openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
December 2017
- 1 participants
- 98 discussions
[security-announce] SUSE-SU-2017:3267-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 12 Dec '17
by opensuse-security@opensuse.org 12 Dec '17
12 Dec '17
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:3267-1
Rating: important
References: #1012382 #1017461 #1020645 #1022595 #1022600
#1022914 #1022967 #1025461 #1028971 #1030061
#1034048 #1037890 #1052593 #1053919 #1055493
#1055567 #1055755 #1055896 #1056427 #1058135
#1058410 #1058624 #1059051 #1059465 #1059863
#1060197 #1060985 #1061017 #1061046 #1061064
#1061067 #1061172 #1061451 #1061831 #1061872
#1062520 #1062962 #1063460 #1063475 #1063501
#1063509 #1063520 #1063667 #1063695 #1064206
#1064388 #1064701 #964944 #966170 #966172
#966186 #966191 #966316 #966318 #969474 #969475
#969476 #969477 #971975 #974590 #996376
Cross-References: CVE-2017-12153 CVE-2017-13080 CVE-2017-14489
CVE-2017-15265 CVE-2017-15649
Affected Products:
SUSE Linux Enterprise Real Time Extension 12-SP2
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 56 fixes is
now available.
Description:
The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.95 to
receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-12153: A security flaw was discovered in the
nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux
kernel This function did not check whether the required attributes are
present in a Netlink request. This request can be issued by a user with
the CAP_NET_ADMIN capability and may result in a NULL pointer
dereference and system crash (bnc#1058410 1058624).
- CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed
reinstallation of the Group Temporal Key (GTK) during the group key
handshake, allowing an attacker within radio range to replay frames from
access points to clients (bnc#1063667).
- CVE-2017-14489: The iscsi_if_rx function in
drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local
users to cause a denial of service (panic) by leveraging incorrect
length validation (bnc#1059051).
- CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel
allowed local users to cause a denial of service (use-after-free) or
possibly have unspecified other impact via crafted /dev/snd/seq ioctl
calls, related to sound/core/seq/seq_clientmgr.c and
sound/core/seq/seq_ports.c (bnc#1062520).
- CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local
users to gain privileges via crafted system calls that trigger
mishandling of packet_fanout data structures, because of a race
condition (involving fanout_add and packet_do_bind) that leads to a
use-after-free, a different vulnerability than CVE-2017-6346
(bnc#1064388).
The following non-security bugs were fixed:
- alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382).
- alsa: caiaq: Fix stray URB at probe error path (bnc#1012382).
- alsa: compress: Remove unused variable (bnc#1012382).
- alsa: hda: Remove superfluous '-' added by printk conversion
(bnc#1012382).
- alsa: line6: Fix leftover URB at error-path during probe (bnc#1012382).
- alsa: seq: Enable 'use' locking in all configurations (bnc#1012382).
- alsa: seq: Fix copy_from_user() call inside lock (bnc#1012382).
- alsa: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
(bnc#1012382).
- alsa: usb-audio: Check out-of-bounds access by corrupted buffer
descriptor (bnc#1012382).
- alsa: usb-audio: Kill stray URB at exiting (bnc#1012382).
- alsa: usx2y: Suppress kernel warning at page allocation failures
(bnc#1012382).
- arc: Re-enable MMU upon Machine Check exception (bnc#1012382).
- arm64: fault: Route pte translation faults via do_translation_fault
(bnc#1012382).
- arm64: Make sure SPsel is always set (bnc#1012382).
- arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382).
- arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
(bnc#1012382).
- arm: pxa: add the number of DMA requestor lines (bnc#1012382).
- arm: pxa: fix the number of DMA requestor lines (bnc#1012382).
- arm: remove duplicate 'const' annotations' (bnc#1012382).
- asoc: dapm: fix some pointer error handling (bnc#1012382).
- asoc: dapm: handle probe deferrals (bnc#1012382).
- audit: log 32-bit socketcalls (bnc#1012382).
- bcache: correct cache_dirty_target in __update_writeback_rate()
(bnc#1012382).
- bcache: Correct return value for sysfs attach errors (bnc#1012382).
- bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).
- bcache: fix bch_hprint crash and improve output (bnc#1012382).
- bcache: fix for gc and write-back race (bnc#1012382).
- bcache: Fix leak of bdev reference (bnc#1012382).
- bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).
- blacklist.conf: blacklisted 16af97dc5a89 (bnc#1053919)
- block: Relax a check in blk_start_queue() (bnc#1012382).
- bpf: one perf event close won't free bpf program attached by another
perf event (bnc#1012382).
- bpf/verifier: reject BPF_ALU64|BPF_END (bnc#1012382).
- brcmfmac: add length check in brcmf_cfg80211_escan_handler()
(bnc#1012382).
- brcmfmac: setup passive scan if requested by user-space (bnc#1012382).
- brcmsmac: make some local variables 'static const' to reduce stack size
(bnc#1012382).
- bridge: netlink: register netdevice before executing changelink
(bnc#1012382).
- bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).
- btrfs: add a node counter to each of the rbtrees (bsc#974590 bsc#1030061
bsc#1022914 bsc#1017461).
- btrfs: add cond_resched() calls when resolving backrefs (bsc#974590
bsc#1030061 bsc#1022914 bsc#1017461).
- btrfs: allow backref search checks for shared extents (bsc#974590
bsc#1030061 bsc#1022914 bsc#1017461).
- btrfs: backref, add tracepoints for prelim_ref insertion and merging
(bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
- btrfs: backref, add unode_aux_to_inode_list helper (bsc#974590
bsc#1030061 bsc#1022914 bsc#1017461).
- btrfs: backref, cleanup __ namespace abuse (bsc#974590 bsc#1030061
bsc#1022914 bsc#1017461).
- btrfs: backref, constify some arguments (bsc#974590 bsc#1030061
bsc#1022914 bsc#1017461).
- btrfs: btrfs_check_shared should manage its own transaction (bsc#974590
bsc#1030061 bsc#1022914 bsc#1017461).
- btrfs: change how we decide to commit transactions during flushing
(bsc#1060197).
- btrfs: clean up extraneous computations in add_delayed_refs (bsc#974590
bsc#1030061 bsc#1022914 bsc#1017461).
- btrfs: constify tracepoint arguments (bsc#974590 bsc#1030061 bsc#1022914
bsc#1017461).
- btrfs: convert prelimary reference tracking to use rbtrees (bsc#974590
bsc#1030061 bsc#1022914 bsc#1017461).
- btrfs: fix leak and use-after-free in resolve_indirect_refs (bsc#974590
bsc#1030061 bsc#1022914 bsc#1017461).
- btrfs: fix NULL pointer dereference from free_reloc_roots()
(bnc#1012382).
- btrfs: prevent to set invalid default subvolid (bnc#1012382).
- btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).
- btrfs: qgroup: move noisy underflow warning to debugging build
(bsc#1055755).
- btrfs: remove ref_tree implementation from backref.c (bsc#974590
bsc#1030061 bsc#1022914 bsc#1017461).
- btrfs: struct-funcs, constify readers (bsc#974590 bsc#1030061
bsc#1022914 bsc#1017461).
- bus: mbus: fix window size calculation for 4GB windows (bnc#1012382).
- can: esd_usb2: Fix can_dlc value for received RTR, frames (bnc#1012382).
- can: gs_usb: fix busy loop if no more TX context is available
(bnc#1012382).
- ceph: avoid panic in create_session_open_msg() if utsname() returns NULL
(bsc#1061451).
- ceph: check negative offsets in ceph_llseek() (bsc#1061451).
- ceph: clean up unsafe d_parent accesses in build_dentry_path
(bnc#1012382).
- cifs: fix circular locking dependency (bsc#1064701).
- cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).
- cifs: Reconnect expired SMB sessions (bnc#1012382).
- cifs: release auth_key.response for reconnect (bnc#1012382).
- clockevents/drivers/cs5535: Improve resilience to spurious interrupts
(bnc#1012382).
- cpufreq: CPPC: add ACPI_PROCESSOR dependency (bnc#1012382).
- crypto: AF_ALG - remove SGL terminator indicator when chaining
(bnc#1012382).
- crypto: shash - Fix zero-length shash ahash digest crash (bnc#1012382).
- crypto: talitos - Do not provide setkey for non hmac hashing algs
(bnc#1012382).
- crypto: talitos - fix sha224 (bnc#1012382).
- crypto: xts - Add ECB dependency (bnc#1012382).
- cxl: Fix driver use count (bnc#1012382).
- direct-io: Prevent NULL pointer access in submit_page_section
(bnc#1012382).
- dmaengine: edma: Align the memcpy acnt array size with the transfer
(bnc#1012382).
- dmaengine: mmp-pdma: add number of requestors (bnc#1012382).
- driver core: platform: Do not read past the end of "driver_override"
buffer (bnc#1012382).
- drivers: firmware: psci: drop duplicate const from psci_of_match
(bnc#1012382).
- drivers: hv: fcopy: restore correct transfer length (bnc#1012382).
- drm: Add driver-private objects to atomic state (bsc#1055493).
- drm/amdkfd: fix improper return value on error (bnc#1012382).
- drm: bridge: add DT bindings for TI ths8135 (bnc#1012382).
- drm/dp: Introduce MST topology state to track available link bandwidth
(bsc#1055493).
- drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382).
- drm/i915/bios: ignore HDMI on port A (bnc#1012382).
- drm/nouveau/bsp/g92: disable by default (bnc#1012382).
- drm/nouveau/mmu: flush tlbs before deleting page tables (bnc#1012382).
- ext4: do not allow encrypted operations without keys (bnc#1012382).
- ext4: fix incorrect quotaoff if the quota feature is enabled
(bnc#1012382).
- ext4: fix quota inconsistency during orphan cleanup for read-only mounts
(bnc#1012382).
- ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
(bnc#1012382).
- extcon: axp288: Use vbus-valid instead of -present to determine cable
presence (bnc#1012382).
- exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382).
- f2fs: check hot_data for roll-forward recovery (bnc#1012382).
- f2fs crypto: add missing locking for keyring_key access (bnc#1012382).
- f2fs crypto: replace some BUG_ON()'s with error checks (bnc#1012382).
- f2fs: do not wait for writeback in write_begin (bnc#1012382).
- fix unbalanced page refcounting in bio_map_user_iov (bnc#1012382).
- fix whitespace according to upstream commit
- fix xen_swiotlb_dma_mmap prototype (bnc#1012382).
- fs-cache: fix dereference of NULL user_key_payload (bnc#1012382).
- fscrypt: fix dereference of NULL user_key_payload (bnc#1012382).
- fscrypto: require write access to mount to set encryption policy
(bnc#1012382).
- fs/epoll: cache leftmost node (bsc#1056427).
- ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382).
- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
(bnc#1012382).
- ftrace: Fix selftest goto location on error (bnc#1012382).
- genirq: Fix for_each_action_of_desc() macro (bsc#1061064).
- getcwd: Close race with d_move called by lustre (bsc#1052593).
- gfs2: Fix debugfs glocks dump (bnc#1012382).
- gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382).
- gianfar: Fix Tx flow control deactivation (bnc#1012382).
- hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382).
- hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch
(bnc#1022967).
- hid: usbhid: fix out-of-bounds bug (bnc#1012382).
- hpsa: correct lun data caching bitmap definition (bsc#1028971).
- hwmon: (gl520sm) Fix overflows and crash seen when writing into limit
attributes (bnc#1012382).
- i2c: at91: ensure state is restored after suspending (bnc#1012382).
- i2c: ismt: Separate I2C block read from SMBus block read (bnc#1012382).
- i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382).
- i40e: Initialize 64-bit statistics TX ring seqcount (bsc#969476
FATE#319648 bsc#969477 FATE#319816).
- i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477
FATE#319816).
- i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477
FATE#319816).
- ib/core: Fix for core panic (bsc#1022595 FATE#322350).
- ib/core: Fix the validations of a multicast LID in attach or detach
operations (bsc#1022595 FATE#322350).
- ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648
bsc#969477 FATE#319816).
- ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382).
- ib/ipoib: Replace list_del of the neigh->list with list_del_init
(bnc#1012382).
- ib/ipoib: rtnl_unlock can not come after free_netdev (bnc#1012382).
- ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170
FATE#320225 bsc#966172 FATE#320226).
- ibmvnic: Set state UP (bsc#1062962).
- ib/qib: fix false-postive maybe-uninitialized warning (bnc#1012382).
- igb: re-assign hw address pointer on reset after PCI error (bnc#1012382).
- iio: ad7793: Fix the serial interface reset (bnc#1012382).
- iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register
modifications (bnc#1012382).
- iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382).
- iio: adc: mcp320x: Fix oops on module unload (bnc#1012382).
- iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382).
- iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling
path of 'twl4030_madc_probe()' (bnc#1012382).
- iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'
(bnc#1012382).
- iio: adc: xilinx: Fix error handling (bnc#1012382).
- iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382).
- iio: core: Return error for failed read_reg (bnc#1012382).
- input: i8042 - add Gigabyte P57 to the keyboard reset table
(bnc#1012382).
- iommu/amd: Finish TLB flush in amd_iommu_unmap() (bnc#1012382).
- iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
(bnc#1012382).
- iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067).
- ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
(bnc#1012382).
- ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
(bnc#1012382).
- ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).
- ipv6: fix memory leak with multiple tables during netns destruction
(bnc#1012382).
- ipv6: fix sparse warning on rt6i_node (bnc#1012382).
- ipv6: fix typo in fib6_net_exit() (bnc#1012382).
- irqchip/crossbar: Fix incorrect type of local variables (bnc#1012382).
- isdn/i4l: fetch the ppp_write buffer in one shot (bnc#1012382).
- iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382).
- iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD (bnc#1012382).
- ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags
(bsc#969474 FATE#319812 bsc#969475 FATE#319814).
- kABI: protect struct l2tp_tunnel (kabi).
- kABI: protect struct rm_data_op (kabi).
- kABI: protect struct sdio_func (kabi).
- keys: do not let add_key() update an uninstantiated key (bnc#1012382).
- keys: encrypted: fix dereference of NULL user_key_payload (bnc#1012382).
- keys: Fix race between updating and finding a negative key (bnc#1012382).
- keys: fix writing past end of user-supplied buffer in keyring_read()
(bnc#1012382).
- keys: prevent creating a different user's keyrings (bnc#1012382).
- keys: prevent KEYCTL_READ on negative key (bnc#1012382).
- kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"
exceptions simultaneously (bsc#1061017).
- kvm: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
(bnc#1012382).
- kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()
(bnc#1012382).
- kvm: SVM: Add a missing 'break' statement (bsc#1061017).
- kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).
- kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
(bsc#1061017).
- kvm: VMX: use cmpxchg64 (bnc#1012382).
- l2tp: Avoid schedule while atomic in exit_net (bnc#1012382).
- l2tp: fix race condition in l2tp_tunnel_delete (bnc#1012382).
- libata: transport: Remove circular dependency at free time (bnc#1012382).
- lib/digsig: fix dereference of NULL user_key_payload (bnc#1012382).
- locking/lockdep: Add nest_lock integrity test (bnc#1012382).
- lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
(bnc#1012382).
- mac80211: fix power saving clients handling in iwlwifi (bnc#1012382).
- mac80211: flush hw_roc_start work before cancelling the ROC
(bnc#1012382).
- mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length (bnc#1012382).
- md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).
- md/linear: shutup lockdep warnning (bnc#1012382).
- md/raid10: submit bio directly to replacement disk (bnc#1012382).
- md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
(bnc#1012382).
- md/raid5: release/flush io in raid5_do_work() (bnc#1012382).
- media: uvcvideo: Prevent heap overflow when accessing mapped controls
(bnc#1012382).
- media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).
- mips: Ensure bss section ends on a long-aligned address (bnc#1012382).
- mips: Fix minimum alignment requirement of IRQ stack (git-fixes).
- mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382).
- mips: Lantiq: Fix another request_mem_region() return code check
(bnc#1012382).
- mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs
(bnc#1012382).
- mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with
opposite signs (bnc#1012382).
- mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero
(bnc#1012382).
- mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation
(bnc#1012382).
- mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative
(bnc#1012382).
- mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs
(bnc#1012382).
- mips: math-emu: Remove pr_err() calls from fpu_emu() (bnc#1012382).
- mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382).
- mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array
(bsc#966170 FATE#320225 bsc#966172 FATE#320226).
- mm/backing-dev.c: fix an error handling path in 'cgwb_create()'
(bnc#1063475).
- mm,compaction: serialize waitqueue_active() checks (for real)
(bsc#971975).
- mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382).
- mm: discard memblock data later (bnc#1063460).
- mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460).
- mm: meminit: mark init_reserved_page as __meminit (bnc#1063509).
- mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to
inline function (bnc#1063501).
- mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as
unsigned long (bnc#1063520).
- mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).
- net: core: Prevent from dereferencing null pointer when releasing SKB
(bnc#1012382).
- net: emac: Fix napi poll list corruption (bnc#1012382).
- netfilter: invoke synchronize_rcu after set the _hook_ to NULL
(bnc#1012382).
- netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value
(bnc#1012382).
- netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
(bnc#1012382).
- net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled
(bsc#966191 FATE#320230 bsc#966186 FATE#320228).
- net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
new probed PFs (bnc#1012382).
- net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bnc#1012382).
- net/mlx5e: Fix wrong delay calculation for overflow check scheduling
(bsc#966170 FATE#320225 bsc#966172 FATE#320226).
- net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170
FATE#320225 bsc#966172 FATE#320226).
- net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170
FATE#320225 bsc#966172 FATE#320226).
- net: mvpp2: release reference to txq_cpu[] entry after unmapping
(bnc#1012382).
- net/packet: check length in getsockopt() called with PACKET_HDRLEN
(bnc#1012382).
- net: Set sk_prot_creator when cloning sockets to the right proto
(bnc#1012382).
- nfsd/callback: Cleanup callback cred on shutdown (bnc#1012382).
- nfsd: Fix general protection fault in release_lock_stateid()
(bnc#1012382).
- nl80211: Define policy for packet pattern attributes (bnc#1012382).
- nvme: protect against simultaneous shutdown invocations (FATE#319965
bnc#1012382 bsc#964944).
- packet: only test po->has_vnet_hdr once in packet_snd (bnc#1012382).
- parisc: Avoid trashing sr2 and sr3 in LWS code (bnc#1012382).
- parisc: Fix double-word compare and exchange in LWS code on 32-bit
kernels (bnc#1012382).
- parisc: perf: Fix potential NULL pointer dereference (bnc#1012382).
- partitions/efi: Fix integer overflow in GPT size calculation
(bnc#1012382).
- pci: Allow PCI express root ports to find themselves (bsc#1061046).
- pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).
- pci: Fix race condition with driver_override (bnc#1012382).
- pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
(bnc#1012382).
- perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).
- perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct
tracking' (bsc#1061831).
- pkcs7: Prevent NULL pointer dereference, since sinfo is not always set
(bnc#1012382).
- powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).
- powerpc/pseries: Fix parent_dn reference leak in add_dt_node()
(bnc#1012382).
- qed: Fix stack corruption on probe (bsc#966318 FATE#320158 bsc#966316
FATE#320159).
- qlge: avoid memcpy buffer overflow (bnc#1012382).
- rcu: Allow for page faults in NMI handlers (bnc#1012382).
- rds: ib: add error handle (bnc#1012382).
- rds: RDMA: Fix the composite message user notification (bnc#1012382).
- Revert "bsg-lib: do not free job in bsg_prepare_job" (bnc#1012382).
- Revert "net: fix percpu memory leaks" (bnc#1012382).
- Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"
(bnc#1012382).
- Revert "net: use lib/percpu_counter API for fragmentation mem
accounting" (bnc#1012382).
- Revert "tty: goldfish: Fix a parameter of a call to free_irq"
(bnc#1012382).
- rtlwifi: rtl8821ae: Fix connection lost problem (bnc#1012382).
- sched/autogroup: Fix autogroup_move_group() to never skip
sched_move_task() (bnc#1012382).
- sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382).
- scsi: hpsa: add 'ctlr_num' sysfs attribute (bsc#1028971).
- scsi: hpsa: bump driver version (bsc#1022600 fate#321928).
- scsi: hpsa: change driver version (bsc#1022600 bsc#1028971 fate#321928).
- scsi: hpsa: Check for null device pointers (bsc#1028971).
- scsi: hpsa: Check for null devices in ioaccel (bsc#1028971).
- scsi: hpsa: Check for vpd support before sending (bsc#1028971).
- scsi: hpsa: cleanup reset handler (bsc#1022600 fate#321928).
- scsi: hpsa: correct call to hpsa_do_reset (bsc#1028971).
- scsi: hpsa: correct logical resets (bsc#1028971).
- scsi: hpsa: correct queue depth for externals (bsc#1022600 fate#321928).
- scsi: hpsa: correct resets on retried commands (bsc#1022600 fate#321928).
- scsi: hpsa: correct scsi 6byte lba calculation (bsc#1028971).
- scsi: hpsa: Determine device external status earlier (bsc#1028971).
- scsi: hpsa: do not get enclosure info for external devices (bsc#1022600
fate#321928).
- scsi: hpsa: do not reset enclosures (bsc#1022600 fate#321928).
- scsi: hpsa: do not timeout reset operations (bsc#1022600 bsc#1028971
fate#321928).
- scsi: hpsa: fallback to use legacy REPORT PHYS command (bsc#1028971).
- scsi: hpsa: fix volume offline state (bsc#1022600 bsc#1028971
fate#321928).
- scsi: hpsa: limit outstanding rescans (bsc#1022600 bsc#1028971
fate#321928).
- scsi: hpsa: Prevent sending bmic commands to externals (bsc#1028971).
- scsi: hpsa: remove abort handler (bsc#1022600 fate#321928).
- scsi: hpsa: remove coalescing settings for ioaccel2 (bsc#1028971).
- scsi: hpsa: remove memory allocate failure message (bsc#1028971).
- scsi: hpsa: Remove unneeded void pointer cast (bsc#1028971).
- scsi: hpsa: rescan later if reset in progress (bsc#1022600 fate#321928).
- scsi: hpsa: send ioaccel requests with 0 length down raid path
(bsc#1022600 fate#321928).
- scsi: hpsa: separate monitor events from rescan worker (bsc#1022600
fate#321928).
- scsi: hpsa: update check for logical volume status (bsc#1022600
bsc#1028971 fate#321928).
- scsi: hpsa: update identify physical device structure (bsc#1022600
fate#321928).
- scsi: hpsa: update pci ids (bsc#1022600 bsc#1028971 fate#321928).
- scsi: hpsa: update reset handler (bsc#1022600 fate#321928).
- scsi: hpsa: use designated initializers (bsc#1028971).
- scsi: hpsa: use %phN for short hex dumps (bsc#1028971).
- scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465).
- scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695).
- scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
(bnc#1012382).
- scsi: megaraid_sas: Return pended IOCTLs with cmd_status
MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).
- scsi: reset wait for IO completion (bsc#996376).
- scsi: scsi_dh_emc: return success in clariion_std_inquiry()
(bnc#1012382).
- scsi: scsi_transport_fc: Also check for NOTPRESENT in
fc_remote_port_add() (bsc#1037890).
- scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135).
- scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461).
- scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985).
- scsi: sg: close race condition in sg_remove_sfp_usercontext()
(bsc#1064206).
- scsi: sg: do not return bogus Sg_requests (bsc#1064206).
- scsi: sg: factor out sg_fill_request_table() (bnc#1012382).
- scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).
- scsi: sg: off by one in sg_ioctl() (bnc#1012382).
- scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206).
- scsi: sg: remove 'save_scat_len' (bnc#1012382).
- scsi: sg: use standard lists for sg_requests (bnc#1012382).
- scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).
- scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
(bnc#1012382).
- scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace
records (bnc#1012382).
- scsi: zfcp: fix missing trace records for early returns in TMF eh
handlers (bnc#1012382).
- scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with
HBA (bnc#1012382).
- scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
(bnc#1012382).
- scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
(bnc#1012382).
- scsi: zfcp: trace HBA FSF response by default on dismiss or timedout
late response (bnc#1012382).
- scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382).
- sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
(bnc#1012382).
- seccomp: fix the usage of get/put_seccomp_filter() in
seccomp_get_filter() (bnc#1012382).
- sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382).
- skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).
- skd: Submit requests to firmware before triggering the doorbell
(bnc#1012382).
- slub: do not merge cache if slub_debug contains a never-merge flag
(bnc#1012382).
- smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).
- smb: Validate negotiate (to protect against downgrade) even if signing
off (bnc#1012382).
- sparc64: Migrate hvcons irq to panicked cpu (bnc#1012382).
- staging: iio: ad7192: Fix - use the dedicated reset function avoiding
dma from stack (bnc#1012382).
- stm class: Fix a use-after-free (bnc#1012382).
- supported.conf: mark hid-multitouch as supported (FATE#323670)
- swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).
- target/iscsi: Fix unsolicited data seq_end_offset calculation
(bnc#1012382).
- team: call netdev_change_features out of team lock (bsc#1055567).
- team: fix memory leaks (bnc#1012382).
- timer/sysclt: Restrict timer migration sysctl values to 0 and 1
(bnc#1012382).
- tipc: use only positive error codes in messages (bnc#1012382).
- tpm_tis: Do not fall back to a hardcoded address for TPM2 (bsc#1020645,
fate#321435, fate#321507, fate#321600, bsc#1034048).
- tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).
- tracing: Erase irqsoff trace with empty write (bnc#1012382).
- tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).
- ttpci: address stringop overflow warning (bnc#1012382).
- tty: fix __tty_insert_flip_char regression (bnc#1012382).
- tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382).
- tty: improve tty_insert_flip_char() fast path (bnc#1012382).
- tty: improve tty_insert_flip_char() slow path (bnc#1012382).
- tun: bail out from tun_get_user() if the skb is empty (bnc#1012382).
- uapi: fix linux/mroute6.h userspace compilation errors (bnc#1012382).
- uapi: fix linux/rds.h userspace compilation errors (bnc#1012382).
- udpv6: Fix the checksum computation when HW checksum does not apply
(bnc#1012382).
- usb: cdc_acm: Add quirk for Elatec TWN3 (bnc#1012382).
- usb: chipidea: vbus event may exist before starting gadget (bnc#1012382).
- usb: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
(bnc#1012382).
- usb: core: harden cdc_parse_cdc_header (bnc#1012382).
- usb: devio: Do not corrupt user memory (bnc#1012382).
- usb: devio: Revert "USB: devio: Do not corrupt user memory"
(bnc#1012382).
- usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382).
- usb: dummy-hcd: Fix deadlock caused by disconnect detection
(bnc#1012382).
- usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382).
- usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382).
- usb: fix out-of-bounds in usb_set_configuration (bnc#1012382).
- usb: gadget: composite: Fix use-after-free in
usb_composite_overwrite_options (bnc#1012382).
- usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382).
- usb: gadgetfs: Fix crash caused by inadequate synchronization
(bnc#1012382).
- usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write
(bnc#1012382).
- usb: gadget: mass_storage: set msg_registered after msg registered
(bnc#1012382).
- usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382).
- usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382).
- usb: hub: Allow reset retry for USB2 devices on connect bounce
(bnc#1012382).
- usb: Increase quirk delay for USB devices (bnc#1012382).
- usb: musb: Check for host-mode using is_host_active() on reset interrupt
(bnc#1012382).
- usb: musb: sunxi: Explicitly release USB PHY on exit (bnc#1012382).
- usb: pci-quirks.c: Corrected timeout values used in handshake
(bnc#1012382).
- usb: plusb: Add support for PL-27A1 (bnc#1012382).
- usb: quirks: add quirk for WORLDE MINI MIDI keyboard (bnc#1012382).
- usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
(bnc#1012382).
- usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
(bnc#1012382).
- usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
(bnc#1012382).
- usb: serial: console: fix use-after-free after failed setup
(bnc#1012382).
- usb: serial: cp210x: add support for ELV TFD500 (bnc#1012382).
- usb: serial: ftdi_sio: add id for Cypress WICED dev board (bnc#1012382).
- usb: serial: metro-usb: add MS7820 device id (bnc#1012382).
- usb: serial: mos7720: fix control-message error handling (bnc#1012382).
- usb: serial: mos7840: fix control-message error handling (bnc#1012382).
- usb: serial: option: add support for TP-Link LTE module (bnc#1012382).
- usb: serial: qcserial: add Dell DW5818, DW5819 (bnc#1012382).
- usb-storage: unusual_devs entry to fix write-access regression for
Seagate external drives (bnc#1012382).
- usb: uas: fix bug in handling of alternate settings (bnc#1012382).
- uwb: ensure that endpoint is interrupt (bnc#1012382).
- uwb: properly check kthread_run return value (bnc#1012382).
- vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
(bnc#1012382).
- video: fbdev: aty: do not leak uninitialized padding in clk to userspace
(bnc#1012382).
- vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit (bnc#1012382).
- watchdog: kempld: fix gcc-4.3 build (bnc#1012382).
- x86/alternatives: Fix alt_max_short macro to really be a max()
(bnc#1012382).
- x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).
- x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps
(bnc#1012382).
- x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).
- xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage
(bsc#1055896).
- xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863).
- xfs: remove kmem_zalloc_greedy (bnc#1012382).
- xhci: fix finding correct bus_state structure for USB 3.1 hosts
(bnc#1012382).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 12-SP2:
zypper in -t patch SUSE-SLE-RT-12-SP2-2017-2034=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time Extension 12-SP2 (noarch):
kernel-devel-rt-4.4.95-21.1
kernel-source-rt-4.4.95-21.1
- SUSE Linux Enterprise Real Time Extension 12-SP2 (x86_64):
cluster-md-kmp-rt-4.4.95-21.1
cluster-md-kmp-rt-debuginfo-4.4.95-21.1
cluster-network-kmp-rt-4.4.95-21.1
cluster-network-kmp-rt-debuginfo-4.4.95-21.1
dlm-kmp-rt-4.4.95-21.1
dlm-kmp-rt-debuginfo-4.4.95-21.1
gfs2-kmp-rt-4.4.95-21.1
gfs2-kmp-rt-debuginfo-4.4.95-21.1
kernel-rt-4.4.95-21.1
kernel-rt-base-4.4.95-21.1
kernel-rt-base-debuginfo-4.4.95-21.1
kernel-rt-debuginfo-4.4.95-21.1
kernel-rt-debugsource-4.4.95-21.1
kernel-rt-devel-4.4.95-21.1
kernel-rt_debug-debuginfo-4.4.95-21.1
kernel-rt_debug-debugsource-4.4.95-21.1
kernel-rt_debug-devel-4.4.95-21.1
kernel-rt_debug-devel-debuginfo-4.4.95-21.1
kernel-syms-rt-4.4.95-21.1
ocfs2-kmp-rt-4.4.95-21.1
ocfs2-kmp-rt-debuginfo-4.4.95-21.1
References:
https://www.suse.com/security/cve/CVE-2017-12153.html
https://www.suse.com/security/cve/CVE-2017-13080.html
https://www.suse.com/security/cve/CVE-2017-14489.html
https://www.suse.com/security/cve/CVE-2017-15265.html
https://www.suse.com/security/cve/CVE-2017-15649.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1017461
https://bugzilla.suse.com/1020645
https://bugzilla.suse.com/1022595
https://bugzilla.suse.com/1022600
https://bugzilla.suse.com/1022914
https://bugzilla.suse.com/1022967
https://bugzilla.suse.com/1025461
https://bugzilla.suse.com/1028971
https://bugzilla.suse.com/1030061
https://bugzilla.suse.com/1034048
https://bugzilla.suse.com/1037890
https://bugzilla.suse.com/1052593
https://bugzilla.suse.com/1053919
https://bugzilla.suse.com/1055493
https://bugzilla.suse.com/1055567
https://bugzilla.suse.com/1055755
https://bugzilla.suse.com/1055896
https://bugzilla.suse.com/1056427
https://bugzilla.suse.com/1058135
https://bugzilla.suse.com/1058410
https://bugzilla.suse.com/1058624
https://bugzilla.suse.com/1059051
https://bugzilla.suse.com/1059465
https://bugzilla.suse.com/1059863
https://bugzilla.suse.com/1060197
https://bugzilla.suse.com/1060985
https://bugzilla.suse.com/1061017
https://bugzilla.suse.com/1061046
https://bugzilla.suse.com/1061064
https://bugzilla.suse.com/1061067
https://bugzilla.suse.com/1061172
https://bugzilla.suse.com/1061451
https://bugzilla.suse.com/1061831
https://bugzilla.suse.com/1061872
https://bugzilla.suse.com/1062520
https://bugzilla.suse.com/1062962
https://bugzilla.suse.com/1063460
https://bugzilla.suse.com/1063475
https://bugzilla.suse.com/1063501
https://bugzilla.suse.com/1063509
https://bugzilla.suse.com/1063520
https://bugzilla.suse.com/1063667
https://bugzilla.suse.com/1063695
https://bugzilla.suse.com/1064206
https://bugzilla.suse.com/1064388
https://bugzilla.suse.com/1064701
https://bugzilla.suse.com/964944
https://bugzilla.suse.com/966170
https://bugzilla.suse.com/966172
https://bugzilla.suse.com/966186
https://bugzilla.suse.com/966191
https://bugzilla.suse.com/966316
https://bugzilla.suse.com/966318
https://bugzilla.suse.com/969474
https://bugzilla.suse.com/969475
https://bugzilla.suse.com/969476
https://bugzilla.suse.com/969477
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/974590
https://bugzilla.suse.com/996376
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:3265-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 11 Dec '17
by opensuse-security@opensuse.org 11 Dec '17
11 Dec '17
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:3265-1
Rating: important
References: #1012917 #1013018 #1022967 #1024450 #1031358
#1036286 #1036629 #1037441 #1037667 #1037669
#1037994 #1039803 #1040609 #1042863 #1045154
#1045205 #1045327 #1045538 #1047523 #1050381
#1050431 #1051133 #1051932 #1052311 #1052365
#1052370 #1052593 #1053148 #1053152 #1053317
#1053802 #1053933 #1054070 #1054076 #1054093
#1054247 #1054305 #1054706 #1056230 #1056504
#1056588 #1057179 #1057796 #1058524 #1059051
#1060245 #1060665 #1061017 #1061180 #1062520
#1062842 #1063301 #1063544 #1063667 #1064803
#1064861 #1065180 #1066471 #1066472 #1066573
#1066606 #1066618 #1066625 #1066650 #1066671
#1066700 #1066705 #1067085 #1067816 #1067888
#909484 #984530 #996376
Cross-References: CVE-2017-1000112 CVE-2017-10661 CVE-2017-12762
CVE-2017-13080 CVE-2017-14051 CVE-2017-14140
CVE-2017-14340 CVE-2017-14489 CVE-2017-15102
CVE-2017-15265 CVE-2017-15274 CVE-2017-16525
CVE-2017-16527 CVE-2017-16529 CVE-2017-16531
CVE-2017-16535 CVE-2017-16536 CVE-2017-16537
CVE-2017-16649 CVE-2017-8831
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 20 vulnerabilities and has 53 fixes
is now available.
Description:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-16649: The usbnet_generic_cdc_bind function in
drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to
cause a denial of service (divide-by-zero error and system crash) or
possibly have unspecified other impact via a crafted USB device
(bnc#1067085).
- CVE-2017-16535: The usb_get_bos_descriptor function in
drivers/usb/core/config.c in the Linux kernel allowed local users to
cause a denial of service (out-of-bounds read and system crash) or
possibly have unspecified other impact via a crafted USB device
(bnc#1066700).
- CVE-2017-15102: The tower_probe function in
drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users
(who are physically proximate for inserting a crafted USB device) to
gain privileges by leveraging a write-what-where condition that occurs
after a race condition and a NULL pointer dereference (bnc#1066705).
- CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed
local users to cause a denial of service (out-of-bounds read and system
crash) or possibly have unspecified other impact via a crafted USB
device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor
(bnc#1066671).
- CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c
in the Linux kernel allowed local users to cause a denial of service
(out-of-bounds read and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1066650).
- CVE-2017-16525: The usb_serial_console_disconnect function in
drivers/usb/serial/console.c in the Linux kernel allowed local users to
cause a denial of service (use-after-free and system crash) or possibly
have unspecified other impact via a crafted USB device, related to
disconnection and failed setup (bnc#1066618).
- CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in
the Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1066573).
- CVE-2017-16536: The cx231xx_usb_probe function in
drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed
local users to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact via a crafted
USB device (bnc#1066606).
- CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local
users to cause a denial of service (snd_usb_mixer_interrupt
use-after-free and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1066625).
- CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed
reinstallation of the Group Temporal Key (GTK) during the group key
handshake, allowing an attacker within radio range to replay frames from
access points to clients (bnc#1063667).
- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call, a different vulnerability than CVE-2017-12192 (bnc#1045327).
- CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel
allowed local users to cause a denial of service (use-after-free) or
possibly have unspecified other impact via crafted /dev/snd/seq ioctl
calls, related to sound/core/seq/seq_clientmgr.c and
sound/core/seq/seq_ports.c (bnc#1062520).
- CVE-2017-14489: The iscsi_if_rx function in
drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local
users to cause a denial of service (panic) by leveraging incorrect
length validation (bnc#1059051).
- CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in
the Linux kernel did not verify that a filesystem has a realtime device,
which allowed local users to cause a denial of service (NULL pointer
dereference and OOPS) via vectors related to setting an RHINHERIT flag
on a directory (bnc#1058524).
- CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux
kernel doesn't check the effective uid of the target process, enabling a
local attacker to learn the memory layout of a setuid executable despite
ASLR (bnc#1057179).
- CVE-2017-14051: An integer overflow in the
qla2x00_sysfs_write_optrom_ctl function in
drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users
to cause a denial of service (memory corruption and system crash) by
leveraging root access (bnc#1056588).
- CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel
allowed local users to gain privileges or cause a denial of service
(list corruption or use-after-free) via simultaneous file-descriptor
operations that leverage improper might_cancel queueing (bnc#1053152).
- CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled
buffer is copied into a local buffer of constant size using strcpy
without a length check which can cause a buffer overflow. (bnc#1053148).
- CVE-2017-8831: The saa7164_bus_get function in
drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed
local users to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact by changing a certain
sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
- CVE-2017-1000112: An exploitable memory corruption due to UFO to non-UFO
path switch was fixed. (bnc#1052311 bnc#1052365).
The following non-security bugs were fixed:
- alsa: core: Fix unexpected error at replacing user TLV (bsc#1045538).
- alsa: hda - fix Lewisburg audio issue (fate#319286).
- alsa: hda/ca0132 - Fix memory leak at error path (bsc#1045538).
- alsa: timer: Add missing mutex lock for compat ioctls (bsc#1045538).
- audit: Fix use after free in audit_remove_watch_rule() (bsc#1045205).
- hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch
(bnc#1022967).
- kvm: SVM: Add a missing 'break' statement (bsc#1061017).
- kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"
exceptions simultaneously (bsc#1061017).
- nfs: Cache aggressively when file is open for writing (bsc#1053933).
- nfs: Do drop directory dentry when error clearly requires it
(bsc#1051932).
- nfs: Do not flush caches for a getattr that races with writeback
(bsc#1053933). # Conflicts: # series.conf
- nfs: Optimize fallocate by refreshing mapping when needed (bsc#1053933).
- nfs: Remove asserts from the NFS XDR code (bsc#1063544).
- nfs: invalidate file size when taking a lock (bsc#1053933).
- pci: fix hotplug related issues (bnc#1054247, LTC#157731).
- Update config files. (bsc#1057796) The CONFIG_MODULE_SIG_UEFI should be
enabled on x86_64/xen architecture because xen can work with shim on
x86_64. Enabling the following kernel config to load certificate from
db/mok: +CONFIG_MODULE_SIG_BLACKLIST=y +CONFIG_MODULE_SIG_UEFI=y
- af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093).
- autofs: do not fail mount for transient error (bsc#1065180).
- xen: avoid deadlock in xenbus (bnc#1047523).
- blacklist.conf: Add PCI ASPM fix to blacklist (bsc#1045538)
- blkback/blktap: do not leak stack data via response ring (bsc#1042863
XSA-216).
- bnx2x: prevent crash when accessing PTP with interface down
(bsc#1060665).
- cx231xx-audio: fix NULL-deref at probe (bsc#1050431).
- cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
- dm bufio: fix integer overflow when limiting maximum cache size
(git-fixes).
- drm/mgag200: Fixes for G200eH3. (bnc#1062842)
- fnic: Use the local variable instead of I/O flag to acquire io_req_lock
in fnic_queuecommand() to avoid deadloack (bsc#1067816).
- fuse: do not use iocb after it may have been freed (bsc#1054706).
- fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706).
- fuse: fsync() did not return IO errors (bsc#1054076).
- fuse: fuse_flush must check mapping->flags for errors (bsc#1054706).
- getcwd: Close race with d_move called by lustre (bsc#1052593).
- gspca: konica: add missing endpoint sanity check (bsc#1050431).
- i40e: Initialize 64-bit statistics TX ring seqcount (bsc#909484).
- kabi fix for new hash_cred function (bsc#1012917).
- kabi/severities: Ignore zpci symbol changes (bsc#1054247)
- lib/mpi: mpi_read_raw_data(): fix nbits calculation (fate#314508).
- lpfc: check for valid scsi cmnd in lpfc_scsi_cmd_iocb_cmpl()
(bsc#1051133).
- mac80211: do not compare TKIP TX MIC key in reinstall prevention
(bsc#1066472).
- md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061180).
- media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS
ioctl (bsc#1050431).
- net: Fix RCU splat in af_key (bsc#1054093).
