SUSE 5149 Published by

Updated OpenSaml/Chromium packages has been released for openSUSE:

openSUSE-SU-2017:3241-1: important: Security update for opensaml
openSUSE-SU-2017:3244-1: important: Security update for chromium
openSUSE-SU-2017:3245-1: important: Security update for chromium

Also updated Xen, Linux kernel, and OBS toolchain packages are available for SUSE Linux Enterprise:
SUSE-SU-2017:3239-1: important: Security update for xen
SUSE-SU-2017:3242-1: important: Security update for xen
SUSE-SU-2017:3249-1: important: Security update for the Linux Kernel
SUSE-SU-2017:3253-1: important: Fixing security issues on OBS toolchain



openSUSE-SU-2017:3241-1: important: Security update for opensaml

openSUSE Security Update: Security update for opensaml
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:3241-1
Rating: important
References: #1068685
Cross-References: CVE-2017-16853
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for opensaml fixes the following issues:

Security issue fixed:

- CVE-2017-16853: Fix the DynamicMetadataProvider class to properly
configure itself with the MetadataFilter plugins, to avoid possible MITM
attacks (bsc#1068685).

This update was imported from the SUSE:SLE-12-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1350=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1350=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.3 (x86_64):

libsaml-devel-2.5.5-6.1
libsaml8-2.5.5-6.1
libsaml8-debuginfo-2.5.5-6.1
opensaml-bin-2.5.5-6.1
opensaml-bin-debuginfo-2.5.5-6.1
opensaml-debugsource-2.5.5-6.1
opensaml-schemas-2.5.5-6.1

- openSUSE Leap 42.2 (x86_64):

libsaml-devel-2.5.5-3.3.1
libsaml8-2.5.5-3.3.1
libsaml8-debuginfo-2.5.5-3.3.1
opensaml-bin-2.5.5-3.3.1
opensaml-bin-debuginfo-2.5.5-3.3.1
opensaml-debugsource-2.5.5-3.3.1
opensaml-schemas-2.5.5-3.3.1


References:

https://www.suse.com/security/cve/CVE-2017-16853.html
https://bugzilla.suse.com/1068685


openSUSE-SU-2017:3244-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:3244-1
Rating: important
References: #1071691
Cross-References: CVE-2017-15408 CVE-2017-15409 CVE-2017-15410
CVE-2017-15411 CVE-2017-15412 CVE-2017-15413
CVE-2017-15415 CVE-2017-15416 CVE-2017-15417
CVE-2017-15418 CVE-2017-15419 CVE-2017-15420
CVE-2017-15422 CVE-2017-15423 CVE-2017-15424
CVE-2017-15425 CVE-2017-15426 CVE-2017-15427

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes 18 vulnerabilities is now available.

Description:

This update to Chromium 63.0.3239.84 fixes the following security issues:

- CVE-2017-15408: Heap buffer overflow in PDFium
- CVE-2017-15409: Out of bounds write in Skia
- CVE-2017-15410: Use after free in PDFium
- CVE-2017-15411: Use after free in PDFium
- CVE-2017-15412: Use after free in libXML
- CVE-2017-15413: Type confusion in WebAssembly
- CVE-2017-15415: Pointer information disclosure in IPC call
- CVE-2017-15416: Out of bounds read in Blink
- CVE-2017-15417: Cross origin information disclosure in Skia
- CVE-2017-15418: Use of uninitialized value in Skia
- CVE-2017-15419: Cross origin leak of redirect URL in Blink
- CVE-2017-15420: URL spoofing in Omnibox
- CVE-2017-15422: Integer overflow in ICU
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL
- CVE-2017-15424: URL Spoof in Omnibox
- CVE-2017-15425: URL Spoof in Omnibox
- CVE-2017-15426: URL Spoof in Omnibox
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1349=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1349=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.3 (x86_64):

chromedriver-63.0.3239.84-127.1
chromedriver-debuginfo-63.0.3239.84-127.1
chromium-63.0.3239.84-127.1
chromium-debuginfo-63.0.3239.84-127.1
chromium-debugsource-63.0.3239.84-127.1

- openSUSE Leap 42.2 (x86_64):

chromedriver-63.0.3239.84-104.41.1
chromedriver-debuginfo-63.0.3239.84-104.41.1
chromium-63.0.3239.84-104.41.1
chromium-debuginfo-63.0.3239.84-104.41.1
chromium-debugsource-63.0.3239.84-104.41.1


References:

https://www.suse.com/security/cve/CVE-2017-15408.html
https://www.suse.com/security/cve/CVE-2017-15409.html
https://www.suse.com/security/cve/CVE-2017-15410.html
https://www.suse.com/security/cve/CVE-2017-15411.html
https://www.suse.com/security/cve/CVE-2017-15412.html
https://www.suse.com/security/cve/CVE-2017-15413.html
https://www.suse.com/security/cve/CVE-2017-15415.html
https://www.suse.com/security/cve/CVE-2017-15416.html
https://www.suse.com/security/cve/CVE-2017-15417.html
https://www.suse.com/security/cve/CVE-2017-15418.html
https://www.suse.com/security/cve/CVE-2017-15419.html
https://www.suse.com/security/cve/CVE-2017-15420.html
https://www.suse.com/security/cve/CVE-2017-15422.html
https://www.suse.com/security/cve/CVE-2017-15423.html
https://www.suse.com/security/cve/CVE-2017-15424.html
https://www.suse.com/security/cve/CVE-2017-15425.html
https://www.suse.com/security/cve/CVE-2017-15426.html
https://www.suse.com/security/cve/CVE-2017-15427.html
https://bugzilla.suse.com/1071691

openSUSE-SU-2017:3245-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:3245-1
Rating: important
References: #1064066 #1064298 #1065405 #1066851 #1071691

Cross-References: CVE-2017-15386 CVE-2017-15387 CVE-2017-15388
CVE-2017-15389 CVE-2017-15390 CVE-2017-15391
CVE-2017-15392 CVE-2017-15393 CVE-2017-15394
CVE-2017-15395 CVE-2017-15396 CVE-2017-15398
CVE-2017-15399 CVE-2017-15408 CVE-2017-15409
CVE-2017-15410 CVE-2017-15411 CVE-2017-15412
CVE-2017-15413 CVE-2017-15415 CVE-2017-15416
CVE-2017-15417 CVE-2017-15418 CVE-2017-15419
CVE-2017-15420 CVE-2017-15422 CVE-2017-15423
CVE-2017-15424 CVE-2017-15425 CVE-2017-15426
CVE-2017-15427 CVE-2017-5124 CVE-2017-5125
CVE-2017-5126 CVE-2017-5127 CVE-2017-5128
CVE-2017-5129 CVE-2017-5130 CVE-2017-5131
CVE-2017-5132 CVE-2017-5133
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 41 vulnerabilities is now available.

Description:

This update to Chromium 63.0.3239.84 fixes the following security issues:

- CVE-2017-5124: UXSS with MHTML
- CVE-2017-5125: Heap overflow in Skia
- CVE-2017-5126: Use after free in PDFium
- CVE-2017-5127: Use after free in PDFium
- CVE-2017-5128: Heap overflow in WebGL
- CVE-2017-5129: Use after free in WebAudio
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2
- CVE-2017-5131: Out of bounds write in Skia
- CVE-2017-5133: Out of bounds write in Skia
- CVE-2017-15386: UI spoofing in Blink
- CVE-2017-15387: Content security bypass
- CVE-2017-15388: Out of bounds read in Skia
- CVE-2017-15389: URL spoofing in OmniBox
- CVE-2017-15390: URL spoofing in OmniBox
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration
- CVE-2017-15393: Referrer leak in Devtools
- CVE-2017-15394: URL spoofing in extensions UI
- CVE-2017-15395: Null pointer dereference in ImageCapture
- CVE-2017-15396: Stack overflow in V8
- CVE-2017-15398: Stack buffer overflow in QUIC
- CVE-2017-15399: Use after free in V8
- CVE-2017-15408: Heap buffer overflow in PDFium
- CVE-2017-15409: Out of bounds write in Skia
- CVE-2017-15410: Use after free in PDFium
- CVE-2017-15411: Use after free in PDFium
- CVE-2017-15412: Use after free in libXML
- CVE-2017-15413: Type confusion in WebAssembly
- CVE-2017-15415: Pointer information disclosure in IPC call
- CVE-2017-15416: Out of bounds read in Blink
- CVE-2017-15417: Cross origin information disclosure in Skia
- CVE-2017-15418: Use of uninitialized value in Skia
- CVE-2017-15419: Cross origin leak of redirect URL in Blink
- CVE-2017-15420: URL spoofing in Omnibox
- CVE-2017-15422: Integer overflow in ICU
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL
- CVE-2017-15424: URL Spoof in Omnibox
- CVE-2017-15425: URL Spoof in Omnibox
- CVE-2017-15426: URL Spoof in Omnibox
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox

The following tracked bug fixes are included:

- sandbox crash fixes (bsc#1064298)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-1352=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

chromedriver-63.0.3239.84-40.1
chromium-63.0.3239.84-40.1


References:

https://www.suse.com/security/cve/CVE-2017-15386.html
https://www.suse.com/security/cve/CVE-2017-15387.html
https://www.suse.com/security/cve/CVE-2017-15388.html
https://www.suse.com/security/cve/CVE-2017-15389.html
https://www.suse.com/security/cve/CVE-2017-15390.html
https://www.suse.com/security/cve/CVE-2017-15391.html
https://www.suse.com/security/cve/CVE-2017-15392.html
https://www.suse.com/security/cve/CVE-2017-15393.html
https://www.suse.com/security/cve/CVE-2017-15394.html
https://www.suse.com/security/cve/CVE-2017-15395.html
https://www.suse.com/security/cve/CVE-2017-15396.html
https://www.suse.com/security/cve/CVE-2017-15398.html
https://www.suse.com/security/cve/CVE-2017-15399.html
https://www.suse.com/security/cve/CVE-2017-15408.html
https://www.suse.com/security/cve/CVE-2017-15409.html
https://www.suse.com/security/cve/CVE-2017-15410.html
https://www.suse.com/security/cve/CVE-2017-15411.html
https://www.suse.com/security/cve/CVE-2017-15412.html
https://www.suse.com/security/cve/CVE-2017-15413.html
https://www.suse.com/security/cve/CVE-2017-15415.html
https://www.suse.com/security/cve/CVE-2017-15416.html
https://www.suse.com/security/cve/CVE-2017-15417.html
https://www.suse.com/security/cve/CVE-2017-15418.html
https://www.suse.com/security/cve/CVE-2017-15419.html
https://www.suse.com/security/cve/CVE-2017-15420.html
https://www.suse.com/security/cve/CVE-2017-15422.html
https://www.suse.com/security/cve/CVE-2017-15423.html
https://www.suse.com/security/cve/CVE-2017-15424.html
https://www.suse.com/security/cve/CVE-2017-15425.html
https://www.suse.com/security/cve/CVE-2017-15426.html
https://www.suse.com/security/cve/CVE-2017-15427.html
https://www.suse.com/security/cve/CVE-2017-5124.html
https://www.suse.com/security/cve/CVE-2017-5125.html
https://www.suse.com/security/cve/CVE-2017-5126.html
https://www.suse.com/security/cve/CVE-2017-5127.html
https://www.suse.com/security/cve/CVE-2017-5128.html
https://www.suse.com/security/cve/CVE-2017-5129.html
https://www.suse.com/security/cve/CVE-2017-5130.html
https://www.suse.com/security/cve/CVE-2017-5131.html
https://www.suse.com/security/cve/CVE-2017-5132.html
https://www.suse.com/security/cve/CVE-2017-5133.html
https://bugzilla.suse.com/1064066
https://bugzilla.suse.com/1064298
https://bugzilla.suse.com/1065405
https://bugzilla.suse.com/1066851
https://bugzilla.suse.com/1071691

SUSE-SU-2017:3239-1: important: Security update for xen

SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:3239-1
Rating: important
References: #1055047 #1056336 #1061075 #1061081 #1061086
#1063123 #1068187 #1068191
Cross-References: CVE-2017-13672 CVE-2017-15289 CVE-2017-15592
CVE-2017-15595 CVE-2017-15597
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that solves 5 vulnerabilities and has three fixes
is now available.

Description:

This update for xen fixes several issues.

These security issues were fixed:

- bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)
code allowed for DoS (XSA-246)
- bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged
guests to retain a writable mapping of freed memory leading to
information leaks, privilege escalation or DoS (XSA-247).
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
(bsc#1063123)
- CVE-2017-15597: A grant copy operation being done on a grant of a dying
domain allowed a malicious guest administrator to corrupt hypervisor
memory, allowing for DoS or potentially privilege escalation and
information leaks (bsc#1061075).
- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS
(unbounded recursion, stack consumption, and hypervisor crash) or
possibly gain privileges via crafted page-table stacking (bsc#1061081).
- CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS
(hypervisor crash) or possibly gain privileges because self-linear
shadow mappings were mishandled for translated guests (bsc#1061086).
- CVE-2017-13672: The VGA display emulator support allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors involving display update (bsc#1056336)

This non-security issue was fixed:

- bsc#1055047: Fixed --initrd-inject option in virt-install


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-2019=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Server 12-LTSS (x86_64):

xen-4.4.4_26-22.59.3
xen-debugsource-4.4.4_26-22.59.3
xen-doc-html-4.4.4_26-22.59.3
xen-kmp-default-4.4.4_26_k3.12.61_52.101-22.59.3
xen-kmp-default-debuginfo-4.4.4_26_k3.12.61_52.101-22.59.3
xen-libs-32bit-4.4.4_26-22.59.3
xen-libs-4.4.4_26-22.59.3
xen-libs-debuginfo-32bit-4.4.4_26-22.59.3
xen-libs-debuginfo-4.4.4_26-22.59.3
xen-tools-4.4.4_26-22.59.3
xen-tools-debuginfo-4.4.4_26-22.59.3
xen-tools-domU-4.4.4_26-22.59.3
xen-tools-domU-debuginfo-4.4.4_26-22.59.3


References:

https://www.suse.com/security/cve/CVE-2017-13672.html
https://www.suse.com/security/cve/CVE-2017-15289.html
https://www.suse.com/security/cve/CVE-2017-15592.html
https://www.suse.com/security/cve/CVE-2017-15595.html
https://www.suse.com/security/cve/CVE-2017-15597.html
https://bugzilla.suse.com/1055047
https://bugzilla.suse.com/1056336
https://bugzilla.suse.com/1061075
https://bugzilla.suse.com/1061081
https://bugzilla.suse.com/1061086
https://bugzilla.suse.com/1063123
https://bugzilla.suse.com/1068187
https://bugzilla.suse.com/1068191

SUSE-SU-2017:3242-1: important: Security update for xen

SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:3242-1
Rating: important
References: #1055047 #1056336 #1061075 #1061081 #1061086
#1063123 #1068187 #1068191
Cross-References: CVE-2017-13672 CVE-2017-15289 CVE-2017-15592
CVE-2017-15595 CVE-2017-15597
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that solves 5 vulnerabilities and has three fixes
is now available.

Description:

This update for xen fixes several issues.

These security issues were fixed:

- bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)
code allowed for DoS (XSA-246)
- bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged
guests to retain a writable mapping of freed memory leading to
information leaks, privilege escalation or DoS (XSA-247).
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
(bsc#1063123)
- CVE-2017-15597: A grant copy operation being done on a grant of a dying
domain allowed a malicious guest administrator to corrupt hypervisor
memory, allowing for DoS or potentially privilege escalation and
information leaks (bsc#1061075).
- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS
(unbounded recursion, stack consumption, and hypervisor crash) or
possibly gain privileges via crafted page-table stacking (bsc#1061081).
- CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS
(hypervisor crash) or possibly gain privileges because self-linear
shadow mappings were mishandled for translated guests (bsc#1061086).
- CVE-2017-13672: The VGA display emulator support allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors involving display update (bsc#1056336)

This non-security issue was fixed:

- bsc#1055047: Fixed --initrd-inject option in virt-install


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-xen-13372=1

- SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-xen-13372=1

- SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-xen-13372=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):

xen-devel-4.4.4_26-61.17.1

- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

xen-kmp-default-4.4.4_26_3.0.101_108.13-61.17.1
xen-libs-4.4.4_26-61.17.1
xen-tools-domU-4.4.4_26-61.17.1

- SUSE Linux Enterprise Server 11-SP4 (x86_64):

xen-4.4.4_26-61.17.1
xen-doc-html-4.4.4_26-61.17.1
xen-libs-32bit-4.4.4_26-61.17.1
xen-tools-4.4.4_26-61.17.1

- SUSE Linux Enterprise Server 11-SP4 (i586):

xen-kmp-pae-4.4.4_26_3.0.101_108.13-61.17.1

- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

xen-debuginfo-4.4.4_26-61.17.1
xen-debugsource-4.4.4_26-61.17.1


References:

https://www.suse.com/security/cve/CVE-2017-13672.html
https://www.suse.com/security/cve/CVE-2017-15289.html
https://www.suse.com/security/cve/CVE-2017-15592.html
https://www.suse.com/security/cve/CVE-2017-15595.html
https://www.suse.com/security/cve/CVE-2017-15597.html
https://bugzilla.suse.com/1055047
https://bugzilla.suse.com/1056336
https://bugzilla.suse.com/1061075
https://bugzilla.suse.com/1061081
https://bugzilla.suse.com/1061086
https://bugzilla.suse.com/1063123
https://bugzilla.suse.com/1068187
https://bugzilla.suse.com/1068191


SUSE-SU-2017:3249-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:3249-1
Rating: important
References: #1043652 #1047626 #1066192 #1066471 #1066472
#1066573 #1066606 #1066618 #1066625 #1066650
#1066671 #1066700 #1066705 #1067085 #1067086
#1067997 #1069496 #1069702 #1069708 #1070307
#1070781 #860993
Cross-References: CVE-2014-0038 CVE-2017-1000405 CVE-2017-12193
CVE-2017-15102 CVE-2017-16525 CVE-2017-16527
CVE-2017-16529 CVE-2017-16531 CVE-2017-16535
CVE-2017-16536 CVE-2017-16537 CVE-2017-16649
CVE-2017-16650 CVE-2017-16939
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

An update that solves 14 vulnerabilities and has 8 fixes is
now available.

Description:


The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to receive
various security and bugfixes.

The following security bugs were fixed:

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (use-after-free) via a crafted
SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY
Netlink messages (bnc#1069702 1069708).
- CVE-2017-1000405: The Linux Kernel had a problematic use of
pmd_mkdirty() in the touch_pmd() function inside the THP implementation.
touch_pmd() could be reached by get_user_pages(). In such case, the pmd
would become dirty. This scenario breaks the new
can_follow_write_pmd()'s logic - pmd could become dirty without going
through a COW cycle. This bug was not as severe as the original "Dirty
cow" because an ext4 file (or any other regular file) could not be
mapped using THP. Nevertheless, it did allow us to overwrite read-only
huge pages. For example, the zero huge page and sealed shmem files could
be overwritten (since their mapping could be populated using THP). Note
that after the first write page-fault to the zero page, it will be
replaced with a new fresh (and zeroed) thp (bnc#1069496 1070307).
- CVE-2017-16649: The usbnet_generic_cdc_bind function in
drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to
cause a denial of service (divide-by-zero error and system crash) or
possibly have unspecified other impact via a crafted USB device
(bnc#1067085).
- CVE-2014-0038: The compat_sys_recvmmsg function in net/compat.c in the
Linux kernel, when CONFIG_X86_X32 is enabled, allowed local users to
gain privileges via a recvmmsg system call with a crafted timeout
pointer parameter (bnc#860993).
- CVE-2017-16650: The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c
in the Linux kernel allowed local users to cause a denial of service
(divide-by-zero error and system crash) or possibly have unspecified
other impact via a crafted USB device (bnc#1067086).
- CVE-2017-16535: The usb_get_bos_descriptor function in
drivers/usb/core/config.c in the Linux kernel allowed local users to
cause a denial of service (out-of-bounds read and system crash) or
possibly have unspecified other impact via a crafted USB device
(bnc#1066700).
- CVE-2017-15102: The tower_probe function in
drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users
(who are physically proximate for inserting a crafted USB device) to
gain privileges by leveraging a write-what-where condition that occurs
after a race condition and a NULL pointer dereference (bnc#1066705).
- CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed
local users to cause a denial of service (out-of-bounds read and system
crash) or possibly have unspecified other impact via a crafted USB
device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor
(bnc#1066671).
- CVE-2017-12193: The assoc_array_insert_into_terminal_node function in
lib/assoc_array.c in the Linux kernel mishandled node splitting, which
allowed local users to cause a denial of service (NULL pointer
dereference and panic) via a crafted application, as demonstrated by the
keyring key type, and key addition and link creation operations
(bnc#1066192).
- CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c
in the Linux kernel allowed local users to cause a denial of service
(out-of-bounds read and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1066650).
- CVE-2017-16525: The usb_serial_console_disconnect function in
drivers/usb/serial/console.c in the Linux kernel allowed local users to
cause a denial of service (use-after-free and system crash) or possibly
have unspecified other impact via a crafted USB device, related to
disconnection and failed setup (bnc#1066618).
- CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in
the Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1066573).
- CVE-2017-16536: The cx231xx_usb_probe function in
drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed
local users to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact via a crafted
USB device (bnc#1066606).
- CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local
users to cause a denial of service (snd_usb_mixer_interrupt
use-after-free and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1066625).

The following non-security bugs were fixed:

- Define sock_efree (bsc#1067997).
- bcache: Add bch_keylist_init_single() (bsc#1047626).
- bcache: Add btree_map() functions (bsc#1047626).
- bcache: Add on error panic/unregister setting (bsc#1047626).
- bcache: Convert gc to a kthread (bsc#1047626).
- bcache: Delete some slower inline asm (bsc#1047626).
- bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).
- bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).
- bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).
- bcache: Fix a null ptr deref in journal replay (bsc#1047626).
- bcache: Fix an infinite loop in journal replay (bsc#1047626).
- bcache: Fix bch_ptr_bad() (bsc#1047626).
- bcache: Fix discard granularity (bsc#1047626).
- bcache: Fix for can_attach_cache() (bsc#1047626).
- bcache: Fix heap_peek() macro (bsc#1047626).
- bcache: Fix moving_pred() (bsc#1047626).
- bcache: Fix to remove the rcu_sched stalls (bsc#1047626).
- bcache: Improve bucket_prio() calculation (bsc#1047626).
- bcache: Improve priority_stats (bsc#1047626).
- bcache: Minor btree cache fix (bsc#1047626).
- bcache: Move keylist out of btree_op (bsc#1047626).
- bcache: New writeback PD controller (bsc#1047626).
- bcache: PRECEDING_KEY() (bsc#1047626).
- bcache: Performance fix for when journal entry is full (bsc#1047626).
- bcache: Remove redundant block_size assignment (bsc#1047626).
- bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).
- bcache: Remove/fix some header dependencies (bsc#1047626).
- bcache: Trivial error handling fix (bsc#1047626).
- bcache: Use ida for bcache block dev minor (bsc#1047626).
- bcache: allows use of register in udev to avoid "device_busy" error
(bsc#1047626).
- bcache: bch_allocator_thread() is not freezable (bsc#1047626).
- bcache: bch_gc_thread() is not freezable (bsc#1047626).
- bcache: bugfix - gc thread now gets woken when cache is full
(bsc#1047626).
- bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).
- bcache: cleaned up error handling around register_cache() (bsc#1047626).
- bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing
device (bsc#1047626).
- bcache: defensively handle format strings (bsc#1047626).
- bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED
(bsc#1047626).
- bcache: fix a livelock when we cause a huge number of cache misses
(bsc#1047626).
- bcache: fix crash in bcache_btree_node_alloc_fail tracepoint
(bsc#1047626).
- bcache: fix for gc and writeback race (bsc#1047626).
- bcache: fix for gc crashing when no sectors are used (bsc#1047626).
- bcache: kill index() (bsc#1047626).
- bcache: only recovery I/O error for writethrough mode (bsc#1043652).
- bcache: register_bcache(): call blkdev_put() when cache_alloc() fails
(bsc#1047626).
- bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).
- mac80211: do not compare TKIP TX MIC key in reinstall prevention
(bsc#1066472).
- mac80211: use constant time comparison with keys (bsc#1066471).
- powerpc/powernv: Remove OPAL v1 takeover (bsc#1070781).
- powerpc/vdso64: Use double word compare on pointers
- powerpc: Convert cmp to cmpd in idle enter sequence


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-2024=1

- SUSE Linux Enterprise Module for Public Cloud 12:

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-2024=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

kernel-default-3.12.61-52.106.1
kernel-default-base-3.12.61-52.106.1
kernel-default-base-debuginfo-3.12.61-52.106.1
kernel-default-debuginfo-3.12.61-52.106.1
kernel-default-debugsource-3.12.61-52.106.1
kernel-default-devel-3.12.61-52.106.1
kernel-syms-3.12.61-52.106.1

- SUSE Linux Enterprise Server 12-LTSS (noarch):

kernel-devel-3.12.61-52.106.1
kernel-macros-3.12.61-52.106.1
kernel-source-3.12.61-52.106.1

- SUSE Linux Enterprise Server 12-LTSS (x86_64):

kernel-xen-3.12.61-52.106.1
kernel-xen-base-3.12.61-52.106.1
kernel-xen-base-debuginfo-3.12.61-52.106.1
kernel-xen-debuginfo-3.12.61-52.106.1
kernel-xen-debugsource-3.12.61-52.106.1
kernel-xen-devel-3.12.61-52.106.1
kgraft-patch-3_12_61-52_106-default-1-5.1
kgraft-patch-3_12_61-52_106-xen-1-5.1

- SUSE Linux Enterprise Server 12-LTSS (s390x):

kernel-default-man-3.12.61-52.106.1

- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

kernel-ec2-3.12.61-52.106.1
kernel-ec2-debuginfo-3.12.61-52.106.1
kernel-ec2-debugsource-3.12.61-52.106.1
kernel-ec2-devel-3.12.61-52.106.1
kernel-ec2-extra-3.12.61-52.106.1
kernel-ec2-extra-debuginfo-3.12.61-52.106.1


References:

https://www.suse.com/security/cve/CVE-2014-0038.html
https://www.suse.com/security/cve/CVE-2017-1000405.html
https://www.suse.com/security/cve/CVE-2017-12193.html
https://www.suse.com/security/cve/CVE-2017-15102.html
https://www.suse.com/security/cve/CVE-2017-16525.html
https://www.suse.com/security/cve/CVE-2017-16527.html
https://www.suse.com/security/cve/CVE-2017-16529.html
https://www.suse.com/security/cve/CVE-2017-16531.html
https://www.suse.com/security/cve/CVE-2017-16535.html
https://www.suse.com/security/cve/CVE-2017-16536.html
https://www.suse.com/security/cve/CVE-2017-16537.html
https://www.suse.com/security/cve/CVE-2017-16649.html
https://www.suse.com/security/cve/CVE-2017-16650.html
https://www.suse.com/security/cve/CVE-2017-16939.html
https://bugzilla.suse.com/1043652
https://bugzilla.suse.com/1047626
https://bugzilla.suse.com/1066192
https://bugzilla.suse.com/1066471
https://bugzilla.suse.com/1066472
https://bugzilla.suse.com/1066573
https://bugzilla.suse.com/1066606
https://bugzilla.suse.com/1066618
https://bugzilla.suse.com/1066625
https://bugzilla.suse.com/1066650
https://bugzilla.suse.com/1066671
https://bugzilla.suse.com/1066700
https://bugzilla.suse.com/1066705
https://bugzilla.suse.com/1067085
https://bugzilla.suse.com/1067086
https://bugzilla.suse.com/1067997
https://bugzilla.suse.com/1069496
https://bugzilla.suse.com/1069702
https://bugzilla.suse.com/1069708
https://bugzilla.suse.com/1070307
https://bugzilla.suse.com/1070781
https://bugzilla.suse.com/860993


SUSE-SU-2017:3253-1: important: Fixing security issues on OBS toolchain

SUSE Security Update: Fixing security issues on OBS toolchain
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:3253-1
Rating: important
References: #1059858 #1061500 #1069904 #665768 #938556

Cross-References: CVE-2010-4226 CVE-2017-14804 CVE-2017-9274

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
______________________________________________________________________________

An update that solves three vulnerabilities and has two
fixes is now available.

Description:

This OBS toolchain update fixes the following issues:

Package 'build':

- CVE-2010-4226: force use of bsdtar for VMs (bnc#665768)
- CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
- switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit
to foo-32bit-debuginfo (fate#323217)

Package 'obs-service-source_validator':
- CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from
a spec (bnc#938556).
- Update to version 0.7
- use spec_query instead of output_versions using the specfile parser from
the build package (boo#1059858)

Package 'osc':
- update to version 0.162.0
- add Recommends: ca-certificates to enable TLS verification without
manually installing them. (bnc#1061500)


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-2028=1

- SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-2028=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):

build-20171128-9.3.2
build-initvm-s390-20171128-9.3.2
build-initvm-x86_64-20171128-9.3.2
build-mkbaselibs-20171128-9.3.2
obs-service-source_validator-0.7-9.3.1
osc-0.162.0-15.3.1

- SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch):

build-20171128-9.3.2
build-initvm-s390-20171128-9.3.2
build-initvm-x86_64-20171128-9.3.2
build-mkbaselibs-20171128-9.3.2
obs-service-source_validator-0.7-9.3.1
osc-0.162.0-15.3.1


References:

https://www.suse.com/security/cve/CVE-2010-4226.html
https://www.suse.com/security/cve/CVE-2017-14804.html
https://www.suse.com/security/cve/CVE-2017-9274.html
https://bugzilla.suse.com/1059858
https://bugzilla.suse.com/1061500
https://bugzilla.suse.com/1069904
https://bugzilla.suse.com/665768
https://bugzilla.suse.com/938556