Recommended update for drbd, drbd-utils

Announcement ID: SUSE-RU-2018:0821-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2017-5715 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves one vulnerability and has six fixes can now be installed.

Description:

This update for drbd and drbd-utils provides the following fixes:

Changes in drbd-utils:

  • Make sure the full bitmap gets properly propagated in drbdmeta. Also make sure the ID is kept when downgrading from v9 to v8. (bsc#1037109)
  • Support passing "--force" to drbdadm dump-md. (bsc#1077176)
  • Fix a possible kernel trace while starting the initial syncing of a stacked drbd. (bsc#1058770)
  • Backport some fixes of peer_device objects.
  • Do not hardcode loglevel local5 and make it possible to change that using --logfacility. (bsc#1064402)
  • Update documentation and examples regarding fencing: it is now moved from the disk to the net section. (bsc#1061145)
  • Skip running drbdadm sh-b-pri in drbd9. (bsc#1061147)
  • The included kernel modules in the KMP packages were rebuilt using "retpoline" support to mitigate Spectre v2 (bsc#1068032 CVE-2017-5715)

Changes in drbd:

  • Make sure the full bitmap gets properly propagated in drbdmeta. (bsc#1037109)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
    zypper in -t patch SUSE-SLE-HA-12-SP3-2018-551=1
  • SUSE Linux Enterprise High Availability Extension 12 SP3
    zypper in -t patch SUSE-SLE-HA-12-SP3-2018-551=1

Package List:

  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
    • drbd-utils-debuginfo-9.0.0-2.8.1
    • drbd-9.0.8+git.c8bc3670-3.3.2
    • drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.114_94.14-3.3.2
    • drbd-debugsource-9.0.8+git.c8bc3670-3.3.2
    • drbd-utils-debugsource-9.0.0-2.8.1
    • drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.114_94.14-3.3.2
    • drbd-utils-9.0.0-2.8.1
  • SUSE Linux Enterprise High Availability Extension 12 SP3 (ppc64le s390x x86_64)
    • drbd-utils-debuginfo-9.0.0-2.8.1
    • drbd-9.0.8+git.c8bc3670-3.3.2
    • drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.114_94.14-3.3.2
    • drbd-debugsource-9.0.8+git.c8bc3670-3.3.2
    • drbd-utils-debugsource-9.0.0-2.8.1
    • drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.114_94.14-3.3.2
    • drbd-utils-9.0.0-2.8.1

References: