[security-announce] openSUSE-SU-2017:1685-1: important: Security update for the Linux Kernel

news · June 26, 2017

openSUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:1685-1

Rating: important

References: #1015342 #1022595 #1027101 #1037669 #1039214

#1039348 #1040351 #1040364 #1040567 #1040609

#1042286 #1042863 #1043990 #1044082 #1044120

#1044767 #1044772 #1044880 #1045154 #1045235

#1045286 #1045307 #1045467 #1045568 #966170

#966172 #966191 #990682

Cross-References: CVE-2017-1000364

Affected Products:

openSUSE Leap 42.2

______________________________________________________________________________

An update that solves one vulnerability and has 27 fixes is

now available.

Description:

The openSUSE Leap 42.2 kernel was updated to 4.4.73 to receive security

and bugfixes.

The following security bugs were fixed:

- CVE-2017-1000364: An issue was discovered in the size of the stack guard

page on Linux, specifically a 4k stack guard page is not sufficiently

large and can be "jumped" over (the stack guard page is bypassed), this

affects Linux Kernel versions 4.11.5 and earlier (the stackguard page

was introduced in 2010) (bnc#1039348).

The previous fix caused some Java applications to crash and has been

replaced by the upstream fix.

The following non-security bugs were fixed:

- md: fix a null dereference (bsc#1040351).

- net/mlx5e: Fix timestamping capabilities reporting (bsc#966170,

bsc#1015342)

- reiserfs: don't preallocate blocks for extended attributes (bsc#990682)

- ibmvnic: Fix error handling when registering long-term-mapped buffers

(bsc#1045568).

- Fix kabi after adding new field to struct mddev (bsc#1040351).

- Fix soft lockup in svc_rdma_send (bsc#729329).

- IB/addr: Fix setting source address in addr6_resolve() (bsc#1044082).

- IB/ipoib: Fix memory leak in create child syscall (bsc#1022595

FATE#322350).

- IB/mlx5: Assign DSCP for R-RoCE QPs Address Path (bsc#966170 bsc#966172

bsc#966191).

- IB/mlx5: Check supported flow table size (bsc#966170 bsc#966172

bsc#966191).

- IB/mlx5: Enlarge autogroup flow table (bsc#966170 bsc#966172 bsc#966191).

- IB/mlx5: Fix kernel to user leak prevention logic (bsc#966170 bsc#966172

bsc#966191).

- NFSv4: do not let hanging mounts block other mounts (bsc#1040364).

- [v2, 2/3] powerpc/fadump: avoid holes in boot memory area when fadump is

registered (bsc#1037669).

- [v2,1/3] powerpc/fadump: avoid duplicates in crash memory ranges

(bsc#1037669).

- [v2,3/3] powerpc/fadump: provide a helpful error message (bsc#1037669).

- dm: remove dummy dm_table definition (bsc#1045307)

- ibmvnic: Activate disabled RX buffer pools on reset (bsc#1044767).

- ibmvnic: Client-initiated failover (bsc#1043990).

- ibmvnic: Correct return code checking for ibmvnic_init during probe

(bsc#1045286).

- ibmvnic: Ensure that TX queues are disabled in __ibmvnic_close

(bsc#1044767).

- ibmvnic: Exit polling routine correctly during adapter reset

(bsc#1044767).

- ibmvnic: Fix incorrectly defined ibmvnic_request_map_rsp structure

(bsc#1045568).

- ibmvnic: Remove VNIC_CLOSING check from pending_scrq (bsc#1044767).

- ibmvnic: Remove module author mailing address (bsc#1045467).

- ibmvnic: Remove netdev notify for failover resets (bsc#1044120).

- ibmvnic: Return from ibmvnic_resume if not in VNIC_OPEN state

(bsc#1045235).

- ibmvnic: Sanitize entire SCRQ buffer on reset (bsc#1044767).

- ibmvnic: driver initialization for kdump/kexec (bsc#1044772).

- ipv6: release dst on error in ip6_dst_lookup_tail (git-fixes).

- jump label: fix passing kbuild_cflags when checking for asm goto support

(git-fixes).

- kabi workaround for net: ipv6: Fix processing of RAs in presence of VRF

(bsc#1042286).

- lan78xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).

- loop: Add PF_LESS_THROTTLE to block/loop device thread (bsc#1027101).

- md: use a separate bio_set for synchronous IO (bsc#1040351).

- mlx4: Fix memory leak after mlx4_en_update_priv() (bsc#966170 bsc#966172

bsc#966191).

- mm: fix new crash in unmapped_area_topdown() (bnc#1039348).

- net/mlx5: Do not unlock fte while still using it (bsc#966170 bsc#966172

bsc#966191).

- net/mlx5: Fix create autogroup prev initializer (bsc#966170 bsc#966172

bsc#966191).

- net/mlx5: Prevent setting multicast macs for VFs (bsc#966170 bsc#966172

bsc#966191).

- net/mlx5: Release FTE lock in error flow (bsc#966170 bsc#966172

bsc#966191).

- net/mlx5e: Modify TIRs hash only when it's needed (bsc#966170 bsc#966172

bsc#966191).

- net: icmp_route_lookup should use rt dev to determine L3 domain

(bsc#1042286).

- net: ipv6: Fix processing of RAs in presence of VRF (bsc#1042286).

- net: l3mdev: Add master device lookup by index (bsc#1042286).

- net: make netdev_for_each_lower_dev safe for device removal

(bsc#1042286).

- net: vrf: Create FIB tables on link create (bsc#1042286).

- net: vrf: Fix crash when IPv6 is disabled at boot time (bsc#1042286).

- net: vrf: Fix dev refcnt leak due to IPv6 prefix route (bsc#1042286).

- net: vrf: Fix dst reference counting (bsc#1042286).

- net: vrf: Switch dst dev to loopback on device delete (bsc#1042286).

- net: vrf: protect changes to private data with rcu (bsc#1042286).

- powerpc/fadump: add reschedule point while releasing memory

(bsc#1040609).

- powerpc/fadump: return error when fadump registration fails

(bsc#1040567).

- ravb: Fix use-after-free on `ifconfig eth0 down` (git-fixes).

- sctp: check af before verify address in sctp_addr_id2transport

(git-fixes).

- vrf: remove slave queue and private slave struct (bsc#1042286).

- xen-blkback: do not leak stack data via response ring (bsc#1042863

XSA-216).

- xfrm: Only add l3mdev oif to dst lookups (bsc#1042286).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-734=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE Leap 42.2 (x86_64):

kernel-debug-4.4.73-18.17.1

kernel-debug-base-4.4.73-18.17.1

kernel-debug-base-debuginfo-4.4.73-18.17.1

kernel-debug-debuginfo-4.4.73-18.17.1

kernel-debug-debugsource-4.4.73-18.17.1

kernel-debug-devel-4.4.73-18.17.1

kernel-debug-devel-debuginfo-4.4.73-18.17.1

kernel-default-4.4.73-18.17.1

kernel-default-base-4.4.73-18.17.1

kernel-default-base-debuginfo-4.4.73-18.17.1

kernel-default-debuginfo-4.4.73-18.17.1

kernel-default-debugsource-4.4.73-18.17.1

kernel-default-devel-4.4.73-18.17.1

kernel-obs-build-4.4.73-18.17.1

kernel-obs-build-debugsource-4.4.73-18.17.1

kernel-obs-qa-4.4.73-18.17.1

kernel-syms-4.4.73-18.17.1

kernel-vanilla-4.4.73-18.17.1

kernel-vanilla-base-4.4.73-18.17.1

kernel-vanilla-base-debuginfo-4.4.73-18.17.1

kernel-vanilla-debuginfo-4.4.73-18.17.1

kernel-vanilla-debugsource-4.4.73-18.17.1

kernel-vanilla-devel-4.4.73-18.17.1

- openSUSE Leap 42.2 (noarch):

kernel-devel-4.4.73-18.17.1

kernel-docs-4.4.73-18.17.2

kernel-docs-html-4.4.73-18.17.2

kernel-docs-pdf-4.4.73-18.17.2

kernel-macros-4.4.73-18.17.1

kernel-source-4.4.73-18.17.1

kernel-source-vanilla-4.4.73-18.17.1

References:

https://www.suse.com/security/cve/CVE-2017-1000364.html

https://bugzilla.suse.com/1015342

https://bugzilla.suse.com/1022595

https://bugzilla.suse.com/1027101

https://bugzilla.suse.com/1037669

https://bugzilla.suse.com/1039214

https://bugzilla.suse.com/1039348

https://bugzilla.suse.com/1040351

https://bugzilla.suse.com/1040364

https://bugzilla.suse.com/1040567

https://bugzilla.suse.com/1040609

https://bugzilla.suse.com/1042286

https://bugzilla.suse.com/1042863

https://bugzilla.suse.com/1043990

https://bugzilla.suse.com/1044082

https://bugzilla.suse.com/1044120

https://bugzilla.suse.com/1044767

https://bugzilla.suse.com/1044772

https://bugzilla.suse.com/1044880

https://bugzilla.suse.com/1045154

https://bugzilla.suse.com/1045235

https://bugzilla.suse.com/1045286

https://bugzilla.suse.com/1045307

https://bugzilla.suse.com/1045467

https://bugzilla.suse.com/1045568

https://bugzilla.suse.com/966170

https://bugzilla.suse.com/966172

https://bugzilla.suse.com/966191

https://bugzilla.suse.com/990682

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] openSUSE-SU-2017:1685-1: important: Security update for the Linux Kernel

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity