[security-announce] openSUSE-SU-2019:1570-1: important: Security update for the Linux Kernel
openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1570-1 Rating: important References: #1005778 #1005780 #1005781 #1012382 #1019695 #1019696 #1022604 #1053043 #1063638 #1065600 #1066223 #1085535 #1085539 #1090888 #1099658 #1100132 #1106110 #1106284 #1106929 #1108838 #1109137 #1112178 #1117562 #1119086 #1120642 #1120843 #1120902 #1125580 #1126356 #1127155 #1128052 #1129770 #1131107 #1131543 #1131565 #1132374 #1132472 #1133190 #1133874 #1134338 #1134806 #1134813 #1135120 #1135281 #1135603 #1135642 #1135661 #1135878 #1136424 #1136438 #1136448 #1136449 #1136451 #1136452 #1136455 #1136458 #1136539 #1136573 #1136575 #1136586 #1136590 #1136598 #1136623 #1136810 #1136922 #1136935 #1136990 #1136993 #1137142 #1137162 #1137586 #1137739 #1137752 #1137915 #1138291 #1138293 #1138374 Cross-References: CVE-2018-7191 CVE-2019-11190 CVE-2019-11191 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11487 CVE-2019-11833 CVE-2019-12380 CVE-2019-12382 CVE-2019-12456 CVE-2019-12818 CVE-2019-12819 CVE-2019-3846 CVE-2019-5489 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 62 fixes is now available. Description: Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability (bnc#1136922). - CVE-2019-12380: phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures (bnc#1136598). - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bnc#1133190). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424). - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c. There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1136586). - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843). - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (bnc#1135281). - CVE-2018-7191: In the tun subsystem dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343 (bnc#1135603). - CVE-2019-11190, CVE-2019-11191: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat (bnc#1131543 bnc#1132374 bnc#1132472). The following non-security bugs were fixed: - ALSA: line6: use dynamic buffers (bnc#1012382). - ARM: dts: pfla02: increase phy reset duration (bnc#1012382). - ARM: iop: do not use using 64-bit DMA masks (bnc#1012382). - ARM: orion: do not use using 64-bit DMA masks (bnc#1012382). - ASoC: cs4270: Set auto-increment bit for register writes (bnc#1012382). - ASoC: Intel: avoid Oops if DMA setup fails (bnc#1012382). - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382). - ASoC: tlv320aic32x4: Fix Common Pins (bnc#1012382). - ath6kl: Only use match sets when firmware supports it (bsc#1120902). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1106929) - bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382). - block: fix use-after-free on gendisk (bsc#1136448). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bnc#1012382). - bnxt_en: Improve multicast address setup logic (bnc#1012382). - bonding: fix arp_validate toggling in active-backup mode (bnc#1012382). - bonding: show full hw address in sysfs for slave entries (bnc#1012382). - bpf: reject wrong sized filters earlier (bnc#1012382). - bridge: Fix error path for kobject_init_and_add() (bnc#1012382). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1134338). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - cdc-acm: cleaning up debug in data submission path (bsc#1136539). - cdc-acm: fix race between reset and control messaging (bsc#1106110). - cdc-acm: handle read pipe errors (bsc#1135878). - cdc-acm: reassemble fragmented notifications (bsc#1136590). - cdc-acm: store in and out pipes in acm structure (bsc#1136575). - cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: fix mux clock documentation (bsc#1090888). - cpu/hotplug: Provide cpus_read|write_[un]lock() (bsc#1138374, LTC#178199). - cpu/hotplug: Provide lockdep_assert_cpus_held() (bsc#1138374, LTC#178199). - cpupower: remove stringop-truncation waring (bsc#1119086). - cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - crypto: vmx - CTR: always increment IV as quadword (bsc#1135661, bsc#1137162). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661, bsc#1137162). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - debugfs: fix use-after-free on symlink traversal (bnc#1012382). - Documentation: Add MDS vulnerability documentation (bnc#1012382). - Documentation: Add nospectre_v1 parameter (bnc#1012382). - Documentation: Correct the possible MDS sysfs values (bnc#1012382). - Documentation: Move L1TF to separate directory (bnc#1012382). - Do not jump to compute_result state from check_result state (bnc#1012382). - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl (bnc#1012382). - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl (bnc#1012382). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929) - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to (bsc#1106929) - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1106929) - Drop multiversion(kernel) from the KMP template (bsc#1127155). - dt-bindings: rcar-dmac: Document missing error interrupt (bsc#1085535). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1136458). - ext4: actually request zeroing of inode table after grow (bsc#1136451). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1136452). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1136623). - ext4: Return EAGAIN in case of DIO is beyond end of file (bsc#1136810). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bnc#1012382). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genirq: Prevent use-after-free and work list corruption (bnc#1012382). - gpu: ipu-v3: dp: fix CSC handling (bnc#1012382). - HID: debug: fix race condition with between rdesc_show() and device removal (bnc#1012382). - HID: input: add mapping for Expose/Overview key (bnc#1012382). - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bnc#1012382). - hugetlbfs: fix memory leak for resv_map (bnc#1012382). - IB/hfi1: Eliminate opcode tests on mr deref (). - IB/hfi1: Unreserve a reserved request when it is completed (). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace (). - IB/rdmavt: Fix frwr memory registration (). - igb: Fix WARN_ONCE on runtime suspend (bnc#1012382). - iio: adc: xilinx: fix potential use-after-free on remove (bnc#1012382). - init: initialize jump labels before command line option parsing (bnc#1012382). - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bnc#1012382). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1135120). - ipv4: Fix raw socket lookup for local traffic (bnc#1012382). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (bnc#1012382). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (bnc#1012382). - ipv6: fix a potential deadlock in do_ipv6_setsockopt() (bnc#1012382). - ipv6/flowlabel: wait rcu grace period before put_pid() (bnc#1012382). - ipv6: invert flowlabel sharing check in process and user mode (bnc#1012382). - ipvs: do not schedule icmp errors from tunnels (bnc#1012382). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - jffs2: fix use-after-free on symlink traversal (bnc#1012382). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kbuild: simplify ld-option implementation (bnc#1012382). - kconfig: display recursive dependency resolution hint just once (bsc#1100132). - kconfig/[mn]conf: handle backspace (^H) key (bnc#1012382). - keys: Timestamp new keys (bsc#1120902). - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number (bnc#1012382). - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (bnc#1012382). - libata: fix using DMA buffers on stack (bnc#1012382). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm/btt: Fix a kmemdup failure check (bnc#1012382). - mac80211_hwsim: validate number of different channels (bsc#1085539). - media: pvrusb2: Prevent a buffer overflow (bsc#1135642). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bnc#1012382). - MIPS: scall64-o32: Fix indirect syscall number load (bnc#1012382). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1117562). - net: ethernet: ti: fix possible object reference leak (bnc#1012382). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (bnc#1012382). - netfilter: compat: initialize all fields in xt_init (bnc#1012382). - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON (bnc#1012382). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bnc#1012382). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bnc#1012382). - net: ibm: fix possible object reference leak (bnc#1012382). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net: ks8851: Delay requesting IRQ until opened (bnc#1012382). - net: ks8851: Dequeue RX packets explicitly (bnc#1012382). - net: ks8851: Reassert reset pin if chip ID check fails (bnc#1012382). - net: ks8851: Set initial carrier state to down (bnc#1012382). - net: Remove NO_IRQ from powerpc-only network drivers (bsc#1137739). - net: stmmac: move stmmac_check_ether_addr() to driver probe (bnc#1012382). - net: ucc_geth - fix Oops when changing number of buffers in the ring (bnc#1012382). - net: xilinx: fix possible object reference leak (bnc#1012382). - nfsd: Do not release the callback slot unless it was actually held (bnc#1012382). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (bnc#1012382). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: Do not allow to reset a reconnecting controller (bsc#1133874). - packet: Fix error path in packet_init (bnc#1012382). - packet: validate msg_namelen in send directly (bnc#1012382). - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142). - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1135642). - perf/x86/intel: Allow PEBS multi-entry in watermark mode (git-fixes). - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS (bnc#1012382). - platform/x86: sony-laptop: Fix unintentional fall-through (bnc#1012382). - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (bnc#1012382). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bnc#1012382 bsc#1131107). - powerpc/64: Make meltdown reporting Book3S 64 specific (bnc#1012382). - powerpc/64s: Include cpu header (bnc#1012382). - powerpc/booke64: set RI in default MSR (bnc#1012382). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/eeh: Fix race with driver un/bind (bsc#1066223). - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E (bnc#1012382). - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (bnc#1012382). - powerpc/fsl: Add infrastructure to fixup branch predictor flush (bnc#1012382). - powerpc/fsl: Add macro to flush the branch predictor (bnc#1012382). - powerpc/fsl: Add nospectre_v2 command line argument (bnc#1012382). - powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382). - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used (bnc#1012382). - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' (bnc#1012382). - powerpc/fsl: Fix the flush of branch predictor (bnc#1012382). - powerpc/fsl: Flush branch predictor when entering KVM (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) (bnc#1012382). - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms (bnc#1012382). - powerpc/fsl: Update Spectre v2 reporting (bnc#1012382). - powerpc/lib: fix book3s/32 boot failure due to code patching (bnc#1012382). - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc#1053043). - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc#1053043). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/perf: Infrastructure to support addition of blacklisted events (bsc#1053043). - powerpc/process: Fix sparse address space warnings (bsc#1066223). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/xmon: Add RFI flush related fields to paca dump (bnc#1012382). - qede: fix write to free'd pointer error and double free of ptp (bsc#1019695 bsc#1019696). - qlcnic: Avoid potential NULL pointer dereference (bnc#1012382). - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780 bsc#1005781). - RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1022604). - Revert "block/loop: Use global lock for ioctl() operation." (bnc#1012382). - Revert "cpu/speculation: Add 'mitigations=' cmdline option" (stable backports). - Revert "Do not jump to compute_result state from check_result state" (git-fixes). - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - Revert "sched: Add sched_smt_active()" (stable backports). - Revert "x86/MCE: Save microcode revision in machine check records" (kabi). - Revert "x86/speculation/mds: Add 'mitigations=' support for MDS" (stable backports). - Revert "x86/speculation: Support 'mitigations=' cmdline option" (stable backports). - rtc: da9063: set uie_unsupported when relevant (bnc#1012382). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bnc#1012382). - rtlwifi: fix false rates in _rtl8821ae_mrate_idx_to_arfr_id() (bsc#1120902). - s390/3270: fix lockdep false positive on view->lock (bnc#1012382). - s390: ctcm: fix ctcm_new_device error return code (bnc#1012382). - s390/dasd: Fix capacity calculation for large volumes (bnc#1012382). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bnc#1012382). - sc16is7xx: move label 'err_spi' to correct section (git-fixes). - sched: Add sched_smt_active() (bnc#1012382). - sched/numa: Fix a possible divide-by-zero (bnc#1012382). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (bnc#1012382). - scsi: libsas: fix a race condition when smp task timeout (bnc#1012382). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bnc#1012382). - scsi: qla4xxx: fix a potential NULL pointer dereference (bnc#1012382). - scsi: storvsc: Fix calculation of sub-channel count (bnc#1012382). - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (bnc#1012382). - selftests/net: correct the return value for run_netsocktests (bnc#1012382). - selinux: never allow relabeling on context mounts (bnc#1012382). - signals: avoid random wakeups in sigsuspend() (bsc#1137915) - slip: make slhc_free() silently accept an error pointer (bnc#1012382). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bnc#1012382). - staging: iio: adt7316: fix the dac read calculation (bnc#1012382). - staging: iio: adt7316: fix the dac write calculation (bnc#1012382). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - team: fix possible recursive locking when add slaves (bnc#1012382). - timer/debug: Change /proc/timer_stats from 0644 to 0600 (bnc#1012382). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: check link name with right length in tipc_nl_compat_link_set (bnc#1012382). - tipc: handle the err returned from cmd header function (bnc#1012382). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - trace: Fix preempt_enable_no_resched() abuse (bnc#1012382). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - UAS: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1136455). - Update config files: disable IDE on ppc64le - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: cdc-acm: fix unthrottle races (bsc#1135642). - usb: core: Fix bug caused by duplicate interface PM usage counter (bnc#1012382). - usb: core: Fix unterminated string returned by usb_string() (bnc#1012382). - usb: dwc3: Fix default lpm_nyet_threshold value (bnc#1012382). - usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012382). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (bnc#1012382). - usbnet: ipheth: prevent TX queue timeouts when device not ready (bnc#1012382). - usb: serial: fix unthrottle races (bnc#1012382). - usb: serial: use variable for status (bnc#1012382). - usb: u132-hcd: fix resource leak (bnc#1012382). - usb: usbip: fix isoc packet num validation in get_pipe (bnc#1012382). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bnc#1012382). - usb: yurex: Fix protection fault after device removal (bnc#1012382). - vfio/pci: use correct format characters (bnc#1012382). - vlan: disable SIOCSHWTSTAMP in container (bnc#1012382). - vrf: sit mtu should not be updated when vrf netdev is the link (bnc#1012382). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382). - x86/bugs: Change L1TF mitigation string to match upstream (bnc#1012382). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bnc#1012382). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bnc#1012382). - x86/cpu/bugs: Use __initconst for 'const' init data (bnc#1012382). - x86/cpufeatures: Hide AMD-specific speculation flags (bnc#1012382). - x86/Kconfig: Select SCHED_SMT if SMP enabled (bnc#1012382). - x86/MCE: Save microcode revision in machine check records (bnc#1012382). - x86/mds: Add MDSUM variant to the MDS documentation (bnc#1012382). - x86/microcode/intel: Add a helper which gives the microcode revision (bnc#1012382). - x86/microcode/intel: Check microcode revision before updating sibling threads (bnc#1012382). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bnc#1012382). - x86/microcode: Update the new microcode revision unconditionally (bnc#1012382). - x86/mm: Use WRITE_ONCE() when setting PTEs (bnc#1012382). - x86/process: Consolidate and simplify switch_to_xtra() code (bnc#1012382). - x86/speculataion: Mark command line parser data __initdata (bnc#1012382). - x86/speculation: Add command line control for indirect branch speculation (bnc#1012382). - x86/speculation: Add prctl() control for indirect branch speculation (bnc#1012382). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bnc#1012382). - x86/speculation: Avoid __switch_to_xtra() calls (bnc#1012382). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bnc#1012382). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bnc#1012382). - x86/speculation: Enable prctl mode for spectre_v2_user (bnc#1012382). - x86/speculation/l1tf: Document l1tf in sysfs (bnc#1012382). - x86/speculation: Mark string arrays const correctly (bnc#1012382). - x86/speculation/mds: Fix comment (bnc#1012382). - x86/speculation/mds: Fix documentation typo (bnc#1012382). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bnc#1012382). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bnc#1012382). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bnc#1012382). - x86/speculation: Prepare for per task indirect branch speculation control (bnc#1012382). - x86/speculation: Prevent stale SPEC_CTRL msr content (bnc#1012382). - x86/speculation: Provide IBPB always command line options (bnc#1012382). - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation (bnc#1012382). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bnc#1012382). - x86/speculation: Rename SSBD update functions (bnc#1012382). - x86/speculation: Reorder the spec_v2 code (bnc#1012382). - x86/speculation: Reorganize speculation control MSRs update (bnc#1012382). - x86/speculation: Split out TIF update (bnc#1012382). - x86/speculation: Support Enhanced IBRS on future CPUs (bnc#1012382). - x86/speculation: Support 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - x86/speculation: Unify conditional spectre v2 print functions (bnc#1012382). - x86/speculation: Update the TIF_SSBD comment (bnc#1012382). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xsysace: Fix error handling in ace_setup (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-1570=1 Package List: - openSUSE Leap 42.3 (noarch): kernel-devel-4.4.180-102.1 kernel-docs-4.4.180-102.1 kernel-docs-html-4.4.180-102.1 kernel-docs-pdf-4.4.180-102.1 kernel-macros-4.4.180-102.1 kernel-source-4.4.180-102.1 kernel-source-vanilla-4.4.180-102.1 - openSUSE Leap 42.3 (x86_64): kernel-debug-4.4.180-102.1 kernel-debug-base-4.4.180-102.1 kernel-debug-base-debuginfo-4.4.180-102.1 kernel-debug-debuginfo-4.4.180-102.1 kernel-debug-debugsource-4.4.180-102.1 kernel-debug-devel-4.4.180-102.1 kernel-debug-devel-debuginfo-4.4.180-102.1 kernel-default-4.4.180-102.1 kernel-default-base-4.4.180-102.1 kernel-default-base-debuginfo-4.4.180-102.1 kernel-default-debuginfo-4.4.180-102.1 kernel-default-debugsource-4.4.180-102.1 kernel-default-devel-4.4.180-102.1 kernel-obs-build-4.4.180-102.1 kernel-obs-build-debugsource-4.4.180-102.1 kernel-obs-qa-4.4.180-102.1 kernel-syms-4.4.180-102.1 kernel-vanilla-4.4.180-102.1 kernel-vanilla-base-4.4.180-102.1 kernel-vanilla-base-debuginfo-4.4.180-102.1 kernel-vanilla-debuginfo-4.4.180-102.1 kernel-vanilla-debugsource-4.4.180-102.1 kernel-vanilla-devel-4.4.180-102.1 References: https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-11190.html https://www.suse.com/security/cve/CVE-2019-11191.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1005780 https://bugzilla.suse.com/1005781 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019696 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1117562 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120642 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1125580 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131543 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1132374 https://bugzilla.suse.com/1132472 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133874 https://bugzilla.suse.com/1134338 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135878 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136448 https://bugzilla.suse.com/1136449 https://bugzilla.suse.com/1136451 https://bugzilla.suse.com/1136452 https://bugzilla.suse.com/1136455 https://bugzilla.suse.com/1136458 https://bugzilla.suse.com/1136539 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136575 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136590 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136623 https://bugzilla.suse.com/1136810 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1136993 https://bugzilla.suse.com/1137142 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 https://bugzilla.suse.com/1137915 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
participants (1)
-
opensuse-security@opensuse.org