SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3210-1 Rating: important References: #1047626 #1059465 #1066471 #1066472 #1069496 #860993 #975788 Cross-References: CVE-2014-0038 CVE-2017-1000405 CVE-2017-12193 CVE-2017-15102 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16649 CVE-2017-16650 CVE-2017-16939 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. (bnc#1069702) - CVE-2017-1000405: mm, thp: do not dirty huge pages on read fault (bnc#1069496). - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1067085) - CVE-2014-0038: The compat_sys_recvmmsg function in net/compat.c, when CONFIG_X86_X32 is enabled, allowed local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter (bnc#860993). - CVE-2017-16650: The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1067086) - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066700) - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. (bnc#1066705) - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. (bnc#1066671) - CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. (bnc#1066192) - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066650) - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. (bnc#1066618) - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066573) - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066606) - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066625) The following non-security bugs were fixed: - NVMe: No lock while DMA mapping data (bsc#975788). - bcache: Add bch_keylist_init_single() (bsc#1047626). - bcache: Add btree_map() functions (bsc#1047626). - bcache: Add on error panic/unregister setting (bsc#1047626). - bcache: Convert gc to a kthread (bsc#1047626). - bcache: Delete some slower inline asm (bsc#1047626). - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626). - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626). - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626). - bcache: Fix a null ptr deref in journal replay (bsc#1047626). - bcache: Fix an infinite loop in journal replay (bsc#1047626). - bcache: Fix bch_ptr_bad() (bsc#1047626). - bcache: Fix discard granularity (bsc#1047626). - bcache: Fix for can_attach_cache() (bsc#1047626). - bcache: Fix heap_peek() macro (bsc#1047626). - bcache: Fix moving_pred() (bsc#1047626). - bcache: Fix to remove the rcu_sched stalls (bsc#1047626). - bcache: Improve bucket_prio() calculation (bsc#1047626). - bcache: Improve priority_stats (bsc#1047626). - bcache: Minor btree cache fix (bsc#1047626). - bcache: Move keylist out of btree_op (bsc#1047626). - bcache: New writeback PD controller (bsc#1047626). - bcache: PRECEDING_KEY() (bsc#1047626). - bcache: Performance fix for when journal entry is full (bsc#1047626). - bcache: Remove redundant block_size assignment (bsc#1047626). - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626). - bcache: Remove/fix some header dependencies (bsc#1047626). - bcache: Trivial error handling fix (bsc#1047626). - bcache: Use ida for bcache block dev minor (bsc#1047626). - bcache: allows use of register in udev to avoid "device_busy" error (bsc#1047626). - bcache: bch_allocator_thread() is not freezable (bsc#1047626). - bcache: bch_gc_thread() is not freezable (bsc#1047626). - bcache: bugfix - gc thread now gets woken when cache is full (bsc#1047626). - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626). - bcache: cleaned up error handling around register_cache() (bsc#1047626). - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device (bsc#1047626). - bcache: defensively handle format strings (bsc#1047626). - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED (bsc#1047626). - bcache: fix a livelock when we cause a huge number of cache misses (bsc#1047626). - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint (bsc#1047626). - bcache: fix for gc and writeback race (bsc#1047626). - bcache: fix for gc crashing when no sectors are used (bsc#1047626). - bcache: kill index() (bsc#1047626). - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails (bsc#1047626). - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - mac80211: use constant time comparison with keys (bsc#1066471). - packet: fix use-after-free in fanout_add() - scsi: ILLEGAL REQUEST + ASC==27 produces target failure (bsc#1059465). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1995=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1995=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1995=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1995=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.66.1 kernel-macros-3.12.74-60.64.66.1 kernel-source-3.12.74-60.64.66.1 - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.66.1 kernel-default-base-3.12.74-60.64.66.1 kernel-default-base-debuginfo-3.12.74-60.64.66.1 kernel-default-debuginfo-3.12.74-60.64.66.1 kernel-default-debugsource-3.12.74-60.64.66.1 kernel-default-devel-3.12.74-60.64.66.1 kernel-syms-3.12.74-60.64.66.1 kernel-xen-3.12.74-60.64.66.1 kernel-xen-base-3.12.74-60.64.66.1 kernel-xen-base-debuginfo-3.12.74-60.64.66.1 kernel-xen-debuginfo-3.12.74-60.64.66.1 kernel-xen-debugsource-3.12.74-60.64.66.1 kernel-xen-devel-3.12.74-60.64.66.1 kgraft-patch-3_12_74-60_64_66-default-1-2.1 kgraft-patch-3_12_74-60_64_66-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.66.1 kernel-default-base-3.12.74-60.64.66.1 kernel-default-base-debuginfo-3.12.74-60.64.66.1 kernel-default-debuginfo-3.12.74-60.64.66.1 kernel-default-debugsource-3.12.74-60.64.66.1 kernel-default-devel-3.12.74-60.64.66.1 kernel-syms-3.12.74-60.64.66.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.66.1 kernel-macros-3.12.74-60.64.66.1 kernel-source-3.12.74-60.64.66.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.66.1 kernel-xen-base-3.12.74-60.64.66.1 kernel-xen-base-debuginfo-3.12.74-60.64.66.1 kernel-xen-debuginfo-3.12.74-60.64.66.1 kernel-xen-debugsource-3.12.74-60.64.66.1 kernel-xen-devel-3.12.74-60.64.66.1 kgraft-patch-3_12_74-60_64_66-default-1-2.1 kgraft-patch-3_12_74-60_64_66-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.66.1 kernel-default-base-3.12.74-60.64.66.1 kernel-default-base-debuginfo-3.12.74-60.64.66.1 kernel-default-debuginfo-3.12.74-60.64.66.1 kernel-default-debugsource-3.12.74-60.64.66.1 kernel-default-devel-3.12.74-60.64.66.1 kernel-syms-3.12.74-60.64.66.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.66.1 kernel-macros-3.12.74-60.64.66.1 kernel-source-3.12.74-60.64.66.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.66.1 kernel-xen-base-3.12.74-60.64.66.1 kernel-xen-base-debuginfo-3.12.74-60.64.66.1 kernel-xen-debuginfo-3.12.74-60.64.66.1 kernel-xen-debugsource-3.12.74-60.64.66.1 kernel-xen-devel-3.12.74-60.64.66.1 kgraft-patch-3_12_74-60_64_66-default-1-2.1 kgraft-patch-3_12_74-60_64_66-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.66.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.66.1 kernel-ec2-debuginfo-3.12.74-60.64.66.1 kernel-ec2-debugsource-3.12.74-60.64.66.1 kernel-ec2-devel-3.12.74-60.64.66.1 kernel-ec2-extra-3.12.74-60.64.66.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.66.1 References: https://www.suse.com/security/cve/CVE-2014-0038.html https://www.suse.com/security/cve/CVE-2017-1000405.html https://www.suse.com/security/cve/CVE-2017-12193.html https://www.suse.com/security/cve/CVE-2017-15102.html https://www.suse.com/security/cve/CVE-2017-16525.html https://www.suse.com/security/cve/CVE-2017-16527.html https://www.suse.com/security/cve/CVE-2017-16529.html https://www.suse.com/security/cve/CVE-2017-16531.html https://www.suse.com/security/cve/CVE-2017-16535.html https://www.suse.com/security/cve/CVE-2017-16536.html https://www.suse.com/security/cve/CVE-2017-16537.html https://www.suse.com/security/cve/CVE-2017-16649.html https://www.suse.com/security/cve/CVE-2017-16650.html https://www.suse.com/security/cve/CVE-2017-16939.html https://bugzilla.suse.com/1047626 https://bugzilla.suse.com/1059465 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 https://bugzilla.suse.com/1069496 https://bugzilla.suse.com/860993 https://bugzilla.suse.com/975788 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org