SUSE-SU-2017:2694-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20172694-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:2694-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:2694-1
Related
Published
2017-10-10T12:16:47Z
Modified
2017-10-10T12:16:47Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in remote code execution in kernel space (bnc#1057389).
  • CVE-2017-14340: The XFSISREALTIMEINODE macro in fs/xfs/xfslinux.h did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524).
  • CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179).
  • CVE-2017-14051: An integer overflow in the qla2x00sysfswriteoptromctl function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).
  • CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152).
  • CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bnc#1053148).
  • CVE-2017-8831: The saa7164busget function allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994).
  • CVE-2017-1000112: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access.(bnc#1052311).

The following non-security bugs were fixed:

  • ALSA: Fix Lewisburg audio issue
  • Drop commit 96234ae:kvmiobusunregisterdev() should never fail (bsc#1055680)
  • Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358)
  • NFS: Cache aggressively when file is open for writing (bsc#1053933).
  • NFS: Do drop directory dentry when error clearly requires it (bsc#1051932).
  • NFS: Do not flush caches for a getattr that races with writeback (bsc#1053933).
  • NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933).
  • NFS: invalidate file size when taking a lock (bsc#1053933).
  • PCI: fix hotplug related issues (bnc#1054247).
  • afkey: do not use GFPKERNEL in atomic contexts (bsc#1054093).
  • avoid deadlock in xenbus (bnc#1047523).
  • blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit transaction
  • blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216).
  • cx231xx-audio: fix NULL-deref at probe (bsc#1050431).
  • cx82310eth: use skbcow_head() to deal with cloned skbs (bsc#1045154).
  • fuse: do not use iocb after it may have been freed (bsc#1054706).
  • fuse: fix fusewriteend() if zero bytes were copied (bsc#1054706).
  • fuse: fsync() did not return IO errors (bsc#1054076).
  • fuse: fuse_flush must check mapping->flags for errors (bsc#1054706).
  • gspca: konica: add missing endpoint sanity check (bsc#1050431).
  • kabi/severities: Ignore zpci symbol changes (bsc#1054247)
  • lib/mpi: mpireadraw_data(): fix nbits calculation
  • media: platform: davinci: return -EINVAL for VPFECMDSCCDCRAW_PARAMS ioctl (bsc#1050431).
  • net: Fix RCU splat in af_key (bsc#1054093).
  • powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450).
  • powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667).
  • powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667).
  • powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370).
  • powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070).
  • reiserfs: fix race in readdir (bsc#1039803).
  • s390/pci: do not cleanup in archsetupmsi_irqs (bnc#1054247).
  • s390/pci: fix handling of PEC 306 (bnc#1054247).
  • s390/pci: improve error handling during fmb (de)registration (bnc#1054247).
  • s390/pci: improve error handling during interrupt deregistration (bnc#1054247).
  • s390/pci: improve pci hotplug (bnc#1054247).
  • s390/pci: improve unreg_ioat error handling (bnc#1054247).
  • s390/pci: introduce clpgetstate (bnc#1054247).
  • s390/pci: provide more debug information (bnc#1054247).
  • scsi: avoid system stall due to host_busy race (bsc#1031358).
  • scsi: close race when updating blocked counters (bsc#1031358).
  • ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).
  • supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).
  • tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).
  • uwb: fix device quirk on big-endian hosts (bsc#1036629).
  • xfs: fix inobt inode allocation search optimization (bsc#1013018).
References

Affected packages

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-69.8.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-69.8.1",
            "kernel-rt-devel": "3.0.101.rt130-69.8.1",
            "kernel-rt_trace": "3.0.101.rt130-69.8.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-69.8.1",
            "kernel-source-rt": "3.0.101.rt130-69.8.1",
            "kernel-rt": "3.0.101.rt130-69.8.1",
            "kernel-syms-rt": "3.0.101.rt130-69.8.1",
            "kernel-rt-base": "3.0.101.rt130-69.8.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-rt_trace

Package

Name
kernel-rt_trace
Purl
purl:rpm/suse/kernel-rt_trace&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-69.8.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-69.8.1",
            "kernel-rt-devel": "3.0.101.rt130-69.8.1",
            "kernel-rt_trace": "3.0.101.rt130-69.8.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-69.8.1",
            "kernel-source-rt": "3.0.101.rt130-69.8.1",
            "kernel-rt": "3.0.101.rt130-69.8.1",
            "kernel-syms-rt": "3.0.101.rt130-69.8.1",
            "kernel-rt-base": "3.0.101.rt130-69.8.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-69.8.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-69.8.1",
            "kernel-rt-devel": "3.0.101.rt130-69.8.1",
            "kernel-rt_trace": "3.0.101.rt130-69.8.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-69.8.1",
            "kernel-source-rt": "3.0.101.rt130-69.8.1",
            "kernel-rt": "3.0.101.rt130-69.8.1",
            "kernel-syms-rt": "3.0.101.rt130-69.8.1",
            "kernel-rt-base": "3.0.101.rt130-69.8.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-69.8.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-69.8.1",
            "kernel-rt-devel": "3.0.101.rt130-69.8.1",
            "kernel-rt_trace": "3.0.101.rt130-69.8.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-69.8.1",
            "kernel-source-rt": "3.0.101.rt130-69.8.1",
            "kernel-rt": "3.0.101.rt130-69.8.1",
            "kernel-syms-rt": "3.0.101.rt130-69.8.1",
            "kernel-rt-base": "3.0.101.rt130-69.8.1"
        }
    ]
}