Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0907-1 Final 1 1 2017-04-01T09:49:57Z current 2017-04-01T09:49:57Z 2017-04-01T09:49:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security issues and bugs. The following security bugs were fixed: - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1025235). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179). - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity (bnc#1008842). - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulates the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785). The following non-security bugs were fixed: - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819). - ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819). - ACPI: Remove platform devices from a bus on removal (bsc#1028819). - add mainline tag to one hyperv patch - bnx2x: allow adding VLANs while interface is down (bsc#1027273). - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641). - btrfs: incremental send, do not delay rename when parent inode is new (bsc#1028325). - btrfs: incremental send, do not issue invalid rmdir operations (bsc#1028325). - btrfs: qgroup: Move half of the qgroup accounting time out of commit trans (bsc#1017461). - btrfs: send, fix failure to rename top level inode due to name collision (bsc#1028325). - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844 bsc#1024015) - crypto: algif_hash - avoid zero-sized array (bnc#1007962). - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692). - drivers: hv: vmbus: Prevent sending data on a rescinded channel (fate#320485, bug#1028217). - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913). - drm/i915: Listen for PMIC bus access notifications (bsc#1011913). - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959, fate#322780) - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - Fix kABI breakage of dccp in 4.4.56 (stable-4.4.56). - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755). - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755). - i2c: designware-baytrail: Acquire P-Unit access on bus acquire (bsc#1011913). - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain (bsc#1011913). - i2c: designware-baytrail: Fix race when resetting the semaphore (bsc#1011913). - i2c: designware-baytrail: Only check iosf_mbi_available() for shared hosts (bsc#1011913). - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM method (bsc#1011913). - i2c-designware: increase timeout (bsc#1011913). - i2c: designware: Never suspend i2c-busses used for accessing the system PMIC (bsc#1011913). - i2c: designware: Rename accessor_flags to flags (bsc#1011913). - kABI: protect struct iscsi_conn (kabi). - kABI: protect struct se_node_acl (kabi). - kABI: restore can_rx_register parameters (kabi). - kgr/module: make a taint flag module-specific (fate#313296). - kgr: remove all arch-specific kgraft header files (fate#313296). - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415). - md/raid1: add rcu protection to rdev in fix_read_error (References: bsc#998106,bsc#1020048,bsc#982783). - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: handle flush request correctly (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: Refactor raid1_make_request (bsc#998106,bsc#1020048,bsc#982783). - mm: fix set pageblock migratetype in deferred struct page init (bnc#1027195). - mm/page_alloc: Remove useless parameter of __free_pages_boot_core (bnc#1027195). - module: move add_taint_module() to a header file (fate#313296). - net/ena: change condition for host attribute configuration (bsc#1026509). - net/ena: change driver's default timeouts (bsc#1026509). - net: ena: change the return type of ena_set_push_mode() to be void (bsc#1026509). - net: ena: Fix error return code in ena_device_init() (bsc#1026509). - net/ena: fix ethtool RSS flow configuration (bsc#1026509). - net/ena: fix NULL dereference when removing the driver after device reset failed (bsc#1026509). - net/ena: fix potential access to freed memory during device reset (bsc#1026509). - net/ena: fix queues number calculation (bsc#1026509). - net/ena: fix RSS default hash configuration (bsc#1026509). - net/ena: reduce the severity of ena printouts (bsc#1026509). - net/ena: refactor ena_get_stats64 to be atomic context safe (bsc#1026509). - net/ena: remove ntuple filter support from device feature list (bsc#1026509). - net: ena: remove superfluous check in ena_remove() (bsc#1026509). - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509). - net/ena: update driver version to 1.1.2 (bsc#1026509). - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509). - net: ena: use setup_timer() and mod_timer() (bsc#1026509). - net/mlx4_core: Avoid command timeouts during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Avoid delays during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#1028017). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#1028017). - net/mlx4_en: Fix bad WQE issue (bsc#1028017). - NFS: do not try to cross a mountpount when there isn't one there (bsc#1028041). - nvme: Do not suspend admin queue that wasn't created (bsc#1026505). - nvme: Suspend all queues before deletion (bsc#1026505). - PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal (fate#320485, bug#1028217). - PCI: hv: Use device serial number as PCI domain (fate#320485, bug#1028217). - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895). - RAID1: a new I/O barrier implementation to remove resync window (bsc#998106,bsc#1020048,bsc#982783). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#998106,bsc#1020048,bsc#982783). - Revert 'give up on gcc ilog2() constant optimizations' (kabi). - Revert 'net: introduce device min_header_len' (kabi). - Revert 'net/mlx4_en: Avoid unregister_netdev at shutdown flow' (bsc#1028017). - Revert 'nfit, libnvdimm: fix interleave set cookie calculation' (kabi). - Revert 'RDMA/core: Fix incorrect structure packing for booleans' (kabi). - Revert 'target: Fix NULL dereference during LUN lookup + active I/O shutdown' (kabi). - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data (bsc#1026462). - s390/kmsg: add missing kmsg descriptions (bnc#1025683, LTC#151573). - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683, LTC#152318). - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting (bsc#1018419). - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#1027054). - softirq: Let ksoftirqd do its job (bsc#1019618). - supported.conf: Add tcp_westwood as supported module (fate#322432) - taint/module: Clean up global and module taint flags handling (fate#313296). - Update mainline reference in patches.drivers/drm-ast-Fix-memleaks-in-error-path-in-ast_fb_create.patch See (bsc#1028158) for the context in which this was discovered upstream. - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866). - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994). - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405). - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405). - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913). - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier (bsc#1011913). - x86/platform: Remove warning message for duplicate NMI handlers (bsc#1029220). - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866). - x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866). - x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866). - x86/platform/UV: Clean up the NMI code to match current coding style (bsc#1023866). - x86/platform/UV: Clean up the UV APIC code (bsc#1023866). - x86/platform/UV: Ensure uv_system_init is called when necessary (bsc#1023866). - x86/platform/UV: Fix 2 socket config problem (bsc#1023866). - x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866). - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source (bsc#1023866). - x86/platform/UV: Verify NMI action is valid, default is standard (bsc#1023866). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen/blkfront: Fix crash if backend does not follow the right states. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation (bsc#1015609). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html E-Mail link for openSUSE-SU-2017:0907-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 kernel-debug-4.4.57-18.3.1 kernel-debug-base-4.4.57-18.3.1 kernel-debug-devel-4.4.57-18.3.1 kernel-default-4.4.57-18.3.1 kernel-default-base-4.4.57-18.3.1 kernel-default-devel-4.4.57-18.3.1 kernel-devel-4.4.57-18.3.1 kernel-docs-4.4.57-18.3.2 kernel-docs-html-4.4.57-18.3.2 kernel-docs-pdf-4.4.57-18.3.2 kernel-macros-4.4.57-18.3.1 kernel-obs-build-4.4.57-18.3.1 kernel-obs-qa-4.4.57-18.3.1 kernel-source-4.4.57-18.3.1 kernel-source-vanilla-4.4.57-18.3.1 kernel-syms-4.4.57-18.3.1 kernel-vanilla-4.4.57-18.3.1 kernel-vanilla-base-4.4.57-18.3.1 kernel-vanilla-devel-4.4.57-18.3.1 kernel-debug-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-debug-base-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-debug-devel-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-default-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-default-base-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-default-devel-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-devel-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-docs-4.4.57-18.3.2 as a component of openSUSE Leap 42.2 kernel-docs-html-4.4.57-18.3.2 as a component of openSUSE Leap 42.2 kernel-docs-pdf-4.4.57-18.3.2 as a component of openSUSE Leap 42.2 kernel-macros-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-obs-build-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-obs-qa-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-source-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-source-vanilla-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-syms-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-vanilla-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-vanilla-base-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 kernel-vanilla-devel-4.4.57-18.3.1 as a component of openSUSE Leap 42.2 Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. CVE-2016-10200 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2016-10200.html CVE-2016-10200 https://bugzilla.suse.com/1027179 SUSE Bug 1027179 https://bugzilla.suse.com/1028415 SUSE Bug 1028415 The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. CVE-2016-2117 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2016-2117.html CVE-2016-2117 https://bugzilla.suse.com/1027179 SUSE Bug 1027179 https://bugzilla.suse.com/968697 SUSE Bug 968697 The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. CVE-2016-9191 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2016-9191.html CVE-2016-9191 https://bugzilla.suse.com/1008842 SUSE Bug 1008842 https://bugzilla.suse.com/1027179 SUSE Bug 1027179 The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. CVE-2017-2596 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 low 3.8 AV:L/AC:H/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2017-2596.html CVE-2017-2596 https://bugzilla.suse.com/1022785 SUSE Bug 1022785 https://bugzilla.suse.com/1027179 SUSE Bug 1027179 Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. CVE-2017-2636 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate 6 AV:L/AC:H/Au:S/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2017-2636.html CVE-2017-2636 https://bugzilla.suse.com/1027565 SUSE Bug 1027565 https://bugzilla.suse.com/1027575 SUSE Bug 1027575 https://bugzilla.suse.com/1028372 SUSE Bug 1028372 The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. CVE-2017-6214 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2017-6214.html CVE-2017-6214 https://bugzilla.suse.com/1026722 SUSE Bug 1026722 https://bugzilla.suse.com/1027179 SUSE Bug 1027179 The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. CVE-2017-6345 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2017-6345.html CVE-2017-6345 https://bugzilla.suse.com/1027179 SUSE Bug 1027179 https://bugzilla.suse.com/1027190 SUSE Bug 1027190 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. CVE-2017-6346 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2017-6346.html CVE-2017-6346 https://bugzilla.suse.com/1027179 SUSE Bug 1027179 https://bugzilla.suse.com/1027189 SUSE Bug 1027189 https://bugzilla.suse.com/1064388 SUSE Bug 1064388 https://bugzilla.suse.com/1064392 SUSE Bug 1064392 The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. CVE-2017-6347 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate 1.2 AV:L/AC:H/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2017-6347.html CVE-2017-6347 https://bugzilla.suse.com/1027179 SUSE Bug 1027179 net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986. CVE-2017-6353 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2017-6353.html CVE-2017-6353 https://bugzilla.suse.com/1025235 SUSE Bug 1025235 https://bugzilla.suse.com/1027066 SUSE Bug 1027066 The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. CVE-2017-7184 openSUSE Leap 42.2:kernel-debug-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-default-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-devel-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-docs-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-html-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.57-18.3.2 openSUSE Leap 42.2:kernel-macros-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-build-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-syms-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.57-18.3.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.57-18.3.1 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html https://www.suse.com/security/cve/CVE-2017-7184.html CVE-2017-7184 https://bugzilla.suse.com/1030573 SUSE Bug 1030573 https://bugzilla.suse.com/1030575 SUSE Bug 1030575