SUSE-SU-2018:1482-1

Опубликовано: 31 мая 2018

Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

This update main focus is a regression fix in SystemV IPC handling. (bsc#1093600)

The following non-security bugs were fixed:

Drop cBPF SSBD as classic BPF does not really have a proper concept of pointers, and without eBPF maps the out-of-bounds access in speculative execution branch can't be mounted. Moreoever, seccomp BPF uses only such a subset of BPF that can only do absolute indexing, and therefore seccomp data buffer boundarier can't be crossed. Information condensed from Alexei and Kees.
ibrs used instead of retpoline on Haswell processor with spectre_v2=retpoline (bsc#1092497)
ib/mlx4: Convert slave port before building address-handle (bug#919382 FATE#317529).
KABI protect struct _lowcore (bsc#1089386).
Update config files, add Spectre mitigation for s390x (bnc#1089386, LTC#166572).
Update s390 config files (bsc#1089386).
fanotify: fix logic of events on child (bsc#1013018).
ipc/msg: Fix faulty parsing of msgctl args (bsc#1093600,bsc#1072689).
ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).
ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1013018).
powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and architecture bits (bsc#1087082).
powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 (FATE#325713, bsc#1093710).
s390/cio: update chpid descriptor after resource accessibility event (bnc#1091659, LTC#167429).
s390/dasd: fix IO error for newly defined devices (bnc#1091659, LTC#167398).
s390/qdio: fix access to uninitialized qdio_q fields (bnc#1091659, LTC#168037).
s390/qeth: on channel error, reject further cmd requests (bnc#1088343, LTC#165985).
s390: add automatic detection of the spectre defense (bnc#1089386, LTC#166572).
s390: add optimized array_index_mask_nospec (bnc#1089386, LTC#166572).
s390: add sysfs attributes for spectre (bnc#1089386, LTC#166572).
s390: correct module section names for expoline code revert (bsc#1089386).
s390: correct nospec auto detection init order (bnc#1089386, LTC#166572).
s390: do not bypass BPENTER for interrupt system calls (bnc#1089386, LTC#166572).
s390: fix retpoline build on 31bit (bsc#1089386).
s390: improve cpu alternative handling for gmb and nobp (bnc#1089386, LTC#166572).
s390: introduce execute-trampolines for branches (bnc#1089386, LTC#166572).
s390: move nobp parameter functions to nospec-branch.c (bnc#1089386, LTC#166572).
s390: report spectre mitigation via syslog (bnc#1089386, LTC#166572).
s390: run user space and KVM guests with modified branch prediction (bnc#1089386, LTC#166572).
s390: scrub registers on kernel entry and KVM exit (bnc#1089386, LTC#166572).
x86, mce: Fix mce_start_timer semantics (bsc#1090607).
x86/kaiser: symbol kaiser_set_shadow_pgd() exported with non GPL

Список пакетов

SUSE Linux Enterprise Server 11 SP4

kernel-bigmem-3.0.101-108.52.1

kernel-bigmem-base-3.0.101-108.52.1

kernel-bigmem-devel-3.0.101-108.52.1

kernel-default-3.0.101-108.52.1

kernel-default-base-3.0.101-108.52.1

kernel-default-devel-3.0.101-108.52.1

kernel-default-man-3.0.101-108.52.1

kernel-ec2-3.0.101-108.52.1

kernel-ec2-base-3.0.101-108.52.1

kernel-ec2-devel-3.0.101-108.52.1

kernel-pae-3.0.101-108.52.1

kernel-pae-base-3.0.101-108.52.1

kernel-pae-devel-3.0.101-108.52.1

kernel-ppc64-3.0.101-108.52.1

kernel-ppc64-base-3.0.101-108.52.1

kernel-ppc64-devel-3.0.101-108.52.1

kernel-source-3.0.101-108.52.1

kernel-syms-3.0.101-108.52.1

kernel-trace-3.0.101-108.52.1

kernel-trace-base-3.0.101-108.52.1

kernel-trace-devel-3.0.101-108.52.1

kernel-xen-3.0.101-108.52.1

kernel-xen-base-3.0.101-108.52.1

kernel-xen-devel-3.0.101-108.52.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4