- netback: coalesce (guest) RX SKBs as needed (bsc#1056504).
- nfs: Fix ugly referral attributes (git-fixes).
- nfs: improve shinking of access cache (bsc#1012917).
- powerpc/fadump: add reschedule point while releasing memory (bsc#1040609
bsc#1024450).
- powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669
bsc#1037667).
- powerpc/fadump: provide a helpful error message (bsc#1037669
bsc#1037667).
- powerpc/mm: Fix check of multiple 16G pages from device tree
(bsc#1064861, git-fixes).
- powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530,
bsc#1052370).
- powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister
(bsc#1067888, git-fixes f2ab6219969f).
- powerpc/slb: Force a full SLB flush when we insert for a bad EA
(bsc#1054070).
- powerpc/xics: Harden xics hypervisor backend (bnc#1056230).
- powerpc: Correct instruction code for xxlor instruction (bsc#1064861,
git-fixes).
- powerpc: Fix emulation of mfocrf in emulate_step() (bsc#1064861,
git-fixes).
- powerpc: Fix the corrupt r3 error during MCE handling (bnc#1056230).
- powerpc: Make sure IPI handlers see data written by IPI senders
(bnc#1056230).
- reiserfs: fix race in readdir (bsc#1039803).
- s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060245, LTC#159112).
- s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247,
LTC#157731).
- s390/pci: fix handling of PEC 306 (bnc#1054247, LTC#157731).
- s390/pci: improve error handling during fmb (de)registration
(bnc#1054247, LTC#157731).
- s390/pci: improve error handling during interrupt deregistration
(bnc#1054247, LTC#157731).
- s390/pci: improve pci hotplug (bnc#1054247, LTC#157731).
- s390/pci: improve unreg_ioat error handling (bnc#1054247, LTC#157731).
- s390/pci: introduce clp_get_state (bnc#1054247, LTC#157731).
- s390/pci: provide more debug information (bnc#1054247, LTC#157731).
- s390/qdio: avoid reschedule of outbound tasklet once killed
(bnc#1063301, LTC#159885).
- s390/topology: alternative topology for topology-less machines
(bnc#1060245, LTC#159177).
- s390/topology: enable / disable topology dynamically (bnc#1060245,
LTC#159177).
- scsi: avoid system stall due to host_busy race (bsc#1031358).
- scsi: close race when updating blocked counters (bsc#1031358).
- scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317).
- scsi: reset wait for IO completion (bsc#996376).
- scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace
records (bnc#1060245, LTC#158494).
- scsi: zfcp: fix missing trace records for early returns in TMF eh
handlers (bnc#1060245, LTC#158494).
- scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with
HBA (bnc#1060245, LTC#158494).
- scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
(bnc#1060245, LTC#158494).
- scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
(bnc#1060245, LTC#158493).
- scsi: zfcp: trace HBA FSF response by default on dismiss or timedout
late response (bnc#1060245, LTC#158494).
- ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).
- sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917).
- sunrpc: add auth_unix hash_cred() function (bsc#1012917).
- sunrpc: add generic_auth hash_cred() function (bsc#1012917).
- sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917).
- sunrpc: replace generic auth_cred hash with auth-specific function
(bsc#1012917).
- sunrpc: use supplimental groups in auth hash (bsc#1012917).
- supported.conf: clear mistaken external support flag for cifs.ko
(bsc#1053802).
- tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).
- usb-serial: check for NULL private data in pl2303_suse_disconnect
(bsc#1064803).
- uwb: fix device quirk on big-endian hosts (bsc#1036629).
- virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding
spinlock (bsc#1036286).
- x86/microcode/intel: Disable late loading on model 79 (bsc#1054305).
- xfs: fix inobt inode allocation search optimization (bsc#1013018).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-kernel-20171124-13375=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-kernel-20171124-13375=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-20171124-13375=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-20171124-13375=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
kernel-docs-3.0.101-108.18.3
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-3.0.101-108.18.1
kernel-default-base-3.0.101-108.18.1
kernel-default-devel-3.0.101-108.18.1
kernel-source-3.0.101-108.18.1
kernel-syms-3.0.101-108.18.1
kernel-trace-3.0.101-108.18.1
kernel-trace-base-3.0.101-108.18.1
kernel-trace-devel-3.0.101-108.18.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
kernel-ec2-3.0.101-108.18.1
kernel-ec2-base-3.0.101-108.18.1
kernel-ec2-devel-3.0.101-108.18.1
kernel-xen-3.0.101-108.18.1
kernel-xen-base-3.0.101-108.18.1
kernel-xen-devel-3.0.101-108.18.1
- SUSE Linux Enterprise Server 11-SP4 (s390x):
kernel-default-man-3.0.101-108.18.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64):
kernel-bigmem-3.0.101-108.18.1
kernel-bigmem-base-3.0.101-108.18.1
kernel-bigmem-devel-3.0.101-108.18.1
kernel-ppc64-3.0.101-108.18.1
kernel-ppc64-base-3.0.101-108.18.1
kernel-ppc64-devel-3.0.101-108.18.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
kernel-pae-3.0.101-108.18.1
kernel-pae-base-3.0.101-108.18.1
kernel-pae-devel-3.0.101-108.18.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-108.18.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-108.18.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-trace-extra-3.0.101-108.18.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-108.18.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-108.18.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-debuginfo-3.0.101-108.18.1
kernel-default-debugsource-3.0.101-108.18.1
kernel-trace-debuginfo-3.0.101-108.18.1
kernel-trace-debugsource-3.0.101-108.18.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
kernel-default-devel-debuginfo-3.0.101-108.18.1
kernel-trace-devel-debuginfo-3.0.101-108.18.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-108.18.1
kernel-ec2-debugsource-3.0.101-108.18.1
kernel-xen-debuginfo-3.0.101-108.18.1
kernel-xen-debugsource-3.0.101-108.18.1
kernel-xen-devel-debuginfo-3.0.101-108.18.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
kernel-bigmem-debuginfo-3.0.101-108.18.1
kernel-bigmem-debugsource-3.0.101-108.18.1
kernel-ppc64-debuginfo-3.0.101-108.18.1
kernel-ppc64-debugsource-3.0.101-108.18.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
kernel-pae-debuginfo-3.0.101-108.18.1
kernel-pae-debugsource-3.0.101-108.18.1
kernel-pae-devel-debuginfo-3.0.101-108.18.1
References:
https://www.suse.com/security/cve/CVE-2017-1000112.html
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-12762.html
https://www.suse.com/security/cve/CVE-2017-13080.html
https://www.suse.com/security/cve/CVE-2017-14051.html
https://www.suse.com/security/cve/CVE-2017-14140.html
https://www.suse.com/security/cve/CVE-2017-14340.html
https://www.suse.com/security/cve/CVE-2017-14489.html
https://www.suse.com/security/cve/CVE-2017-15102.html
https://www.suse.com/security/cve/CVE-2017-15265.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://www.suse.com/security/cve/CVE-2017-16525.html
https://www.suse.com/security/cve/CVE-2017-16527.html
https://www.suse.com/security/cve/CVE-2017-16529.html
https://www.suse.com/security/cve/CVE-2017-16531.html
https://www.suse.com/security/cve/CVE-2017-16535.html
https://www.suse.com/security/cve/CVE-2017-16536.html
https://www.suse.com/security/cve/CVE-2017-16537.html
https://www.suse.com/security/cve/CVE-2017-16649.html
https://www.suse.com/security/cve/CVE-2017-8831.html
https://bugzilla.suse.com/1012917
https://bugzilla.suse.com/1013018
https://bugzilla.suse.com/1022967
https://bugzilla.suse.com/1024450
https://bugzilla.suse.com/1031358
https://bugzilla.suse.com/1036286
https://bugzilla.suse.com/1036629
https://bugzilla.suse.com/1037441
https://bugzilla.suse.com/1037667
https://bugzilla.suse.com/1037669
https://bugzilla.suse.com/1037994
https://bugzilla.suse.com/1039803
https://bugzilla.suse.com/1040609
https://bugzilla.suse.com/1042863
https://bugzilla.suse.com/1045154
https://bugzilla.suse.com/1045205
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1045538
https://bugzilla.suse.com/1047523
https://bugzilla.suse.com/1050381
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1051133
https://bugzilla.suse.com/1051932
https://bugzilla.suse.com/1052311
https://bugzilla.suse.com/1052365
https://bugzilla.suse.com/1052370
https://bugzilla.suse.com/1052593
https://bugzilla.suse.com/1053148
https://bugzilla.suse.com/1053152
https://bugzilla.suse.com/1053317
https://bugzilla.suse.com/1053802
https://bugzilla.suse.com/1053933
https://bugzilla.suse.com/1054070
https://bugzilla.suse.com/1054076
https://bugzilla.suse.com/1054093
https://bugzilla.suse.com/1054247
https://bugzilla.suse.com/1054305
https://bugzilla.suse.com/1054706
https://bugzilla.suse.com/1056230
https://bugzilla.suse.com/1056504
https://bugzilla.suse.com/1056588
https://bugzilla.suse.com/1057179
https://bugzilla.suse.com/1057796
https://bugzilla.suse.com/1058524
https://bugzilla.suse.com/1059051
https://bugzilla.suse.com/1060245
https://bugzilla.suse.com/1060665
https://bugzilla.suse.com/1061017
https://bugzilla.suse.com/1061180
https://bugzilla.suse.com/1062520
https://bugzilla.suse.com/1062842
https://bugzilla.suse.com/1063301
https://bugzilla.suse.com/1063544
https://bugzilla.suse.com/1063667
https://bugzilla.suse.com/1064803
https://bugzilla.suse.com/1064861
https://bugzilla.suse.com/1065180
https://bugzilla.suse.com/1066471
https://bugzilla.suse.com/1066472
https://bugzilla.suse.com/1066573
https://bugzilla.suse.com/1066606
https://bugzilla.suse.com/1066618
https://bugzilla.suse.com/1066625
https://bugzilla.suse.com/1066650
https://bugzilla.suse.com/1066671
https://bugzilla.suse.com/1066700
https://bugzilla.suse.com/1066705
https://bugzilla.suse.com/1067085
https://bugzilla.suse.com/1067816
https://bugzilla.suse.com/1067888
https://bugzilla.suse.com/909484
https://bugzilla.suse.com/984530
https://bugzilla.suse.com/996376
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:3259-1: important: Security update for the OBS toolchain
by opensuse-security@opensuse.org 09 Dec '17
by opensuse-security@opensuse.org 09 Dec '17
09 Dec '17
openSUSE Security Update: Security update for the OBS toolchain
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:3259-1
Rating: important
References: #1059858 #1061500 #1069904 #665768 #938556
Cross-References: CVE-2010-4226 CVE-2017-14804 CVE-2017-9274
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves three vulnerabilities and has two
fixes is now available.
Description:
This OBS toolchain update fixes the following issues:
Package 'build':
- CVE-2010-4226: force use of bsdtar for VMs (bnc#665768)
- CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
- switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit
to foo-32bit-debuginfo (fate#323217)
Package 'obs-service-source_validator':
- CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from
a spec (bnc#938556).
- Update to version 0.7
- use spec_query instead of output_versions using the specfile parser from
the build package (boo#1059858)
Package 'osc':
- update to version 0.162.0
- add Recommends: ca-certificates to enable TLS verification without
manually installing them. (bnc#1061500)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1360=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1360=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (noarch):
build-20171128-5.1
build-initvm-i586-20171128-5.1
build-initvm-x86_64-20171128-5.1
build-mkbaselibs-20171128-5.1
build-mkdrpms-20171128-5.1
obs-service-source_validator-0.7-16.1
osc-0.162.0-10.1
- openSUSE Leap 42.2 (noarch):
build-20171128-2.6.1
build-initvm-i586-20171128-2.6.1
build-initvm-x86_64-20171128-2.6.1
build-mkbaselibs-20171128-2.6.1
build-mkdrpms-20171128-2.6.1
obs-service-source_validator-0.7-13.6.1
osc-0.162.0-7.7.1
References:
https://www.suse.com/security/cve/CVE-2010-4226.html
https://www.suse.com/security/cve/CVE-2017-14804.html
https://www.suse.com/security/cve/CVE-2017-9274.html
https://bugzilla.suse.com/1059858
https://bugzilla.suse.com/1061500
https://bugzilla.suse.com/1069904
https://bugzilla.suse.com/665768
https://bugzilla.suse.com/938556
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:3253-1: important: Fixing security issues on OBS toolchain
by opensuse-security@opensuse.org 08 Dec '17
by opensuse-security@opensuse.org 08 Dec '17
08 Dec '17
SUSE Security Update: Fixing security issues on OBS toolchain
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:3253-1
Rating: important
References: #1059858 #1061500 #1069904 #665768 #938556
Cross-References: CVE-2010-4226 CVE-2017-14804 CVE-2017-9274
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
______________________________________________________________________________
An update that solves three vulnerabilities and has two
fixes is now available.
Description:
This OBS toolchain update fixes the following issues:
Package 'build':
- CVE-2010-4226: force use of bsdtar for VMs (bnc#665768)
- CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
- switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit
to foo-32bit-debuginfo (fate#323217)
Package 'obs-service-source_validator':
- CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from
a spec (bnc#938556).
- Update to version 0.7
- use spec_query instead of output_versions using the specfile parser from
the build package (boo#1059858)
Package 'osc':
- update to version 0.162.0
- add Recommends: ca-certificates to enable TLS verification without
manually installing them. (bnc#1061500)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-2028=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-2028=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):
build-20171128-9.3.2
build-initvm-s390-20171128-9.3.2
build-initvm-x86_64-20171128-9.3.2
build-mkbaselibs-20171128-9.3.2
obs-service-source_validator-0.7-9.3.1
osc-0.162.0-15.3.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch):
build-20171128-9.3.2
build-initvm-s390-20171128-9.3.2
build-initvm-x86_64-20171128-9.3.2
build-mkbaselibs-20171128-9.3.2
obs-service-source_validator-0.7-9.3.1
osc-0.162.0-15.3.1
References:
https://www.suse.com/security/cve/CVE-2010-4226.html
https://www.suse.com/security/cve/CVE-2017-14804.html
https://www.suse.com/security/cve/CVE-2017-9274.html
https://bugzilla.suse.com/1059858
https://bugzilla.suse.com/1061500
https://bugzilla.suse.com/1069904
https://bugzilla.suse.com/665768
https://bugzilla.suse.com/938556
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:3249-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 08 Dec '17
by opensuse-security@opensuse.org 08 Dec '17
08 Dec '17
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:3249-1
Rating: important
References: #1043652 #1047626 #1066192 #1066471 #1066472
#1066573 #1066606 #1066618 #1066625 #1066650
#1066671 #1066700 #1066705 #1067085 #1067086
#1067997 #1069496 #1069702 #1069708 #1070307
#1070781 #860993
Cross-References: CVE-2014-0038 CVE-2017-1000405 CVE-2017-12193
CVE-2017-15102 CVE-2017-16525 CVE-2017-16527
CVE-2017-16529 CVE-2017-16531 CVE-2017-16535
CVE-2017-16536 CVE-2017-16537 CVE-2017-16649
CVE-2017-16650 CVE-2017-16939
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________
An update that solves 14 vulnerabilities and has 8 fixes is
now available.
Description:
The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (use-after-free) via a crafted
SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY
Netlink messages (bnc#1069702 1069708).
- CVE-2017-1000405: The Linux Kernel had a problematic use of
pmd_mkdirty() in the touch_pmd() function inside the THP implementation.
touch_pmd() could be reached by get_user_pages(). In such case, the pmd
would become dirty. This scenario breaks the new
can_follow_write_pmd()'s logic - pmd could become dirty without going
through a COW cycle. This bug was not as severe as the original "Dirty
cow" because an ext4 file (or any other regular file) could not be
mapped using THP. Nevertheless, it did allow us to overwrite read-only
huge pages. For example, the zero huge page and sealed shmem files could
be overwritten (since their mapping could be populated using THP). Note
that after the first write page-fault to the zero page, it will be
replaced with a new fresh (and zeroed) thp (bnc#1069496 1070307).
- CVE-2017-16649: The usbnet_generic_cdc_bind function in
drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to
cause a denial of service (divide-by-zero error and system crash) or
possibly have unspecified other impact via a crafted USB device
(bnc#1067085).
- CVE-2014-0038: The compat_sys_recvmmsg function in net/compat.c in the
Linux kernel, when CONFIG_X86_X32 is enabled, allowed local users to
gain privileges via a recvmmsg system call with a crafted timeout
pointer parameter (bnc#860993).
- CVE-2017-16650: The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c
in the Linux kernel allowed local users to cause a denial of service
(divide-by-zero error and system crash) or possibly have unspecified
other impact via a crafted USB device (bnc#1067086).
- CVE-2017-16535: The usb_get_bos_descriptor function in
drivers/usb/core/config.c in the Linux kernel allowed local users to
cause a denial of service (out-of-bounds read and system crash) or
possibly have unspecified other impact via a crafted USB device
(bnc#1066700).
- CVE-2017-15102: The tower_probe function in
drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users
(who are physically proximate for inserting a crafted USB device) to
gain privileges by leveraging a write-what-where condition that occurs
after a race condition and a NULL pointer dereference (bnc#1066705).
- CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed
local users to cause a denial of service (out-of-bounds read and system
crash) or possibly have unspecified other impact via a crafted USB
device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor
(bnc#1066671).
- CVE-2017-12193: The assoc_array_insert_into_terminal_node function in
lib/assoc_array.c in the Linux kernel mishandled node splitting, which
allowed local users to cause a denial of service (NULL pointer
dereference and panic) via a crafted application, as demonstrated by the
keyring key type, and key addition and link creation operations
(bnc#1066192).
- CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c
in the Linux kernel allowed local users to cause a denial of service
(out-of-bounds read and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1066650).
- CVE-2017-16525: The usb_serial_console_disconnect function in
drivers/usb/serial/console.c in the Linux kernel allowed local users to
cause a denial of service (use-after-free and system crash) or possibly
have unspecified other impact via a crafted USB device, related to
disconnection and failed setup (bnc#1066618).
- CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in
the Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1066573).
- CVE-2017-16536: The cx231xx_usb_probe function in
drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed
local users to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact via a crafted
USB device (bnc#1066606).
- CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local
users to cause a denial of service (snd_usb_mixer_interrupt
use-after-free and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1066625).
The following non-security bugs were fixed:
- Define sock_efree (bsc#1067997).
- bcache: Add bch_keylist_init_single() (bsc#1047626).
- bcache: Add btree_map() functions (bsc#1047626).
- bcache: Add on error panic/unregister setting (bsc#1047626).
- bcache: Convert gc to a kthread (bsc#1047626).
- bcache: Delete some slower inline asm (bsc#1047626).
- bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).
- bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).
- bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).
- bcache: Fix a null ptr deref in journal replay (bsc#1047626).
- bcache: Fix an infinite loop in journal replay (bsc#1047626).
- bcache: Fix bch_ptr_bad() (bsc#1047626).
- bcache: Fix discard granularity (bsc#1047626).
- bcache: Fix for can_attach_cache() (bsc#1047626).
- bcache: Fix heap_peek() macro (bsc#1047626).
- bcache: Fix moving_pred() (bsc#1047626).
- bcache: Fix to remove the rcu_sched stalls (bsc#1047626).
- bcache: Improve bucket_prio() calculation (bsc#1047626).
- bcache: Improve priority_stats (bsc#1047626).
- bcache: Minor btree cache fix (bsc#1047626).
- bcache: Move keylist out of btree_op (bsc#1047626).
- bcache: New writeback PD controller (bsc#1047626).
- bcache: PRECEDING_KEY() (bsc#1047626).
- bcache: Performance fix for when journal entry is full (bsc#1047626).
- bcache: Remove redundant block_size assignment (bsc#1047626).
- bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).
- bcache: Remove/fix some header dependencies (bsc#1047626).
- bcache: Trivial error handling fix (bsc#1047626).
- bcache: Use ida for bcache block dev minor (bsc#1047626).
- bcache: allows use of register in udev to avoid "device_busy" error
(bsc#1047626).
- bcache: bch_allocator_thread() is not freezable (bsc#1047626).
- bcache: bch_gc_thread() is not freezable (bsc#1047626).
- bcache: bugfix - gc thread now gets woken when cache is full
(bsc#1047626).
- bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).
- bcache: cleaned up error handling around register_cache() (bsc#1047626).
- bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing
device (bsc#1047626).
- bcache: defensively handle format strings (bsc#1047626).
- bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED
(bsc#1047626).
- bcache: fix a livelock when we cause a huge number of cache misses
(bsc#1047626).
- bcache: fix crash in bcache_btree_node_alloc_fail tracepoint
(bsc#1047626).
- bcache: fix for gc and writeback race (bsc#1047626).
- bcache: fix for gc crashing when no sectors are used (bsc#1047626).
- bcache: kill index() (bsc#1047626).
- bcache: only recovery I/O error for writethrough mode (bsc#1043652).
- bcache: register_bcache(): call blkdev_put() when cache_alloc() fails
(bsc#1047626).
- bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).
- mac80211: do not compare TKIP TX MIC key in reinstall prevention
(bsc#1066472).
- mac80211: use constant time comparison with keys (bsc#1066471).
- powerpc/powernv: Remove OPAL v1 takeover (bsc#1070781).
- powerpc/vdso64: Use double word compare on pointers
- powerpc: Convert cmp to cmpd in idle enter sequence
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2017-2024=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-2024=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
kernel-default-3.12.61-52.106.1
kernel-default-base-3.12.61-52.106.1
kernel-default-base-debuginfo-3.12.61-52.106.1
kernel-default-debuginfo-3.12.61-52.106.1
kernel-default-debugsource-3.12.61-52.106.1
kernel-default-devel-3.12.61-52.106.1
kernel-syms-3.12.61-52.106.1
- SUSE Linux Enterprise Server 12-LTSS (noarch):
kernel-devel-3.12.61-52.106.1
kernel-macros-3.12.61-52.106.1
kernel-source-3.12.61-52.106.1
- SUSE Linux Enterprise Server 12-LTSS (x86_64):
kernel-xen-3.12.61-52.106.1
kernel-xen-base-3.12.61-52.106.1
kernel-xen-base-debuginfo-3.12.61-52.106.1
kernel-xen-debuginfo-3.12.61-52.106.1
kernel-xen-debugsource-3.12.61-52.106.1
kernel-xen-devel-3.12.61-52.106.1
kgraft-patch-3_12_61-52_106-default-1-5.1
kgraft-patch-3_12_61-52_106-xen-1-5.1
- SUSE Linux Enterprise Server 12-LTSS (s390x):
kernel-default-man-3.12.61-52.106.1
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.61-52.106.1
kernel-ec2-debuginfo-3.12.61-52.106.1
kernel-ec2-debugsource-3.12.61-52.106.1
kernel-ec2-devel-3.12.61-52.106.1
kernel-ec2-extra-3.12.61-52.106.1
kernel-ec2-extra-debuginfo-3.12.61-52.106.1
References:
https://www.suse.com/security/cve/CVE-2014-0038.html
https://www.suse.com/security/cve/CVE-2017-1000405.html
https://www.suse.com/security/cve/CVE-2017-12193.html
https://www.suse.com/security/cve/CVE-2017-15102.html
https://www.suse.com/security/cve/CVE-2017-16525.html
https://www.suse.com/security/cve/CVE-2017-16527.html
https://www.suse.com/security/cve/CVE-2017-16529.html
https://www.suse.com/security/cve/CVE-2017-16531.html
https://www.suse.com/security/cve/CVE-2017-16535.html
https://www.suse.com/security/cve/CVE-2017-16536.html
https://www.suse.com/security/cve/CVE-2017-16537.html
https://www.suse.com/security/cve/CVE-2017-16649.html
https://www.suse.com/security/cve/CVE-2017-16650.html
https://www.suse.com/security/cve/CVE-2017-16939.html
https://bugzilla.suse.com/1043652
https://bugzilla.suse.com/1047626
https://bugzilla.suse.com/1066192
https://bugzilla.suse.com/1066471
https://bugzilla.suse.com/1066472
https://bugzilla.suse.com/1066573
https://bugzilla.suse.com/1066606
https://bugzilla.suse.com/1066618
https://bugzilla.suse.com/1066625
https://bugzilla.suse.com/1066650
https://bugzilla.suse.com/1066671
https://bugzilla.suse.com/1066700
https://bugzilla.suse.com/1066705
https://bugzilla.suse.com/1067085
https://bugzilla.suse.com/1067086
https://bugzilla.suse.com/1067997
https://bugzilla.suse.com/1069496
https://bugzilla.suse.com/1069702
https://bugzilla.suse.com/1069708
https://bugzilla.suse.com/1070307
https://bugzilla.suse.com/1070781
https://bugzilla.suse.com/860993
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:3245-1: important: Security update for chromium
by opensuse-security@opensuse.org 08 Dec '17
by opensuse-security@opensuse.org 08 Dec '17
08 Dec '17
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:3245-1
Rating: important
References: #1064066 #1064298 #1065405 #1066851 #1071691
Cross-References: CVE-2017-15386 CVE-2017-15387 CVE-2017-15388
CVE-2017-15389 CVE-2017-15390 CVE-2017-15391
CVE-2017-15392 CVE-2017-15393 CVE-2017-15394
CVE-2017-15395 CVE-2017-15396 CVE-2017-15398
CVE-2017-15399 CVE-2017-15408 CVE-2017-15409
CVE-2017-15410 CVE-2017-15411 CVE-2017-15412
CVE-2017-15413 CVE-2017-15415 CVE-2017-15416
CVE-2017-15417 CVE-2017-15418 CVE-2017-15419
CVE-2017-15420 CVE-2017-15422 CVE-2017-15423
CVE-2017-15424 CVE-2017-15425 CVE-2017-15426
CVE-2017-15427 CVE-2017-5124 CVE-2017-5125
CVE-2017-5126 CVE-2017-5127 CVE-2017-5128
CVE-2017-5129 CVE-2017-5130 CVE-2017-5131
CVE-2017-5132 CVE-2017-5133
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes 41 vulnerabilities is now available.
Description:
This update to Chromium 63.0.3239.84 fixes the following security issues:
- CVE-2017-5124: UXSS with MHTML
- CVE-2017-5125: Heap overflow in Skia
- CVE-2017-5126: Use after free in PDFium
- CVE-2017-5127: Use after free in PDFium
- CVE-2017-5128: Heap overflow in WebGL
- CVE-2017-5129: Use after free in WebAudio
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2
- CVE-2017-5131: Out of bounds write in Skia
- CVE-2017-5133: Out of bounds write in Skia
- CVE-2017-15386: UI spoofing in Blink
- CVE-2017-15387: Content security bypass
- CVE-2017-15388: Out of bounds read in Skia
- CVE-2017-15389: URL spoofing in OmniBox
- CVE-2017-15390: URL spoofing in OmniBox
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration
- CVE-2017-15393: Referrer leak in Devtools
- CVE-2017-15394: URL spoofing in extensions UI
- CVE-2017-15395: Null pointer dereference in ImageCapture
- CVE-2017-15396: Stack overflow in V8
- CVE-2017-15398: Stack buffer overflow in QUIC
- CVE-2017-15399: Use after free in V8
- CVE-2017-15408: Heap buffer overflow in PDFium
- CVE-2017-15409: Out of bounds write in Skia
- CVE-2017-15410: Use after free in PDFium
- CVE-2017-15411: Use after free in PDFium
- CVE-2017-15412: Use after free in libXML
- CVE-2017-15413: Type confusion in WebAssembly
- CVE-2017-15415: Pointer information disclosure in IPC call
- CVE-2017-15416: Out of bounds read in Blink
- CVE-2017-15417: Cross origin information disclosure in Skia
- CVE-2017-15418: Use of uninitialized value in Skia
- CVE-2017-15419: Cross origin leak of redirect URL in Blink
- CVE-2017-15420: URL spoofing in Omnibox
- CVE-2017-15422: Integer overflow in ICU
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL
- CVE-2017-15424: URL Spoof in Omnibox
- CVE-2017-15425: URL Spoof in Omnibox
- CVE-2017-15426: URL Spoof in Omnibox
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox
The following tracked bug fixes are included:
- sandbox crash fixes (bsc#1064298)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2017-1352=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
chromedriver-63.0.3239.84-40.1
chromium-63.0.3239.84-40.1
References:
https://www.suse.com/security/cve/CVE-2017-15386.html
https://www.suse.com/security/cve/CVE-2017-15387.html
https://www.suse.com/security/cve/CVE-2017-15388.html
https://www.suse.com/security/cve/CVE-2017-15389.html
https://www.suse.com/security/cve/CVE-2017-15390.html
https://www.suse.com/security/cve/CVE-2017-15391.html
https://www.suse.com/security/cve/CVE-2017-15392.html
https://www.suse.com/security/cve/CVE-2017-15393.html
https://www.suse.com/security/cve/CVE-2017-15394.html
https://www.suse.com/security/cve/CVE-2017-15395.html
https://www.suse.com/security/cve/CVE-2017-15396.html
https://www.suse.com/security/cve/CVE-2017-15398.html
https://www.suse.com/security/cve/CVE-2017-15399.html
https://www.suse.com/security/cve/CVE-2017-15408.html
https://www.suse.com/security/cve/CVE-2017-15409.html
https://www.suse.com/security/cve/CVE-2017-15410.html
https://www.suse.com/security/cve/CVE-2017-15411.html
https://www.suse.com/security/cve/CVE-2017-15412.html
https://www.suse.com/security/cve/CVE-2017-15413.html
https://www.suse.com/security/cve/CVE-2017-15415.html
https://www.suse.com/security/cve/CVE-2017-15416.html
https://www.suse.com/security/cve/CVE-2017-15417.html
https://www.suse.com/security/cve/CVE-2017-15418.html
https://www.suse.com/security/cve/CVE-2017-15419.html
https://www.suse.com/security/cve/CVE-2017-15420.html
https://www.suse.com/security/cve/CVE-2017-15422.html
https://www.suse.com/security/cve/CVE-2017-15423.html
https://www.suse.com/security/cve/CVE-2017-15424.html
https://www.suse.com/security/cve/CVE-2017-15425.html
https://www.suse.com/security/cve/CVE-2017-15426.html
https://www.suse.com/security/cve/CVE-2017-15427.html
https://www.suse.com/security/cve/CVE-2017-5124.html
https://www.suse.com/security/cve/CVE-2017-5125.html
https://www.suse.com/security/cve/CVE-2017-5126.html
https://www.suse.com/security/cve/CVE-2017-5127.html
https://www.suse.com/security/cve/CVE-2017-5128.html
https://www.suse.com/security/cve/CVE-2017-5129.html
https://www.suse.com/security/cve/CVE-2017-5130.html
https://www.suse.com/security/cve/CVE-2017-5131.html
https://www.suse.com/security/cve/CVE-2017-5132.html
https://www.suse.com/security/cve/CVE-2017-5133.html
https://bugzilla.suse.com/1064066
https://bugzilla.suse.com/1064298
https://bugzilla.suse.com/1065405
https://bugzilla.suse.com/1066851
https://bugzilla.suse.com/1071691
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:3244-1: important: Security update for chromium
by opensuse-security@opensuse.org 08 Dec '17
by opensuse-security@opensuse.org 08 Dec '17
08 Dec '17
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:3244-1
Rating: important
References: #1071691
Cross-References: CVE-2017-15408 CVE-2017-15409 CVE-2017-15410
CVE-2017-15411 CVE-2017-15412 CVE-2017-15413
CVE-2017-15415 CVE-2017-15416 CVE-2017-15417
CVE-2017-15418 CVE-2017-15419 CVE-2017-15420
CVE-2017-15422 CVE-2017-15423 CVE-2017-15424
CVE-2017-15425 CVE-2017-15426 CVE-2017-15427
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
This update to Chromium 63.0.3239.84 fixes the following security issues:
- CVE-2017-15408: Heap buffer overflow in PDFium
- CVE-2017-15409: Out of bounds write in Skia
- CVE-2017-15410: Use after free in PDFium
