The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.
The following security bug was fixed:
CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).
A new boot commandline option was introduced, 'specstorebypass_disable', which can have following values:
The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.
Status can be queried via the /sys/devices/system/cpu/vulnerabilities/specstorebypass file, containing:
The following related and non-security bugs were fixed:
{ "binaries": [ { "kernel-macros": "4.4.121-92.80.1", "kernel-devel": "4.4.121-92.80.1", "kernel-default-base": "4.4.121-92.80.1", "kernel-default": "4.4.121-92.80.1", "kernel-source": "4.4.121-92.80.1", "kernel-syms": "4.4.121-92.80.1", "kgraft-patch-4_4_121-92_80-default": "1-3.5.2", "kernel-default-devel": "4.4.121-92.80.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.121-92.80.1", "kernel-devel": "4.4.121-92.80.1", "kernel-default-base": "4.4.121-92.80.1", "kernel-default": "4.4.121-92.80.1", "kernel-source": "4.4.121-92.80.1", "kernel-syms": "4.4.121-92.80.1", "kgraft-patch-4_4_121-92_80-default": "1-3.5.2", "kernel-default-devel": "4.4.121-92.80.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.121-92.80.1", "kernel-devel": "4.4.121-92.80.1", "kernel-default-base": "4.4.121-92.80.1", "kernel-default": "4.4.121-92.80.1", "kernel-source": "4.4.121-92.80.1", "kernel-syms": "4.4.121-92.80.1", "kgraft-patch-4_4_121-92_80-default": "1-3.5.2", "kernel-default-devel": "4.4.121-92.80.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.121-92.80.1", "kernel-devel": "4.4.121-92.80.1", "kernel-default-base": "4.4.121-92.80.1", "kernel-default": "4.4.121-92.80.1", "kernel-source": "4.4.121-92.80.1", "kernel-syms": "4.4.121-92.80.1", "kgraft-patch-4_4_121-92_80-default": "1-3.5.2", "kernel-default-devel": "4.4.121-92.80.1" } ] }