Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] SUSE-SU-2017:1183-1: important: Security update for the Linux Kernel

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2017:1183-1

Rating: important

References: #1007959 #1007962 #1008842 #1010032 #1011913

#1012382 #1012910 #1013994 #1014136 #1015609

#1017461 #1017641 #1018263 #1018419 #1019163

#1019614 #1019618 #1020048 #1021762 #1022340

#1022785 #1023866 #1024015 #1025683 #1026024

#1026405 #1026462 #1026505 #1026509 #1026692

#1026722 #1027054 #1027066 #1027153 #1027179

#1027189 #1027190 #1027195 #1027273 #1027616

#1028017 #1028027 #1028041 #1028158 #1028217

#1028325 #1028415 #1028819 #1028895 #1029220

#1029514 #1029634 #1029986 #1030118 #1030213

#1031003 #1031052 #1031200 #1031206 #1031208

#1031440 #1031481 #1031579 #1031660 #1031662

#1031717 #1031831 #1032006 #1032673 #1032681

#897662 #951844 #968697 #969755 #970083 #977572

#977860 #978056 #980892 #981634 #982783 #987899

#988281 #991173 #998106

Cross-References: CVE-2016-10200 CVE-2016-2117 CVE-2016-9191

CVE-2017-2596 CVE-2017-2671 CVE-2017-6074

CVE-2017-6214 CVE-2017-6345 CVE-2017-6346

CVE-2017-6347 CVE-2017-6353 CVE-2017-7187

CVE-2017-7261 CVE-2017-7294 CVE-2017-7308

CVE-2017-7374

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP2

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Live Patching 12

SUSE Linux Enterprise High Availability 12-SP2

SUSE Linux Enterprise Desktop 12-SP2

OpenStack Cloud Magnum Orchestration 7

______________________________________________________________________________

 

An update that solves 16 vulnerabilities and has 69 fixes

is now available.

 

Description:

 

 

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive

various security and bugfixes.

 

Notable new/improved features:

- Improved support for Hyper-V

- Support for Matrox G200eH3

- Support for tcp_westwood

 

The following security bugs were fixed:

 

- CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux

kernel was too late in obtaining a certain lock and consequently could

not ensure that disconnect function calls are safe, which allowed local

users to cause a denial of service (panic) by leveraging access to the

protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).

- CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in

the Linux kernel did not properly validate certain block-size data,

which allowed local users to cause a denial of service (overflow) or

possibly have unspecified other impact via crafted system calls

(bnc#1031579).

- CVE-2017-7294: The vmw_surface_define_ioctl function in

drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not

validate addition of certain levels data, which allowed local users to

trigger an integer overflow and out-of-bounds write, and cause a denial

of service (system hang or crash) or possibly gain privileges, via a

crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).

- CVE-2017-7261: The vmw_surface_define_ioctl function in

drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not

check for a zero value of certain levels data, which allowed local users

to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and

possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device

(bnc#1031052).

- CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux

kernel allowed local users to cause a denial of service (stack-based

buffer overflow) or possibly have unspecified other impact via a large

command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds

write access in the sg_write function (bnc#1030213).

- CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux

kernel allowed local users to cause a denial of service (NULL pointer

dereference) or possibly gain privileges by revoking keyring keys being

used for ext4, f2fs, or ubifs encryption, causing cryptographic

transform objects to be freed prematurely (bnc#1032006).

- CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in

the Linux kernel allowed local users to gain privileges or cause a

denial of service (use-after-free) by making multiple bind system calls

without properly ascertaining whether a socket has the SOCK_ZAPPED

status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c

(bnc#1028415).

- CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that

a certain destructor exists in required circumstances, which allowed

local users to cause a denial of service (BUG_ON) or possibly have

unspecified other impact via crafted system calls (bnc#1027190).

- CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux

kernel allowed local users to cause a denial of service (use-after-free)

or possibly have unspecified other impact via a multithreaded

application that made PACKET_FANOUT setsockopt system calls

(bnc#1027189).

- CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly

restrict association peel-off operations during certain wait states,

which allowed local users to cause a denial of service (invalid unlock

and double free) via a multithreaded application. NOTE: this

vulnerability exists because of an incorrect fix for CVE-2017-5986

(bnc#1027066).

- CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the

Linux kernel allowed remote attackers to cause a denial of service

(infinite loop and soft lockup) via vectors involving a TCP packet with

the URG flag (bnc#1026722).

- CVE-2016-2117: The atl2_probe function in

drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly

enables scatter/gather I/O, which allowed remote attackers to obtain

sensitive information from kernel memory by reading packet data

(bnc#968697).

- CVE-2017-6347: The ip_cmsg_recv_checksum function in

net/ipv4/ip_sockglue.c in the Linux kernel had incorrect expectations

about skb data layout, which allowed local users to cause a denial of

service (buffer over-read) or possibly have unspecified other impact via

crafted system calls, as demonstrated by use of the MSG_MORE flag in

conjunction with loopback UDP transmission (bnc#1027179).

- CVE-2016-9191: The cgroup offline implementation in the Linux kernel

mishandled certain drain operations, which allowed local users to cause

a denial of service (system hang) by leveraging access to a container

environment for executing a crafted application (bnc#1008842).

- CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c

in the Linux kernel improperly emulated the VMXON instruction, which

allowed KVM L1 guest OS users to cause a denial of service (host OS

memory consumption) by leveraging the mishandling of page references

(bnc#1022785).

- CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c

in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures

in the LISTEN state, which allowed local users to obtain root privileges

or cause a denial of service (double free) via an application that made

an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).

 

The following non-security bugs were fixed:

 

- ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819).

- ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819).

- ACPI: Remove platform devices from a bus on removal (bsc#1028819).

- HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL

(bsc#1022340).

- NFS: do not try to cross a mountpount when there isn't one there

(bsc#1028041).

- NFS: flush out dirty data on file fput() (bsc#1021762).

- PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal

(bug#1028217).

- PCI: hv: Use device serial number as PCI domain (bug#1028217).

- RAID1: a new I/O barrier implementation to remove resync window

(bsc#998106,bsc#1020048,bsc#982783).

- RAID1: avoid unnecessary spin locks in I/O barrier code

(bsc#998106,bsc#1020048,bsc#982783).

- Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi).

- Revert "give up on gcc ilog2() constant optimizations" (kabi).

- Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow"

(bsc#1028017).

- Revert "net: introduce device min_header_len" (kabi).

- Revert "nfit, libnvdimm: fix interleave set cookie calculation" (kabi).

- Revert "target: Fix NULL dereference during LUN lookup + active I/O

shutdown" (kabi).

- acpi, nfit: fix acpi_nfit_flush_probe() crash (bsc#1031717).

- acpi, nfit: fix extended status translations for ACPI DSMs (bsc#1031717).

- arm64: Use full path in KBUILD_IMAGE definition (bsc#1010032).

- arm64: hugetlb: fix the wrong address for several functions

(bsc#1032681).

- arm64: hugetlb: fix the wrong return value for

huge_ptep_set_access_flags (bsc#1032681).

- arm64: hugetlb: remove the wrong pmd check in find_num_contig()

(bsc#1032681).

- arm: Use full path in KBUILD_IMAGE definition (bsc#1010032).

- bnx2x: allow adding VLANs while interface is down (bsc#1027273).

- bonding: fix 802.3ad aggregator reselection (bsc#1029514).

- btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614).

- btrfs: allow unlink to exceed subvolume quota (bsc#1019614).

- btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641).

- btrfs: incremental send, do not delay rename when parent inode is new

(bsc#1028325).

- btrfs: incremental send, do not issue invalid rmdir operations

(bsc#1028325).

- btrfs: qgroup: Move half of the qgroup accounting time out of commit

trans (bsc#1017461).

- btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1019614).

- btrfs: send, fix failure to rename top level inode due to name collision

(bsc#1028325).

- btrfs: serialize subvolume mounts with potentially mismatching rw flags

(bsc#951844 bsc#1024015)

- cgroup/pids: remove spurious suspicious RCU usage warning (bnc#1031831).

- crypto: algif_hash - avoid zero-sized array (bnc#1007962).

- cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692).

- device-dax: fix private mapping restriction, permit read-only

(bsc#1031717).

- drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913).

- drm/i915: Fix crash after S3 resume with DP MST mode change

(bsc#1029634).

- drm/i915: Listen for PMIC bus access notifications (bsc#1011913).

- drm/i915: Only enable hotplug interrupts if the display interrupts are

enabled (bsc#1031717).

- drm/mgag200: Added support for the new device G200eH3 (bsc#1007959)

- ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).

- futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755).

- futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755).

- hv: export current Hyper-V clocksource (bsc#1031206).

- hv: util: do not forget to init host_ts.lock (bsc#1031206).

- hv: vmbus: Prevent sending data on a rescinded channel (bug#1028217).

- hv_utils: implement Hyper-V PTP source (bsc#1031206).

- i2c-designware: increase timeout (bsc#1011913).

- i2c: designware-baytrail: Acquire P-Unit access on bus acquire

(bsc#1011913).

- i2c: designware-baytrail: Call pmic_bus_access_notifier_chain

(bsc#1011913).

- i2c: designware-baytrail: Fix race when resetting the semaphore

(bsc#1011913).

- i2c: designware-baytrail: Only check iosf_mbi_available() for shared

hosts (bsc#1011913).

- i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM

method (bsc#1011913).

- i2c: designware: Never suspend i2c-busses used for accessing the system

PMIC (bsc#1011913).

- i2c: designware: Rename accessor_flags to flags (bsc#1011913).

- iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off (bsc#1031208).

- kABI: protect struct iscsi_conn (kabi).

- kABI: protect struct se_node_acl (kabi).

- kABI: restore can_rx_register parameters (kabi).

- kgr/module: make a taint flag module-specific

- kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662).

- kgr: remove all arch-specific kgraft header files

- l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).

- l2tp: fix lookup for sockets not bound to a device in l2tp_ip

(bsc#1028415).

- l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()

(bsc#1028415).

- l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()

(bsc#1028415).

- l2tp: hold tunnel socket when handling control frames in l2tp_ip and

l2tp_ip6 (bsc#1028415).

- l2tp: lock socket before checking flags in connect() (bsc#1028415).

- libnvdimm, pfn: fix memmap reservation size versus 4K alignment

(bsc#1031717).

- locking/semaphore: Add down_interruptible_timeout() (bsc#1031662).

- md/raid1: Refactor raid1_make_request

(bsc#998106,bsc#1020048,bsc#982783).

- md/raid1: add rcu protection to rdev in fix_read_error (References:

bsc#998106,bsc#1020048,bsc#982783).

- md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783).

- md/raid1: handle flush request correctly

(bsc#998106,bsc#1020048,bsc#982783).

- mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).

- mm/memblock.c: fix memblock_next_valid_pfn() (bnc#1031200).

- mm/page_alloc: Remove useless parameter of __free_pages_boot_core

(bnc#1027195).

- mm: fix set pageblock migratetype in deferred struct page init

(bnc#1027195).

- mm: page_alloc: skip over regions of invalid pfns where possible

(bnc#1031200).

- module: move add_taint_module() to a header file

- net/ena: change condition for host attribute configuration (bsc#1026509).

- net/ena: change driver's default timeouts (bsc#1026509).

- net/ena: fix NULL dereference when removing the driver after device

reset failed (bsc#1026509).

- net/ena: fix RSS default hash configuration (bsc#1026509).

- net/ena: fix ethtool RSS flow configuration (bsc#1026509).

- net/ena: fix potential access to freed memory during device reset

(bsc#1026509).

- net/ena: fix queues number calculation (bsc#1026509).

- net/ena: reduce the severity of ena printouts (bsc#1026509).

- net/ena: refactor ena_get_stats64 to be atomic context safe

(bsc#1026509).

- net/ena: remove ntuple filter support from device feature list

(bsc#1026509).

- net/ena: update driver version to 1.1.2 (bsc#1026509).

- net/ena: use READ_ONCE to access completion descriptors (bsc#1026509).

- net/mlx4_core: Avoid command timeouts during VF driver device shutdown

(bsc#1028017).

- net/mlx4_core: Avoid delays during VF driver device shutdown

(bsc#1028017).

- net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017).

- net/mlx4_core: Fix when to save some qp context flags for dynamic VST to

VGT transitions (bsc#1028017).

- net/mlx4_core: Use cq quota in SRIOV when creating completion EQs

(bsc#1028017).

- net/mlx4_en: Fix bad WQE issue (bsc#1028017).

- net: ena: Fix error return code in ena_device_init() (bsc#1026509).

- net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509).

- net: ena: change the return type of ena_set_push_mode() to be void

(bsc#1026509).

- net: ena: remove superfluous check in ena_remove() (bsc#1026509).

- net: ena: use setup_timer() and mod_timer() (bsc#1026509).

- netfilter: allow logging from non-init namespaces (bsc#970083).

- nvme: Do not suspend admin queue that wasn't created (bsc#1026505).

- nvme: Suspend all queues before deletion (bsc#1026505).

- ping: implement proper locking (bsc#1031003).

- powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).

- rtlwifi: rtl_usb: Fix missing entry in USB driver's private data

(bsc#1026462).

- s390/kmsg: add missing kmsg descriptions (bnc#1025683).

- s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683).

- sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting

(bsc#1018419).

- scsi: do not print 'reservation conflict' for TEST UNIT READY

(bsc#1027054).

- scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910).

- softirq: Let ksoftirqd do its job (bsc#1019618).

- x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405).

- x86/apic/uv: Silence a shift wrapping warning (bsc#1023866).

- x86/ioapic: Change prototype of acpi_ioapic_add() (bsc#1027153,

bsc#1027616).

- x86/ioapic: Fix IOAPIC failing to request resource (bsc#1027153,

bsc#1027616).

- x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()

(bsc#1027153, bsc#1027616).

- x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd

(bsc#1027153, bsc#1027616).

- x86/ioapic: Fix setup_res() failing to get resource (bsc#1027153,

bsc#1027616).

- x86/ioapic: Ignore root bridges without a companion ACPI device

(bsc#1027153, bsc#1027616).

- x86/ioapic: Simplify ioapic_setup_resources() (bsc#1027153, bsc#1027616).

- x86/ioapic: Support hot-removal of IOAPICs present during boot

(bsc#1027153, bsc#1027616).

- x86/ioapic: fix kABI (hide added include) (bsc#1027153, bsc#1027616).

- x86/mce: Do not print MCEs when mcelog is active (bsc#1013994).

- x86/mce: Fix copy/paste error in exception table entries

- x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405).

- x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866).

- x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866).

- x86/platform/UV: Add basic CPU NMI health check (bsc#1023866).

- x86/platform/UV: Clean up the NMI code to match current coding style

(bsc#1023866).

- x86/platform/UV: Clean up the UV APIC code (bsc#1023866).

- x86/platform/UV: Ensure uv_system_init is called when necessary

(bsc#1023866).

- x86/platform/UV: Fix 2 socket config problem (bsc#1023866).

- x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866).

- x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source

(bsc#1023866).

- x86/platform/UV: Verify NMI action is valid, default is standard

(bsc#1023866).

- x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier

(bsc#1011913).

- x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913).

- x86/platform: Remove warning message for duplicate NMI handlers

(bsc#1029220).

- x86/ras/therm_throt: Do not log a fake MCE for thermal events

(bsc#1028027).

- xen-blkfront: correct maximum segment accounting (bsc#1018263).

- xen-blkfront: do not call talk_to_blkback when already connected to

blkback.

- xen-blkfront: free resources if xlvbd_alloc_gendisk fails.

- xen/blkfront: Fix crash if backend does not follow the right states.

- xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163).

- xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163).

- xen: Use machine addresses in /sys/kernel/vmcoreinfo when PV

(bsc#1014136)

- xfs: do not take the IOLOCK exclusive for direct I/O page invalidation

(bsc#1015609).

- xgene_enet: remove bogus forward declarations (bsc#1032673).

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Workstation Extension 12-SP2:

 

zypper in -t patch SUSE-SLE-WE-12-SP2-2017-697=1

 

- SUSE Linux Enterprise Software Development Kit 12-SP2:

 

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-697=1

 

- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

 

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-697=1

 

- SUSE Linux Enterprise Server 12-SP2:

 

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-697=1

 

- SUSE Linux Enterprise Live Patching 12:

 

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-697=1

 

- SUSE Linux Enterprise High Availability 12-SP2:

 

zypper in -t patch SUSE-SLE-HA-12-SP2-2017-697=1

 

- SUSE Linux Enterprise Desktop 12-SP2:

 

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-697=1

 

- OpenStack Cloud Magnum Orchestration 7:

 

zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-697=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):

 

kernel-default-debuginfo-4.4.59-92.17.3

kernel-default-debugsource-4.4.59-92.17.3

kernel-default-extra-4.4.59-92.17.3

kernel-default-extra-debuginfo-4.4.59-92.17.3

 

- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

 

kernel-obs-build-4.4.59-92.17.3

kernel-obs-build-debugsource-4.4.59-92.17.3

 

- SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch):

 

kernel-docs-4.4.59-92.17.8

 

- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

 

kernel-default-4.4.59-92.17.3

kernel-default-base-4.4.59-92.17.3

kernel-default-base-debuginfo-4.4.59-92.17.3

kernel-default-debuginfo-4.4.59-92.17.3

kernel-default-debugsource-4.4.59-92.17.3

kernel-default-devel-4.4.59-92.17.3

kernel-syms-4.4.59-92.17.2

 

- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

 

kernel-devel-4.4.59-92.17.2

kernel-macros-4.4.59-92.17.2

kernel-source-4.4.59-92.17.2

 

- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):

 

kernel-default-4.4.59-92.17.3

kernel-default-base-4.4.59-92.17.3

kernel-default-base-debuginfo-4.4.59-92.17.3

kernel-default-debuginfo-4.4.59-92.17.3

kernel-default-debugsource-4.4.59-92.17.3

kernel-default-devel-4.4.59-92.17.3

kernel-syms-4.4.59-92.17.2

 

- SUSE Linux Enterprise Server 12-SP2 (noarch):

 

kernel-devel-4.4.59-92.17.2

kernel-macros-4.4.59-92.17.2

kernel-source-4.4.59-92.17.2

 

- SUSE Linux Enterprise Live Patching 12 (x86_64):

 

kgraft-patch-4_4_59-92_17-default-1-2.3

 

- SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):

 

cluster-md-kmp-default-4.4.59-92.17.3

cluster-md-kmp-default-debuginfo-4.4.59-92.17.3

cluster-network-kmp-default-4.4.59-92.17.3

cluster-network-kmp-default-debuginfo-4.4.59-92.17.3

dlm-kmp-default-4.4.59-92.17.3

dlm-kmp-default-debuginfo-4.4.59-92.17.3

gfs2-kmp-default-4.4.59-92.17.3

gfs2-kmp-default-debuginfo-4.4.59-92.17.3

kernel-default-debuginfo-4.4.59-92.17.3

kernel-default-debugsource-4.4.59-92.17.3

ocfs2-kmp-default-4.4.59-92.17.3

ocfs2-kmp-default-debuginfo-4.4.59-92.17.3

 

- SUSE Linux Enterprise Desktop 12-SP2 (noarch):

 

kernel-devel-4.4.59-92.17.2

kernel-macros-4.4.59-92.17.2

kernel-source-4.4.59-92.17.2

 

- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

 

kernel-default-4.4.59-92.17.3

kernel-default-debuginfo-4.4.59-92.17.3

kernel-default-debugsource-4.4.59-92.17.3

kernel-default-devel-4.4.59-92.17.3

kernel-default-extra-4.4.59-92.17.3

kernel-default-extra-debuginfo-4.4.59-92.17.3

kernel-syms-4.4.59-92.17.2

 

- OpenStack Cloud Magnum Orchestration 7 (x86_64):

 

kernel-default-4.4.59-92.17.3

kernel-default-debuginfo-4.4.59-92.17.3

kernel-default-debugsource-4.4.59-92.17.3

 

 

References:

 

https://www.suse.com/security/cve/CVE-2016-10200.html

https://www.suse.com/security/cve/CVE-2016-2117.html

https://www.suse.com/security/cve/CVE-2016-9191.html

https://www.suse.com/security/cve/CVE-2017-2596.html

https://www.suse.com/security/cve/CVE-2017-2671.html

https://www.suse.com/security/cve/CVE-2017-6074.html

https://www.suse.com/security/cve/CVE-2017-6214.html

https://www.suse.com/security/cve/CVE-2017-6345.html

https://www.suse.com/security/cve/CVE-2017-6346.html

https://www.suse.com/security/cve/CVE-2017-6347.html

https://www.suse.com/security/cve/CVE-2017-6353.html

https://www.suse.com/security/cve/CVE-2017-7187.html

https://www.suse.com/security/cve/CVE-2017-7261.html

https://www.suse.com/security/cve/CVE-2017-7294.html

https://www.suse.com/security/cve/CVE-2017-7308.html

https://www.suse.com/security/cve/CVE-2017-7374.html

https://bugzilla.suse.com/1007959

https://bugzilla.suse.com/1007962

https://bugzilla.suse.com/1008842

https://bugzilla.suse.com/1010032

https://bugzilla.suse.com/1011913

https://bugzilla.suse.com/1012382

https://bugzilla.suse.com/1012910

https://bugzilla.suse.com/1013994

https://bugzilla.suse.com/1014136

https://bugzilla.suse.com/1015609

https://bugzilla.suse.com/1017461

https://bugzilla.suse.com/1017641

https://bugzilla.suse.com/1018263

https://bugzilla.suse.com/1018419

https://bugzilla.suse.com/1019163

https://bugzilla.suse.com/1019614

https://bugzilla.suse.com/1019618

https://bugzilla.suse.com/1020048

https://bugzilla.suse.com/1021762

https://bugzilla.suse.com/1022340

https://bugzilla.suse.com/1022785

https://bugzilla.suse.com/1023866

https://bugzilla.suse.com/1024015

https://bugzilla.suse.com/1025683

https://bugzilla.suse.com/1026024

https://bugzilla.suse.com/1026405

https://bugzilla.suse.com/1026462

https://bugzilla.suse.com/1026505

https://bugzilla.suse.com/1026509

https://bugzilla.suse.com/1026692

https://bugzilla.suse.com/1026722

https://bugzilla.suse.com/1027054

https://bugzilla.suse.com/1027066

https://bugzilla.suse.com/1027153

https://bugzilla.suse.com/1027179

https://bugzilla.suse.com/1027189

https://bugzilla.suse.com/1027190

https://bugzilla.suse.com/1027195

https://bugzilla.suse.com/1027273

https://bugzilla.suse.com/1027616

https://bugzilla.suse.com/1028017

https://bugzilla.suse.com/1028027

https://bugzilla.suse.com/1028041

https://bugzilla.suse.com/1028158

https://bugzilla.suse.com/1028217

https://bugzilla.suse.com/1028325

https://bugzilla.suse.com/1028415

https://bugzilla.suse.com/1028819

https://bugzilla.suse.com/1028895

https://bugzilla.suse.com/1029220

https://bugzilla.suse.com/1029514

https://bugzilla.suse.com/1029634

https://bugzilla.suse.com/1029986

https://bugzilla.suse.com/1030118

https://bugzilla.suse.com/1030213

https://bugzilla.suse.com/1031003

https://bugzilla.suse.com/1031052

https://bugzilla.suse.com/1031200

https://bugzilla.suse.com/1031206

https://bugzilla.suse.com/1031208

https://bugzilla.suse.com/1031440

https://bugzilla.suse.com/1031481

https://bugzilla.suse.com/1031579

https://bugzilla.suse.com/1031660

https://bugzilla.suse.com/1031662

https://bugzilla.suse.com/1031717

https://bugzilla.suse.com/1031831

https://bugzilla.suse.com/1032006

https://bugzilla.suse.com/1032673

https://bugzilla.suse.com/1032681

https://bugzilla.suse.com/897662

https://bugzilla.suse.com/951844

https://bugzilla.suse.com/968697

https://bugzilla.suse.com/969755

https://bugzilla.suse.com/970083

https://bugzilla.suse.com/977572

https://bugzilla.suse.com/977860

https://bugzilla.suse.com/978056

https://bugzilla.suse.com/980892

https://bugzilla.suse.com/981634

https://bugzilla.suse.com/982783

https://bugzilla.suse.com/987899

https://bugzilla.suse.com/988281

https://bugzilla.suse.com/991173

https://bugzilla.suse.com/998106

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×