- CVE-2017-15411: Use after free in PDFium
- CVE-2017-15412: Use after free in libXML
- CVE-2017-15413: Type confusion in WebAssembly
- CVE-2017-15415: Pointer information disclosure in IPC call
- CVE-2017-15416: Out of bounds read in Blink
- CVE-2017-15417: Cross origin information disclosure in Skia
- CVE-2017-15418: Use of uninitialized value in Skia
- CVE-2017-15419: Cross origin leak of redirect URL in Blink
- CVE-2017-15420: URL spoofing in Omnibox
- CVE-2017-15422: Integer overflow in ICU
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL
- CVE-2017-15424: URL Spoof in Omnibox
- CVE-2017-15425: URL Spoof in Omnibox
- CVE-2017-15426: URL Spoof in Omnibox
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1349=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1349=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (x86_64):
chromedriver-63.0.3239.84-127.1
chromedriver-debuginfo-63.0.3239.84-127.1
chromium-63.0.3239.84-127.1
chromium-debuginfo-63.0.3239.84-127.1
chromium-debugsource-63.0.3239.84-127.1
- openSUSE Leap 42.2 (x86_64):
chromedriver-63.0.3239.84-104.41.1
chromedriver-debuginfo-63.0.3239.84-104.41.1
chromium-63.0.3239.84-104.41.1
chromium-debuginfo-63.0.3239.84-104.41.1
chromium-debugsource-63.0.3239.84-104.41.1
References:
https://www.suse.com/security/cve/CVE-2017-15408.html
https://www.suse.com/security/cve/CVE-2017-15409.html
https://www.suse.com/security/cve/CVE-2017-15410.html
https://www.suse.com/security/cve/CVE-2017-15411.html
https://www.suse.com/security/cve/CVE-2017-15412.html
https://www.suse.com/security/cve/CVE-2017-15413.html
https://www.suse.com/security/cve/CVE-2017-15415.html
https://www.suse.com/security/cve/CVE-2017-15416.html
https://www.suse.com/security/cve/CVE-2017-15417.html
https://www.suse.com/security/cve/CVE-2017-15418.html
https://www.suse.com/security/cve/CVE-2017-15419.html
https://www.suse.com/security/cve/CVE-2017-15420.html
https://www.suse.com/security/cve/CVE-2017-15422.html
https://www.suse.com/security/cve/CVE-2017-15423.html
https://www.suse.com/security/cve/CVE-2017-15424.html
https://www.suse.com/security/cve/CVE-2017-15425.html
https://www.suse.com/security/cve/CVE-2017-15426.html
https://www.suse.com/security/cve/CVE-2017-15427.html
https://bugzilla.suse.com/1071691
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:3242-1: important: Security update for xen
by opensuse-security@opensuse.org 08 Dec '17
by opensuse-security@opensuse.org 08 Dec '17
08 Dec '17
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:3242-1
Rating: important
References: #1055047 #1056336 #1061075 #1061081 #1061086
#1063123 #1068187 #1068191
Cross-References: CVE-2017-13672 CVE-2017-15289 CVE-2017-15592
CVE-2017-15595 CVE-2017-15597
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 5 vulnerabilities and has three fixes
is now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)
code allowed for DoS (XSA-246)
- bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged
guests to retain a writable mapping of freed memory leading to
information leaks, privilege escalation or DoS (XSA-247).
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
(bsc#1063123)
- CVE-2017-15597: A grant copy operation being done on a grant of a dying
domain allowed a malicious guest administrator to corrupt hypervisor
memory, allowing for DoS or potentially privilege escalation and
information leaks (bsc#1061075).
- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS
(unbounded recursion, stack consumption, and hypervisor crash) or
possibly gain privileges via crafted page-table stacking (bsc#1061081).
- CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS
(hypervisor crash) or possibly gain privileges because self-linear
shadow mappings were mishandled for translated guests (bsc#1061086).
- CVE-2017-13672: The VGA display emulator support allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors involving display update (bsc#1056336)
This non-security issue was fixed:
- bsc#1055047: Fixed --initrd-inject option in virt-install
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-xen-13372=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-xen-13372=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-xen-13372=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
xen-devel-4.4.4_26-61.17.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
xen-kmp-default-4.4.4_26_3.0.101_108.13-61.17.1
xen-libs-4.4.4_26-61.17.1
xen-tools-domU-4.4.4_26-61.17.1
- SUSE Linux Enterprise Server 11-SP4 (x86_64):
xen-4.4.4_26-61.17.1
xen-doc-html-4.4.4_26-61.17.1
xen-libs-32bit-4.4.4_26-61.17.1
xen-tools-4.4.4_26-61.17.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
xen-kmp-pae-4.4.4_26_3.0.101_108.13-61.17.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
xen-debuginfo-4.4.4_26-61.17.1
xen-debugsource-4.4.4_26-61.17.1
References:
https://www.suse.com/security/cve/CVE-2017-13672.html
https://www.suse.com/security/cve/CVE-2017-15289.html
https://www.suse.com/security/cve/CVE-2017-15592.html
https://www.suse.com/security/cve/CVE-2017-15595.html
https://www.suse.com/security/cve/CVE-2017-15597.html
https://bugzilla.suse.com/1055047
https://bugzilla.suse.com/1056336
https://bugzilla.suse.com/1061075
https://bugzilla.suse.com/1061081
https://bugzilla.suse.com/1061086
https://bugzilla.suse.com/1063123
https://bugzilla.suse.com/1068187
https://bugzilla.suse.com/1068191
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:3241-1: important: Security update for opensaml
by opensuse-security@opensuse.org 08 Dec '17
by opensuse-security@opensuse.org 08 Dec '17
08 Dec '17
openSUSE Security Update: Security update for opensaml
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:3241-1
Rating: important
References: #1068685
Cross-References: CVE-2017-16853
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for opensaml fixes the following issues:
Security issue fixed:
- CVE-2017-16853: Fix the DynamicMetadataProvider class to properly
configure itself with the MetadataFilter plugins, to avoid possible MITM
attacks (bsc#1068685).
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1350=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1350=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (x86_64):
libsaml-devel-2.5.5-6.1
libsaml8-2.5.5-6.1
libsaml8-debuginfo-2.5.5-6.1
opensaml-bin-2.5.5-6.1
opensaml-bin-debuginfo-2.5.5-6.1
opensaml-debugsource-2.5.5-6.1
opensaml-schemas-2.5.5-6.1
- openSUSE Leap 42.2 (x86_64):
libsaml-devel-2.5.5-3.3.1
libsaml8-2.5.5-3.3.1
libsaml8-debuginfo-2.5.5-3.3.1
opensaml-bin-2.5.5-3.3.1
opensaml-bin-debuginfo-2.5.5-3.3.1
opensaml-debugsource-2.5.5-3.3.1
opensaml-schemas-2.5.5-3.3.1
References:
https://www.suse.com/security/cve/CVE-2017-16853.html
https://bugzilla.suse.com/1068685
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:3239-1: important: Security update for xen
by opensuse-security@opensuse.org 08 Dec '17
by opensuse-security@opensuse.org 08 Dec '17
08 Dec '17
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:3239-1
Rating: important
References: #1055047 #1056336 #1061075 #1061081 #1061086
#1063123 #1068187 #1068191
Cross-References: CVE-2017-13672 CVE-2017-15289 CVE-2017-15592
CVE-2017-15595 CVE-2017-15597
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________
An update that solves 5 vulnerabilities and has three fixes
is now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)
code allowed for DoS (XSA-246)
- bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged
guests to retain a writable mapping of freed memory leading to
information leaks, privilege escalation or DoS (XSA-247).
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
(bsc#1063123)
- CVE-2017-15597: A grant copy operation being done on a grant of a dying
domain allowed a malicious guest administrator to corrupt hypervisor
memory, allowing for DoS or potentially privilege escalation and
information leaks (bsc#1061075).
- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS
(unbounded recursion, stack consumption, and hypervisor crash) or
possibly gain privileges via crafted page-table stacking (bsc#1061081).
- CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS
(hypervisor crash) or possibly gain privileges because self-linear
shadow mappings were mishandled for translated guests (bsc#1061086).
- CVE-2017-13672: The VGA display emulator support allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors involving display update (bsc#1056336)
This non-security issue was fixed:
- bsc#1055047: Fixed --initrd-inject option in virt-install
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2017-2019=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-LTSS (x86_64):
xen-4.4.4_26-22.59.3
xen-debugsource-4.4.4_26-22.59.3
xen-doc-html-4.4.4_26-22.59.3
xen-kmp-default-4.4.4_26_k3.12.61_52.101-22.59.3
xen-kmp-default-debuginfo-4.4.4_26_k3.12.61_52.101-22.59.3
xen-libs-32bit-4.4.4_26-22.59.3
xen-libs-4.4.4_26-22.59.3
xen-libs-debuginfo-32bit-4.4.4_26-22.59.3
xen-libs-debuginfo-4.4.4_26-22.59.3
xen-tools-4.4.4_26-22.59.3
xen-tools-debuginfo-4.4.4_26-22.59.3
xen-tools-domU-4.4.4_26-22.59.3
xen-tools-domU-debuginfo-4.4.4_26-22.59.3
References:
https://www.suse.com/security/cve/CVE-2017-13672.html
https://www.suse.com/security/cve/CVE-2017-15289.html
https://www.suse.com/security/cve/CVE-2017-15592.html
https://www.suse.com/security/cve/CVE-2017-15595.html
https://www.suse.com/security/cve/CVE-2017-15597.html
https://bugzilla.suse.com/1055047
https://bugzilla.suse.com/1056336
https://bugzilla.suse.com/1061075
https://bugzilla.suse.com/1061081
https://bugzilla.suse.com/1061086
https://bugzilla.suse.com/1063123
https://bugzilla.suse.com/1068187
https://bugzilla.suse.com/1068191
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0