Overview

File _patchinfo of Package patchinfo.7767

<patchinfo incident="7767">
  <issue id="1068032" tracker="bnc">VUL-0: speculative side channel attacks on various CPU platforms aka "SpectreAttack" and "MeltdownAttack"</issue>
  <issue id="1079152" tracker="bnc">L3: kernel BUG at ../mm/slab.c:3114!</issue>
  <issue id="1082962" tracker="bnc">VUL-0: CVE-2018-7492: kernel: Null pointer dereference in _rds_rdma_map() allows local attackers to cause denial-of-service</issue>
  <issue id="1083650" tracker="bnc">VUL-0: CVE-2018-1065 kernel: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash</issue>
  <issue id="1083900" tracker="bnc">VUL-0: CVE-2018-5803: kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service</issue>
  <issue id="1085185" tracker="bnc">[HPE Bug]  Please back port: watchdog: hpwdt: Remove legacy NMI sourcing.</issue>
  <issue id="1086400" tracker="bnc">VUL-0: CVE-2017-18241: kernel-source: fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause adenial of service (NULL pointer dereference and panic) by using a noflush_mergeoption that triggers a NULL value for a fl</issue>
  <issue id="1087007" tracker="bnc">VUL-1: CVE-2018-1094: kernel-source: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image</issue>
  <issue id="1087012" tracker="bnc">VUL-0: CVE-2018-1092: kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image</issue>
  <issue id="1087036" tracker="bnc">VUL-0: CVE-2017-18249: kernel-source: The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 doesnot properly track an allocated nid, which allows local users to cause a denialof service (race condition) or possibly h</issue>
  <issue id="1087086" tracker="bnc">VUL-0: CVE-2018-3665: Lazy FP Save/Restore</issue>
  <issue id="1087095" tracker="bnc">VUL-1: CVE-2018-1093: kernel-source: Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image</issue>
  <issue id="1089895" tracker="bnc">VUL-0: CVE-2018-1000199: kernel: ptrace() bug leading to DoS or possibly corruption</issue>
  <issue id="1090534" tracker="bnc">xfstests xfs/709 fails with xfs</issue>
  <issue id="1090955" tracker="bnc">L3: XFS_WANT_CORRUPTED_GOTO when mount root fs at boot</issue>
  <issue id="1092497" tracker="bnc">ibrs used instead of retpoline on Haswell processor with spectre_v2=retpoline</issue>
  <issue id="1092552" tracker="bnc">Backport request of ip6_dst_mtu_forward and related to SLES 12</issue>
  <issue id="1092813" tracker="bnc">kaiser_set_shadow_pgd undefined symbol</issue>
  <issue id="1092904" tracker="bnc">VUL-1: CVE-2018-1130: kernel-source: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash</issue>
  <issue id="1094033" tracker="bnc">L3-Question: failed to apply kgraft patch</issue>
  <issue id="1094353" tracker="bnc">VUL-0: CVE-2017-13305: kernel-source: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker</issue>
  <issue id="1094823" tracker="bnc">iotop stops working with the latest kernel</issue>
  <issue id="1095042" tracker="bnc">IPv6 and ECMP does not play with SSH and DSCP</issue>
  <issue id="1096140" tracker="bnc">nospectre_v2 doesn't disable repoline on SLE-12-SP3 4.4.132-94.33</issue>
  <issue id="1096242" tracker="bnc">Slow down with latest kernel updates - AMD side</issue>
  <issue id="1096281" tracker="bnc">Slow down with latest kernel updates - Intel side</issue>
  <issue id="1096728" tracker="bnc">VUL-0: CVE-2018-1000204: kernel-source: Linux Kernel infoleak caused by incorrect handling of the SG_IO ioctl</issue>
  <issue id="1097356" tracker="bnc">VUL-0: CVE-2018-5848: kernel-source: function wmi_set_ie() in net/wireless/ath/wil6210/wmi.c is affected by a buffer overflow</issue>
  <issue id="973378" tracker="bnc">[syzkaller] snd_timer BUG: KASAN: use-after-free in snd_timer_interrupt</issue>
  <issue id="2017-13305" tracker="cve" />
  <issue id="2017-18241" tracker="cve" />
  <issue id="2017-18249" tracker="cve" />
  <issue id="2018-1000199" tracker="cve" />
  <issue id="2018-1000204" tracker="cve" />
  <issue id="2018-1065" tracker="cve" />
  <issue id="2018-1092" tracker="cve" />
  <issue id="2018-1093" tracker="cve" />
  <issue id="2018-1094" tracker="cve" />
  <issue id="2018-1130" tracker="cve" />
  <issue id="2018-3665" tracker="cve" />
  <issue id="2018-5803" tracker="cve" />
  <issue id="2018-5848" tracker="cve" />
  <issue id="2018-7492" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>mkoutny</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2018-5848: In the function wmi_set_ie(), the length validation code did
  not handle unsigned integer overflow properly. As a result, a large value of
  the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)
- CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO
  ioctl (bsc#1096728).
- CVE-2017-18249: The add_free_nid function did not properly track an allocated
  nid, which allowed local users to cause a denial of service (race condition) or
  possibly have unspecified other impact via concurrent threads (bnc#1087036)
- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX
  registers) between processes. These registers might contain encryption keys
  when doing SSE accelerated AES enc/decryption (bsc#1087086)
- CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge
  option that triggers a NULL value for a flush_cmd_control data structure
  (bnc#1086400)
- CVE-2017-13305: Prevent information disclosure vulnerability in
  encrypted-keys (bsc#1094353).
- CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to
  cause a denial of service (out-of-bounds read and system crash) via a crafted
  ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers
  (bsc#1087095).
- CVE-2018-1094: The ext4_fill_super function did not always initialize the
  crc32c checksum driver, which allowed attackers to cause a denial of service
  (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted
  ext4 image (bsc#1087007).
- CVE-2018-1092: The ext4_iget function mishandled the case of a root directory
  with a zero i_links_count, which allowed attackers to cause a denial of service
  (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4
  image (bsc#1087012).
- CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that
  allowed a local user to cause a denial of service by a number of certain
  crafted system calls (bsc#1092904).
- CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob
  that contains a jump but lacks a user-defined chain, which allowed local users
  to cause a denial of service (NULL pointer dereference) by leveraging the
  CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650).
- CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when
  handling SCTP packets length that could have been exploited to cause a kernel
  crash (bnc#1083900).
- CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c
  __rds_rdma_map() function that allowed local attackers to cause a system panic
  and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST
  (bsc#1082962).
- CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that
  could have caused a crash and possibly memory corruption (bsc#1089895).

The following non-security bugs were fixed:

- ALSA: timer: Fix pause event notification (bsc#973378).
- Fix excessive newline in /proc/*/status (bsc#1094823).
- Fix the patch content (bsc#1085185)
- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
- Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
- ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552).
- ipv6: omit traffic class when calculating flow hash (bsc#1095042).
- kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033).
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality).
- x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140).
- x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281).
- x86/bugs: Respect retpoline command line option (bsc#1068032).
- x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).
- x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
- xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534).
- xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534).
- xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places