SUSE 5180 Published by

A kernel update has been released for openSUSE 15.1



openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1479-1
Rating: important
References: #1050549 #1055117 #1055186 #1061840 #1063638
#1070872 #1082555 #1083647 #1085535 #1085536
#1086657 #1097584 #1106011 #1106284 #1108193
#1108937 #1111331 #1112063 #1112128 #1112178
#1113722 #1114279 #1119680 #1119843 #1120843
#1122776 #1123663 #1124839 #1127175 #1127371
#1127374 #1128415 #1128971 #1128979 #1129138
#1129693 #1129770 #1129845 #1130527 #1130567
#1130579 #1131416 #1131427 #1131438 #1131451
#1131488 #1131530 #1131574 #1131673 #1131847
#1131900 #1131934 #1132044 #1132219 #1132226
#1132369 #1132373 #1132397 #1132402 #1132403
#1132404 #1132405 #1132411 #1132412 #1132413
#1132426 #1132527 #1132531 #1132561 #1132562
#1132564 #1132618 #1132681 #1132726 #1132828
#1132894 #1133005 #1133094 #1133095 #1133149
#1133176 #1133188 #1133547 #1133668 #1133672
#1133698 #1133702 #1133769 #1133772 #1133778
#1133779 #1133780 #1133850 #1133851 #1133852
#1133897 #1134160 #1134162 #1134201 #1134202
#1134204 #1134205 #1134393 #1134459 #1134461
#1134597 #1134600 #1134651 #1134810 #1134848
#1135007 #1135008 #1135120 #1135278 #1135281
#1135309 #1135312 #1135315 #1135320 #1135323
#1135492 #1135642
Cross-References: CVE-2018-7191 CVE-2019-11085 CVE-2019-11486
CVE-2019-11811 CVE-2019-11815 CVE-2019-11833
CVE-2019-11884 CVE-2019-3882 CVE-2019-5489
CVE-2019-9500 CVE-2019-9503
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves 11 vulnerabilities and has 111 fixes
is now available.

Description:



The openSUSE Leap 15.1 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2018-7191: In the tun subsystem dev_get_valid_name xwas not called
before register_netdevice. This allowed local users to cause a denial of
service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF)
call with a dev name containing a / character. This is similar to
CVE-2013-4343 (bnc#1135603).
- CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in
Intel(R) i915 Graphics for Linux may have allowed an authenticated user
to potentially enable escalation of privilege via local access
(bnc#1135278).
- CVE-2019-11486: The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions
(bnc#1133188). It was disabled by default.
- CVE-2019-11811: There is a use-after-free upon attempted read access to
/proc/ioports after the ipmi_si module is removed, related to
drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c,
and drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397).
- CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
net/rds/tcp.c kernel. There is a race condition leading to a
use-after-free, related to net namespace cleanup (bnc#1134537).
- CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory
region in the extent tree block, which might allow local users to obtain
sensitive information by reading uninitialized data in the filesystem
(bnc#1135281).
- CVE-2019-11884: The do_hidp_sock_ioctl function in
net/bluetooth/hidp/sock.c allowed a local user to obtain potentially
sensitive information from kernel stack memory via a HIDPCONNADD
command, because a name field may not end with a '\0' character
(bnc#1134848).
- CVE-2019-3882: A flaw was found in the vfio interface implementation
that permits violation of the user's locked memory limit. If a device is
bound to a vfio driver, such as vfio-pci, and the local attacker is
administratively granted ownership of the device, it may cause a system
memory exhaustion and thus a denial of service (DoS). (bnc#1131416
bnc#1131427).
- CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed
local attackers to observe page cache access patterns of other processes
on the same system, potentially allowing sniffing of secret information.
(Fixing this affects the output of the fincore program.) Limited remote
exploitation may be possible, as demonstrated by latency differences in
accessing public files from an Apache HTTP Server (bnc#1120843).
- CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results
was fixed (bnc#1132681).
- CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been
fixed (bnc#1132828).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1479=1



Package List:

- openSUSE Leap 15.1 (noarch):

kernel-devel-4.12.14-lp151.28.4.1
kernel-docs-4.12.14-lp151.28.4.1
kernel-docs-html-4.12.14-lp151.28.4.1
kernel-macros-4.12.14-lp151.28.4.1
kernel-source-4.12.14-lp151.28.4.1
kernel-source-vanilla-4.12.14-lp151.28.4.1

- openSUSE Leap 15.1 (x86_64):

kernel-debug-4.12.14-lp151.28.4.1
kernel-debug-base-4.12.14-lp151.28.4.1
kernel-debug-base-debuginfo-4.12.14-lp151.28.4.1
kernel-debug-debuginfo-4.12.14-lp151.28.4.1
kernel-debug-debugsource-4.12.14-lp151.28.4.1
kernel-debug-devel-4.12.14-lp151.28.4.1
kernel-debug-devel-debuginfo-4.12.14-lp151.28.4.1
kernel-default-4.12.14-lp151.28.4.1
kernel-default-base-4.12.14-lp151.28.4.1
kernel-default-base-debuginfo-4.12.14-lp151.28.4.1
kernel-default-debuginfo-4.12.14-lp151.28.4.1
kernel-default-debugsource-4.12.14-lp151.28.4.1
kernel-default-devel-4.12.14-lp151.28.4.1
kernel-default-devel-debuginfo-4.12.14-lp151.28.4.1
kernel-kvmsmall-4.12.14-lp151.28.4.1
kernel-kvmsmall-base-4.12.14-lp151.28.4.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.4.1
kernel-kvmsmall-debuginfo-4.12.14-lp151.28.4.1
kernel-kvmsmall-debugsource-4.12.14-lp151.28.4.1
kernel-kvmsmall-devel-4.12.14-lp151.28.4.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.4.1
kernel-obs-build-4.12.14-lp151.28.4.1
kernel-obs-build-debugsource-4.12.14-lp151.28.4.1
kernel-obs-qa-4.12.14-lp151.28.4.1
kernel-syms-4.12.14-lp151.28.4.1
kernel-vanilla-4.12.14-lp151.28.4.1
kernel-vanilla-base-4.12.14-lp151.28.4.1
kernel-vanilla-base-debuginfo-4.12.14-lp151.28.4.1
kernel-vanilla-debuginfo-4.12.14-lp151.28.4.1
kernel-vanilla-debugsource-4.12.14-lp151.28.4.1
kernel-vanilla-devel-4.12.14-lp151.28.4.1
kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.4.1


References:

https://www.suse.com/security/cve/CVE-2018-7191.html
https://www.suse.com/security/cve/CVE-2019-11085.html
https://www.suse.com/security/cve/CVE-2019-11486.html
https://www.suse.com/security/cve/CVE-2019-11811.html
https://www.suse.com/security/cve/CVE-2019-11815.html
https://www.suse.com/security/cve/CVE-2019-11833.html
https://www.suse.com/security/cve/CVE-2019-11884.html
https://www.suse.com/security/cve/CVE-2019-3882.html
https://www.suse.com/security/cve/CVE-2019-5489.html
https://www.suse.com/security/cve/CVE-2019-9500.html
https://www.suse.com/security/cve/CVE-2019-9503.html
https://bugzilla.suse.com/1050549
https://bugzilla.suse.com/1055117
https://bugzilla.suse.com/1055186
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1063638
https://bugzilla.suse.com/1070872
https://bugzilla.suse.com/1082555
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1085535
https://bugzilla.suse.com/1085536
https://bugzilla.suse.com/1086657
https://bugzilla.suse.com/1097584
https://bugzilla.suse.com/1106011
https://bugzilla.suse.com/1106284
https://bugzilla.suse.com/1108193
https://bugzilla.suse.com/1108937
https://bugzilla.suse.com/1111331
https://bugzilla.suse.com/1112063
https://bugzilla.suse.com/1112128
https://bugzilla.suse.com/1112178
https://bugzilla.suse.com/1113722
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1119680
https://bugzilla.suse.com/1119843
https://bugzilla.suse.com/1120843
https://bugzilla.suse.com/1122776
https://bugzilla.suse.com/1123663
https://bugzilla.suse.com/1124839
https://bugzilla.suse.com/1127175
https://bugzilla.suse.com/1127371
https://bugzilla.suse.com/1127374
https://bugzilla.suse.com/1128415
https://bugzilla.suse.com/1128971
https://bugzilla.suse.com/1128979
https://bugzilla.suse.com/1129138
https://bugzilla.suse.com/1129693
https://bugzilla.suse.com/1129770
https://bugzilla.suse.com/1129845
https://bugzilla.suse.com/1130527
https://bugzilla.suse.com/1130567
https://bugzilla.suse.com/1130579
https://bugzilla.suse.com/1131416
https://bugzilla.suse.com/1131427
https://bugzilla.suse.com/1131438
https://bugzilla.suse.com/1131451
https://bugzilla.suse.com/1131488
https://bugzilla.suse.com/1131530
https://bugzilla.suse.com/1131574
https://bugzilla.suse.com/1131673
https://bugzilla.suse.com/1131847
https://bugzilla.suse.com/1131900
https://bugzilla.suse.com/1131934
https://bugzilla.suse.com/1132044
https://bugzilla.suse.com/1132219
https://bugzilla.suse.com/1132226
https://bugzilla.suse.com/1132369
https://bugzilla.suse.com/1132373
https://bugzilla.suse.com/1132397
https://bugzilla.suse.com/1132402
https://bugzilla.suse.com/1132403
https://bugzilla.suse.com/1132404
https://bugzilla.suse.com/1132405
https://bugzilla.suse.com/1132411
https://bugzilla.suse.com/1132412
https://bugzilla.suse.com/1132413
https://bugzilla.suse.com/1132426
https://bugzilla.suse.com/1132527
https://bugzilla.suse.com/1132531
https://bugzilla.suse.com/1132561
https://bugzilla.suse.com/1132562
https://bugzilla.suse.com/1132564
https://bugzilla.suse.com/1132618
https://bugzilla.suse.com/1132681
https://bugzilla.suse.com/1132726
https://bugzilla.suse.com/1132828
https://bugzilla.suse.com/1132894
https://bugzilla.suse.com/1133005
https://bugzilla.suse.com/1133094
https://bugzilla.suse.com/1133095
https://bugzilla.suse.com/1133149
https://bugzilla.suse.com/1133176
https://bugzilla.suse.com/1133188
https://bugzilla.suse.com/1133547
https://bugzilla.suse.com/1133668
https://bugzilla.suse.com/1133672
https://bugzilla.suse.com/1133698
https://bugzilla.suse.com/1133702
https://bugzilla.suse.com/1133769
https://bugzilla.suse.com/1133772
https://bugzilla.suse.com/1133778
https://bugzilla.suse.com/1133779
https://bugzilla.suse.com/1133780
https://bugzilla.suse.com/1133850
https://bugzilla.suse.com/1133851
https://bugzilla.suse.com/1133852
https://bugzilla.suse.com/1133897
https://bugzilla.suse.com/1134160
https://bugzilla.suse.com/1134162
https://bugzilla.suse.com/1134201
https://bugzilla.suse.com/1134202
https://bugzilla.suse.com/1134204
https://bugzilla.suse.com/1134205
https://bugzilla.suse.com/1134393
https://bugzilla.suse.com/1134459
https://bugzilla.suse.com/1134461
https://bugzilla.suse.com/1134597
https://bugzilla.suse.com/1134600
https://bugzilla.suse.com/1134651
https://bugzilla.suse.com/1134810
https://bugzilla.suse.com/1134848
https://bugzilla.suse.com/1135007
https://bugzilla.suse.com/1135008
https://bugzilla.suse.com/1135120
https://bugzilla.suse.com/1135278
https://bugzilla.suse.com/1135281
https://bugzilla.suse.com/1135309
https://bugzilla.suse.com/1135312
https://bugzilla.suse.com/1135315
https://bugzilla.suse.com/1135320
https://bugzilla.suse.com/1135323
https://bugzilla.suse.com/1135492
https://bugzilla.suse.com/1135642

--
  Linux Kernel Update for openSUSE