issue> <issue id="1093215" tracker="bnc">prctl(PR_SPEC_STORE_BYPASS) never returns to userspace</issue> <issue id="1094019" tracker="bnc">XEN: sles11sp3ltss PV guests can not boot after latest kernel update</issue> <issue id="985025" tracker="bnc">Knights Landing A/D leak</issue> <issue id="2018-3639" tracker="cve" /> <issue id="2018-1000199" tracker="cve" /> <issue id="2018-10675" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>alnovak</packager> <reboot_needed/> <description> The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082). A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is "seccomp", meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - "Vulnerable" - "Mitigation: Speculative Store Bypass disabled" - "Mitigation: Speculative Store Bypass disabled via prctl" - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp" - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). The following non-security bugs were fixed: - x86/bugs: Make sure that _TIF_SSBD does not end up in _TIF_ALLWORK_MASK (bsc#1093215). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/cpu/intel: Introduce macros for Intel family numbers (bsc#985025). - x86/cpu/intel: Introduce macros for Intel family numbers (bsc985025). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor