openSUSE Recommended Update: Recommended update for drbd, drbd-utils ______________________________________________________________________________ Announcement ID: openSUSE-RU-2018:0847-1 Rating: moderate References: #1037109 #1058770 #1061145 #1061147 #1064402 #1068032 #1077176 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for drbd and drbd-utils provides the following fixes: Changes in drbd-utils: - Make sure the full bitmap gets properly propagated in drbdmeta. Also make sure the ID is kept when downgrading from v9 to v8. (bsc#1037109) - Support passing "--force" to drbdadm dump-md. (bsc#1077176) - Fix a possible kernel trace while starting the initial syncing of a stacked drbd. (bsc#1058770) - Backport some fixes of peer_device objects. - Do not hardcode loglevel local5 and make it possible to change that using --logfacility. (bsc#1064402) - Update documentation and examples regarding fencing: it is now moved from the disk to the net section. (bsc#1061145) - Skip running drbdadm sh-b-pri in drbd9. (bsc#1061147) - The included kernel modules in the KMP packages were rebuilt using "retpoline" support to mitigate Spectre v2 (bsc#1068032 CVE-2017-5715) Changes in drbd: - Make sure the full bitmap gets properly propagated in drbdmeta. (bsc#1037109) This update was imported from the SUSE:SLE-12-SP3:Update update project. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-324=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): drbd-utils-9.0.0-6.1 drbd-utils-debuginfo-9.0.0-6.1 drbd-utils-debugsource-9.0.0-6.1 - openSUSE Leap 42.3 (x86_64): drbd-9.0.8+git.c8bc3670-2.5.1 drbd-debugsource-9.0.8+git.c8bc3670-2.5.1 drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.120_45-2.5.1 drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.120_45-2.5.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1037109 https://bugzilla.suse.com/1058770 https://bugzilla.suse.com/1061145 https://bugzilla.suse.com/1061147 https://bugzilla.suse.com/1064402 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1077176