SUSE-SU-2018:1762-1

Описание

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086)
• CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)
• CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728)
• CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353)
• CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007)
• CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095)
• CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012)
• CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904)
• CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900)
• CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962)

The following non-security bugs were fixed:

• Fix excessive newline in /proc/*/status (bsc#1094823).
• KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
• ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552).
• kABI: work around BPF SSBD removal (bsc#1087082).
• kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033).
• mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152).
• usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bsc#1096480).
• usbip: usbip_host: fix bad unlock balance during stub_probe() (bsc#1096480).
• x86/boot: Fix early command-line parsing when matching at end (bsc#1096281).
• x86/boot: Fix early command-line parsing when partial word matches (bsc#1096281).
• x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).
• x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
• xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610).