{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"\nThe SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a\n  denial of service (memory consumption) by triggering a large number of chunks\n  in an association's output queue (bsc#902351)\n\nThe following non-security bugs were fixed:\n\n- ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1045538).\n- ALSA: seq: Do not allow resizing pool in use (bsc#1045538).\n- Delete patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch (bsc# 1090078)\n- IB/mlx4: fix sprintf format warning (bnc#786036).\n- RDMA/mlx4: Discard unknown SQP work requests (bnc#786036).\n- USB: uss720: fix NULL-deref at probe (bnc#1047487).\n- bna: integer overflow bug in debugfs (bnc#780242).\n- e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bug#923242).\n- e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495).\n- fix a leak in /proc/schedstats (bsc#1094876).\n- ixgbe: Initialize 64-bit stats seqcounts (bnc#795301).\n- mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes).\n- module/retpoline: Warn about missing retpoline in module (bnc#1099177).\n- net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036).\n- net/mlx4_en: Change default QoS settings (bnc#786036).\n- net/mlx4_en: Use __force to fix a sparse warning in TX datapath (bug#925105).\n- netxen: fix incorrect loop counter decrement (bnc#784815).\n- powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244).\n- s390/qdio: do not merge ERROR output buffers (bnc#1099709).\n- s390/qeth: do not dump control cmd twice (bnc#1099709).\n- s390/qeth: fix SETIP command handling (bnc#1099709).\n- s390/qeth: free netdevice when removing a card (bnc#1099709).\n- s390/qeth: lock read device while queueing next buffer (bnc#1099709).\n- s390/qeth: when thread completes, wake up all waiters (bnc#1099709).\n- sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089).\n- scsi: sg: mitigate read/write abuse (bsc#1101296).\n- tg3: do not clear stats while tg3_close (bnc#790588).\n- video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bnc#1099966).\n- vmxnet3: use correct flag to indicate LRO feature (bsc#936423).\n- x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408).\n- x86-non-upstream-eager-fpu 32bit fix (bnc#1087086 bnc#1100091 bnc#1099598).\n- x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177).\n- xen/x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (bsc#1068032).\n","title":"Description of the patch"},{"category":"details","text":"slertesp4-kernel-source-13709","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2177-1.json"},{"category":"self","summary":"URL for SUSE-SU-2018:2177-1","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182177-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2018:2177-1","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182177-1.html"},{"category":"self","summary":"SUSE Bug 1045538","url":"https://bugzilla.suse.com/1045538"},{"category":"self","summary":"SUSE Bug 1047487","url":"https://bugzilla.suse.com/1047487"},{"category":"self","summary":"SUSE Bug 1068032","url":"https://bugzilla.suse.com/1068032"},{"category":"self","summary":"SUSE Bug 1087086","url":"https://bugzilla.suse.com/1087086"},{"category":"self","summary":"SUSE Bug 1090078","url":"https://bugzilla.suse.com/1090078"},{"category":"self","summary":"SUSE Bug 1094244","url":"https://bugzilla.suse.com/1094244"},{"category":"self","summary":"SUSE Bug 1094876","url":"https://bugzilla.suse.com/1094876"},{"category":"self","summary":"SUSE Bug 1098408","url":"https://bugzilla.suse.com/1098408"},{"category":"self","summary":"SUSE Bug 1099177","url":"https://bugzilla.suse.com/1099177"},{"category":"self","summary":"SUSE Bug 1099598","url":"https://bugzilla.suse.com/1099598"},{"category":"self","summary":"SUSE Bug 1099709","url":"https://bugzilla.suse.com/1099709"},{"category":"self","summary":"SUSE Bug 1099966","url":"https://bugzilla.suse.com/1099966"},{"category":"self","summary":"SUSE Bug 1100089","url":"https://bugzilla.suse.com/1100089"},{"category":"self","summary":"SUSE Bug 1100091","url":"https://bugzilla.suse.com/1100091"},{"category":"self","summary":"SUSE Bug 1101296","url":"https://bugzilla.suse.com/1101296"},{"category":"self","summary":"SUSE Bug 780242","url":"https://bugzilla.suse.com/780242"},{"category":"self","summary":"SUSE Bug 784815","url":"https://bugzilla.suse.com/784815"},{"category":"self","summary":"SUSE Bug 786036","url":"https://bugzilla.suse.com/786036"},{"category":"self","summary":"SUSE Bug 790588","url":"https://bugzilla.suse.com/790588"},{"category":"self","summary":"SUSE Bug 795301","url":"https://bugzilla.suse.com/795301"},{"category":"self","summary":"SUSE Bug 902351","url":"https://bugzilla.suse.com/902351"},{"category":"self","summary":"SUSE Bug 909495","url":"https://bugzilla.suse.com/909495"},{"category":"self","summary":"SUSE Bug 923242","url":"https://bugzilla.suse.com/923242"},{"category":"self","summary":"SUSE Bug 925105","url":"https://bugzilla.suse.com/925105"},{"category":"self","summary":"SUSE Bug 936423","url":"https://bugzilla.suse.com/936423"},{"category":"self","summary":"SUSE CVE CVE-2014-3688 page","url":"https://www.suse.com/security/cve/CVE-2014-3688/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2018-08-02T14:40:22Z","generator":{"date":"2018-08-02T14:40:22Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2018:2177-1","initial_release_date":"2018-08-02T14:40:22Z","revision_history":[{"date":"2018-08-02T14:40:22Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-rt-3.0.101.rt130-69.30.1.x86_64","product":{"name":"kernel-rt-3.0.101.rt130-69.30.1.x86_64","product_id":"kernel-rt-3.0.101.rt130-69.30.1.x86_64"}},{"category":"product_version","name":"kernel-rt-base-3.0.101.rt130-69.30.1.x86_64","product":{"name":"kernel-rt-base-3.0.101.rt130-69.30.1.x86_64","product_id":"kernel-rt-base-3.0.101.rt130-69.30.1.x86_64"}},{"category":"product_version","name":"kernel-rt-devel-3.0.101.rt130-69.30.1.x86_64","product":{"name":"kernel-rt-devel-3.0.101.rt130-69.30.1.x86_64","product_id":"kernel-rt-devel-3.0.101.rt130-69.30.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-3.0.101.rt130-69.30.1.x86_64","product":{"name":"kernel-rt_trace-3.0.101.rt130-69.30.1.x86_64","product_id":"kernel-rt_trace-3.0.101.rt130-69.30.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-base-3.0.101.rt130-69.30.1.x86_64","product":{"name":"kernel-rt_trace-base-3.0.101.rt130-69.30.1.x86_64","product_id":"kernel-rt_trace-base-3.0.101.rt130-69.30.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-devel-3.0.101.rt130-69.30.1.x86_64","product":{"name":"kernel-rt_trace-devel-3.0.101.rt130-69.30.1.x86_64","product_id":"kernel-rt_trace-devel-3.0.101.rt130-69.30.1.x86_64"}},{"category":"product_version","name":"kernel-source-rt-3.0.101.rt130-69.30.1.x86_64","product":{"name":"kernel-source-rt-3.0.101.rt130-69.30.1.x86_64","product_id":"kernel-source-rt-3.0.101.rt130-69.30.1.x86_64"}},{"category":"product_version","name":"kernel-syms-rt-3.0.101.rt130-69.30.1.x86_64","product":{"name":"kernel-syms-rt-3.0.101.rt130-69.30.1.x86_64","product_id":"kernel-syms-rt-3.0.101.rt130-69.30.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Real Time 11 SP4","product":{"name":"SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4","product_identification_helper":{"cpe":"cpe:/a:suse:suse-linux-enterprise-rt:11:sp4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-rt-3.0.101.rt130-69.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.30.1.x86_64"},"product_reference":"kernel-rt-3.0.101.rt130-69.30.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-base-3.0.101.rt130-69.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.30.1.x86_64"},"product_reference":"kernel-rt-base-3.0.101.rt130-69.30.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-devel-3.0.101.rt130-69.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.30.1.x86_64"},"product_reference":"kernel-rt-devel-3.0.101.rt130-69.30.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-3.0.101.rt130-69.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.30.1.x86_64"},"product_reference":"kernel-rt_trace-3.0.101.rt130-69.30.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-base-3.0.101.rt130-69.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.30.1.x86_64"},"product_reference":"kernel-rt_trace-base-3.0.101.rt130-69.30.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-devel-3.0.101.rt130-69.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.30.1.x86_64"},"product_reference":"kernel-rt_trace-devel-3.0.101.rt130-69.30.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-rt-3.0.101.rt130-69.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.30.1.x86_64"},"product_reference":"kernel-source-rt-3.0.101.rt130-69.30.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-rt-3.0.101.rt130-69.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.30.1.x86_64"},"product_reference":"kernel-syms-rt-3.0.101.rt130-69.30.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"}]},"vulnerabilities":[{"cve":"CVE-2014-3688","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-3688"}],"notes":[{"category":"general","text":"The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.30.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-3688","url":"https://www.suse.com/security/cve/CVE-2014-3688"},{"category":"external","summary":"SUSE Bug 902351 for CVE-2014-3688","url":"https://bugzilla.suse.com/902351"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.30.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.30.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-08-02T14:40:22Z","details":"moderate"}],"title":"CVE-2014-3688"}]}