Oval Definition:	oval:org.opensuse.security:def:4316
Revision Date: 2020-12-02 Version: 1 Title: Security update for the Linux Kernel (Live Patch 5 for SLE 15) (Important) Description: This update for the Linux Kernel 4.12.14-25_19 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Family: unix Class: patch Status: Reference(s): 1012382 1031392 1048942 1051510 1055120 1055186 1058115 1061840 1065600 1065729 1071995 1078248 1082519 1082635 1085030 1089644 1090078 1091041 1094244 1098782 1101669 1102495 1103269 1103405 1103587 1103636 1103990 1103991 1104353 1104427 1104745 1104888 1105190 1105795 1106105 1106240 1106948 1107783 1107829 1107928 1107947 1108043 1108096 1108170 1108281 1108323 1108399 1108823 1109244 1109333 1109336 1109337 1109603 1109806 1109837 1109859 1109979 1109992 1110006 1110301 1110363 1110639 1110642 1110643 1110644 1110645 1110646 1110647 1110649 1110650 1111666 1112178 1112374 1113722 1113956 1113994 1114279 1117169 1118661 1119113 1120853 1124729 1124734 1126284 1126390 1127354 1127371 1127532 1128378 1129770 1131107 1134209 1134983 1135966 1135967 1137223 1137236 1138039 1139924 1140290 1140948 1142095 1142635 1142924 1143706 1144333 1144919 1146090 1146091 1146093 1146094 1146095 1146097 1146099 1146100 1149448 1150466 1151067 1151548 1151900 1152782 1153628 1153811 1154043 1154058 1154124 1154355 1154366 1154526 1154601 1155021 1155689 1155692 1155836 1155897 1155921 1155982 1156187 1156258 1156429 1156466 1156471 1156494 1156609 1156700 1156729 1156882 1156928 1157032 1157038 1157042 1157044 1157045 1157046 1157049 1157070 1157115 1157143 1157145 1157158 1157160 1157162 1157171 1157173 1157178 1157180 1157182 1157183 1157184 1157191 1157193 1157197 1157298 1157304 1157307 1157324 1157333 1157386 1157424 1157463 1157499 1157678 1157698 1157778 1157908 1158049 1158063 1158064 1158065 1158066 1158067 1158068 1158071 1158082 1158381 1158394 1158398 1158407 1158410 1158413 1158417 1158427 1158445 1159723 1159729 1161025 1163102 1163103 1163104 1165629 1165631 1167527 1168468 1169972 1171675 1171688 1171742 1171746 1171928 1171988 1172175 1172176 1172428 1172437 1173115 1173798 1174205 1174628 1174757 1174899 1175112 1175122 1175128 1175204 1175213 1175228 1175515 1175518 1175691 1175749 1175882 1175992 1176011 1176022 1176038 1176069 1176235 1176242 1176278 1176316 1176317 1176318 1176319 1176320 1176321 1176381 1176395 1176410 1176423 1176482 1176507 1176536 1176544 1176545 1176546 1176548 1176590 1176659 1176698 1176699 1176700 1176721 1176722 1176725 1176732 1176788 1176789 1176869 1176877 1176935 1176950 1176962 1176966 1176990 1177027 1177030 1177041 1177042 1177043 1177044 1177121 1177206 1177258 1177291 1177293 1177294 1177295 1177296 CVE-2018-1000199 CVE-2018-14633 CVE-2018-17182 CVE-2019-0154 CVE-2019-10072 CVE-2019-12418 CVE-2019-13173 CVE-2019-14895 CVE-2019-14901 CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 CVE-2019-15916 CVE-2019-16231 CVE-2019-17055 CVE-2019-17563 CVE-2019-18660 CVE-2019-18683 CVE-2019-18805 CVE-2019-18809 CVE-2019-19046 CVE-2019-19049 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19081 CVE-2019-19082 CVE-2019-19083 CVE-2019-19227 CVE-2019-19524 CVE-2019-19525 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19534 CVE-2019-19536 CVE-2019-19543 CVE-2019-5737 CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-10135 CVE-2020-10757 CVE-2020-11076 CVE-2020-11077 CVE-2020-14314 CVE-2020-14331 CVE-2020-14344 CVE-2020-14356 CVE-2020-14374 CVE-2020-14375 CVE-2020-14376 CVE-2020-14377 CVE-2020-14378 CVE-2020-14381 CVE-2020-14386 CVE-2020-14390 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088 CVE-2020-9484 SUSE-SU-2018:3159-1 SUSE-SU-2019:0635-1 SUSE-SU-2019:2055-1 SUSE-SU-2019:2260-1 SUSE-SU-2020:0226-1 SUSE-SU-2020:0455-1 SUSE-SU-2020:1364-1 SUSE-SU-2020:1646-1 SUSE-SU-2020:1919-1 SUSE-SU-2020:2197-1 SUSE-SU-2020:2610-1 SUSE-SU-2020:2767-1 SUSE-SU-2020:2905-1 Platform(s): SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Build System Kit 12 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 11 SP4 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise High Availability 15 SP2 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Live Patching 12 SP3 SUSE Linux Enterprise Live Patching 12 SP4 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Real Time Extension 11 SP2 SUSE Linux Enterprise Real Time Extension 11 SP4 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 Product(s): Definition Synopsis SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND haproxy-1.5.4-1 is installed Definition Synopsis SUSE Linux Enterprise Build System Kit 12 is installed AND kernel-zfcpdump-3.12.38-44 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information cpp48-4.8.3+r212056-6 is installed OR gcc48-4.8.3+r212056-6 is installed OR gcc48-32bit-4.8.3+r212056-6 is installed OR gcc48-c++-4.8.3+r212056-6 is installed OR gcc48-gij-4.8.3+r212056-6 is installed OR gcc48-gij-32bit-4.8.3+r212056-6 is installed OR gcc48-info-4.8.3+r212056-6 is installed OR libasan0-4.8.3+r212056-6 is installed OR libasan0-32bit-4.8.3+r212056-6 is installed OR libatomic1-4.8.3+r212056-6 is installed OR libatomic1-32bit-4.8.3+r212056-6 is installed OR libffi4-4.8.3+r212056-6 is installed OR libffi4-32bit-4.8.3+r212056-6 is installed OR libgcc_s1-4.8.3+r212056-6 is installed OR libgcc_s1-32bit-4.8.3+r212056-6 is installed OR libgcj48-4.8.3+r212056-6 is installed OR libgcj48-32bit-4.8.3+r212056-6 is installed OR libgcj48-jar-4.8.3+r212056-6 is installed OR libgcj_bc1-4.8.3+r212056-6 is installed OR libgfortran3-4.8.3+r212056-6 is installed OR libgomp1-4.8.3+r212056-6 is installed OR libgomp1-32bit-4.8.3+r212056-6 is installed OR libitm1-4.8.3+r212056-6 is installed OR libitm1-32bit-4.8.3+r212056-6 is installed OR libquadmath0-4.8.3+r212056-6 is installed OR libstdc++48-devel-4.8.3+r212056-6 is installed OR libstdc++48-devel-32bit-4.8.3+r212056-6 is installed OR libstdc++6-4.8.3+r212056-6 is installed OR libstdc++6-32bit-4.8.3+r212056-6 is installed OR libtsan0-4.8.3+r212056-6 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information alsa-1.0.27.2-11 is installed OR libasound2-1.0.27.2-11 is installed OR libasound2-32bit-1.0.27.2-11 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information NetworkManager-1.0.12-8 is installed OR NetworkManager-lang-1.0.12-8 is installed OR libnm-glib-vpn1-1.0.12-8 is installed OR libnm-glib4-1.0.12-8 is installed OR libnm-util2-1.0.12-8 is installed OR libnm0-1.0.12-8 is installed OR typelib-1_0-NM-1_0-1.0.12-8 is installed OR typelib-1_0-NMClient-1_0-1.0.12-8 is installed OR typelib-1_0-NetworkManager-1_0-1.0.12-8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information apparmor-docs-2.8.2-49 is installed OR apparmor-parser-2.8.2-49 is installed OR apparmor-profiles-2.8.2-49 is installed OR apparmor-utils-2.8.2-49 is installed OR libapparmor1-2.8.2-49 is installed OR libapparmor1-32bit-2.8.2-49 is installed OR pam_apparmor-2.8.2-49 is installed OR pam_apparmor-32bit-2.8.2-49 is installed OR perl-apparmor-2.8.2-49 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information ImageMagick-6.8.8.1-71.85 is installed OR libMagick++-6_Q16-3-6.8.8.1-71.85 is installed OR libMagickCore-6_Q16-1-6.8.8.1-71.85 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85 is installed OR libMagickWand-6_Q16-1-6.8.8.1-71.85 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP3 is installed AND ctdb-4.6.5+git.27.6afd48b1083-2 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP4 is installed AND fence-agents-4.2.1+git.1537269352.7b1fd536-1 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 is installed AND Package Information cluster-md-kmp-default-4.12.14-25.22 is installed OR dlm-kmp-default-4.12.14-25.22 is installed OR gfs2-kmp-default-4.12.14-25.22 is installed OR kernel-default-4.12.14-25.22 is installed OR ocfs2-kmp-default-4.12.14-25.22 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 SP1 is installed AND Package Information cluster-md-kmp-default-4.12.14-197.29 is installed OR dlm-kmp-default-4.12.14-197.29 is installed OR gfs2-kmp-default-4.12.14-197.29 is installed OR kernel-default-4.12.14-197.29 is installed OR ocfs2-kmp-default-4.12.14-197.29 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 SP2 is installed AND Package Information ruby2.5-rubygem-puma-4.3.5-3.3 is installed OR rubygem-puma-4.3.5-3.3 is installed Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 15-ESPOS is installed AND tomcat-9.0.35-3.52 is installed OR tomcat-admin-webapps-9.0.35-3.52 is installed OR tomcat-el-3_0-api-9.0.35-3.52 is installed OR tomcat-jsp-2_3-api-9.0.35-3.52 is installed OR tomcat-lib-9.0.35-3.52 is installed OR tomcat-servlet-4_0-api-9.0.35-3.52 is installed OR tomcat-webapps-9.0.35-3.52 is installed OR Package Information SUSE Linux Enterprise High Performance Computing 15-LTSS is installed AND tomcat-9.0.35-3.52 is installed OR tomcat-admin-webapps-9.0.35-3.52 is installed OR tomcat-el-3_0-api-9.0.35-3.52 is installed OR tomcat-jsp-2_3-api-9.0.35-3.52 is installed OR tomcat-lib-9.0.35-3.52 is installed OR tomcat-servlet-4_0-api-9.0.35-3.52 is installed OR tomcat-webapps-9.0.35-3.52 is installed Definition Synopsis SUSE Linux Enterprise Live Patching 12 SP3 is installed AND Package Information kgraft-patch-4_4_92-6_18-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_4-6-2 is installed Definition Synopsis SUSE Linux Enterprise Live Patching 12 SP4 is installed AND Package Information kgraft-patch-4_12_14-95_24-default-1-6.5 is installed OR kgraft-patch-SLE12-SP4_Update_6-1-6.5 is installed Definition Synopsis SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed AND Package Information puppet-3.6.2-3 is installed OR puppet-server-3.6.2-3 is installed Definition Synopsis SUSE Linux Enterprise Module for Containers 12 is installed AND python-setuptools-1.1.7-7 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_19-default-5-2 is installed OR kernel-livepatch-SLE15_Update_5-5-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 is installed AND Package Information nodejs8-8.16.1-3.20 is installed OR nodejs8-devel-8.16.1-3.20 is installed OR nodejs8-docs-8.16.1-3.20 is installed OR npm8-8.16.1-3.20 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs8-8.15.1-3.17 is installed OR nodejs8-devel-8.15.1-3.17 is installed OR nodejs8-docs-8.15.1-3.17 is installed OR npm8-8.15.1-3.17 is installed Definition Synopsis SUSE Linux Enterprise Point of Sale 11 SP3 is installed AND wget-1.11.4-1.32.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP4 is installed AND apache2-mod_nss-1.0.8-0.4.13.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 is installed AND Package Information augeas-1.2.0-1 is installed OR augeas-lenses-1.2.0-1 is installed OR libaugeas0-1.2.0-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND ant-1.9.4-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information apache-commons-daemon-1.0.15-4 is installed OR apache-commons-daemon-javadoc-1.0.15-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information apache2-mod_apparmor-2.8.2-49 is installed OR apparmor-docs-2.8.2-49 is installed OR apparmor-parser-2.8.2-49 is installed OR apparmor-profiles-2.8.2-49 is installed OR apparmor-utils-2.8.2-49 is installed OR libapparmor1-2.8.2-49 is installed OR libapparmor1-32bit-2.8.2-49 is installed OR pam_apparmor-2.8.2-49 is installed OR pam_apparmor-32bit-2.8.2-49 is installed OR perl-apparmor-2.8.2-49 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libxslt-tools-1.1.28-16 is installed OR libxslt1-1.1.28-16 is installed OR libxslt1-32bit-1.1.28-16 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND permissions-20180125-3.21 is installed Definition Synopsis SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information accountsservice-0.6.42-14 is installed OR accountsservice-lang-0.6.42-14 is installed OR libaccountsservice0-0.6.42-14 is installed OR typelib-1_0-AccountsService-1_0-0.6.42-14 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information freeradius-server-3.0.16-3.6 is installed OR freeradius-server-devel-3.0.16-3.6 is installed OR freeradius-server-krb5-3.0.16-3.6 is installed OR freeradius-server-ldap-3.0.16-3.6 is installed OR freeradius-server-libs-3.0.16-3.6 is installed OR freeradius-server-mysql-3.0.16-3.6 is installed OR freeradius-server-perl-3.0.16-3.6 is installed OR freeradius-server-postgresql-3.0.16-3.6 is installed OR freeradius-server-python-3.0.16-3.6 is installed OR freeradius-server-sqlite-3.0.16-3.6 is installed OR freeradius-server-utils-3.0.16-3.6 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 11 SP2 is installed AND rubygem-activerecord-2_3-2.3.14-0.10.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 is installed AND accountsservice-devel-0.6.35-1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND Package Information libidn-1.28-4.1 is installed OR libidn-devel-1.28-4.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND Package Information ghostscript-9.15-17.2 is installed OR ghostscript-devel-9.15-17.2 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 is installed AND Package Information ImageMagick-6.8.8.1-5 is installed OR libMagick++-6_Q16-3-6.8.8.1-5 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-5 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND argyllcms-1.6.3-1 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND bogofilter-1.2.4-5 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP3 is installed AND Package Information gstreamer-0_10-plugins-bad-0.10.23-25 is installed OR gstreamer-0_10-plugins-bad-lang-0.10.23-25 is installed OR libgstbasecamerabinsrc-0_10-23-0.10.23-25 is installed OR libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-25 is installed OR libgstbasevideo-0_10-23-0.10.23-25 is installed OR libgstbasevideo-0_10-23-32bit-0.10.23-25 is installed OR libgstcodecparsers-0_10-23-0.10.23-25 is installed OR libgstphotography-0_10-23-0.10.23-25 is installed OR libgstphotography-0_10-23-32bit-0.10.23-25 is installed OR libgstsignalprocessor-0_10-23-0.10.23-25 is installed OR libgstsignalprocessor-0_10-23-32bit-0.10.23-25 is installed OR libgstvdp-0_10-23-0.10.23-25 is installed OR libgstvdp-0_10-23-32bit-0.10.23-25 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information evolution-3.26.6-4.3 is installed OR evolution-devel-3.26.6-4.3 is installed OR evolution-lang-3.26.6-4.3 is installed OR evolution-plugin-bogofilter-3.26.6-4.3 is installed OR evolution-plugin-pst-import-3.26.6-4.3 is installed OR evolution-plugin-spamassassin-3.26.6-4.3 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information libopencv3_3-3.3.1-6.6 is installed OR opencv-3.3.1-6.6 is installed OR opencv-devel-3.3.1-6.6 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND Package Information libopencv3_3-3.3.1-6.6 is installed OR opencv-3.3.1-6.6 is installed OR opencv-devel-3.3.1-6.6 is installed
BACK