Recommended update for drbd and drbd-utils

Announcement ID: SUSE-RU-2018:0779-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2017-5715 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2

An update that solves one vulnerability and has nine fixes can now be installed.

Description:

This update for drbd and drbd-utils provides the following fixes:

Changes in drbd:

  • Fix a possible kernel trace while starting the initial syncing of a stacked drbd. (bsc#1058770)
  • Fix auto promotion after split-brain. (bsc#1074228)
  • Support passing "--force" to drbdadm dump-md. (bsc#1077176)
  • Many upstream fixes in version 9.0.8 (bsc#1045473):
  • Fix a race condition between adding connections and receiving data.
  • Fix a OOPS on a diskfull node when a request from a diskless node.
  • Fix a distributed deadlock when doing a discard/write-same burst.
  • Fix an issue with diskless nodes adopting wrong current UUIDs.
  • Fix wrongly rejected two-phase-state transactions.
  • Fix initial resync, triggered by "--force primary".
  • Speed-up AL-updates with bio flags REQ_META and REQ_PRIO.
  • Merged changes from 8.4.10 and with that compatibility with Linux-4.12.
  • The kernel modules were rebuilt with retpoline support to mitigate Spectre v2 (bsc#1068032 CVE-2017-5715)

Changes in drbd-utils:

  • Fix the wrong device due to udev change. (bsc#1059566)
  • Support passing "--force" to drbdadm dump-md. (bsc#1077176)
  • Fix a possible kernel trace while starting the initial syncing of a stacked drbd. (bsc#1058770)
  • Backport some fixes of peer_device objects.
  • Do not hardcode loglevel local5 and make it possible to change that using --logfacility. (bsc#1064402)
  • Update documentation and examples regarding fencing: it is now moved from the dir to the net section. (bsc#1061145)
  • Skip running drbdadm sh-b-pri in drbd9. (bsc#1061147)
  • Disable quorum in default configuration. (bsc#1032142)
  • Fix auto promotion after split-brain. (bsc#1074228)
  • Use upstream's RA.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise High Availability Extension 12 SP2
    zypper in -t patch SUSE-SLE-HA-12-SP2-2018-530=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
    zypper in -t patch SUSE-SLE-HA-12-SP2-2018-530=1

Package List:

  • SUSE Linux Enterprise High Availability Extension 12 SP2 (ppc64le s390x x86_64)
    • drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.114_92.67-10.8.1
    • drbd-utils-9.0.0-8.15.1
    • drbd-9.0.8+git.c8bc3670-10.8.1
    • drbd-utils-debuginfo-9.0.0-8.15.1
    • drbd-debugsource-9.0.8+git.c8bc3670-10.8.1
    • drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.114_92.67-10.8.1
    • drbd-utils-debugsource-9.0.0-8.15.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
    • drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.114_92.67-10.8.1
    • drbd-utils-9.0.0-8.15.1
    • drbd-9.0.8+git.c8bc3670-10.8.1
    • drbd-utils-debuginfo-9.0.0-8.15.1
    • drbd-debugsource-9.0.8+git.c8bc3670-10.8.1
    • drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.114_92.67-10.8.1
    • drbd-utils-debugsource-9.0.0-8.15.1

References: