Oval Definition:oval:org.opensuse.security:def:201911191
Revision Date:2019-09-27Version:1
Title:CVE-2019-11191
Description:

** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-11191
Platform(s):openSUSE Leap 42.3
Product(s):
Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • kernel-debug-4.4.180-102 is installed
  • AND kernel-debug is signed with openSUSE key
  • OR
  • kernel-debug-base-4.4.180-102 is installed
  • AND kernel-debug-base is signed with openSUSE key
  • OR
  • kernel-debug-devel-4.4.180-102 is installed
  • AND kernel-debug-devel is signed with openSUSE key
  • OR
  • kernel-default-4.4.180-102 is installed
  • AND kernel-default is signed with openSUSE key
  • OR
  • kernel-default-base-4.4.180-102 is installed
  • AND kernel-default-base is signed with openSUSE key
  • OR
  • kernel-default-devel-4.4.180-102 is installed
  • AND kernel-default-devel is signed with openSUSE key
  • OR
  • kernel-devel-4.4.180-102 is installed
  • AND kernel-devel is signed with openSUSE key
  • OR
  • kernel-docs-4.4.180-102 is installed
  • AND kernel-docs is signed with openSUSE key
  • OR
  • kernel-docs-html-4.4.180-102 is installed
  • AND kernel-docs-html is signed with openSUSE key
  • OR
  • kernel-docs-pdf-4.4.180-102 is installed
  • AND kernel-docs-pdf is signed with openSUSE key
  • OR
  • kernel-macros-4.4.180-102 is installed
  • AND kernel-macros is signed with openSUSE key
  • OR
  • kernel-obs-build-4.4.180-102 is installed
  • AND kernel-obs-build is signed with openSUSE key
  • OR
  • kernel-obs-qa-4.4.180-102 is installed
  • AND kernel-obs-qa is signed with openSUSE key
  • OR
  • kernel-source-4.4.180-102 is installed
  • AND kernel-source is signed with openSUSE key
  • OR
  • kernel-source-vanilla-4.4.180-102 is installed
  • AND kernel-source-vanilla is signed with openSUSE key
  • OR
  • kernel-syms-4.4.180-102 is installed
  • AND kernel-syms is signed with openSUSE key
  • OR
  • kernel-vanilla-4.4.180-102 is installed
  • AND kernel-vanilla is signed with openSUSE key
  • OR
  • kernel-vanilla-base-4.4.180-102 is installed
  • AND kernel-vanilla-base is signed with openSUSE key
  • OR
  • kernel-vanilla-devel-4.4.180-102 is installed
  • AND kernel-vanilla-devel is signed with openSUSE key
    • BACK