[security-announce] openSUSE-SU-2017:2494-1: important: Security update for the Linux Kernel

15 Sep 2017

      openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:2494-1
Rating:             important
References:         #1012829 #1021424 #1022743 #1024405 #1031717 
                    #1035479 #1036060 #1038583 #1046529 #1048893 
                    #1048912 #1049361 #1049580 #1054654 #1056261 
                    #1056849 #1056982 #1057015 #1057031 #1057035 
                    #1057038 #1057047 #1057067 #1057389 #1057849 
                    #1058116 #971975 #981309 
Cross-References:   CVE-2017-1000251 CVE-2017-11472 CVE-2017-14106

Affected Products:
                    openSUSE Leap 42.3
______________________________________________________________________________

   An update that solves three vulnerabilities and has 25
   fixes is now available.

Description:

   The openSUSE Leap 42.3 kernel was updated to 4.4.87 to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
     was vulnerable to a stack overflow vulnerability in the processing of
     L2CAP configuration responses resulting in Remote code execution in
     kernel space (bnc#1057389).
   - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the
     Linux kernel allowed local users to cause a denial of service
     (__tcp_select_window divide-by-zero error and system crash) by
     triggering a disconnect within a certain tcp_recvmsg code path
     (bnc#1056982).
   - CVE-2017-11472: The acpi_ns_terminate() function in
     drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the
     operand cache and causes a kernel stack dump, which allowed local users
     to obtain sensitive information from kernel memory and bypass the KASLR
     protection mechanism via a crafted ACPI table (bnc#1049580).

   The following non-security bugs were fixed:

   - acpica: IORT: Update SMMU models for revision C (bsc#1036060).
   - acpi/nfit: Fix memory corruption/Unregister mce decoder on failure
     (bsc#1057047).
   - ahci: do not use MSI for devices with the silly Intel NVMe remapping
     scheme (bsc#1048912).
   - ahci: thunderx2: stop engine fix update (bsc#1057031).
   - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform
     (bsc#1024405).
   - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT (bsc#1046529).
   - arm64: PCI: Fix struct acpi_pci_root_ops allocation failure path
     (bsc#1056849).
   - arm64: Update config files. Enable ARCH_PROC_KCORE_TEXT
   - blacklist.conf: gcc7 compiler warning (bsc#1056849)
   - bnxt: add a missing rcu synchronization (bnc#1038583).
   - bnxt: do not busy-poll when link is down (bnc#1038583).
   - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).
   - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).
   - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).
   - bnxt_en: Fix NULL pointer dereference in a failure path during open
     (bnc#1038583).
   - bnxt_en: Fix NULL pointer dereference in reopen failure path
     (bnc#1038583).
   - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).
   - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).
   - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).
   - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583).
   - bnxt_en: Fix VF virtual link state (bnc#1038583).
   - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).
   - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).
   - bnxt_en: Refactor TPA code path (bnc#1038583).
   - ceph: fix readpage from fscache (bsc#1057015).
   - cifs: add build_path_from_dentry_optional_prefix() (fate#323482).
   - cifs: add use_ipc flag to SMB2_ioctl() (fate#323482).
   - cifs: Fix sparse warnings (fate#323482).
   - cifs: implement get_dfs_refer for SMB2+ (fate#323482).
   - cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482).
   - cifs: move DFS response parsing out of SMB1 code (fate#323482).
   - cifs: remove any preceding delimiter from prefix_path (fate#323482).
   - cifs: set signing flag in SMB2+ TreeConnect if needed (fate#323482).
   - cifs: use DFS pathnames in SMB2+ Create requests (fate#323482).
   - cpufreq: intel_pstate: Disable energy efficiency optimization
     (bsc#1054654).
   - cxgb4: Fix stack out-of-bounds read due to wrong size to
     t4_record_mbox() (bsc#1021424 bsc#1022743).
   - device-dax: fix cdev leak (bsc#1057047).
   - dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx
     (bsc#1056849).
   - dmaengine: mv_xor_v2: enable XOR engine after its configuration
     (bsc#1056849).
   - dmaengine: mv_xor_v2: fix tx_submit() implementation (bsc#1056849).
   - dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly
     (bsc#1056849).
   - dmaengine: mv_xor_v2: properly handle wrapping in the array of HW
     descriptors (bsc#1056849).
   - dmaengine: mv_xor_v2: remove interrupt coalescing (bsc#1056849).
   - dmaengine: mv_xor_v2: set DMA mask to 40 bits (bsc#1056849).
   - drivers: base: cacheinfo: fix boot error message when acpi is enabled
     (bsc#1057849).
   - edac, thunderx: Fix a warning during l2c debugfs node creation
     (bsc#1057038).
   - edac, thunderx: Fix error handling path in thunderx_lmc_probe()
     (bsc#1057038).
   - fs/proc: kcore: use kcore_list type to check for vmalloc/module address
     (bsc#1046529).
   - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).
   - ib/hns: checking for IS_ERR() instead of NULL (bsc#1056849).
   - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).
   - ib/rxe: Add dst_clone() in prepare_ipv6_hdr() (bsc#1049361).
   - ib/rxe: Avoid ICRC errors by copying into the skb first (bsc#1049361).
   - ib/rxe: Disable completion upcalls when a CQ is destroyed (bsc#1049361).
   - ib/rxe: Fix destination cache for IPv6 (bsc#1049361).
   - ib/rxe: Fix up rxe_qp_cleanup() (bsc#1049361).
   - ib/rxe: Fix up the responder's find_resources() function (bsc#1049361).
   - ib/rxe: Handle NETDEV_CHANGE events (bsc#1049361).
   - ib/rxe: Move refcounting earlier in rxe_send() (bsc#1049361).
   - ib/rxe: Remove dangling prototype (bsc#1049361).
   - ib/rxe: Remove unneeded initialization in prepare6() (bsc#1049361).
   - ib/rxe: Set dma_mask and coherent_dma_mask (bsc#1049361).
   - iommu/arm-smmu-v3, acpi: Add temporary Cavium SMMU-V3 IORT model number
     definitions (bsc#1036060).
   - iommu/arm-smmu-v3: Increase CMDQ drain timeout value (bsc#1035479).
     Refresh patch to mainline version
   - irqchip/gic-v3-its: Fix command buffer allocation (bsc#1057067).
   - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported
     (bsc#1031717).
   - kernel/*: switch to memdup_user_nul() (bsc#1048893).
   - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill
     warning (FATE#319466).
   - md/raid5: fix a race condition in stripe batch (linux-stable).
   - mmc: sdhci-xenon: add set_power callback (bsc#1057035).
   - mmc: sdhci-xenon: Fix the work flow in xenon_remove() (bsc#1057035).
   - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation
     attempt (bnc#971975 VM -- git fixes).
   - mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap
     mappings (bsc#1046529).
   - new helper: memdup_user_nul() (bsc#1048893).
   - nfs: flush data when locking a file to ensure cache coherence for mmap
     (bsc#981309).
   - pci: rockchip: Handle regulator_get_current_limit() failure correctly
     (bsc#1056849).
   - pci: rockchip: Use normal register bank for config accessors
     (bsc#1056849).
   - pm / Domains: Fix unsafe iteration over modified list of domains
     (bsc#1056849).
   - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).
   - scsi: hisi_sas: add missing break in switch statement (bsc#1056849).
   - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).
   - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).
   - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).
   - sysctl: simplify unsigned int support (bsc#1048893).
   - ubifs: Correctly evict xattr inodes (bsc#1012829).
   - ubifs: Do not leak kernel memory to the MTD (bsc#1012829).
   - xfs: fix inobt inode allocation search optimization (bsc#1012829).

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.3:

      zypper in -t patch openSUSE-2017-1063=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE Leap 42.3 (noarch):

      kernel-devel-4.4.87-25.1
      kernel-docs-4.4.87-25.2
      kernel-docs-html-4.4.87-25.2
      kernel-docs-pdf-4.4.87-25.2
      kernel-macros-4.4.87-25.1
      kernel-source-4.4.87-25.1
      kernel-source-vanilla-4.4.87-25.1

   - openSUSE Leap 42.3 (x86_64):

      kernel-debug-4.4.87-25.1
      kernel-debug-base-4.4.87-25.1
      kernel-debug-base-debuginfo-4.4.87-25.1
      kernel-debug-debuginfo-4.4.87-25.1
      kernel-debug-debugsource-4.4.87-25.1
      kernel-debug-devel-4.4.87-25.1
      kernel-debug-devel-debuginfo-4.4.87-25.1
      kernel-default-4.4.87-25.1
      kernel-default-base-4.4.87-25.1
      kernel-default-base-debuginfo-4.4.87-25.1
      kernel-default-debuginfo-4.4.87-25.1
      kernel-default-debugsource-4.4.87-25.1
      kernel-default-devel-4.4.87-25.1
      kernel-obs-build-4.4.87-25.1
      kernel-obs-build-debugsource-4.4.87-25.1
      kernel-obs-qa-4.4.87-25.1
      kernel-syms-4.4.87-25.1
      kernel-vanilla-4.4.87-25.1
      kernel-vanilla-base-4.4.87-25.1
      kernel-vanilla-base-debuginfo-4.4.87-25.1
      kernel-vanilla-debuginfo-4.4.87-25.1
      kernel-vanilla-debugsource-4.4.87-25.1
      kernel-vanilla-devel-4.4.87-25.1

References:

   https://www.suse.com/security/cve/CVE-2017-1000251.html
   https://www.suse.com/security/cve/CVE-2017-11472.html
   https://www.suse.com/security/cve/CVE-2017-14106.html
   https://bugzilla.suse.com/1012829
   https://bugzilla.suse.com/1021424
   https://bugzilla.suse.com/1022743
   https://bugzilla.suse.com/1024405
   https://bugzilla.suse.com/1031717
   https://bugzilla.suse.com/1035479
   https://bugzilla.suse.com/1036060
   https://bugzilla.suse.com/1038583
   https://bugzilla.suse.com/1046529
   https://bugzilla.suse.com/1048893
   https://bugzilla.suse.com/1048912
   https://bugzilla.suse.com/1049361
   https://bugzilla.suse.com/1049580
   https://bugzilla.suse.com/1054654
   https://bugzilla.suse.com/1056261
   https://bugzilla.suse.com/1056849
   https://bugzilla.suse.com/1056982
   https://bugzilla.suse.com/1057015
   https://bugzilla.suse.com/1057031
   https://bugzilla.suse.com/1057035
   https://bugzilla.suse.com/1057038
   https://bugzilla.suse.com/1057047
   https://bugzilla.suse.com/1057067
   https://bugzilla.suse.com/1057389
   https://bugzilla.suse.com/1057849
   https://bugzilla.suse.com/1058116
   https://bugzilla.suse.com/971975
   https://bugzilla.suse.com/981309

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[security-announce] openSUSE-SU-2017:2494-1: important: Security update for the Linux Kernel

opensuse-security＠opensuse.org