SUSE-SU-2018:1855-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20181855-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1855-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:1855-1
Related
Published
2018-06-29T14:41:33Z
Modified
2018-06-29T14:41:33Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-5848: In the function wmisetie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)
  • CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728).
  • CVE-2017-18249: The addfreenid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036)
  • CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086)
  • CVE-2017-18241: Prevent a NULL pointer dereference by using a noflushmerge option that triggers a NULL value for a flushcmd_control data structure (bnc#1086400)
  • CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353).
  • CVE-2018-1093: The ext4validblock_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095).
  • CVE-2018-1094: The ext4fillsuper function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4xattrinode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007).
  • CVE-2018-1092: The ext4iget function mishandled the case of a root directory with a zero ilinkscount, which allowed attackers to cause a denial of service (ext4processfreeddata NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012).
  • CVE-2018-1130: NULL pointer dereference in dccpwritexmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904).
  • CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAPNETRAW or CAPNETADMIN capability (bsc#1083650).
  • CVE-2018-5803: Prevent error in the 'sctpmake_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900).
  • CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c _rdsrdmamap() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDSGETMR and RDSGETMRFOR_DEST (bsc#1082962).
  • CVE-2018-1000199: Prevent vulnerability in modifyuserhw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895).

The following non-security bugs were fixed:

  • ALSA: timer: Fix pause event notification (bsc#973378).
  • Fix excessive newline in /proc/*/status (bsc#1094823).
  • Fix the patch content (bsc#1085185)
  • KVM: x86: Sync back MSRIA32SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
  • Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
  • ipv6: add mtu lock check in _ip6rtupdatepmtu (bsc#1092552).
  • ipv6: omit traffic class when calculating flow hash (bsc#1095042).
  • kgraft/bnx2fc: Do not block kGraft in bnx2fcl2rcv kthread (bsc#1094033).
  • mm, pagealloc: do not break _GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality).
  • x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140).
  • x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281).
  • x86/bugs: Respect retpoline command line option (bsc#1068032).
  • x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
  • x86/bugs: specctrl must be cleared from cpucaps_set when being disabled (bsc#1096140).
  • x86/kaiser: export symbol kaisersetshadow_pgd() (bsc#1092813)
  • xfs: convert XFSAGFLSIZE to a helper function (bsc#1090955, bsc#1090534).
  • xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534).
  • xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955).
References

Affected packages

SUSE:OpenStack Cloud 7 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default-man": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default-man": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default-man": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / kgraft-patch-SLE12-SP2_Update_23

Package

Name
kgraft-patch-SLE12-SP2_Update_23
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_23&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default-man": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / kgraft-patch-SLE12-SP2_Update_23

Package

Name
kgraft-patch-SLE12-SP2_Update_23
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_23&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default-man": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default-man": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default-man": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / kgraft-patch-SLE12-SP2_Update_23

Package

Name
kgraft-patch-SLE12-SP2_Update_23
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_23&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default-man": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Enterprise Storage 4 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%204

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Enterprise Storage 4 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%204

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Enterprise Storage 4 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%204

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.85.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}

SUSE:Enterprise Storage 4 / kgraft-patch-SLE12-SP2_Update_23

Package

Name
kgraft-patch-SLE12-SP2_Update_23
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_23&distro=SUSE%20Enterprise%20Storage%204

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.85.1",
            "kernel-devel": "4.4.121-92.85.1",
            "kernel-default-base": "4.4.121-92.85.1",
            "kernel-default": "4.4.121-92.85.1",
            "kernel-source": "4.4.121-92.85.1",
            "kernel-syms": "4.4.121-92.85.1",
            "kgraft-patch-4_4_121-92_85-default": "1-3.5.1",
            "kernel-default-devel": "4.4.121-92.85.1"
        }
    ]
}