The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes.
The following security bugs were fixed:
CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).
A new boot commandline option was introduced, 'specstorebypass_disable', which can have following values:
The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.
Status can be queried via the /sys/devices/system/cpu/vulnerabilities/specstorebypass file, containing:
CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modifyuserhw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)
The following non-security bugs were fixed:
{ "binaries": [ { "kernel-macros": "3.12.61-52.133.1", "kernel-devel": "3.12.61-52.133.1", "kernel-default-base": "3.12.61-52.133.1", "kernel-default-man": "3.12.61-52.133.1", "kernel-xen-devel": "3.12.61-52.133.1", "kernel-default": "3.12.61-52.133.1", "kernel-source": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1", "kernel-xen-base": "3.12.61-52.133.1", "kernel-syms": "3.12.61-52.133.1", "kernel-default-devel": "3.12.61-52.133.1", "kernel-xen": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-default": "1-1.5.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.61-52.133.1", "kernel-devel": "3.12.61-52.133.1", "kernel-default-base": "3.12.61-52.133.1", "kernel-default-man": "3.12.61-52.133.1", "kernel-xen-devel": "3.12.61-52.133.1", "kernel-default": "3.12.61-52.133.1", "kernel-source": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1", "kernel-xen-base": "3.12.61-52.133.1", "kernel-syms": "3.12.61-52.133.1", "kernel-default-devel": "3.12.61-52.133.1", "kernel-xen": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-default": "1-1.5.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.61-52.133.1", "kernel-devel": "3.12.61-52.133.1", "kernel-default-base": "3.12.61-52.133.1", "kernel-default-man": "3.12.61-52.133.1", "kernel-xen-devel": "3.12.61-52.133.1", "kernel-default": "3.12.61-52.133.1", "kernel-source": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1", "kernel-xen-base": "3.12.61-52.133.1", "kernel-syms": "3.12.61-52.133.1", "kernel-default-devel": "3.12.61-52.133.1", "kernel-xen": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-default": "1-1.5.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.61-52.133.1", "kernel-devel": "3.12.61-52.133.1", "kernel-default-base": "3.12.61-52.133.1", "kernel-default-man": "3.12.61-52.133.1", "kernel-xen-devel": "3.12.61-52.133.1", "kernel-default": "3.12.61-52.133.1", "kernel-source": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1", "kernel-xen-base": "3.12.61-52.133.1", "kernel-syms": "3.12.61-52.133.1", "kernel-default-devel": "3.12.61-52.133.1", "kernel-xen": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-default": "1-1.5.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.61-52.133.1", "kernel-devel": "3.12.61-52.133.1", "kernel-default-base": "3.12.61-52.133.1", "kernel-default-man": "3.12.61-52.133.1", "kernel-xen-devel": "3.12.61-52.133.1", "kernel-default": "3.12.61-52.133.1", "kernel-source": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1", "kernel-xen-base": "3.12.61-52.133.1", "kernel-syms": "3.12.61-52.133.1", "kernel-default-devel": "3.12.61-52.133.1", "kernel-xen": "3.12.61-52.133.1", "kgraft-patch-3_12_61-52_133-default": "1-1.5.1" } ] }