You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for the Linux Kernel

Announcement ID: openSUSE-SU-2017:0907-1
Rating: important
References: #1007959 #1007962 #1008842 #1011913 #1012910
#1013994 #1015609 #1017461 #1017641 #1018263
#1018419 #1019163 #1019618 #1020048 #1022785
#1023866 #1024015 #1025235 #1025683 #1026405
#1026462 #1026505 #1026509 #1026692 #1026722
#1027054 #1027066 #1027179 #1027189 #1027190
#1027195 #1027273 #1027565 #1027575 #1028017
#1028041 #1028158 #1028217 #1028325 #1028372
#1028415 #1028819 #1028895 #1029220 #1029986
#1030573 #1030575 #951844 #968697 #969755
#982783 #998106
Cross-References: CVE-2016-10200 CVE-2016-2117 CVE-2016-9191
CVE-2017-2596 CVE-2017-2636 CVE-2017-6214
CVE-2017-6345 CVE-2017-6346 CVE-2017-6347
CVE-2017-6353 CVE-2017-7184
Affected Products:
openSUSE Leap 42.2

An update that solves 11 vulnerabilities and has 41 fixes
is now available.


The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security
issues and bugs.

The following security bugs were fixed:

– CVE-2017-7184: The xfrm_replay_verify_len function in
net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size
data after an XFRM_MSG_NEWAE update, which allowed local users to obtain
root privileges or cause a denial of service (heap-based out-of-bounds
access) by leveraging the CAP_NET_ADMIN capability, as demonstrated
during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10
linux-image-* package (bnc#1030573).
– CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in
the Linux kernel allowed local users to gain privileges or cause a
denial of service (use-after-free) by making multiple bind system calls
without properly ascertaining whether a socket has the SOCK_ZAPPED
status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c
– CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
kernel allowed local users to gain privileges or cause a denial of
service (double free) by setting the HDLC line discipline (bnc#1027565).
– CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that
a certain destructor exists in required circumstances, which allowed
local users to cause a denial of service (BUG_ON) or possibly have
unspecified other impact via crafted system calls (bnc#1027190).
– CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux
kernel allowed local users to cause a denial of service (use-after-free)
or possibly have unspecified other impact via a multithreaded
application that made PACKET_FANOUT setsockopt system calls
– CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly
restrict association peel-off operations during certain wait states,
which allowed local users to cause a denial of service (invalid unlock
and double free) via a multithreaded application. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2017-5986
– CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the
Linux kernel allowed remote attackers to cause a denial of service
(infinite loop and soft lockup) via vectors involving a TCP packet with
the URG flag (bnc#1026722).
– CVE-2016-2117: The atl2_probe function in
drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly
enables scatter/gather I/O, which allowed remote attackers to obtain
sensitive information from kernel memory by reading packet data
– CVE-2017-6347: The ip_cmsg_recv_checksum function in
net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations
about skb data layout, which allowed local users to cause a denial of
service (buffer over-read) or possibly have unspecified other impact via
crafted system calls, as demonstrated by use of the MSG_MORE flag in
conjunction with loopback UDP transmission (bnc#1027179).
– CVE-2016-9191: The cgroup offline implementation in the Linux kernel
mishandled certain drain operations, which allowed local users to cause
a denial of service (system hang) by leveraging access to a container
environment for executing a crafted application, as demonstrated by
trinity (bnc#1008842).
– CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c
in the Linux kernel improperly emulates the VMXON instruction, which
allowed KVM L1 guest OS users to cause a denial of service (host OS
memory consumption) by leveraging the mishandling of page references

The following non-security bugs were fixed:

– ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819).
– ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819).
– ACPI: Remove platform devices from a bus on removal (bsc#1028819).
– add mainline tag to one hyperv patch
– bnx2x: allow adding VLANs while interface is down (bsc#1027273).
– btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641).
– btrfs: incremental send, do not delay rename when parent inode is new
– btrfs: incremental send, do not issue invalid rmdir operations
– btrfs: qgroup: Move half of the qgroup accounting time out of commit
trans (bsc#1017461).
– btrfs: send, fix failure to rename top level inode due to name collision
– btrfs: serialize subvolume mounts with potentially mismatching rw flags
(bsc#951844 bsc#1024015)
– crypto: algif_hash – avoid zero-sized array (bnc#1007962).
– cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692).
– drivers: hv: vmbus: Prevent sending data on a rescinded channel
(fate#320485, bug#1028217).
– drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913).
– drm/i915: Listen for PMIC bus access notifications (bsc#1011913).
– drm/mgag200: Added support for the new device G200eH3 (bsc#1007959,
– ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).
– Fix kABI breakage of dccp in 4.4.56 (stable-4.4.56).
– futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755).
– futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755).
– i2c: designware-baytrail: Acquire P-Unit access on bus acquire
– i2c: designware-baytrail: Call pmic_bus_access_notifier_chain
– i2c: designware-baytrail: Fix race when resetting the semaphore
– i2c: designware-baytrail: Only check iosf_mbi_available() for shared
hosts (bsc#1011913).
– i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM
method (bsc#1011913).
– i2c-designware: increase timeout (bsc#1011913).
– i2c: designware: Never suspend i2c-busses used for accessing the system
PMIC (bsc#1011913).
– i2c: designware: Rename accessor_flags to flags (bsc#1011913).
– kABI: protect struct iscsi_conn (kabi).
– kABI: protect struct se_node_acl (kabi).
– kABI: restore can_rx_register parameters (kabi).
– kgr/module: make a taint flag module-specific (fate#313296).
– kgr: remove all arch-specific kgraft header files (fate#313296).
– l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).
– l2tp: fix lookup for sockets not bound to a device in l2tp_ip
– l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()
– l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()
– l2tp: lock socket before checking flags in connect() (bsc#1028415).
– md/raid1: add rcu protection to rdev in fix_read_error (References:
– md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783).
– md/raid1: handle flush request correctly
– md/raid1: Refactor raid1_make_request
– mm: fix set pageblock migratetype in deferred struct page init
– mm/page_alloc: Remove useless parameter of __free_pages_boot_core
– module: move add_taint_module() to a header file (fate#313296).
– net/ena: change condition for host attribute configuration (bsc#1026509).
– net/ena: change driver’s default timeouts (bsc#1026509).
– net: ena: change the return type of ena_set_push_mode() to be void
– net: ena: Fix error return code in ena_device_init() (bsc#1026509).
– net/ena: fix ethtool RSS flow configuration (bsc#1026509).
– net/ena: fix NULL dereference when removing the driver after device
reset failed (bsc#1026509).
– net/ena: fix potential access to freed memory during device reset
– net/ena: fix queues number calculation (bsc#1026509).
– net/ena: fix RSS default hash configuration (bsc#1026509).
– net/ena: reduce the severity of ena printouts (bsc#1026509).
– net/ena: refactor ena_get_stats64 to be atomic context safe
– net/ena: remove ntuple filter support from device feature list
– net: ena: remove superfluous check in ena_remove() (bsc#1026509).
– net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509).
– net/ena: update driver version to 1.1.2 (bsc#1026509).
– net/ena: use READ_ONCE to access completion descriptors (bsc#1026509).
– net: ena: use setup_timer() and mod_timer() (bsc#1026509).
– net/mlx4_core: Avoid command timeouts during VF driver device shutdown
– net/mlx4_core: Avoid delays during VF driver device shutdown
– net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017).
– net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
VGT transitions (bsc#1028017).
– net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
– net/mlx4_en: Fix bad WQE issue (bsc#1028017).
– NFS: do not try to cross a mountpount when there isn’t one there
– nvme: Do not suspend admin queue that wasn’t created (bsc#1026505).
– nvme: Suspend all queues before deletion (bsc#1026505).
– PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal
(fate#320485, bug#1028217).
– PCI: hv: Use device serial number as PCI domain (fate#320485,
– powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).
– RAID1: a new I/O barrier implementation to remove resync window
– RAID1: avoid unnecessary spin locks in I/O barrier code
– Revert “give up on gcc ilog2() constant optimizations” (kabi).
– Revert “net: introduce device min_header_len” (kabi).
– Revert “net/mlx4_en: Avoid unregister_netdev at shutdown flow”
– Revert “nfit, libnvdimm: fix interleave set cookie calculation” (kabi).
– Revert “RDMA/core: Fix incorrect structure packing for booleans” (kabi).
– Revert “target: Fix NULL dereference during LUN lookup + active I/O
shutdown” (kabi).
– rtlwifi: rtl_usb: Fix missing entry in USB driver’s private data
– s390/kmsg: add missing kmsg descriptions (bnc#1025683, LTC#151573).
– s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683,
– sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting
– scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910).
– scsi: do not print ‘reservation conflict’ for TEST UNIT READY
– softirq: Let ksoftirqd do its job (bsc#1019618).
– supported.conf: Add tcp_westwood as supported module (fate#322432)
– taint/module: Clean up global and module taint flags handling
– Update mainline reference in
patches.drivers/drm-ast-Fix-memleaks-in-error-path-in-ast_fb_create.patch S
ee (bsc#1028158) for the context in which this was discovered upstream.
– x86/apic/uv: Silence a shift wrapping warning (bsc#1023866).
– x86/mce: Do not print MCEs when mcelog is active (bsc#1013994).
– x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405).
– x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405).
– x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913).
– x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier
– x86/platform: Remove warning message for duplicate NMI handlers
– x86/platform/UV: Add basic CPU NMI health check (bsc#1023866).
– x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866).
– x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866).
– x86/platform/UV: Clean up the NMI code to match current coding style
– x86/platform/UV: Clean up the UV APIC code (bsc#1023866).
– x86/platform/UV: Ensure uv_system_init is called when necessary
– x86/platform/UV: Fix 2 socket config problem (bsc#1023866).
– x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866).
– x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source
– x86/platform/UV: Verify NMI action is valid, default is standard
– xen-blkfront: correct maximum segment accounting (bsc#1018263).
– xen-blkfront: do not call talk_to_blkback when already connected to
– xen/blkfront: Fix crash if backend does not follow the right states.
– xen-blkfront: free resources if xlvbd_alloc_gendisk fails.
– xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163).
– xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163).
– xfs: do not take the IOLOCK exclusive for direct I/O page invalidation

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-418=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.2 (noarch):


– openSUSE Leap 42.2 (x86_64):



To unsubscribe, e-mail:
For additional commands, e-mail:

AutorVlatka Misic
Cert idNCERT-REF-2017-04-0004-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa samba

Otkriven je sigurnosni nedostatak u programskom paketu samba za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....