Overview

File _patchinfo of Package patchinfo.7776

<patchinfo incident="7776">
  <issue id="1087007" tracker="bnc">VUL-1: CVE-2018-1094: kernel-source: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image</issue>
  <issue id="1087012" tracker="bnc">VUL-0: CVE-2018-1092: kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image</issue>
  <issue id="1087095" tracker="bnc">VUL-1: CVE-2018-1093: kernel-source: Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image</issue>
  <issue id="1038553" tracker="bnc">mounting damaged Btrfs causes kernel crash</issue>
  <issue id="1046610" tracker="bnc">L3: frequent misfunction of virtual NICs on XEN domUs</issue>
  <issue id="1079152" tracker="bnc">L3: kernel BUG at ../mm/slab.c:3114!</issue>
  <issue id="1082962" tracker="bnc">VUL-0: CVE-2018-7492: kernel: Null pointer dereference in _rds_rdma_map() allows local attackers to cause denial-of-service</issue>
  <issue id="1083382" tracker="bnc">Partner-L3: Virtual Appliance crash</issue>
  <issue id="1083900" tracker="bnc">VUL-0: CVE-2018-5803: kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service</issue>
  <issue id="1087082" tracker="bnc">VUL-0: CVE-2018-3639:  V4 - Speculative Store Bypass aka "Memory Disambiguation"</issue>
  <issue id="1087086" tracker="bnc">VUL-0: CVE-2018-3665: Lazy FP Save/Restore</issue>
  <issue id="1092813" tracker="bnc">kaiser_set_shadow_pgd undefined symbol</issue>
  <issue id="1092904" tracker="bnc">VUL-1: CVE-2018-1130: kernel-source: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash</issue>
  <issue id="1094033" tracker="bnc">L3-Question: failed to apply kgraft patch</issue>
  <issue id="1094353" tracker="bnc">VUL-0: CVE-2017-13305: kernel-source: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker</issue>
  <issue id="1094823" tracker="bnc">iotop stops working with the latest kernel</issue>
  <issue id="1096140" tracker="bnc">nospectre_v2 doesn't disable repoline on SLE-12-SP3 4.4.132-94.33</issue>
  <issue id="1096242" tracker="bnc">Slow down with latest kernel updates - AMD side</issue>
  <issue id="1096281" tracker="bnc">Slow down with latest kernel updates - Intel side</issue>
  <issue id="1096480" tracker="bnc">VUL-1: CVE-2018-5814: kernel: Linux Kernel USB over IP Multiple Denial of Service Vulnerabilities</issue>
  <issue id="1096728" tracker="bnc">VUL-0: CVE-2018-1000204: kernel-source: Linux Kernel infoleak caused by incorrect handling of the SG_IO ioctl</issue>
  <issue id="1097356" tracker="bnc">VUL-0: CVE-2018-5848: kernel-source: function wmi_set_ie() in net/wireless/ath/wil6210/wmi.c is affected by a buffer overflow</issue>
  <issue id="2018-3665" tracker="cve" />
  <issue id="2018-5848" tracker="cve" />
  <issue id="2018-1000204" tracker="cve" />
  <issue id="2017-13305" tracker="cve" />
  <issue id="2018-1094" tracker="cve" />
  <issue id="2018-1093" tracker="cve" />
  <issue id="2018-1092" tracker="cve" />
  <issue id="2018-1130" tracker="cve" />
  <issue id="2018-5803" tracker="cve" />
  <issue id="2018-7492" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>alnovak</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX
  registers) between processes. These registers might contain encryption keys
  when doing SSE accelerated AES enc/decryption (bsc#1087086)
- CVE-2018-5848: In the function wmi_set_ie(), the length validation code did
  not handle unsigned integer overflow properly. As a result, a large value of
  the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)
- CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO
  ioctl (bsc#1096728)
- CVE-2017-13305: Prevent information disclosure vulnerability in
  encrypted-keys (bsc#1094353)
- CVE-2018-1094: The ext4_fill_super function did not always initialize the
  crc32c checksum driver, which allowed attackers to cause a denial of service
  (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted
  ext4 image (bsc#1087007).
- CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to
  cause a denial of service (out-of-bounds read and system crash) via a crafted
  ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers
  (bsc#1087095).
- CVE-2018-1092: The ext4_iget function mishandled the case of a root directory
  with a zero i_links_count, which allowed attackers to cause a denial of service
  (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4
  image (bsc#1087012).
- CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that
  allowed a local user to cause a denial of service by a number of certain
  crafted system calls (bsc#1092904)
- CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when
  handling SCTP packets length that could have been exploited to cause a kernel
  crash (bnc#1083900)
- CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c
  __rds_rdma_map() function that allowed local attackers to cause a system panic
  and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST
  (bsc#1082962)

The following non-security bugs were fixed:

- Btrfs: fix unexpected balance crash due to BUG_ON (bsc#1038553).
- Fix excessive newline in /proc/*/status (bsc#1094823).
- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
- dm thin metadata: call precommit before saving the roots (bsc#1083382).
- dm thin: fix inability to discard blocks when in out-of-data-space mode (bsc#1083382).
- dm thin: fix missing out-of-data-space to write mode transition if blocks are released (bsc#1083382).
- dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition (bsc#1083382).
- dm: fix various targets to dm_register_target after module __init resources created (bsc#1083382).
- kABI: work around BPF SSBD removal (bsc#1087082).
- kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033).
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152).
- usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bsc#1096480).
- usbip: usbip_host: fix bad unlock balance during stub_probe() (bsc#1096480).
- x86/boot: Fix early command-line parsing when matching at end (bsc#1096281).
- x86/boot: Fix early command-line parsing when partial word matches (bsc#1096281).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).
- x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
- xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places