Security update for the Linux Kernel

Announcement ID: SUSE-SU-2018:2062-1
Rating: important
References:
Cross-References:
CVSS scores:
Affected Products:
  • SLES for SAP Applications 11-SP4
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves one vulnerability and has 23 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue (bsc#902351).

The following non-security bugs were fixed:

  • ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1045538).
  • ALSA: seq: Do not allow resizing pool in use (bsc#1045538).
  • Delete patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch (bsc# 1090078)
  • IB/mlx4: fix sprintf format warning (bnc#786036).
  • RDMA/mlx4: Discard unknown SQP work requests (bnc#786036).
  • USB: uss720: fix NULL-deref at probe (bnc#1047487).
  • bna: integer overflow bug in debugfs (bnc#780242).
  • e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bug#923242).
  • e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495).
  • fix a leak in /proc/schedstats (bsc#1094876).
  • ixgbe: Initialize 64-bit stats seqcounts (bnc#795301).
  • mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes).
  • module/retpoline: Warn about missing retpoline in module (bnc#1099177).
  • net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036).
  • net/mlx4_en: Change default QoS settings (bnc#786036 ).
  • net/mlx4_en: Use __force to fix a sparse warning in TX datapath (bug#925105).
  • netxen: fix incorrect loop counter decrement (bnc#784815).
  • powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244).
  • s390/qdio: do not merge ERROR output buffers (bnc#1099709).
  • s390/qeth: do not dump control cmd twice (bnc#1099709).
  • s390/qeth: fix SETIP command handling (bnc#1099709).
  • s390/qeth: free netdevice when removing a card (bnc#1099709).
  • s390/qeth: lock read device while queueing next buffer (bnc#1099709).
  • s390/qeth: when thread completes, wake up all waiters (bnc#1099709).
  • sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089).
  • scsi: sg: mitigate read/write abuse (bsc#1101296).
  • tg3: do not clear stats while tg3_close (bnc#790588).
  • video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bnc#1099966).
  • vmxnet3: use correct flag to indicate LRO feature (bsc#936423).
  • x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408).
  • x86-non-upstream-eager-fpu 32bit fix (bnc#1087086, bnc#1100091, bnc#1099598).
  • x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Software Development Kit 11 SP4
    zypper in -t patch sdksp4-kernel-source-13702=1
  • SUSE Linux Enterprise Server 11 SP4
    zypper in -t patch slessp4-kernel-source-13702=1
  • SLES for SAP Applications 11-SP4
    zypper in -t patch slessp4-kernel-source-13702=1

Package List:

  • SUSE Linux Enterprise Software Development Kit 11 SP4 (noarch)
    • kernel-docs-3.0.101-108.60.1
  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64 nosrc)
    • kernel-trace-3.0.101-108.60.1
    • kernel-default-3.0.101-108.60.1
  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
    • kernel-default-base-3.0.101-108.60.1
    • kernel-source-3.0.101-108.60.1
    • kernel-default-devel-3.0.101-108.60.1
    • kernel-trace-base-3.0.101-108.60.1
    • kernel-trace-devel-3.0.101-108.60.1
    • kernel-syms-3.0.101-108.60.1
  • SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64 i586)
    • kernel-xen-3.0.101-108.60.1
    • kernel-ec2-3.0.101-108.60.1
  • SUSE Linux Enterprise Server 11 SP4 (x86_64 i586)
    • kernel-ec2-base-3.0.101-108.60.1
    • kernel-xen-devel-3.0.101-108.60.1
    • kernel-ec2-devel-3.0.101-108.60.1
    • kernel-xen-base-3.0.101-108.60.1
  • SUSE Linux Enterprise Server 11 SP4 (nosrc i586)
    • kernel-pae-3.0.101-108.60.1
  • SUSE Linux Enterprise Server 11 SP4 (i586)
    • kernel-pae-base-3.0.101-108.60.1
    • kernel-pae-devel-3.0.101-108.60.1
  • SUSE Linux Enterprise Server 11 SP4 (ppc64 nosrc)
    • kernel-bigmem-3.0.101-108.60.1
    • kernel-ppc64-3.0.101-108.60.1
  • SUSE Linux Enterprise Server 11 SP4 (ppc64)
    • kernel-bigmem-base-3.0.101-108.60.1
    • kernel-ppc64-devel-3.0.101-108.60.1
    • kernel-ppc64-base-3.0.101-108.60.1
    • kernel-bigmem-devel-3.0.101-108.60.1
  • SUSE Linux Enterprise Server 11 SP4 (s390x)
    • kernel-default-man-3.0.101-108.60.1
  • SLES for SAP Applications 11-SP4 (ppc64 nosrc)
    • kernel-bigmem-3.0.101-108.60.1
    • kernel-ppc64-3.0.101-108.60.1
  • SLES for SAP Applications 11-SP4 (ppc64)
    • kernel-bigmem-base-3.0.101-108.60.1
    • kernel-ppc64-devel-3.0.101-108.60.1
    • kernel-ppc64-base-3.0.101-108.60.1
    • kernel-bigmem-devel-3.0.101-108.60.1
  • SLES for SAP Applications 11-SP4 (ppc64 nosrc x86_64)
    • kernel-trace-3.0.101-108.60.1
    • kernel-default-3.0.101-108.60.1
  • SLES for SAP Applications 11-SP4 (ppc64 x86_64)
    • kernel-default-base-3.0.101-108.60.1
    • kernel-source-3.0.101-108.60.1
    • kernel-default-devel-3.0.101-108.60.1
    • kernel-trace-base-3.0.101-108.60.1
    • kernel-trace-devel-3.0.101-108.60.1
    • kernel-syms-3.0.101-108.60.1
  • SLES for SAP Applications 11-SP4 (nosrc x86_64)
    • kernel-xen-3.0.101-108.60.1
    • kernel-ec2-3.0.101-108.60.1
  • SLES for SAP Applications 11-SP4 (x86_64)
    • kernel-ec2-base-3.0.101-108.60.1
    • kernel-xen-devel-3.0.101-108.60.1
    • kernel-ec2-devel-3.0.101-108.60.1
    • kernel-xen-base-3.0.101-108.60.1

References: