openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
May 2017
- 3 participants
- 81 discussions
[security-announce] SUSE-SU-2017:1146-1: important: Security update for xen
by opensuse-security@opensuse.org 02 May '17
by opensuse-security@opensuse.org 02 May '17
02 May '17
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1146-1
Rating: important
References: #1028655 #1033948 #1034843 #1034844 #1034845
#1034994 #1035483
Cross-References: CVE-2016-9603 CVE-2017-7718 CVE-2017-7980
CVE-2017-7995
Affected Products:
SUSE OpenStack Cloud 5
SUSE Manager Proxy 2.1
SUSE Manager 2.1
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
______________________________________________________________________________
An update that solves four vulnerabilities and has three
fixes is now available.
Description:
This update for xen fixes several security issues:
- A malicious 64-bit PV guest may be able to access all of system memory,
allowing for all of privilege escalation, host crashes, and information
leaks by placing a IRET hypercall in the middle of a multicall batch
(XSA-213, bsc#1034843)
- A malicious pair of guests may be able to access all of system memory,
allowing for all of privilege escalation, host crashes, and information
leaks because of a missing check when transfering pages via
GNTTABOP_transfer (XSA-214, bsc#1034844).
- CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors related to copying VGA data via the
cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions
(bsc#1034994).
- CVE-2016-9603: A privileged user within the guest VM could have caused a
heap overflow in the device model process, potentially escalating their
privileges to that of the device model process (bsc#1028655)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 5:
zypper in -t patch sleclo50sp3-xen-13085=1
- SUSE Manager Proxy 2.1:
zypper in -t patch slemap21-xen-13085=1
- SUSE Manager 2.1:
zypper in -t patch sleman21-xen-13085=1
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-xen-13085=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-xen-13085=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 5 (x86_64):
xen-4.2.5_21-41.1
xen-doc-html-4.2.5_21-41.1
xen-doc-pdf-4.2.5_21-41.1
xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1
xen-libs-32bit-4.2.5_21-41.1
xen-libs-4.2.5_21-41.1
xen-tools-4.2.5_21-41.1
xen-tools-domU-4.2.5_21-41.1
- SUSE Manager Proxy 2.1 (x86_64):
xen-4.2.5_21-41.1
xen-doc-html-4.2.5_21-41.1
xen-doc-pdf-4.2.5_21-41.1
xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1
xen-libs-32bit-4.2.5_21-41.1
xen-libs-4.2.5_21-41.1
xen-tools-4.2.5_21-41.1
xen-tools-domU-4.2.5_21-41.1
- SUSE Manager 2.1 (x86_64):
xen-4.2.5_21-41.1
xen-doc-html-4.2.5_21-41.1
xen-doc-pdf-4.2.5_21-41.1
xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1
xen-libs-32bit-4.2.5_21-41.1
xen-libs-4.2.5_21-41.1
xen-tools-4.2.5_21-41.1
xen-tools-domU-4.2.5_21-41.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):
xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1
xen-libs-4.2.5_21-41.1
xen-tools-domU-4.2.5_21-41.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):
xen-4.2.5_21-41.1
xen-doc-html-4.2.5_21-41.1
xen-doc-pdf-4.2.5_21-41.1
xen-libs-32bit-4.2.5_21-41.1
xen-tools-4.2.5_21-41.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586):
xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-41.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1
xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-41.1
xen-libs-4.2.5_21-41.1
xen-tools-domU-4.2.5_21-41.1
References:
https://www.suse.com/security/cve/CVE-2016-9603.html
https://www.suse.com/security/cve/CVE-2017-7718.html
https://www.suse.com/security/cve/CVE-2017-7980.html
https://www.suse.com/security/cve/CVE-2017-7995.html
https://bugzilla.suse.com/1028655
https://bugzilla.suse.com/1033948
https://bugzilla.suse.com/1034843
https://bugzilla.suse.com/1034844
https://bugzilla.suse.com/1034845
https://bugzilla.suse.com/1034994
https://bugzilla.suse.com/1035483
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:1145-1: important: Security update for xen
by opensuse-security@opensuse.org 02 May '17
by opensuse-security@opensuse.org 02 May '17
02 May '17
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1145-1
Rating: important
References: #1028655 #1029827 #1030144 #1034843 #1034844
#1034845 #1034994 #1035483
Cross-References: CVE-2016-9603 CVE-2017-7718 CVE-2017-7980
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves three vulnerabilities and has 5 fixes
is now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- A malicious 64-bit PV guest may be able to access all of system memory,
allowing for all of privilege escalation, host crashes, and information
leaks by placing a IRET hypercall in the middle of a multicall batch
(XSA-213, bsc#1034843)
- A malicious pair of guests may be able to access all of system memory,
allowing for all of privilege escalation, host crashes, and information
leaks because of a missing check when transfering pages via
GNTTABOP_transfer (XSA-214, bsc#1034844).
- CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors related to copying VGA data via the
cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions
(bsc#1034994).
- CVE-2016-9603: A privileged user within the guest VM could have caused a
heap overflow in the device model process, potentially escalating their
privileges to that of the device model process (bsc#1028655)
These non-security issues were fixed:
- bsc#1029827: Additional xenstore patch
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-xen-13084=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-xen-13084=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-xen-13084=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
xen-devel-4.4.4_18-57.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
xen-kmp-default-4.4.4_18_3.0.101_97-57.1
xen-libs-4.4.4_18-57.1
xen-tools-domU-4.4.4_18-57.1
- SUSE Linux Enterprise Server 11-SP4 (x86_64):
xen-4.4.4_18-57.1
xen-doc-html-4.4.4_18-57.1
xen-libs-32bit-4.4.4_18-57.1
xen-tools-4.4.4_18-57.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
xen-kmp-pae-4.4.4_18_3.0.101_97-57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
xen-debuginfo-4.4.4_18-57.1
xen-debugsource-4.4.4_18-57.1
References:
https://www.suse.com/security/cve/CVE-2016-9603.html
https://www.suse.com/security/cve/CVE-2017-7718.html
https://www.suse.com/security/cve/CVE-2017-7980.html
https://bugzilla.suse.com/1028655
https://bugzilla.suse.com/1029827
https://bugzilla.suse.com/1030144
https://bugzilla.suse.com/1034843
https://bugzilla.suse.com/1034844
https://bugzilla.suse.com/1034845
https://bugzilla.suse.com/1034994
https://bugzilla.suse.com/1035483
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:1143-1: important: Security update for xen
by opensuse-security@opensuse.org 02 May '17
by opensuse-security@opensuse.org 02 May '17
02 May '17
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1143-1
Rating: important
References: #1022703 #1028655 #1029827 #1030144 #1034843
#1034844 #1034994 #1036146
Cross-References: CVE-2016-9603 CVE-2017-7718
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that solves two vulnerabilities and has 6 fixes
is now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- A malicious 64-bit PV guest may be able to access all of system memory,
allowing for all of privilege escalation, host crashes, and information
leaks by placing a IRET hypercall in the middle of a multicall batch
(XSA-213, bsc#1034843)
- A malicious pair of guests may be able to access all of system memory,
allowing for all of privilege escalation, host crashes, and information
leaks because of a missing check when transfering pages via
GNTTABOP_transfer (XSA-214, bsc#1034844).
- CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors related to copying VGA data via the
cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions
(bsc#1034994).
- CVE-2016-9603: A privileged user within the guest VM could have caused a
heap overflow in the device model process, potentially escalating their
privileges to that of the device model process (bsc#1028655)
These non-security issues were fixed:
- bsc#1029827: Additional xenstore patch
- bsc#1036146: Xen VM dumped core to wrong path
- bsc#1022703: Prevent Xen HVM guest with OVMF to hang with unattached
CDRom
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-663=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-663=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-663=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64):
xen-debugsource-4.7.2_04-39.1
xen-devel-4.7.2_04-39.1
- SUSE Linux Enterprise Server 12-SP2 (x86_64):
xen-4.7.2_04-39.1
xen-debugsource-4.7.2_04-39.1
xen-doc-html-4.7.2_04-39.1
xen-libs-32bit-4.7.2_04-39.1
xen-libs-4.7.2_04-39.1
xen-libs-debuginfo-32bit-4.7.2_04-39.1
xen-libs-debuginfo-4.7.2_04-39.1
xen-tools-4.7.2_04-39.1
xen-tools-debuginfo-4.7.2_04-39.1
xen-tools-domU-4.7.2_04-39.1
xen-tools-domU-debuginfo-4.7.2_04-39.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
xen-4.7.2_04-39.1
xen-debugsource-4.7.2_04-39.1
xen-libs-32bit-4.7.2_04-39.1
xen-libs-4.7.2_04-39.1
xen-libs-debuginfo-32bit-4.7.2_04-39.1
xen-libs-debuginfo-4.7.2_04-39.1
References:
https://www.suse.com/security/cve/CVE-2016-9603.html
https://www.suse.com/security/cve/CVE-2017-7718.html
https://bugzilla.suse.com/1022703
https://bugzilla.suse.com/1028655
https://bugzilla.suse.com/1029827
https://bugzilla.suse.com/1030144
https://bugzilla.suse.com/1034843
https://bugzilla.suse.com/1034844
https://bugzilla.suse.com/1034994
https://bugzilla.suse.com/1036146
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:1142-1: important: Security update for virtualbox
by opensuse-security@opensuse.org 02 May '17
by opensuse-security@opensuse.org 02 May '17
02 May '17
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1142-1
Rating: important
References: #1034854
Cross-References: CVE-2017-3513 CVE-2017-3538 CVE-2017-3558
CVE-2017-3559 CVE-2017-3561 CVE-2017-3563
CVE-2017-3575 CVE-2017-3576 CVE-2017-3587
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for virtualbox to version 5.1.22 fixes the following issues:
These security issues were fixed (bsc#1034854):
- CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
takeover of Oracle VM VirtualBox.
- CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
takeover of Oracle VM VirtualBox.
- CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
takeover of Oracle VM VirtualBox.
- CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data
or all Oracle VM VirtualBox accessible data and unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
VirtualBox.
- CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows high privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data
or all Oracle VM VirtualBox accessible data and unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
VirtualBox.
- CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Shared Folder). Difficult to
exploit vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data
or all Oracle VM VirtualBox accessible data as well as unauthorized
access to critical data or complete access to all Oracle VM VirtualBox
accessible data.
- CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Difficult to exploit
vulnerability allows high privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized read access to a subset of Oracle VM VirtualBox accessible
data.
- CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows unauthenticated attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
insert or delete access to some of Oracle VM VirtualBox accessible data
and unauthorized read access to a subset of Oracle VM VirtualBox
accessible data.
- CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
insert or delete access to some of Oracle VM VirtualBox accessible data
and unauthorized read access to a subset of Oracle VM VirtualBox
accessible data.
These non-security issues were fixed:
- GUI: don't check if the Extension Pack is up-to-date if the user is
about to install a new Extension Pack
- GUI: fixed a possible crash when switching a multi-monitor VM into
full-screen or seamless mode
- GUI: several mini-toolbar fixes in full-screen / seamless mode
- GUI: don't crash on restoring defaults in the appliance import dialog
- ICH9: fix for Windows guests with a huge amount (more than 64G) of guest
memory
- BIOS: fixed El Torito hard disk emulation geometry calculation
- VMM: fixed VERR_IEM_INSTR_NOT_IMPLEMENTED Guru Meditation under certain
conditions
- Storage: fixed a potential hang under rare circumstances
- Storage: fixed a potential crash under rare circumstances (asynchronous
I/O disabled or during maintenance file operations like merging
snapshots)
- Linux hosts: make the ALSA backend work again as well as loading the GL
libraries on certain hosts
- Linux Additions: fixed mount.vboxsf symlink problem
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-533=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (x86_64):
python-virtualbox-5.1.22-19.10.1
python-virtualbox-debuginfo-5.1.22-19.10.1
virtualbox-5.1.22-19.10.1
virtualbox-debuginfo-5.1.22-19.10.1
virtualbox-debugsource-5.1.22-19.10.1
virtualbox-devel-5.1.22-19.10.1
virtualbox-guest-kmp-default-5.1.22_k4.4.57_18.3-19.10.1
virtualbox-guest-kmp-default-debuginfo-5.1.22_k4.4.57_18.3-19.10.1
virtualbox-guest-tools-5.1.22-19.10.1
virtualbox-guest-tools-debuginfo-5.1.22-19.10.1
virtualbox-guest-x11-5.1.22-19.10.1
virtualbox-guest-x11-debuginfo-5.1.22-19.10.1
virtualbox-host-kmp-default-5.1.22_k4.4.57_18.3-19.10.1
virtualbox-host-kmp-default-debuginfo-5.1.22_k4.4.57_18.3-19.10.1
virtualbox-qt-5.1.22-19.10.1
virtualbox-qt-debuginfo-5.1.22-19.10.1
virtualbox-websrv-5.1.22-19.10.1
virtualbox-websrv-debuginfo-5.1.22-19.10.1
- openSUSE Leap 42.2 (noarch):
virtualbox-guest-desktop-icons-5.1.22-19.10.1
virtualbox-host-source-5.1.22-19.10.1
References:
https://www.suse.com/security/cve/CVE-2017-3513.html
https://www.suse.com/security/cve/CVE-2017-3538.html
https://www.suse.com/security/cve/CVE-2017-3558.html
https://www.suse.com/security/cve/CVE-2017-3559.html
https://www.suse.com/security/cve/CVE-2017-3561.html
https://www.suse.com/security/cve/CVE-2017-3563.html
https://www.suse.com/security/cve/CVE-2017-3575.html
https://www.suse.com/security/cve/CVE-2017-3576.html
https://www.suse.com/security/cve/CVE-2017-3587.html
https://bugzilla.suse.com/1034854
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:1141-1: important: Security update for virtualbox
by opensuse-security@opensuse.org 02 May '17
by opensuse-security@opensuse.org 02 May '17
02 May '17
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1141-1
Rating: important
References: #1034854
Cross-References: CVE-2017-3513 CVE-2017-3538 CVE-2017-3558
CVE-2017-3559 CVE-2017-3561 CVE-2017-3563
CVE-2017-3575 CVE-2017-3576 CVE-2017-3587
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update to virtualbox 5.0.40 fixes the following issues:
These security issues were fixed (bsc#1034854):
- CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Difficult to exploit
vulnerability allows high privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized read access to a subset of Oracle VM VirtualBox accessible
data.
- CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Shared Folder). Difficult to
exploit vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data
or all Oracle VM VirtualBox accessible data as well as unauthorized
access to critical data or complete access to all Oracle VM VirtualBox
accessible data.
- CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows unauthenticated attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
insert or delete access to some of Oracle VM VirtualBox accessible data
and unauthorized read access to a subset of Oracle VM VirtualBox
accessible data.
- CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
insert or delete access to some of Oracle VM VirtualBox accessible data
and unauthorized read access to a subset of Oracle VM VirtualBox
accessible data.
- CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
takeover of Oracle VM VirtualBox.
- CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
takeover of Oracle VM VirtualBox.
- CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows high privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data
or all Oracle VM VirtualBox accessible data and unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
VirtualBox.
- CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Core). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
takeover of Oracle VM VirtualBox.
- CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of
Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise Oracle
VM VirtualBox. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data
or all Oracle VM VirtualBox accessible data and unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
VirtualBox. These non-security issues were fixed:
- Storage: fixed a potential hang under rare circumstances
- Storage: fixed a potential crash under rare circumstances (asynchronous
I/O disabled or during maintenance file operations like merging
snapshots)
- Storage: fixed a potential crash under rare circumstances (no
asynchronous I/O or during maintenance file operations like merging
snapshots)
- Linux hosts: make the ALSA backend work again as well as Loading the GL
libraries on certain hosts
- GUI: don't crash on restoring defaults in the appliance import dialog
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2017-534=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (noarch):
virtualbox-guest-desktop-icons-5.0.40-40.1
virtualbox-host-source-5.0.40-40.1
- openSUSE Leap 42.1 (x86_64):
python-virtualbox-5.0.40-40.1
python-virtualbox-debuginfo-5.0.40-40.1
virtualbox-5.0.40-40.1
virtualbox-debuginfo-5.0.40-40.1
virtualbox-debugsource-5.0.40-40.1
virtualbox-devel-5.0.40-40.1
virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1
virtualbox-guest-kmp-default-debuginfo-5.0.40_k4.1.39_53-40.1
virtualbox-guest-tools-5.0.40-40.1
virtualbox-guest-tools-debuginfo-5.0.40-40.1
virtualbox-guest-x11-5.0.40-40.1
virtualbox-guest-x11-debuginfo-5.0.40-40.1
virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1
virtualbox-host-kmp-default-debuginfo-5.0.40_k4.1.39_53-40.1
virtualbox-qt-5.0.40-40.1
virtualbox-qt-debuginfo-5.0.40-40.1
virtualbox-websrv-5.0.40-40.1
virtualbox-websrv-debuginfo-5.0.40-40.1
References:
https://www.suse.com/security/cve/CVE-2017-3513.html
https://www.suse.com/security/cve/CVE-2017-3538.html
https://www.suse.com/security/cve/CVE-2017-3558.html
https://www.suse.com/security/cve/CVE-2017-3559.html
https://www.suse.com/security/cve/CVE-2017-3561.html
https://www.suse.com/security/cve/CVE-2017-3563.html
https://www.suse.com/security/cve/CVE-2017-3575.html
https://www.suse.com/security/cve/CVE-2017-3576.html
https://www.suse.com/security/cve/CVE-2017-3587.html
https://bugzilla.suse.com/1034854
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:1140-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 01 May '17
by opensuse-security@opensuse.org 01 May '17
01 May '17
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1140-1
Rating: important
References: #1010032 #1012452 #1012829 #1013887 #1014136
#1017461 #1019614 #1021424 #1021762 #1022340
#1023287 #1027153 #1027512 #1027616 #1027974
#1028027 #1028217 #1028415 #1028883 #1029514
#1029634 #1030070 #1030118 #1030213 #1031003
#1031052 #1031147 #1031200 #1031206 #1031208
#1031440 #1031512 #1031555 #1031579 #1031662
#1031717 #1031831 #1032006 #1032141 #1032345
#1032400 #1032581 #1032673 #1032681 #1032803
#1033117 #1033281 #1033336 #1033340 #1033885
#1034048 #1034419 #1034671 #1034902 #970083
#986362 #986365 #988065 #993832
Cross-References: CVE-2016-4997 CVE-2016-4998 CVE-2017-2671
CVE-2017-7187 CVE-2017-7261 CVE-2017-7294
CVE-2017-7308 CVE-2017-7374 CVE-2017-7616
CVE-2017-7618
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves 10 vulnerabilities and has 49 fixes
is now available.
Description:
The openSUSE Leap 42.2 kernel was updated to 4.4.62 to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to
cause a denial of service (API operation calling its own callback, and
infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE
setsockopt implementations in the netfilter subsystem in the Linux
kernel allowed local users to gain privileges or cause a denial of
service (memory corruption) by leveraging in-container root access to
provide a crafted offset value that triggers an unintended decrement
(bnc#986362).
- CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
netfilter subsystem in the Linux kernel allowed local users to cause a
denial of service (out-of-bounds read) or possibly obtain sensitive
information from kernel heap memory by leveraging in-container root
access to provide a crafted offset value that leads to crossing a
ruleset blob boundary (bnc#986365).
- CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind
compat syscalls in mm/mempolicy.c in the Linux kernel allowed local
users to obtain sensitive information from uninitialized stack data by
triggering failure of a certain bitmap operation (bnc#1033336).
- CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux
kernel was too late in obtaining a certain lock and consequently cannot
ensure that disconnect function calls are safe, which allowed local
users to cause a denial of service (panic) by leveraging access to the
protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).
- CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bnc#1031579).
- CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).
- CVE-2017-7261: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
check for a zero value of certain levels data, which allowed local users
to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and
possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device
(bnc#1031052).
- CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux
kernel allowed local users to cause a denial of service (stack-based
buffer overflow) or possibly have unspecified other impact via a large
command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds
write access in the sg_write function (bnc#1030213).
- CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux
kernel allowed local users to cause a denial of service (NULL pointer
dereference) or possibly gain privileges by revoking keyring keys being
used for ext4, f2fs, or ubifs encryption, causing cryptographic
transform objects to be freed prematurely (bnc#1032006).
The following non-security bugs were fixed:
- acpi, nfit: fix acpi_nfit_flush_probe() crash (bsc#1031717).
- acpi, nfit: fix extended status translations for ACPI DSMs (bsc#1031717).
- arm64: hugetlb: fix the wrong address for several functions
(bsc#1032681).
- arm64: hugetlb: fix the wrong return value for
huge_ptep_set_access_flags (bsc#1032681).
- arm64: hugetlb: remove the wrong pmd check in find_num_contig()
(bsc#1032681).
- arm64: Use full path in KBUILD_IMAGE definition (bsc#1010032).
- arm: Use full path in KBUILD_IMAGE definition (bsc#1010032).
- blacklist.conf: 73667e31a153 x86/hyperv: Hide unused label
- blacklist.conf: Add ed10858 ("scsi: smartpqi: fix time handling") to
blacklist
- blacklist.conf: blacklist 9770404a which was subsequently reverted
- blacklist.conf: Blacklist f2fs fix
- blacklist.conf: Blacklist unneeded commit, because of a partial backport.
- blacklist.conf: Split SP2 and SP3 entries to ease merging
- blacklist: Fix blacklisting of 0c313cb20732
- block: copy NOMERGE flag from bio to request (bsc#1030070).
- bonding: fix 802.3ad aggregator reselection (bsc#1029514).
- btrfs: add transaction space reservation tracepoints (bsc#1012452).
- btrfs: allow unlink to exceed subvolume quota (bsc#1019614).
- btrfs: avoid uninitialized variable warning (bsc#1012452).
- btrfs: __btrfs_buffered_write: Reserve/release extents aligned to block
size (bsc#1012452).
- btrfs: btrfs_ioctl_clone: Truncate complete page after performing clone
operation (bsc#1012452).
- btrfs: btrfs_page_mkwrite: Reserve space in sectorsized units
(bsc#1012452).
- btrfs: btrfs_submit_direct_hook: Handle map_length < bio vector
length (bsc#1012452).
- btrfs: change how we update the global block rsv (bsc#1012452).
- btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614).
- btrfs: check reserved when deciding to background flush (bsc#1012452).
- btrfs: Clean pte corresponding to page straddling i_size (bsc#1012452).
- btrfs: Compute and look up csums based on sectorsized blocks
(bsc#1012452).
- btrfs: csum_tree_block: return proper errno value (bsc#1012452).
- btrfs: device add and remove: use GFP_KERNEL (bsc#1012452).
- btrfs: Direct I/O read: Work on sectorsized blocks (bsc#1012452).
- btrfs: do not write corrupted metadata blocks to disk (bsc#1012452).
- btrfs: extent same: use GFP_KERNEL for page array allocations
(bsc#1012452).
- btrfs: fallback to vmalloc in btrfs_compare_tree (bsc#1012452).
- btrfs: fallocate: use GFP_KERNEL (bsc#1012452).
- btrfs: fallocate: Work with sectorsized blocks (bsc#1012452).
- btrfs: Fix block size returned to user space (bsc#1012452).
- btrfs: fix build warning (bsc#1012452).
- btrfs: fix delalloc accounting after copy_from_user faults (bsc#1012452).
- btrfs: fix extent_same allowing destination offset beyond i_size
(bsc#1012452).
- btrfs: fix handling of faults from btrfs_copy_from_user (bsc#1012452).
- btrfs: fix invalid reference in replace_path (bsc#1012452).
- btrfs: fix listxattrs not listing all xattrs packed in the same item
(bsc#1012452).
- btrfs: fix lockdep deadlock warning due to dev_replace (bsc#1012452).
- btrfs: fix truncate_space_check (bsc#1012452).
- btrfs: Improve FL_KEEP_SIZE handling in fallocate (bsc#1012452).
- btrfs: let callers of btrfs_alloc_root pass gfp flags (bsc#1012452).
- btrfs: Limit inline extents to root->sectorsize (bsc#1012452).
- btrfs: make sure we stay inside the bvec during __btrfs_lookup_bio_sums
(bsc#1012452).
- btrfs: Output more info for enospc_debug mount option (bsc#1012452).
- btrfs: Print Warning only if ENOSPC_DEBUG is enabled (bsc#1012452).
- btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1019614).
- btrfs: reada: add all reachable mirrors into reada device list
(bsc#1012452).
- btrfs: reada: Add missed segment checking in reada_find_zone
(bsc#1012452).
- btrfs: reada: Avoid many times of empty loop (bsc#1012452).
- btrfs: reada: avoid undone reada extents in btrfs_reada_wait
(bsc#1012452).
- btrfs: reada: bypass adding extent when all zone failed (bsc#1012452).
- btrfs: reada: Fix a debug code typo (bsc#1012452).
- btrfs: reada: Fix in-segment calculation for reada (bsc#1012452).
- btrfs: reada: ignore creating reada_extent for a non-existent device
(bsc#1012452).
- btrfs: reada: Jump into cleanup in direct way for __readahead_hook()
(bsc#1012452).
- btrfs: reada: limit max works count (bsc#1012452).
- btrfs: reada: Move is_need_to_readahead contition earlier (bsc#1012452).
- btrfs: reada: move reada_extent_put to place after __readahead_hook()
(bsc#1012452).
- btrfs: reada: Pass reada_extent into __readahead_hook directly
(bsc#1012452).
- btrfs: reada: reduce additional fs_info->reada_lock in
reada_find_zone (bsc#1012452).
- btrfs: reada: Remove level argument in severial functions (bsc#1012452).
- btrfs: reada: simplify dev->reada_in_flight processing (bsc#1012452).
- btrfs: reada: Use fs_info instead of root in __readahead_hook's argument
(bsc#1012452).
- btrfs: reada: use GFP_KERNEL everywhere (bsc#1012452).
- btrfs: readdir: use GFP_KERNEL (bsc#1012452).
- btrfs: remove redundant error check (bsc#1012452).
- btrfs: Reset IO error counters before start of device replacing
(bsc#1012452).
- btrfs: scrub: use GFP_KERNEL on the submission path (bsc#1012452).
- btrfs: Search for all ordered extents that could span across a page
(bsc#1012452).
- btrfs: send: use GFP_KERNEL everywhere (bsc#1012452).
- btrfs: switch to kcalloc in btrfs_cmp_data_prepare (bsc#1012452).
- btrfs: Use (eb->start, seq) as search key for tree modification log
(bsc#1012452).
- btrfs: use proper type for failrec in extent_state (bsc#1012452).
- ceph: fix recursively call between ceph_set_acl and __ceph_setattr
(bsc#1034902).
- cgroup/pids: remove spurious suspicious RCU usage warning (bnc#1031831).
- cxgb4: Add control net_device for configuring PCIe VF (bsc#1021424).
- cxgb4: Add llseek operation for flash debugfs entry (bsc#1021424).
- cxgb4: add new routine to get adapter info (bsc#1021424).
- cxgb4: Add PCI device ID for new adapter (bsc#1021424).
- cxgb4: Add port description for new cards (bsc#1021424).
- cxgb4: Add support to enable logging of firmware mailbox commands
(bsc#1021424).
- cxgb4: Check for firmware errors in the mailbox command loop
(bsc#1021424).
- cxgb4: correct device ID of T6 adapter (bsc#1021424).
- cxgb4/cxgb4vf: Add set VF mac address support (bsc#1021424).
- cxgb4/cxgb4vf: Allocate more queues for 25G and 100G adapter
(bsc#1021424).
- cxgb4/cxgb4vf: Assign netdev->dev_port with port ID (bsc#1021424).
- cxgb4/cxgb4vf: Display 25G and 100G link speed (bsc#1021424).
- cxgb4/cxgb4vf: Remove deprecated module parameters (bsc#1021424).
- cxgb4: DCB message handler needs to use correct portid to netdev mapping
(bsc#1021424).
- cxgb4: Decode link down reason code obtained from firmware (bsc#1021424).
- cxgb4: Do not assume FW_PORT_CMD reply is always port info msg
(bsc#1021424).
- cxgb4: do not call napi_hash_del() (bsc#1021424).
- cxgb4: Do not sleep when mbox cmd is issued from interrupt context
(bsc#1021424).
- cxgb4: Enable SR-IOV configuration via PCI sysfs interface (bsc#1021424).
- cxgb4: Fix issue while re-registering VF mgmt netdev (bsc#1021424).
- cxgb4: MU requested by Chelsio (bsc#1021424).
- cxgb4: Properly decode port module type (bsc#1021424).
- cxgb4: Refactor t4_port_init function (bsc#1021424).
- cxgb4: Reset dcb state machine and tx queue prio only if dcb is enabled
(bsc#1021424).
- cxgb4: Support compressed error vector for T6 (bsc#1021424).
- cxgb4: Synchronize access to mailbox (bsc#1021424).
- cxgb4: update latest firmware version supported (bsc#1021424).
- device-dax: fix private mapping restriction, permit read-only
(bsc#1031717).
- drivers: hv: util: do not forget to init host_ts.lock (bsc#1031206).
- drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
(fate#320485, bsc#1023287, bsc#1028217).
- drm/i915: Fix crash after S3 resume with DP MST mode change
(bsc#1029634).
- drm/i915: Introduce Kabypoint PCH for Kabylake H/DT (bsc#1032581).
- drm/i915: Only enable hotplug interrupts if the display interrupts are
enabled (bsc#1031717).
- ext4: fix use-after-iput when fscrypt contexts are inconsistent
(bsc#1012829).
- hid: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL
(bsc#1022340).
- hv: export current Hyper-V clocksource (bsc#1031206).
- hv_utils: implement Hyper-V PTP source (bsc#1031206).
- ibmvnic: Allocate number of rx/tx buffers agreed on by firmware
(fate#322021, bsc#1031512).
- ibmvnic: Call napi_disable instead of napi_enable in failure path
(fate#322021, bsc#1031512).
- ibmvnic: Correct ibmvnic handling of device open/close (fate#322021,
bsc#1031512).
- ibmvnic: Fix endian errors in error reporting output (fate#322021,
bsc#1031512).
- ibmvnic: Fix endian error when requesting device capabilities
(fate#322021, bsc#1031512).
- ibmvnic: Fix initial MTU settings (bsc#1031512).
- ibmvnic: Fix overflowing firmware/hardware TX queue (fate#322021,
bsc#1031512).
- ibmvnic: Free tx/rx scrq pointer array when releasing sub-crqs
(fate#322021, bsc#1031512).
- ibmvnic: Handle processing of CRQ messages in a tasklet (fate#322021,
bsc#1031512).
- ibmvnic: Initialize completion variables before starting work
(fate#322021, bsc#1031512).
- ibmvnic: Make CRQ interrupt tasklet wait for all capabilities crqs
(fate#322021, bsc#1031512).
- ibmvnic: Move ibmvnic adapter intialization to its own routine
(fate#322021, bsc#1031512).
- ibmvnic: Move login and queue negotiation into ibmvnic_open
(fate#322021, bsc#1031512).
- ibmvnic: Move login to its own routine (fate#322021, bsc#1031512).
- ibmvnic: Use common counter for capabilities checks (fate#322021,
bsc#1031512).
- ibmvnic: use max_mtu instead of req_mtu for MTU range check
(bsc#1031512).
- iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off (bsc#1031208).
- iscsi-target: Return error if unable to add network portal (bsc#1032803).
- kABI: restore ttm_ref_object_add parameters (kabi).
- kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662).
- kvm: svm: add support for RDTSCP (bsc#1033117).
- l2tp: hold tunnel socket when handling control frames in l2tp_ip and
l2tp_ip6 (bsc#1028415).
- libcxgb: add library module for Chelsio drivers (bsc#1021424).
- libnvdimm, pfn: fix memmap reservation size versus 4K alignment
(bsc#1031717).
- locking/semaphore: Add down_interruptible_timeout() (bsc#1031662).
- md: handle read-only member devices better (bsc#1033281).
- mem-hotplug: fix node spanned pages when we have a movable node
(bnc#1034671).
- mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).
- mm/memblock.c: fix memblock_next_valid_pfn() (bnc#1031200).
- mm: page_alloc: skip over regions of invalid pfns where possible
(bnc#1031200).
- netfilter: allow logging from non-init namespaces (bsc#970083).
- net: ibmvnic: Remove unused net_stats member from struct ibmvnic_adapter
(fate#322021, bsc#1031512).
- nfs: flush out dirty data on file fput() (bsc#1021762).
- nvme: Delete created IO queues on reset (bsc#1031717).
- overlayfs: compat, fix incorrect dentry use in ovl_rename2 (bsc#1032400).
- overlayfs: compat, use correct dentry to detect compat mode in
ovl_compat_is_whiteout (bsc#1032400).
- ping: implement proper locking (bsc#1031003).
- powerpc/fadump: Reserve memory at an offset closer to bottom of RAM
(bsc#1032141).
- powerpc/fadump: Update fadump documentation (bsc#1032141).
- Revert "btrfs: qgroup: Move half of the qgroup accounting time out of"
(bsc#1017461 bsc#1033885).
- Revert "btrfs: qgroup: Move half of the qgroup accounting time out of"
This reverts commit f69c1d0f6254c73529a48fd2f87815d047ad7288.
- Revert "Revert "btrfs: qgroup: Move half of the qgroup accounting time"
This reverts commit 8567943ca56d937acfc417947cba917de653b09c.
- sbp-target: Fix second argument of percpu_ida_alloc() (bsc#1032803).
- scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion feature
(bsc#1021424).
- scsi_error: count medium access timeout only once per EH run
(bsc#993832, bsc#1032345).
- scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (bsc#1034419).
- scsi: ipr: Driver version 2.6.4 (bsc#1031555, fate#321595).
- scsi: ipr: Error path locking fixes (bsc#1031555, fate#321595).
- scsi: ipr: Fix abort path race condition (bsc#1031555, fate#321595).
- scsi: ipr: Fix missed EH wakeup (bsc#1031555, fate#321595).
- scsi: ipr: Fix SATA EH hang (bsc#1031555, fate#321595).
- scsi: ipr: Remove redundant initialization (bsc#1031555, fate#321595).
- scsi_transport_fc: do not call queue_work under lock (bsc#1013887).
- scsi_transport_fc: fixup race condition in fc_rport_final_delete()
(bsc#1013887).
- scsi_transport_fc: return -EBUSY for deleted vport (bsc#1013887).
- sysfs: be careful of error returns from ops->show() (bsc#1028883).
- thp: fix MADV_DONTNEED vs. numa balancing race (bnc#1027974).
- thp: reduce indentation level in change_huge_pmd() (bnc#1027974).
- tpm: fix checks for policy digest existence in tpm2_seal_trusted()
(bsc#1034048, Pending fixes 2017-04-10).
- tpm: fix RC value check in tpm2_seal_trusted (bsc#1034048, Pending fixes
2017-04-10).
- tpm: fix: set continueSession attribute for the unseal operation
(bsc#1034048, Pending fixes 2017-04-10).
- vmxnet3: segCnt can be 1 for LRO packets (bsc#988065).
- x86/CPU/AMD: Fix Zen SMT topology (bsc#1027512).
- x86/ioapic: Change prototype of acpi_ioapic_add() (bsc#1027153,
bsc#1027616).
- x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
(bsc#1027153, bsc#1027616).
- x86/ioapic: Fix IOAPIC failing to request resource (bsc#1027153,
bsc#1027616).
- x86/ioapic: fix kABI (hide added include) (bsc#1027153, bsc#1027616).
- x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd
(bsc#1027153, bsc#1027616).
- x86/ioapic: Fix setup_res() failing to get resource (bsc#1027153,
bsc#1027616).
- x86/ioapic: Ignore root bridges without a companion ACPI device
(bsc#1027153, bsc#1027616).
