File _patchinfo of Package patchinfo.10704

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.10704

<patchinfo incident="10704">
  <issue id="1012382" tracker="bnc">Continuous stable update tracker for 4.4</issue>
  <issue id="1075697" tracker="bnc">Request Cisco ENIC-USNIC driver to be Inbox on SLES 15</issue>
  <issue id="1082943" tracker="bnc">SLES15 Beta3- [P9][ZZLPAR]: While running trinity Test hit cpu warn on at ../lib/vsprintf.c:1973</issue>
  <issue id="1098599" tracker="bnc">xfstests generic/270 and generic/476 got soft lockup in XFS</issue>
  <issue id="1102959" tracker="bnc">WARNING: CPU: 1 PID: 0 at ../net/sched/sch_generic.c:306 dev_watchdog+0x21c/0x230() leads to kernel panic</issue>
  <issue id="1105402" tracker="bnc">soft lockup in d_walk() after update to kernel version 3.12.74-60.64.96</issue>
  <issue id="1107829" tracker="bnc">VUL-0: CVE-2018-14633: kernel-source: security flaw in iscsi target code</issue>
  <issue id="1108145" tracker="bnc">Incorrect flow labels in IPv6 tunnels</issue>
  <issue id="1109137" tracker="bnc">zypper up installing KMPs with rpm -i (instead of rpm -U) can lead to file conflicts</issue>
  <issue id="1109330" tracker="bnc">ipv6 xfrm hash crushing CPU utilization</issue>
  <issue id="1110286" tracker="bnc">Regression: Deadlock in inet_frags_exit_net() during namespace destruction</issue>
  <issue id="1117645" tracker="bnc">XEN hang during "PCI add device" when Hypervisor starts dom0 kernel</issue>
  <issue id="1119019" tracker="bnc">LPAR hangs when removing virtual SCSI adaptor -  ibmvscsi: found no event struct in pool!</issue>
  <issue id="1120691" tracker="bnc">BUG: unable to handle kernel paging request at free_block+276</issue>
  <issue id="1121698" tracker="bnc">default cache change and block device kernel performance regression (fio) for SLE12 SP2 -&gt; SP3</issue>
  <issue id="1121805" tracker="bnc">VUL-0: TSX Memory Issue</issue>
  <issue id="1122821" tracker="bnc">Kernel in VM incorrectly reports "Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL"</issue>
  <issue id="1124728" tracker="bnc">VUL-0: CVE-2019-6974: kernel-source: KVM: potential use-after-free via kvm_ioctl_create_device()</issue>
  <issue id="1124732" tracker="bnc">VUL-0: CVE-2019-7221: kernel-source: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer</issue>
  <issue id="1124735" tracker="bnc">VUL-1: CVE-2019-7222: kernel-source: Kernel: KVM: leak of uninitialized stack contents to guest</issue>
  <issue id="1125315" tracker="bnc">System crash in sym_int_sir() after ABORT operations have happened</issue>
  <issue id="1127155" tracker="bnc">OES2018 SP1 Update 1: Conflict occured while applying the OES2018 SP1 Update1 patch.</issue>
  <issue id="1127758" tracker="bnc">Kernel soft lockup at shrink_dcache_parent()</issue>
  <issue id="1127961" tracker="bnc">L3: System crash in xfs_perag_get()-&gt;__radix_tree_lookup()</issue>
  <issue id="1128166" tracker="bnc">VUL-0: CVE-2019-9213: kernel-source: mm: enforce min addr even if capable() in expand_downwards()</issue>
  <issue id="1129080" tracker="bnc">SLES 15 SP1 Beta4 [ POWER9 64TB/192c ] [ 4.12.14-127.g14578f0-default ] Getting call trace while running 'supportconfig' on 64TB lpar (supportutils) (using pseries-energy rpm?)</issue>
  <issue id="1129179" tracker="bnc">VUL-1: CVE-2019-2024: kernel-source: media: em28xx: Fix use-after-free when disconnecting</issue>
  <issue id="2019-2024" tracker="cve" />
  <issue id="2019-9213" tracker="cve" />
  <issue id="2018-14633" tracker="cve" />
  <issue id="2019-7221" tracker="cve" />
  <issue id="2019-7222" tracker="cve" />
  <issue id="2019-6974" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>mkoutny</packager>
  <reboot_needed/>
  <description>

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).
- CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).
- CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829).
- CVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732).
- CVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735).
- CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728).

The following non-security bugs were fixed:

- copy_mount_string: Limit string length to PATH_MAX (bsc#1082943).
- enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959).
- ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).
- ipv4: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286).
- kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).
- netfilter: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286).
- perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805).
- perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805).
- perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805).
- perf/x86/intel: Fix memory corruption (bsc#1121805).
- perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805).
- perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805).
- perf/x86/intel: Make cpuc allocations consistent (bsc#1121805).
- pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080).
- restore cond_resched() in shrink_dcache_parent() (bsc#1098599, bsc#1105402, bsc#1127758).
- rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1108145).
- scsi: megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (bsc#1121698).
- scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315).
- x86: Add TSX Force Abort CPUID/MSR (bsc#1121805).
- x86: respect memory size limiting via mem= parameter (bsc#1117645).
- x86/spectre_v2: Do not check microcode versions when running under hypervisors (bsc#1122821).
- x86/xen: dont add memory above max allowed allocation (bsc#1117645).
- xen-netfront: Fix hang on device removal (bnc#1012382).
- xfrm: use complete IPv6 addresses for hash (bsc#1109330).
- xfs: remove filestream item xfs_inode reference (bsc#1127961).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.10704

Places