
   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:13979-1
Rating:             important
References:         #1012382 #1031572 #1068032 #1086695 #1087081 
                    #1094244 #1098658 #1104098 #1104367 #1104684 
                    #1104818 #1105536 #1106105 #1106886 #1107371 
                    #1109330 #1109806 #1110006 #1112963 #1113667 
                    #1114440 #1114672 #1114920 #1115007 #1115038 
                    #1115827 #1115828 #1115829 #1115830 #1115831 
                    #1115832 #1115833 #1115834 #1115835 #1115836 
                    #1115837 #1115838 #1115839 #1115840 #1115841 
                    #1115842 #1115843 #1115844 #1116841 #1117796 
                    #1117802 #1117805 #1117806 #1117943 #1118152 
                    #1118319 #1118760 #1119255 #1119714 #1120056 
                    #1120077 #1120086 #1120093 #1120094 #1120105 
                    #1120107 #1120109 #1120217 #1120223 #1120226 
                    #1120336 #1120347 #1120743 #1120950 #1121872 
                    #1121997 #1122874 #1123505 #1123702 #1123706 
                    #1124010 #1124735 #1125931 #931850 #969471 
                    #969473 
Cross-References:   CVE-2016-10741 CVE-2017-18360 CVE-2018-19407
                    CVE-2018-19824 CVE-2018-19985 CVE-2018-20169
                    CVE-2018-9568 CVE-2019-7222
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Real Time Extension 11-SP4
                    SUSE Linux Enterprise High Availability Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 73 fixes is
   now available.

Description:



   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial
     of service (system crash) because there is a race condition between
     direct and memory-mapped I/O (associated with a hole) that is handled
     with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010).
   - CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c
     local users could cause a denial of service by division-by-zero in the
     serial device layer by trying to set very high baud rates (bnc#1123706).
   - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
     corruption due to type confusion. This could lead to local escalation of
     privilege with no additional execution privileges needed. User
     interaction is not needed for exploitation. (bnc#1118319).
   - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
     allowed local users to cause a denial of service (NULL pointer
     dereference and BUG) via crafted system calls that reach a situation
     where ioapic is uninitialized (bnc#1116841).
   - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
     driver by supplying a malicious USB Sound device (with zero interfaces)
     that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
   - CVE-2018-19985: The function hso_probe read if_num from the USB device
     (as an u8) and used it without a length check to index an array,
     resulting in an OOB memory read in hso_probe or hso_get_config_data that
     could be used by local attackers (bnc#1120743).
   - CVE-2018-20169: The USB subsystem mishandled size checks during the
     reading of an extra descriptor, related to __usb_get_extra_descriptor in
     drivers/usb/core/usb.c (bnc#1119714).
   - CVE-2019-7222: A information leak in exception handling in KVM could be
     used to expose host memory to guests. (bnc#1124735).

   The following non-security bugs were fixed:

   - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827).
   - arcmsr: upper 32 of dma address lost (bsc#1115828).
   - block/swim3: Fix -EBUSY error when re-opening device after unmount
     (bsc#1121997).
   - block/swim: Fix array bounds check (Git-fix).
   - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency
     for bsc#1113667).
   - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).
   - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets
     (bsc#1119255).
   - dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111).
   - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
     (bsc#1104098).
   - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
   - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
     (bsc#1106886)
   - ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
   - ext4: avoid buffer leak in ext4_orphan_add() after prior errors     (bsc#1117802).
   - ext4: avoid possible double brelse() in add_new_gdb() on error path
     (bsc#1118760).
   - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
     (bsc#1117806).
   - ext4: release bs.bh before re-using in ext4_xattr_block_find()
     (bsc#1117805).
   - fbdev: fbcon: Fix unregister crash when more than one framebuffer
     (bsc#1106886)
   - fbdev: fbmem: behave better with small rotated displays and many CPUs
     (bsc#1106886)
   - Fix kabi break cased by NFS: Cache state owners after files are closed
     (bsc#1031572).
   - fork: record start_time late (bsc#1121872).
   - fscache: Fix dead object requeue (bsc#1107371).
   - fscache: Fix race in fscache_op_complete() due to split atomic_sub &
     read (git-fixes).
   - fs-cache: Move fscache_report_unexpected_submission() to make it more
     available (bsc#1107371).
   - fs-cache: When submitting an op, cancel it if the target object is dying
     (bsc#1107371).
   - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes).
   - fuse: fix blocked_waitq wakeup (git-fixes).
   - fuse: fix leaked notify reply (git-fixes).
   - fuse: Fix oops at process_init_reply() (git-fixes).
   - fuse: fix possibly missed wake-up after abort (git-fixes).
   - fuse: umount should wait for all requests (git-fixes).
   - igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702).
   - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382)
     (bsc#1123702).
   - iommu/amd: Fix IOMMU page flush when detach device from a domain
     (bsc#1106105).
   - kvm: x86: Fix the duplicated failure path handling in vmx_init
     (bsc#1104367).
   - lib: add "on"/"off" support to strtobool (bsc#1125931).
   - megaraid_sas: Fix probing cards without io port (bsc#1115829).
   - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440,
     LTC#172679).
   - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440,
     LTC#172679).
   - nfs: Cache state owners after files are closed (bsc#1031572).
   - nfs: Do not drop CB requests with invalid principals (git-fixes).
   - nfsv4.1: Fix a kfree() of uninitialised pointers in
     decode_cb_sequence_args (git-fixes).
   - nfsv4: Do not exit the state manager without clearing
     NFS4CLNT_MANAGER_RUNNING (git-fixes).
   - nfsv4: Keep dropped state owners on the LRU list for a while
     (bsc#1031572).
   - nlm: Ensure callback code also checks that the files match (git-fixes).
   - ocfs2: fix three small problems in the patch (bsc#1086695)
   - omap2fb: Fix stack memory disclosure (bsc#1106886)
   - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806).
   - powerpc/fadump: handle crash memory ranges array index overflow
     (git-fixes).
   - powerpc/fadump: Return error when fadump registration fails (git-fixes).
   - powerpc/fadump: Unregister fadump on kexec down path (git-fixes).
   - powerpc/traps: restore recoverability of machine_check interrupts
     (bsc#1094244).
   - Revert "NFS: Make close(2) asynchronous when closing NFS O_DIRECT files"
     (git-fixes).
   - ring-buffer: Always reset iterator to reader page (bsc#1120107).
   - ring-buffer: Fix first commit on sub-buffer having non-zero delta
     (bsc#1120077).
   - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107).
   - ring-buffer: Have ring_buffer_iter_empty() return true when empty
     (bsc#1120107).
   - ring-buffer: Mask out the info bits when returning buffer page length
     (bsc#1120094).
   - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105).
   - rpm/modprobe-xen.conf: Add --ignore-install.
   - s390: always save and restore all registers on context switch
     (git-fixes).
   - s390/dasd: fix using offset into zero size array error (git-fixes).
   - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes).
   - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes).
   - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525).
   - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its
     function (bnc#1114440, LTC#172682).
   - s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657).
   - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440,
     LTC#172682).
   - s390/qeth: invoke softirqs after napi_schedule() (git-fixes).
   - s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960).
   - s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960).
   - sched, isolcpu: make cpu_isolated_map visible outside scheduler
     (bsc#1119255).
   - scsi: aacraid: Fix typo in blink status (bsc#1115830).
   - scsi: aacraid: Reorder Adapter status check (bsc#1115830).
   - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831).
   - scsi: bfa: integer overflow in debugfs (bsc#1115832).
   - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833).
   - scsi: fas216: fix sense buffer initialization (bsc#1115834).
   - scsi: libfc: Revert " libfc: use offload EM instance again instead
     jumping to next EM" (bsc#1115835).
   - scsi: libsas: fix ata xfer length (bsc#1115836).
   - scsi: libsas: fix error when getting phy events (bsc#1115837).
   - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function
     (bsc#1115838).
   - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
     devices (bsc#1115839).
   - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
     (bsc#1115839).
   - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840).
   - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841).
   - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()'
     (bsc#1115842).
   - scsi: scsi_dh_emc: return success in clariion_std_inquiry()
     (bsc#1115843).
   - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
     (git-fixes).
   - scsi: zfcp: fix posting too many status read buffers leading to adapter
     shutdown (bsc#1123505, LTC#174581).
   - sg: fix dxferp in from_to case (bsc#1115844).
   - sunrpc: Fix a potential race in xprt_connect() (git-fixes).
   - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
     (git-fixes).
   - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes).
   - tracepoints: Do not trace when cpu is offline (bsc#1120109).
   - tracing: Add #undef to fix compile error (bsc#1120226).
   - tracing: Allow events to have NULL strings (bsc#1120056).
   - tracing: Do not add event files for modules that fail tracepoints
     (bsc#1120086).
   - tracing: Fix check for cpu online when event is disabled (bsc#1120109).
   - tracing: Fix regex_match_front() to not over compare the test string
     (bsc#1120223).
   - tracing/kprobes: Allow to create probe with a module name starting with
     a digit (bsc#1120336).
   - tracing: Move mutex to protect against resetting of seq data
     (bsc#1120217).
   - tracing: probeevent: Fix to support minus offset from symbol
     (bsc#1120347).
   - usb: keyspan: fix overrun-error reporting (bsc#1114672).
   - usb: keyspan: fix tty line-status reporting (bsc#1114672).
   - usb: option: fix Cinterion AHxx enumeration (bsc#1114672).
   - usb: serial: ark3116: fix open error handling (bsc#1114672).
   - usb: serial: ch341: fix control-message error handling (bsc#1114672).
   - usb: serial: ch341: fix initial modem-control state (bsc#1114672).
   - usb: serial: ch341: fix modem-status handling (bsc#1114672).
   - usb: serial: ch341: fix open and resume after B0 (bsc#1114672).
   - usb: serial: ch341: fix resume after reset (bsc#1114672).
   - usb: serial: ch341: fix type promotion bug in ch341_control_in()
     (bsc#1114672).
   - usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672).
   - usb: serial: fix tty-device error handling at probe (bsc#1114672).
   - usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672).
   - usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672).
   - usb: serial: io_ti: fix NULL-deref at open (bsc#1114672).
   - usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672).
   - usb: serial: kl5kusb105: abort on open exception path (bsc#1114672).
   - usb: serial: kl5kusb105: fix open error path (bsc#1114672).
   - usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672).
   - usb: serial: mct_u232: fix modem-status error handling (bsc#1114672).
   - usb: serial: omninet: fix NULL-derefs at open and disconnect.
   - usb: serial: pl2303: fix NULL-deref at open (bsc#1114672).
   - usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672).
   - vmcore: Remove "weak" from function declarations (git-fixes).
   - x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850).
   - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684).
   - xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
     (bnc#1105536).
   - xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup
     (bnc#1104684, bnc#1104818).
   - xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y
     (bsc#1106105).
   - xen/x86/mm: Set IBPB upon context switch (bsc#1068032).
   - xen/x86/process: Re-export start_thread() (bsc#1110006).
   - xen/x86/speculation/l1tf: Fix off-by-one error when warning that system
     has too much RAM (bnc#1105536).
   - xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
     (bnc#1087081).
   - xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
     (bnc#1105536).
   - xen/x86/traps: add missing kernel CR3 switch in bad_iret path
     (bsc#1098658).
   - xfrm: use complete IPv6 addresses for hash (bsc#1109330).
   - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920).
   - xfs: fix the logspace waiting algorithm (bsc#1122874).
   - xfs: stop searching for free slots in an inode chunk when there are none
     (bsc#1115007).
   - xfs: validate sb_logsunit is a multiple of the fs blocksize
     (bsc#1115038).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-kernel-20190225-13979=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kernel-20190225-13979=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-20190225-13979=1

   - SUSE Linux Enterprise Real Time Extension 11-SP4:

      zypper in -t patch slertesp4-kernel-20190225-13979=1

   - SUSE Linux Enterprise High Availability Extension 11-SP4:

      zypper in -t patch slehasp4-kernel-20190225-13979=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-20190225-13979=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      kernel-docs-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.87.1
      kernel-default-base-3.0.101-108.87.1
      kernel-default-devel-3.0.101-108.87.1
      kernel-source-3.0.101-108.87.1
      kernel-syms-3.0.101-108.87.1
      kernel-trace-3.0.101-108.87.1
      kernel-trace-base-3.0.101-108.87.1
      kernel-trace-devel-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      kernel-ec2-3.0.101-108.87.1
      kernel-ec2-base-3.0.101-108.87.1
      kernel-ec2-devel-3.0.101-108.87.1
      kernel-xen-3.0.101-108.87.1
      kernel-xen-base-3.0.101-108.87.1
      kernel-xen-devel-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      kernel-bigmem-3.0.101-108.87.1
      kernel-bigmem-base-3.0.101-108.87.1
      kernel-bigmem-devel-3.0.101-108.87.1
      kernel-ppc64-3.0.101-108.87.1
      kernel-ppc64-base-3.0.101-108.87.1
      kernel-ppc64-devel-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-SP4 (s390x):

      kernel-default-man-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      kernel-pae-3.0.101-108.87.1
      kernel-pae-base-3.0.101-108.87.1
      kernel-pae-devel-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.87.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.87.1

   - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

      ocfs2-kmp-rt-1.6_3.0.101_rt130_69.42-0.28.7.1
      ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_69.42-0.28.7.1

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      ocfs2-kmp-default-1.6_3.0.101_108.87-0.28.7.1
      ocfs2-kmp-trace-1.6_3.0.101_108.87-0.28.7.1

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):

      ocfs2-kmp-xen-1.6_3.0.101_108.87-0.28.7.1

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):

      ocfs2-kmp-bigmem-1.6_3.0.101_108.87-0.28.7.1
      ocfs2-kmp-ppc64-1.6_3.0.101_108.87-0.28.7.1

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):

      ocfs2-kmp-pae-1.6_3.0.101_108.87-0.28.7.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-debuginfo-3.0.101-108.87.1
      kernel-default-debugsource-3.0.101-108.87.1
      kernel-trace-debuginfo-3.0.101-108.87.1
      kernel-trace-debugsource-3.0.101-108.87.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.87.1
      kernel-trace-devel-debuginfo-3.0.101-108.87.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.87.1
      kernel-ec2-debugsource-3.0.101-108.87.1
      kernel-xen-debuginfo-3.0.101-108.87.1
      kernel-xen-debugsource-3.0.101-108.87.1
      kernel-xen-devel-debuginfo-3.0.101-108.87.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.87.1
      kernel-bigmem-debugsource-3.0.101-108.87.1
      kernel-ppc64-debuginfo-3.0.101-108.87.1
      kernel-ppc64-debugsource-3.0.101-108.87.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.87.1
      kernel-pae-debugsource-3.0.101-108.87.1
      kernel-pae-devel-debuginfo-3.0.101-108.87.1


References:

   https://www.suse.com/security/cve/CVE-2016-10741.html
   https://www.suse.com/security/cve/CVE-2017-18360.html
   https://www.suse.com/security/cve/CVE-2018-19407.html
   https://www.suse.com/security/cve/CVE-2018-19824.html
   https://www.suse.com/security/cve/CVE-2018-19985.html
   https://www.suse.com/security/cve/CVE-2018-20169.html
   https://www.suse.com/security/cve/CVE-2018-9568.html
   https://www.suse.com/security/cve/CVE-2019-7222.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1031572
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1086695
   https://bugzilla.suse.com/1087081
   https://bugzilla.suse.com/1094244
   https://bugzilla.suse.com/1098658
   https://bugzilla.suse.com/1104098
   https://bugzilla.suse.com/1104367
   https://bugzilla.suse.com/1104684
   https://bugzilla.suse.com/1104818
   https://bugzilla.suse.com/1105536
   https://bugzilla.suse.com/1106105
   https://bugzilla.suse.com/1106886
   https://bugzilla.suse.com/1107371
   https://bugzilla.suse.com/1109330
   https://bugzilla.suse.com/1109806
   https://bugzilla.suse.com/1110006
   https://bugzilla.suse.com/1112963
   https://bugzilla.suse.com/1113667
   https://bugzilla.suse.com/1114440
   https://bugzilla.suse.com/1114672
   https://bugzilla.suse.com/1114920
   https://bugzilla.suse.com/1115007
   https://bugzilla.suse.com/1115038
   https://bugzilla.suse.com/1115827
   https://bugzilla.suse.com/1115828
   https://bugzilla.suse.com/1115829
   https://bugzilla.suse.com/1115830
   https://bugzilla.suse.com/1115831
   https://bugzilla.suse.com/1115832
   https://bugzilla.suse.com/1115833
   https://bugzilla.suse.com/1115834
   https://bugzilla.suse.com/1115835
   https://bugzilla.suse.com/1115836
   https://bugzilla.suse.com/1115837
   https://bugzilla.suse.com/1115838
   https://bugzilla.suse.com/1115839
   https://bugzilla.suse.com/1115840
   https://bugzilla.suse.com/1115841
   https://bugzilla.suse.com/1115842
   https://bugzilla.suse.com/1115843
   https://bugzilla.suse.com/1115844
   https://bugzilla.suse.com/1116841
   https://bugzilla.suse.com/1117796
   https://bugzilla.suse.com/1117802
   https://bugzilla.suse.com/1117805
   https://bugzilla.suse.com/1117806
   https://bugzilla.suse.com/1117943
   https://bugzilla.suse.com/1118152
   https://bugzilla.suse.com/1118319
   https://bugzilla.suse.com/1118760
   https://bugzilla.suse.com/1119255
   https://bugzilla.suse.com/1119714
   https://bugzilla.suse.com/1120056
   https://bugzilla.suse.com/1120077
   https://bugzilla.suse.com/1120086
   https://bugzilla.suse.com/1120093
   https://bugzilla.suse.com/1120094
   https://bugzilla.suse.com/1120105
   https://bugzilla.suse.com/1120107
   https://bugzilla.suse.com/1120109
   https://bugzilla.suse.com/1120217
   https://bugzilla.suse.com/1120223
   https://bugzilla.suse.com/1120226
   https://bugzilla.suse.com/1120336
   https://bugzilla.suse.com/1120347
   https://bugzilla.suse.com/1120743
   https://bugzilla.suse.com/1120950
   https://bugzilla.suse.com/1121872
   https://bugzilla.suse.com/1121997
   https://bugzilla.suse.com/1122874
   https://bugzilla.suse.com/1123505
   https://bugzilla.suse.com/1123702
   https://bugzilla.suse.com/1123706
   https://bugzilla.suse.com/1124010
   https://bugzilla.suse.com/1124735
   https://bugzilla.suse.com/1125931
   https://bugzilla.suse.com/931850
   https://bugzilla.suse.com/969471
   https://bugzilla.suse.com/969473

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2019:13979-1 important: the Linux Kernel

March 15, 2019

An update that solves 8 vulnerabilities and has 73 fixes is now available

Summary

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). - CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates (bnc#1123706). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). The following non-security bugs were fixed: - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827). - arcmsr: upper 32 of dma address lost (bsc#1115828). - block/swim3: Fix -EBUSY error when re-opening device after unmount (bsc#1121997). - block/swim: Fix array bounds check (Git-fix). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106886) - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106886) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106886) - Fix kabi break cased by NFS: Cache state owners after files are closed (bsc#1031572). - fork: record start_time late (bsc#1121872). - fscache: Fix dead object requeue (bsc#1107371). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (git-fixes). - fs-cache: Move fscache_report_unexpected_submission() to make it more available (bsc#1107371). - fs-cache: When submitting an op, cancel it if the target object is dying (bsc#1107371). - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: Fix oops at process_init_reply() (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: umount should wait for all requests (git-fixes). - igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382) (bsc#1123702). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - kvm: x86: Fix the duplicated failure path handling in vmx_init (bsc#1104367). - lib: add "on"/"off" support to strtobool (bsc#1125931). - megaraid_sas: Fix probing cards without io port (bsc#1115829). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440, LTC#172679). - nfs: Cache state owners after files are closed (bsc#1031572). - nfs: Do not drop CB requests with invalid principals (git-fixes). - nfsv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nfsv4: Keep dropped state owners on the LRU list for a while (bsc#1031572). - nlm: Ensure callback code also checks that the files match (git-fixes). - ocfs2: fix three small problems in the patch (bsc#1086695) - omap2fb: Fix stack memory disclosure (bsc#1106886) - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806). - powerpc/fadump: handle crash memory ranges array index overflow (git-fixes). - powerpc/fadump: Return error when fadump registration fails (git-fixes). - powerpc/fadump: Unregister fadump on kexec down path (git-fixes). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - Revert "NFS: Make close(2) asynchronous when closing NFS O_DIRECT files" (git-fixes). - ring-buffer: Always reset iterator to reader page (bsc#1120107). - ring-buffer: Fix first commit on sub-buffer having non-zero delta (bsc#1120077). - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107). - ring-buffer: Have ring_buffer_iter_empty() return true when empty (bsc#1120107). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105). - rpm/modprobe-xen.conf: Add --ignore-install. - s390: always save and restore all registers on context switch (git-fixes). - s390/dasd: fix using offset into zero size array error (git-fixes). - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes). - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes). - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114440, LTC#172682). - s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440, LTC#172682). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960). - s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: aacraid: Fix typo in blink status (bsc#1115830). - scsi: aacraid: Reorder Adapter status check (bsc#1115830). - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831). - scsi: bfa: integer overflow in debugfs (bsc#1115832). - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833). - scsi: fas216: fix sense buffer initialization (bsc#1115834). - scsi: libfc: Revert " libfc: use offload EM instance again instead jumping to next EM" (bsc#1115835). - scsi: libsas: fix ata xfer length (bsc#1115836). - scsi: libsas: fix error when getting phy events (bsc#1115837). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1115838). - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (bsc#1115839). - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1115839). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1115842). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bsc#1115843). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (git-fixes). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1123505, LTC#174581). - sg: fix dxferp in from_to case (bsc#1115844). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply (git-fixes). - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes). - tracepoints: Do not trace when cpu is offline (bsc#1120109). - tracing: Add #undef to fix compile error (bsc#1120226). - tracing: Allow events to have NULL strings (bsc#1120056). - tracing: Do not add event files for modules that fail tracepoints (bsc#1120086). - tracing: Fix check for cpu online when event is disabled (bsc#1120109). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing/kprobes: Allow to create probe with a module name starting with a digit (bsc#1120336). - tracing: Move mutex to protect against resetting of seq data (bsc#1120217). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1120347). - usb: keyspan: fix overrun-error reporting (bsc#1114672). - usb: keyspan: fix tty line-status reporting (bsc#1114672). - usb: option: fix Cinterion AHxx enumeration (bsc#1114672). - usb: serial: ark3116: fix open error handling (bsc#1114672). - usb: serial: ch341: fix control-message error handling (bsc#1114672). - usb: serial: ch341: fix initial modem-control state (bsc#1114672). - usb: serial: ch341: fix modem-status handling (bsc#1114672). - usb: serial: ch341: fix open and resume after B0 (bsc#1114672). - usb: serial: ch341: fix resume after reset (bsc#1114672). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1114672). - usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672). - usb: serial: fix tty-device error handling at probe (bsc#1114672). - usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672). - usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672). - usb: serial: io_ti: fix NULL-deref at open (bsc#1114672). - usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672). - usb: serial: kl5kusb105: abort on open exception path (bsc#1114672). - usb: serial: kl5kusb105: fix open error path (bsc#1114672). - usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672). - usb: serial: mct_u232: fix modem-status error handling (bsc#1114672). - usb: serial: omninet: fix NULL-derefs at open and disconnect. - usb: serial: pl2303: fix NULL-deref at open (bsc#1114672). - usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672). - vmcore: Remove "weak" from function declarations (git-fixes). - x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684). - xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - xen/x86/mm: Set IBPB upon context switch (bsc#1068032). - xen/x86/process: Re-export start_thread() (bsc#1110006). - xen/x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen/x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - xfs: fix the logspace waiting algorithm (bsc#1122874). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038).

References

#1012382 #1031572 #1068032 #1086695 #1087081

#1094244 #1098658 #1104098 #1104367 #1104684

#1104818 #1105536 #1106105 #1106886 #1107371

#1109330 #1109806 #1110006 #1112963 #1113667

#1114440 #1114672 #1114920 #1115007 #1115038

#1115827 #1115828 #1115829 #1115830 #1115831

#1115832 #1115833 #1115834 #1115835 #1115836

#1115837 #1115838 #1115839 #1115840 #1115841

#1115842 #1115843 #1115844 #1116841 #1117796

#1117802 #1117805 #1117806 #1117943 #1118152

#1118319 #1118760 #1119255 #1119714 #1120056

#1120077 #1120086 #1120093 #1120094 #1120105

#1120107 #1120109 #1120217 #1120223 #1120226

#1120336 #1120347 #1120743 #1120950 #1121872

#1121997 #1122874 #1123505 #1123702 #1123706

#1124010 #1124735 #1125931 #931850 #969471

#969473

Cross- CVE-2016-10741 CVE-2017-18360 CVE-2018-19407

CVE-2018-19824 CVE-2018-19985 CVE-2018-20169

CVE-2018-9568 CVE-2019-7222

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-EXTRA

SUSE Linux Enterprise Real Time Extension 11-SP4

SUSE Linux Enterprise High Availability Extension 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2016-10741.html

https://www.suse.com/security/cve/CVE-2017-18360.html

https://www.suse.com/security/cve/CVE-2018-19407.html

https://www.suse.com/security/cve/CVE-2018-19824.html

https://www.suse.com/security/cve/CVE-2018-19985.html

https://www.suse.com/security/cve/CVE-2018-20169.html

https://www.suse.com/security/cve/CVE-2018-9568.html

https://www.suse.com/security/cve/CVE-2019-7222.html

https://bugzilla.suse.com/1012382

https://bugzilla.suse.com/1031572

https://bugzilla.suse.com/1068032

https://bugzilla.suse.com/1086695

https://bugzilla.suse.com/1087081

https://bugzilla.suse.com/1094244

https://bugzilla.suse.com/1098658

https://bugzilla.suse.com/1104098

https://bugzilla.suse.com/1104367

https://bugzilla.suse.com/1104684

https://bugzilla.suse.com/1104818

https://bugzilla.suse.com/1105536

https://bugzilla.suse.com/1106105

https://bugzilla.suse.com/1106886

https://bugzilla.suse.com/1107371

https://bugzilla.suse.com/1109330

https://bugzilla.suse.com/1109806

https://bugzilla.suse.com/1110006

https://bugzilla.suse.com/1112963

https://bugzilla.suse.com/1113667

https://bugzilla.suse.com/1114440

https://bugzilla.suse.com/1114672

https://bugzilla.suse.com/1114920

https://bugzilla.suse.com/1115007

https://bugzilla.suse.com/1115038

https://bugzilla.suse.com/1115827

https://bugzilla.suse.com/1115828

https://bugzilla.suse.com/1115829

https://bugzilla.suse.com/1115830

https://bugzilla.suse.com/1115831

https://bugzilla.suse.com/1115832

https://bugzilla.suse.com/1115833

https://bugzilla.suse.com/1115834

https://bugzilla.suse.com/1115835

https://bugzilla.suse.com/1115836

https://bugzilla.suse.com/1115837

https://bugzilla.suse.com/1115838

https://bugzilla.suse.com/1115839

https://bugzilla.suse.com/1115840

https://bugzilla.suse.com/1115841

https://bugzilla.suse.com/1115842

https://bugzilla.suse.com/1115843

https://bugzilla.suse.com/1115844

https://bugzilla.suse.com/1116841

https://bugzilla.suse.com/1117796

https://bugzilla.suse.com/1117802

https://bugzilla.suse.com/1117805

https://bugzilla.suse.com/1117806

https://bugzilla.suse.com/1117943

https://bugzilla.suse.com/1118152

https://bugzilla.suse.com/1118319

https://bugzilla.suse.com/1118760

https://bugzilla.suse.com/1119255

https://bugzilla.suse.com/1119714

https://bugzilla.suse.com/1120056

https://bugzilla.suse.com/1120077

https://bugzilla.suse.com/1120086

https://bugzilla.suse.com/1120093

https://bugzilla.suse.com/1120094

https://bugzilla.suse.com/1120105

https://bugzilla.suse.com/1120107

https://bugzilla.suse.com/1120109

https://bugzilla.suse.com/1120217

https://bugzilla.suse.com/1120223

https://bugzilla.suse.com/1120226

https://bugzilla.suse.com/1120336

https://bugzilla.suse.com/1120347

https://bugzilla.suse.com/1120743

https://bugzilla.suse.com/1120950

https://bugzilla.suse.com/1121872

https://bugzilla.suse.com/1121997

https://bugzilla.suse.com/1122874

https://bugzilla.suse.com/1123505

https://bugzilla.suse.com/1123702

https://bugzilla.suse.com/1123706

https://bugzilla.suse.com/1124010

https://bugzilla.suse.com/1124735

https://bugzilla.suse.com/1125931

https://bugzilla.suse.com/931850

https://bugzilla.suse.com/969471

https://bugzilla.suse.com/969473

Severity

Announcement ID: SUSE-SU-2019:13979-1

Rating: important

SUSE: 2019:13979-1 important: the Linux Kernel

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By