SUSE-SU-2018:0525-1

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).

  The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

• CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).

• CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355).

• CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311).

• CVE-2017-13215: Prevent elevation of privilege (bnc#1075908).

• CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017).

• CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874).

• CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have...