- x86/ioapic: Simplify ioapic_setup_resources() (bsc#1027153, bsc#1027616).
- x86/ioapic: Support hot-removal of IOAPICs present during boot
(bsc#1027153, bsc#1027616).
- x86/mce: Fix copy/paste error in exception table entries (fate#319858).
- x86/platform/uv: Fix calculation of Global Physical Address
(bsc#1031147).
- x86/ras/therm_throt: Do not log a fake MCE for thermal events
(bsc#1028027).
- xen: Use machine addresses in /sys/kernel/vmcoreinfo when PV
(bsc#1014136)
- xgene_enet: remove bogus forward declarations (bsc#1032673).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-532=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (x86_64):
kernel-debug-4.4.62-18.6.1
kernel-debug-base-4.4.62-18.6.1
kernel-debug-base-debuginfo-4.4.62-18.6.1
kernel-debug-debuginfo-4.4.62-18.6.1
kernel-debug-debugsource-4.4.62-18.6.1
kernel-debug-devel-4.4.62-18.6.1
kernel-debug-devel-debuginfo-4.4.62-18.6.1
kernel-default-4.4.62-18.6.1
kernel-default-base-4.4.62-18.6.1
kernel-default-base-debuginfo-4.4.62-18.6.1
kernel-default-debuginfo-4.4.62-18.6.1
kernel-default-debugsource-4.4.62-18.6.1
kernel-default-devel-4.4.62-18.6.1
kernel-obs-build-4.4.62-18.6.1
kernel-obs-build-debugsource-4.4.62-18.6.1
kernel-obs-qa-4.4.62-18.6.1
kernel-syms-4.4.62-18.6.1
kernel-vanilla-4.4.62-18.6.1
kernel-vanilla-base-4.4.62-18.6.1
kernel-vanilla-base-debuginfo-4.4.62-18.6.1
kernel-vanilla-debuginfo-4.4.62-18.6.1
kernel-vanilla-debugsource-4.4.62-18.6.1
kernel-vanilla-devel-4.4.62-18.6.1
- openSUSE Leap 42.2 (noarch):
kernel-devel-4.4.62-18.6.1
kernel-docs-4.4.62-18.6.2
kernel-docs-html-4.4.62-18.6.2
kernel-docs-pdf-4.4.62-18.6.2
kernel-macros-4.4.62-18.6.1
kernel-source-4.4.62-18.6.1
kernel-source-vanilla-4.4.62-18.6.1
References:
https://www.suse.com/security/cve/CVE-2016-4997.html
https://www.suse.com/security/cve/CVE-2016-4998.html
https://www.suse.com/security/cve/CVE-2017-2671.html
https://www.suse.com/security/cve/CVE-2017-7187.html
https://www.suse.com/security/cve/CVE-2017-7261.html
https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://www.suse.com/security/cve/CVE-2017-7374.html
https://www.suse.com/security/cve/CVE-2017-7616.html
https://www.suse.com/security/cve/CVE-2017-7618.html
https://bugzilla.suse.com/1010032
https://bugzilla.suse.com/1012452
https://bugzilla.suse.com/1012829
https://bugzilla.suse.com/1013887
https://bugzilla.suse.com/1014136
https://bugzilla.suse.com/1017461
https://bugzilla.suse.com/1019614
https://bugzilla.suse.com/1021424
https://bugzilla.suse.com/1021762
https://bugzilla.suse.com/1022340
https://bugzilla.suse.com/1023287
https://bugzilla.suse.com/1027153
https://bugzilla.suse.com/1027512
https://bugzilla.suse.com/1027616
https://bugzilla.suse.com/1027974
https://bugzilla.suse.com/1028027
https://bugzilla.suse.com/1028217
https://bugzilla.suse.com/1028415
https://bugzilla.suse.com/1028883
https://bugzilla.suse.com/1029514
https://bugzilla.suse.com/1029634
https://bugzilla.suse.com/1030070
https://bugzilla.suse.com/1030118
https://bugzilla.suse.com/1030213
https://bugzilla.suse.com/1031003
https://bugzilla.suse.com/1031052
https://bugzilla.suse.com/1031147
https://bugzilla.suse.com/1031200
https://bugzilla.suse.com/1031206
https://bugzilla.suse.com/1031208
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031512
https://bugzilla.suse.com/1031555
https://bugzilla.suse.com/1031579
https://bugzilla.suse.com/1031662
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1031831
https://bugzilla.suse.com/1032006
https://bugzilla.suse.com/1032141
https://bugzilla.suse.com/1032345
https://bugzilla.suse.com/1032400
https://bugzilla.suse.com/1032581
https://bugzilla.suse.com/1032673
https://bugzilla.suse.com/1032681
https://bugzilla.suse.com/1032803
https://bugzilla.suse.com/1033117
https://bugzilla.suse.com/1033281
https://bugzilla.suse.com/1033336
https://bugzilla.suse.com/1033340
https://bugzilla.suse.com/1033885
https://bugzilla.suse.com/1034048
https://bugzilla.suse.com/1034419
https://bugzilla.suse.com/1034671
https://bugzilla.suse.com/1034902
https://bugzilla.suse.com/970083
https://bugzilla.suse.com/986362
https://bugzilla.suse.com/986365
https://bugzilla.suse.com/988065
https://bugzilla.suse.com/993832
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0