SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0437-1
Rating:             important
References:         #1012382 #1047626 #1068032 #1070623 #1073311 
                    #1073792 #1073874 #1075091 #1075908 #1075994 
                    #1076017 #1076110 #1076154 #1076278 #1077355 
                    #1077560 #1077922 #893777 #893949 #902893 
                    #951638 
Cross-References:   CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741
                    CVE-2017-17805 CVE-2017-17806 CVE-2017-18079
                    CVE-2017-5715 CVE-2018-1000004
Affected Products:
                    SUSE Linux Enterprise Server 12-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 13 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-5715: Systems with microprocessors utilizing speculative
     execution and indirect branch prediction may allow unauthorized
     disclosure
     of information to an attacker with local user access via a side-channel
      analysis (bnc#1068032).

     The previous fix using CPU Microcode has been complemented by building
   the Linux Kernel with return trampolines aka "retpolines".

   - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a
     denial of service (NULL pointer dereference and system crash) or
     possibly have unspecified other impact because the port->exists value
     can change after it is validated (bnc#1077922)
   - CVE-2015-1142857: Prevent guests from sending ethernet flow control
     pause frames via the PF (bnc#1077355)
   - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive
     information from kernel memory, aka a write_mmio stack-based
     out-of-bounds read (bnc#1073311)
   - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908)
   - CVE-2018-1000004: Prevent race condition in the sound system, this could
     have lead a deadlock and denial of service condition (bnc#1076017)
   - CVE-2017-17806: The HMAC implementation did not validate that the
     underlying cryptographic hash algorithm is unkeyed, allowing a local
     attacker able to use the AF_ALG-based hash interface
     (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm
     (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by
     executing a crafted sequence of system calls that encounter a missing
     SHA-3 initialization (bnc#1073874)
   - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly
     handle zero-length inputs, allowing a local attacker able to use the
     AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to
     cause a denial of service (uninitialized-memory free and kernel crash)
     or have unspecified other impact by executing a crafted sequence of
     system calls that use the blkcipher_walk API. Both the generic
     implementation (crypto/salsa20_generic.c) and x86 implementation
     (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792)

   The following non-security bugs were fixed:

   - bcache allocator: send discards with correct size (bsc#1047626).
   - bcache.txt: standardize document format (bsc#1076110).
   - bcache: Abstract out stuff needed for sorting (bsc#1076110).
   - bcache: Add a cond_resched() call to gc (bsc#1076110).
   - bcache: Add a real GC_MARK_RECLAIMABLE (bsc#1076110).
   - bcache: Add bch_bkey_equal_header() (bsc#1076110).
   - bcache: Add bch_btree_keys_u64s_remaining() (bsc#1076110).
   - bcache: Add bch_keylist_init_single() (bsc#1047626).
   - bcache: Add btree_insert_node() (bnc#951638).
   - bcache: Add btree_map() functions (bsc#1047626).
   - bcache: Add btree_node_write_sync() (bsc#1076110).
   - bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
   - bcache: Add make_btree_freeing_key() (bsc#1076110).
   - bcache: Add on error panic/unregister setting (bsc#1047626).
   - bcache: Add struct bset_sort_state (bsc#1076110).
   - bcache: Add struct btree_keys (bsc#1076110).
   - bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110).
   - bcache: Avoid deadlocking in garbage collection (bsc#1076110).
   - bcache: Avoid nested function definition (bsc#1076110).
   - bcache: Better alloc tracepoints (bsc#1076110).
   - bcache: Better full stripe scanning (bsc#1076110).
   - bcache: Bkey indexing renaming (bsc#1076110).
   - bcache: Break up struct search (bsc#1076110).
   - bcache: Btree verify code improvements (bsc#1076110).
   - bcache: Bypass torture test (bsc#1076110).
   - bcache: Change refill_dirty() to always scan entire disk if necessary
     (bsc#1076110).
   - bcache: Clean up cache_lookup_fn (bsc#1076110).
   - bcache: Clean up keylist code (bnc#951638).
   - bcache: Convert bch_btree_insert() to bch_btree_map_leaf_nodes()
     (bsc#1076110).
   - bcache: Convert bch_btree_read_async() to bch_btree_map_keys()
     (bsc#1076110).
   - bcache: Convert btree_insert_check_key() to btree_insert_node()
     (bnc#951638).
   - bcache: Convert btree_iter to struct btree_keys (bsc#1076110).
   - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
   - bcache: Convert debug code to btree_keys (bsc#1076110).
   - bcache: Convert gc to a kthread (bsc#1047626).
   - bcache: Convert sorting to btree_keys (bsc#1076110).
   - bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
   - bcache: Convert writeback to a kthread (bsc#1076110).
   - bcache: Correct return value for sysfs attach errors (bsc#1076110).
   - bcache: Debug code improvements (bsc#1076110).
   - bcache: Delete some slower inline asm (bsc#1047626).
   - bcache: Do bkey_put() in btree_split() error path (bsc#1076110).
   - bcache: Do not bother with bucket refcount for btree node allocations
     (bsc#1076110).
   - bcache: Do not reinvent the wheel but use existing llist API
     (bsc#1076110).
   - bcache: Do not return -EINTR when insert finished (bsc#1076110).
   - bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110).
   - bcache: Do not use op->insert_collision (bsc#1076110).
   - bcache: Drop some closure stuff (bsc#1076110).
   - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).
   - bcache: Explicitly track btree node's parent (bnc#951638).
   - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).
   - bcache: Fix a bug when detaching (bsc#951638).
   - bcache: Fix a journal replay bug (bsc#1076110).
   - bcache: Fix a journalling performance bug (bnc#893777).
   - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).
   - bcache: Fix a lockdep splat (bnc#893777).
   - bcache: Fix a lockdep splat in an error path (bnc#951638).
   - bcache: Fix a null ptr deref in journal replay (bsc#1047626).
   - bcache: Fix a race when freeing btree nodes (bsc#1076110).
   - bcache: Fix a shutdown bug (bsc#951638).
   - bcache: Fix an infinite loop in journal replay (bsc#1047626).
   - bcache: Fix another bug recovering from unclean shutdown (bsc#1076110).
   - bcache: Fix another compiler warning on m68k (bsc#1076110).
   - bcache: Fix auxiliary search trees for key size > cacheline size
     (bsc#1076110).
   - bcache: Fix bch_ptr_bad() (bsc#1047626).
   - bcache: Fix building error on MIPS (bsc#1076110).
   - bcache: Fix dirty_data accounting (bsc#1076110).
   - bcache: Fix discard granularity (bsc#1047626).
   - bcache: Fix flash_dev_cache_miss() for real this time (bsc#1076110).
   - bcache: Fix for can_attach_cache() (bsc#1047626).
   - bcache: Fix heap_peek() macro (bsc#1047626).
   - bcache: Fix leak of bdev reference (bsc#1076110).
   - bcache: Fix more early shutdown bugs (bsc#951638).
   - bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110).
   - bcache: Fix moving_pred() (bsc#1047626).
   - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
   - bcache: Fix to remove the rcu_sched stalls (bsc#1047626).
   - bcache: Have btree_split() insert into parent directly (bsc#1076110).
   - bcache: Improve bucket_prio() calculation (bsc#1047626).
   - bcache: Improve priority_stats (bsc#1047626).
   - bcache: Incremental gc (bsc#1076110).
   - bcache: Insert multiple keys at a time (bnc#951638).
   - bcache: Kill bch_next_recurse_key() (bsc#1076110).
   - bcache: Kill btree_io_wq (bsc#1076110).
   - bcache: Kill bucket->gc_gen (bsc#1076110).
   - bcache: Kill dead cgroup code (bsc#1076110).
   - bcache: Kill op->cl (bsc#1076110).
   - bcache: Kill op->replace (bsc#1076110).
   - bcache: Kill sequential_merge option (bsc#1076110).
   - bcache: Kill unaligned bvec hack (bsc#1076110).
   - bcache: Kill unused freelist (bsc#1076110).
   - bcache: Make bch_keylist_realloc() take u64s, not nptrs (bsc#1076110).
   - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1076110).
   - bcache: Minor btree cache fix (bsc#1047626).
   - bcache: Minor fixes from kbuild robot (bsc#1076110).
   - bcache: Move insert_fixup() to btree_keys_ops (bsc#1076110).
   - bcache: Move keylist out of btree_op (bsc#1047626).
   - bcache: Move sector allocator to alloc.c (bsc#1076110).
   - bcache: Move some stuff to btree.c (bsc#1076110).
   - bcache: Move spinlock into struct time_stats (bsc#1076110).
   - bcache: New writeback PD controller (bsc#1047626).
   - bcache: PRECEDING_KEY() (bsc#1047626).
   - bcache: Performance fix for when journal entry is full (bsc#1047626).
   - bcache: Prune struct btree_op (bsc#1076110).
   - bcache: Pull on disk data structures out into a separate header
     (bsc#1076110).
   - bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power
     of two (bsc#1076110).
   - bcache: Really show state of work pending bit (bsc#1076110).
   - bcache: Refactor bset_tree sysfs stats (bsc#1076110).
   - bcache: Refactor journalling flow control (bnc#951638).
   - bcache: Refactor read request code a bit (bsc#1076110).
   - bcache: Refactor request_write() (bnc#951638).
   - bcache: Remove deprecated create_workqueue (bsc#1076110).
   - bcache: Remove redundant block_size assignment (bsc#1047626).
   - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).
   - bcache: Remove redundant set_capacity (bsc#1076110).
   - bcache: Remove unnecessary check in should_split() (bsc#1076110).
   - bcache: Remove/fix some header dependencies (bsc#1047626).
   - bcache: Rename/shuffle various code around (bsc#1076110).
   - bcache: Rework allocator reserves (bsc#1076110).
   - bcache: Rework btree cache reserve handling (bsc#1076110).
   - bcache: Split out sort_extent_cmp() (bsc#1076110).
   - bcache: Stripe size isn't necessarily a power of two (bnc#893949).
   - bcache: Trivial error handling fix (bsc#1047626).
   - bcache: Update continue_at() documentation (bsc#1076110).
   - bcache: Use a mempool for mergesort temporary space (bsc#1076110).
   - bcache: Use blkdev_issue_discard() (bnc#951638).
   - bcache: Use ida for bcache block dev minor (bsc#1047626).
   - bcache: Use uninterruptible sleep in writeback (bsc#1076110).
   - bcache: Zero less memory (bsc#1076110).
   - bcache: add a comment in journal bucket reading (bsc#1076110).
   - bcache: add mutex lock for bch_is_open (bnc#902893).
   - bcache: allows use of register in udev to avoid "device_busy" error
     (bsc#1047626).
   - bcache: bcache_write tracepoint was crashing (bsc#1076110).
   - bcache: bch_(btree|extent)_ptr_invalid() (bsc#1076110).
   - bcache: bch_allocator_thread() is not freezable (bsc#1047626).
   - bcache: bch_gc_thread() is not freezable (bsc#1047626).
   - bcache: bch_writeback_thread() is not freezable (bsc#1076110).
   - bcache: btree locking rework (bsc#1076110).
   - bcache: bugfix - gc thread now gets woken when cache is full
     (bsc#1047626).
   - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).
   - bcache: bugfix for race between moving_gc and bucket_invalidate
     (bsc#1076110).
   - bcache: check ca->alloc_thread initialized before wake up it
     (bsc#1076110).
   - bcache: check return value of register_shrinker (bsc#1076110).
   - bcache: cleaned up error handling around register_cache() (bsc#1047626).
   - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing
     device (bsc#1047626).
   - bcache: correct cache_dirty_target in __update_writeback_rate()
     (bsc#1076110).
   - bcache: defensively handle format strings (bsc#1047626).
   - bcache: do not embed 'return' statements in closure macros (bsc#1076110).
   - bcache: do not subtract sectors_to_gc for bypassed IO (bsc#1076110).
   - bcache: do not write back data if reading it failed (bsc#1076110).
   - bcache: documentation formatting, edited for clarity, stripe alignment
     notes (bsc#1076110).
   - bcache: documentation updates and corrections (bsc#1076110).
   - bcache: explicitly destroy mutex while exiting (bsc#1076110).
   - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED
     (bsc#1047626).
   - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).
   - bcache: fix a livelock when we cause a huge number of cache misses
     (bsc#1047626).
   - bcache: fix bch_hprint crash and improve output (bsc#1076110).
   - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint
     (bsc#1047626).
   - bcache: fix crash on shutdown in passthrough mode (bsc#1076110).
   - bcache: fix for gc and write-back race (bsc#1076110).
   - bcache: fix for gc and writeback race (bsc#1047626).
   - bcache: fix for gc crashing when no sectors are used (bsc#1047626).
   - bcache: fix lockdep warnings on shutdown (bsc#1047626).
   - bcache: fix race of writeback thread starting before complete
     initialization (bsc#1076110).
   - bcache: fix sequential large write IO bypass (bsc#1076110).
   - bcache: fix sparse non static symbol warning (bsc#1076110).
   - bcache: fix typo in bch_bkey_equal_header (bsc#1076110).
   - bcache: fix uninterruptible sleep in writeback thread (bsc#1076110).
   - bcache: fix use-after-free in btree_gc_coalesce() (bsc#1076110).
   - bcache: fix wrong cache_misses statistics (bsc#1076110).
   - bcache: gc does not work when triggering by manual command (bsc#1076110).
   - bcache: implement PI controller for writeback rate (bsc#1076110).
   - bcache: increase the number of open buckets (bsc#1076110).
   - bcache: initialize dirty stripes in flash_dev_run() (bsc#1076110).
   - bcache: kill closure locking code (bsc#1076110).
   - bcache: kill closure locking usage (bnc#951638).
   - bcache: kill index() (bsc#1047626).
   - bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110).
   - bcache: only permit to recovery read error when cache device is clean
     (bsc#1076110).
   - bcache: partition support: add 16 minors per bcacheN device
     (bsc#1076110).
   - bcache: pr_err: more meaningful error message when nr_stripes is invalid
     (bsc#1076110).
   - bcache: prevent crash on changing writeback_running (bsc#1076110).
   - bcache: rearrange writeback main thread ratelimit (bsc#1076110).
   - bcache: recover data from backing when data is clean (bsc#1076110).
   - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails
     (bsc#1047626).
   - bcache: remove nested function usage (bsc#1076110).
   - bcache: remove unused parameter (bsc#1076110).
   - bcache: rewrite multiple partitions support (bsc#1076110).
   - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).
   - bcache: silence static checker warning (bsc#1076110).
   - bcache: smooth writeback rate control (bsc#1076110).
   - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).
   - bcache: try to set b->parent properly (bsc#1076110).
   - bcache: update bch_bkey_try_merge (bsc#1076110).
   - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints
     (bsc#1076110).
   - bcache: update bucket_in_use in real time (bsc#1076110).
   - bcache: update document info (bsc#1076110).
   - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).
   - bcache: use kvfree() in various places (bsc#1076110).
   - bcache: use llist_for_each_entry_safe() in __closure_wake_up()
     (bsc#1076110).
   - bcache: wait for buckets when allocating new btree root (bsc#1076110).
   - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).
   - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).
   - fork: clear thread stack upon allocation (bsc#1077560).
   - gcov: disable for COMPILE_TEST (bnc#1012382).
   - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076154).
   - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).
   - md: more open-coded offset_in_page() (bsc#1076110).
   - nfsd: do not share group_info among threads (bsc@1070623).
   - sysfs/cpu: Add vulnerability folder (bnc#1012382).
   - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
   - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
   - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).
   - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).
   - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).
   - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).
   - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
     (bsc#1068032).
   - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
     bsc#1075091).
   - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2018-301=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-301=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

      kernel-default-3.12.61-52.119.1
      kernel-default-base-3.12.61-52.119.1
      kernel-default-base-debuginfo-3.12.61-52.119.1
      kernel-default-debuginfo-3.12.61-52.119.1
      kernel-default-debugsource-3.12.61-52.119.1
      kernel-default-devel-3.12.61-52.119.1
      kernel-syms-3.12.61-52.119.1

   - SUSE Linux Enterprise Server 12-LTSS (noarch):

      kernel-devel-3.12.61-52.119.1
      kernel-macros-3.12.61-52.119.1
      kernel-source-3.12.61-52.119.1

   - SUSE Linux Enterprise Server 12-LTSS (x86_64):

      kernel-xen-3.12.61-52.119.1
      kernel-xen-base-3.12.61-52.119.1
      kernel-xen-base-debuginfo-3.12.61-52.119.1
      kernel-xen-debuginfo-3.12.61-52.119.1
      kernel-xen-debugsource-3.12.61-52.119.1
      kernel-xen-devel-3.12.61-52.119.1
      kgraft-patch-3_12_61-52_119-default-1-1.7.1
      kgraft-patch-3_12_61-52_119-xen-1-1.7.1

   - SUSE Linux Enterprise Server 12-LTSS (s390x):

      kernel-default-man-3.12.61-52.119.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.61-52.119.1
      kernel-ec2-debuginfo-3.12.61-52.119.1
      kernel-ec2-debugsource-3.12.61-52.119.1
      kernel-ec2-devel-3.12.61-52.119.1
      kernel-ec2-extra-3.12.61-52.119.1
      kernel-ec2-extra-debuginfo-3.12.61-52.119.1


References:

   https://www.suse.com/security/cve/CVE-2015-1142857.html
   https://www.suse.com/security/cve/CVE-2017-13215.html
   https://www.suse.com/security/cve/CVE-2017-17741.html
   https://www.suse.com/security/cve/CVE-2017-17805.html
   https://www.suse.com/security/cve/CVE-2017-17806.html
   https://www.suse.com/security/cve/CVE-2017-18079.html
   https://www.suse.com/security/cve/CVE-2017-5715.html
   https://www.suse.com/security/cve/CVE-2018-1000004.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1047626
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1070623
   https://bugzilla.suse.com/1073311
   https://bugzilla.suse.com/1073792
   https://bugzilla.suse.com/1073874
   https://bugzilla.suse.com/1075091
   https://bugzilla.suse.com/1075908
   https://bugzilla.suse.com/1075994
   https://bugzilla.suse.com/1076017
   https://bugzilla.suse.com/1076110
   https://bugzilla.suse.com/1076154
   https://bugzilla.suse.com/1076278
   https://bugzilla.suse.com/1077355
   https://bugzilla.suse.com/1077560
   https://bugzilla.suse.com/1077922
   https://bugzilla.suse.com/893777
   https://bugzilla.suse.com/893949
   https://bugzilla.suse.com/902893
   https://bugzilla.suse.com/951638

--

SUSE: 2018:0437-1: important: the Linux Kernel

February 13, 2018
An update that solves 8 vulnerabilities and has 13 fixes is now available.

Summary

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922) - CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355) - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311) - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908) - CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017) - CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874) - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792) The following non-security bugs were fixed: - bcache allocator: send discards with correct size (bsc#1047626). - bcache.txt: standardize document format (bsc#1076110). - bcache: Abstract out stuff needed for sorting (bsc#1076110). - bcache: Add a cond_resched() call to gc (bsc#1076110). - bcache: Add a real GC_MARK_RECLAIMABLE (bsc#1076110). - bcache: Add bch_bkey_equal_header() (bsc#1076110). - bcache: Add bch_btree_keys_u64s_remaining() (bsc#1076110). - bcache: Add bch_keylist_init_single() (bsc#1047626). - bcache: Add btree_insert_node() (bnc#951638). - bcache: Add btree_map() functions (bsc#1047626). - bcache: Add btree_node_write_sync() (bsc#1076110). - bcache: Add explicit keylist arg to btree_insert() (bnc#951638). - bcache: Add make_btree_freeing_key() (bsc#1076110). - bcache: Add on error panic/unregister setting (bsc#1047626). - bcache: Add struct bset_sort_state (bsc#1076110). - bcache: Add struct btree_keys (bsc#1076110). - bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110). - bcache: Avoid deadlocking in garbage collection (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: Better alloc tracepoints (bsc#1076110). - bcache: Better full stripe scanning (bsc#1076110). - bcache: Bkey indexing renaming (bsc#1076110). - bcache: Break up struct search (bsc#1076110). - bcache: Btree verify code improvements (bsc#1076110). - bcache: Bypass torture test (bsc#1076110). - bcache: Change refill_dirty() to always scan entire disk if necessary (bsc#1076110). - bcache: Clean up cache_lookup_fn (bsc#1076110). - bcache: Clean up keylist code (bnc#951638). - bcache: Convert bch_btree_insert() to bch_btree_map_leaf_nodes() (bsc#1076110). - bcache: Convert bch_btree_read_async() to bch_btree_map_keys() (bsc#1076110). - bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638). - bcache: Convert btree_iter to struct btree_keys (bsc#1076110). - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638). - bcache: Convert debug code to btree_keys (bsc#1076110). - bcache: Convert gc to a kthread (bsc#1047626). - bcache: Convert sorting to btree_keys (bsc#1076110). - bcache: Convert try_wait to wait_queue_head_t (bnc#951638). - bcache: Convert writeback to a kthread (bsc#1076110). - bcache: Correct return value for sysfs attach errors (bsc#1076110). - bcache: Debug code improvements (bsc#1076110). - bcache: Delete some slower inline asm (bsc#1047626). - bcache: Do bkey_put() in btree_split() error path (bsc#1076110). - bcache: Do not bother with bucket refcount for btree node allocations (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: Do not return -EINTR when insert finished (bsc#1076110). - bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110). - bcache: Do not use op->insert_collision (bsc#1076110). - bcache: Drop some closure stuff (bsc#1076110). - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626). - bcache: Explicitly track btree node's parent (bnc#951638). - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626). - bcache: Fix a bug when detaching (bsc#951638). - bcache: Fix a journal replay bug (bsc#1076110). - bcache: Fix a journalling performance bug (bnc#893777). - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626). - bcache: Fix a lockdep splat (bnc#893777). - bcache: Fix a lockdep splat in an error path (bnc#951638). - bcache: Fix a null ptr deref in journal replay (bsc#1047626). - bcache: Fix a race when freeing btree nodes (bsc#1076110). - bcache: Fix a shutdown bug (bsc#951638). - bcache: Fix an infinite loop in journal replay (bsc#1047626). - bcache: Fix another bug recovering from unclean shutdown (bsc#1076110). - bcache: Fix another compiler warning on m68k (bsc#1076110). - bcache: Fix auxiliary search trees for key size > cacheline size (bsc#1076110). - bcache: Fix bch_ptr_bad() (bsc#1047626). - bcache: Fix building error on MIPS (bsc#1076110). - bcache: Fix dirty_data accounting (bsc#1076110). - bcache: Fix discard granularity (bsc#1047626). - bcache: Fix flash_dev_cache_miss() for real this time (bsc#1076110). - bcache: Fix for can_attach_cache() (bsc#1047626). - bcache: Fix heap_peek() macro (bsc#1047626). - bcache: Fix leak of bdev reference (bsc#1076110). - bcache: Fix more early shutdown bugs (bsc#951638). - bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110). - bcache: Fix moving_pred() (bsc#1047626). - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - bcache: Fix to remove the rcu_sched stalls (bsc#1047626). - bcache: Have btree_split() insert into parent directly (bsc#1076110). - bcache: Improve bucket_prio() calculation (bsc#1047626). - bcache: Improve priority_stats (bsc#1047626). - bcache: Incremental gc (bsc#1076110). - bcache: Insert multiple keys at a time (bnc#951638). - bcache: Kill bch_next_recurse_key() (bsc#1076110). - bcache: Kill btree_io_wq (bsc#1076110). - bcache: Kill bucket->gc_gen (bsc#1076110). - bcache: Kill dead cgroup code (bsc#1076110). - bcache: Kill op->cl (bsc#1076110). - bcache: Kill op->replace (bsc#1076110). - bcache: Kill sequential_merge option (bsc#1076110). - bcache: Kill unaligned bvec hack (bsc#1076110). - bcache: Kill unused freelist (bsc#1076110). - bcache: Make bch_keylist_realloc() take u64s, not nptrs (bsc#1076110). - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1076110). - bcache: Minor btree cache fix (bsc#1047626). - bcache: Minor fixes from kbuild robot (bsc#1076110). - bcache: Move insert_fixup() to btree_keys_ops (bsc#1076110). - bcache: Move keylist out of btree_op (bsc#1047626). - bcache: Move sector allocator to alloc.c (bsc#1076110). - bcache: Move some stuff to btree.c (bsc#1076110). - bcache: Move spinlock into struct time_stats (bsc#1076110). - bcache: New writeback PD controller (bsc#1047626). - bcache: PRECEDING_KEY() (bsc#1047626). - bcache: Performance fix for when journal entry is full (bsc#1047626). - bcache: Prune struct btree_op (bsc#1076110). - bcache: Pull on disk data structures out into a separate header (bsc#1076110). - bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power of two (bsc#1076110). - bcache: Really show state of work pending bit (bsc#1076110). - bcache: Refactor bset_tree sysfs stats (bsc#1076110). - bcache: Refactor journalling flow control (bnc#951638). - bcache: Refactor read request code a bit (bsc#1076110). - bcache: Refactor request_write() (bnc#951638). - bcache: Remove deprecated create_workqueue (bsc#1076110). - bcache: Remove redundant block_size assignment (bsc#1047626). - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: Remove unnecessary check in should_split() (bsc#1076110). - bcache: Remove/fix some header dependencies (bsc#1047626). - bcache: Rename/shuffle various code around (bsc#1076110). - bcache: Rework allocator reserves (bsc#1076110). - bcache: Rework btree cache reserve handling (bsc#1076110). - bcache: Split out sort_extent_cmp() (bsc#1076110). - bcache: Stripe size isn't necessarily a power of two (bnc#893949). - bcache: Trivial error handling fix (bsc#1047626). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: Use a mempool for mergesort temporary space (bsc#1076110). - bcache: Use blkdev_issue_discard() (bnc#951638). - bcache: Use ida for bcache block dev minor (bsc#1047626). - bcache: Use uninterruptible sleep in writeback (bsc#1076110). - bcache: Zero less memory (bsc#1076110). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: add mutex lock for bch_is_open (bnc#902893). - bcache: allows use of register in udev to avoid "device_busy" error (bsc#1047626). - bcache: bcache_write tracepoint was crashing (bsc#1076110). - bcache: bch_(btree|extent)_ptr_invalid() (bsc#1076110). - bcache: bch_allocator_thread() is not freezable (bsc#1047626). - bcache: bch_gc_thread() is not freezable (bsc#1047626). - bcache: bch_writeback_thread() is not freezable (bsc#1076110). - bcache: btree locking rework (bsc#1076110). - bcache: bugfix - gc thread now gets woken when cache is full (bsc#1047626). - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626). - bcache: bugfix for race between moving_gc and bucket_invalidate (bsc#1076110). - bcache: check ca->alloc_thread initialized before wake up it (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: cleaned up error handling around register_cache() (bsc#1047626). - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device (bsc#1047626). - bcache: correct cache_dirty_target in __update_writeback_rate() (bsc#1076110). - bcache: defensively handle format strings (bsc#1047626). - bcache: do not embed 'return' statements in closure macros (bsc#1076110). - bcache: do not subtract sectors_to_gc for bypassed IO (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bsc#1076110). - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED (bsc#1047626). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: fix a livelock when we cause a huge number of cache misses (bsc#1047626). - bcache: fix bch_hprint crash and improve output (bsc#1076110). - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint (bsc#1047626). - bcache: fix crash on shutdown in passthrough mode (bsc#1076110). - bcache: fix for gc and write-back race (bsc#1076110). - bcache: fix for gc and writeback race (bsc#1047626). - bcache: fix for gc crashing when no sectors are used (bsc#1047626). - bcache: fix lockdep warnings on shutdown (bsc#1047626). - bcache: fix race of writeback thread starting before complete initialization (bsc#1076110). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix sparse non static symbol warning (bsc#1076110). - bcache: fix typo in bch_bkey_equal_header (bsc#1076110). - bcache: fix uninterruptible sleep in writeback thread (bsc#1076110). - bcache: fix use-after-free in btree_gc_coalesce() (bsc#1076110). - bcache: fix wrong cache_misses statistics (bsc#1076110). - bcache: gc does not work when triggering by manual command (bsc#1076110). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: initialize dirty stripes in flash_dev_run() (bsc#1076110). - bcache: kill closure locking code (bsc#1076110). - bcache: kill closure locking usage (bnc#951638). - bcache: kill index() (bsc#1047626). - bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bsc#1076110). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110). - bcache: pr_err: more meaningful error message when nr_stripes is invalid (bsc#1076110). - bcache: prevent crash on changing writeback_running (bsc#1076110). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bsc#1076110). - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails (bsc#1047626). - bcache: remove nested function usage (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626). - bcache: try to set b->parent properly (bsc#1076110). - bcache: update bch_bkey_try_merge (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: update document info (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use kvfree() in various places (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: wait for buckets when allocating new btree root (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - fork: clear thread stack upon allocation (bsc#1077560). - gcov: disable for COMPILE_TEST (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076154). - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278). - md: more open-coded offset_in_page() (bsc#1076110). - nfsd: do not share group_info among threads (bsc@1070623). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-301=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-301=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.119.1 kernel-default-base-3.12.61-52.119.1 kernel-default-base-debuginfo-3.12.61-52.119.1 kernel-default-debuginfo-3.12.61-52.119.1 kernel-default-debugsource-3.12.61-52.119.1 kernel-default-devel-3.12.61-52.119.1 kernel-syms-3.12.61-52.119.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.119.1 kernel-macros-3.12.61-52.119.1 kernel-source-3.12.61-52.119.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.119.1 kernel-xen-base-3.12.61-52.119.1 kernel-xen-base-debuginfo-3.12.61-52.119.1 kernel-xen-debuginfo-3.12.61-52.119.1 kernel-xen-debugsource-3.12.61-52.119.1 kernel-xen-devel-3.12.61-52.119.1 kgraft-patch-3_12_61-52_119-default-1-1.7.1 kgraft-patch-3_12_61-52_119-xen-1-1.7.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.119.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.119.1 kernel-ec2-debuginfo-3.12.61-52.119.1 kernel-ec2-debugsource-3.12.61-52.119.1 kernel-ec2-devel-3.12.61-52.119.1 kernel-ec2-extra-3.12.61-52.119.1 kernel-ec2-extra-debuginfo-3.12.61-52.119.1

References

#1012382 #1047626 #1068032 #1070623 #1073311

#1073792 #1073874 #1075091 #1075908 #1075994

#1076017 #1076110 #1076154 #1076278 #1077355

#1077560 #1077922 #893777 #893949 #902893

#951638

Cross- CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741

CVE-2017-17805 CVE-2017-17806 CVE-2017-18079

CVE-2017-5715 CVE-2018-1000004

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

SUSE Linux Enterprise Module for Public Cloud 12

https://www.suse.com/security/cve/CVE-2015-1142857.html

https://www.suse.com/security/cve/CVE-2017-13215.html

https://www.suse.com/security/cve/CVE-2017-17741.html

https://www.suse.com/security/cve/CVE-2017-17805.html

https://www.suse.com/security/cve/CVE-2017-17806.html

https://www.suse.com/security/cve/CVE-2017-18079.html

https://www.suse.com/security/cve/CVE-2017-5715.html

https://www.suse.com/security/cve/CVE-2018-1000004.html

https://bugzilla.suse.com/1012382

https://bugzilla.suse.com/1047626

https://bugzilla.suse.com/1068032

https://bugzilla.suse.com/1070623

https://bugzilla.suse.com/1073311

https://bugzilla.suse.com/1073792

https://bugzilla.suse.com/1073874

https://bugzilla.suse.com/1075091

https://bugzilla.suse.com/1075908

https://bugzilla.suse.com/1075994

https://bugzilla.suse.com/1076017

https://bugzilla.suse.com/1076110

https://bugzilla.suse.com/1076154

https://bugzilla.suse.com/1076278

https://bugzilla.suse.com/1077355

https://bugzilla.suse.com/1077560

https://bugzilla.suse.com/1077922

https://bugzilla.suse.com/893777

https://bugzilla.suse.com/893949

https://bugzilla.suse.com/902893

https://bugzilla.suse.com/951638

--

Severity
Announcement ID: SUSE-SU-2018:0437-1
Rating: important

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved