OVAL Reference oval:org.opensuse.security:def:4349

Oval Definition:

oval:org.opensuse.security:def:4349

Revision Date:	2020-12-02	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775). The following non-security bugs were fixed: - Merge ibmvnic reset fixes (bsc#1158755 ltc#182094). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
Family:	unix	Class:	patch
Status:		Reference(s):	1049852 1051510 1065729 1071995 1104967 1137314 1149792 1152107 1158755 1159352 1162002 1162629 1162632 1162689 1162691 1163985 1165280 1165289 1167373 1167631 1169659 1170011 1170313 1171078 1171673 1171732 1171868 1171928 1172177 1172257 1172686 1172775 1172781 1172782 1172783 1172999 1173160 1173265 1173280 1173514 1173567 1173573 1173659 1173937 1173999 1174000 1174115 1174462 1174543 1176086 1176181 1176589 1176605 1176671 1177513 1177729 1178003 CVE-2019-10153 CVE-2019-12519 CVE-2019-12521 CVE-2019-12528 CVE-2019-16746 CVE-2019-16775 CVE-2019-16776 CVE-2019-16777 CVE-2019-18860 CVE-2019-20908 CVE-2020-0305 CVE-2020-0430 CVE-2020-10745 CVE-2020-10745 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-11945 CVE-2020-12351 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15095 CVE-2020-15393 CVE-2020-15780 CVE-2020-1720 CVE-2020-1752 CVE-2020-24659 CVE-2020-25645 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-8164 CVE-2020-8201 CVE-2020-8252 CVE-2020-8517 CVE-2020-9484 SUSE-SU-2019:1813-1 SUSE-SU-2020:0043-1 SUSE-SU-2020:0589-1 SUSE-SU-2020:0622-1 SUSE-SU-2020:0820-1 SUSE-SU-2020:1156-1 SUSE-SU-2020:1364-1 SUSE-SU-2020:2065-1 SUSE-SU-2020:2106-1 SUSE-SU-2020:2710-1 SUSE-SU-2020:2813-1 SUSE-SU-2020:2870-1 SUSE-SU-2020:2988-1
Platform(s):	SUSE Linux Enterprise Build System Kit 12 SUSE Linux Enterprise Build System Kit 12 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15 SP2 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Live Patching 12 SP3 SUSE Linux Enterprise Live Patching 12 SP4 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Module for Web Scripting 15 SP2 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2	Product(s):
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 is installed AND Package Information libreoffice-4.3.3.2-6 is installed OR libreoffice-sdk-4.3.3.2-6 is installed
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 SP1 is installed AND Package Information krb5-mini-1.12.1-22 is installed OR krb5-mini-devel-1.12.1-22 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information bash-4.2-75 is installed OR bash-doc-4.2-75 is installed OR bash-lang-4.2-75 is installed OR libreadline6-6.2-75 is installed OR libreadline6-32bit-6.2-75 is installed OR readline-doc-6.2-75 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information coreutils-8.22-9 is installed OR coreutils-lang-8.22-9 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND ctags-5.8-7 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-32bit-1.7.1-6 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information at-3.1.14-8.6 is installed OR libQtWebKit4-4.8.7+2.3.4-4.7 is installed OR libQtWebKit4-32bit-4.8.7+2.3.4-4.7 is installed OR libbonobo-2.32.1-16 is installed OR libbonobo-32bit-2.32.1-16 is installed OR libbonobo-lang-2.32.1-16 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP4 is installed AND conntrack-tools-1.4.2-5 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 15 is installed AND Package Information fence-agents-4.4.0+git.1558595666.5f79f9e9-4.6 is installed OR fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-4.6 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 15 SP2 is installed AND Package Information ruby2.5-rubygem-actionpack-5_1-5.1.4-3.6 is installed OR rubygem-actionpack-5_1-5.1.4-3.6 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise High Performance Computing 15-ESPOS is installed AND squid-4.11-5.17 is installed OR Package Information SUSE Linux Enterprise High Performance Computing 15-LTSS is installed AND squid-4.11-5.17 is installed
Definition Synopsis
SUSE Linux Enterprise Live Patching 12 SP3 is installed AND Package Information kgraft-patch-4_4_132-94_33-default-8-2 is installed OR kgraft-patch-SLE12-SP3_Update_13-8-2 is installed
Definition Synopsis
SUSE Linux Enterprise Live Patching 12 SP4 is installed AND Package Information kgraft-patch-4_12_14-95_3-default-6-2 is installed OR kgraft-patch-SLE12-SP4_Update_1-6-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed AND Package Information puppet-3.6.2-3 is installed OR puppet-server-3.6.2-3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 12 is installed AND sles12sp1-docker-image-1.0.4-20160308170633 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information java-1_6_0-ibm-1.6.0_sr16.2-8 is installed OR java-1_6_0-ibm-fonts-1.6.0_sr16.2-8 is installed OR java-1_6_0-ibm-jdbc-1.6.0_sr16.2-8 is installed OR java-1_6_0-ibm-plugin-1.6.0_sr16.2-8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-default-4.12.14-150.55 is installed OR kernel-default-livepatch-4.12.14-150.55 is installed OR kernel-livepatch-4_12_14-150_55-default-1-1.3 is installed OR kernel-livepatch-SLE15_Update_19-1-1.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 12 is installed AND apache2-mod_wsgi-4.4.13-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs8-8.17.0-3.38 is installed OR nodejs8-devel-8.17.0-3.38 is installed OR nodejs8-docs-8.17.0-3.38 is installed OR npm8-8.17.0-3.38 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed AND Package Information nodejs12-12.18.4-4.6 is installed OR nodejs12-devel-12.18.4-4.6 is installed OR nodejs12-docs-12.18.4-4.6 is installed OR npm12-12.18.4-4.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS is installed AND spacewalk-backend-libs-1.2.74-0.22.2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP4 is installed AND Package Information elfutils-0.152-4.9.17 is installed OR libasm1-0.152-4.9.17 is installed OR libasm1-32bit-0.152-4.9.17 is installed OR libdw1-0.152-4.9.17 is installed OR libdw1-32bit-0.152-4.9.17 is installed OR libdw1-x86-0.152-4.9.17 is installed OR libebl1-0.152-4.9.17 is installed OR libebl1-32bit-0.152-4.9.17 is installed OR libebl1-x86-0.152-4.9.17 is installed OR libelf1-0.152-4.9.17 is installed OR libelf1-32bit-0.152-4.9.17 is installed OR libelf1-x86-0.152-4.9.17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND apache-commons-httpclient-3.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information alsa-1.0.27.2-11 is installed OR alsa-docs-1.0.27.2-11 is installed OR libasound2-1.0.27.2-11 is installed OR libasound2-32bit-1.0.27.2-11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND clamav-0.99.2-25 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information bzip2-1.0.6-29 is installed OR bzip2-doc-1.0.6-29 is installed OR libbz2-1-1.0.6-29 is installed OR libbz2-1-32bit-1.0.6-29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND perl-Config-IniFiles-2.82-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information libvirt-4.0.0-9.32 is installed OR libvirt-admin-4.0.0-9.32 is installed OR libvirt-client-4.0.0-9.32 is installed OR libvirt-daemon-4.0.0-9.32 is installed OR libvirt-daemon-config-network-4.0.0-9.32 is installed OR libvirt-daemon-config-nwfilter-4.0.0-9.32 is installed OR libvirt-daemon-driver-interface-4.0.0-9.32 is installed OR libvirt-daemon-driver-libxl-4.0.0-9.32 is installed OR libvirt-daemon-driver-lxc-4.0.0-9.32 is installed OR libvirt-daemon-driver-network-4.0.0-9.32 is installed OR libvirt-daemon-driver-nodedev-4.0.0-9.32 is installed OR libvirt-daemon-driver-nwfilter-4.0.0-9.32 is installed OR libvirt-daemon-driver-qemu-4.0.0-9.32 is installed OR libvirt-daemon-driver-secret-4.0.0-9.32 is installed OR libvirt-daemon-driver-storage-4.0.0-9.32 is installed OR libvirt-daemon-driver-storage-core-4.0.0-9.32 is installed OR libvirt-daemon-driver-storage-disk-4.0.0-9.32 is installed OR libvirt-daemon-driver-storage-iscsi-4.0.0-9.32 is installed OR libvirt-daemon-driver-storage-logical-4.0.0-9.32 is installed OR libvirt-daemon-driver-storage-mpath-4.0.0-9.32 is installed OR libvirt-daemon-driver-storage-rbd-4.0.0-9.32 is installed OR libvirt-daemon-driver-storage-scsi-4.0.0-9.32 is installed OR libvirt-daemon-hooks-4.0.0-9.32 is installed OR libvirt-daemon-lxc-4.0.0-9.32 is installed OR libvirt-daemon-qemu-4.0.0-9.32 is installed OR libvirt-daemon-xen-4.0.0-9.32 is installed OR libvirt-devel-4.0.0-9.32 is installed OR libvirt-doc-4.0.0-9.32 is installed OR libvirt-libs-4.0.0-9.32 is installed OR libvirt-lock-sanlock-4.0.0-9.32 is installed OR libvirt-nss-4.0.0-9.32 is installed
Definition Synopsis
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND ant-1.9.4-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information kernel-default-4.12.14-150.52 is installed OR kernel-default-base-4.12.14-150.52 is installed OR kernel-default-devel-4.12.14-150.52 is installed OR kernel-devel-4.12.14-150.52 is installed OR kernel-docs-4.12.14-150.52 is installed OR kernel-macros-4.12.14-150.52 is installed OR kernel-obs-build-4.12.14-150.52 is installed OR kernel-source-4.12.14-150.52 is installed OR kernel-syms-4.12.14-150.52 is installed OR kernel-vanilla-4.12.14-150.52 is installed OR kernel-vanilla-base-4.12.14-150.52 is installed OR reiserfs-kmp-default-4.12.14-150.52 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP3 is installed AND Package Information MozillaFirefox-31.8.0esr-0.13.2 is installed OR MozillaFirefox-devel-31.8.0esr-0.13.2 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 is installed AND aaa_base-malloccheck-13.2+git20140911.61c1681-1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND Package Information xfsprogs-3.2.1-3.5 is installed OR xfsprogs-devel-3.2.1-3.5 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND Package Information libmysqlclient-devel-10.0.28-17.2 is installed OR libmysqlclient_r18-10.0.28-17.2 is installed OR libmysqld-devel-10.0.28-17.2 is installed OR libmysqld18-10.0.28-17.2 is installed OR mariadb-10.0.28-17.2 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 is installed AND Package Information libsilc-1_1-2-1.1.10-24 is installed OR libsilcclient-1_1-3-1.1.10-24 is installed OR silc-toolkit-1.1.10-24 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND cyrus-sasl-digestmd5-32bit-2.1.26-7 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND bash-lang-4.3-78 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP3 is installed AND Package Information NetworkManager-1.0.12-12 is installed OR NetworkManager-lang-1.0.12-12 is installed OR typelib-1_0-NM-1_0-1.0.12-12 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information MozillaThunderbird-52.9.1-3.7 is installed OR MozillaThunderbird-devel-52.9.1-3.7 is installed OR MozillaThunderbird-translations-common-52.9.1-3.7 is installed OR MozillaThunderbird-translations-other-52.9.1-3.7 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information ffmpeg-3.4.2-4.17 is installed OR libavcodec-devel-3.4.2-4.17 is installed OR libavformat-devel-3.4.2-4.17 is installed OR libavformat57-3.4.2-4.17 is installed OR libavresample-devel-3.4.2-4.17 is installed OR libavresample3-3.4.2-4.17 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND Package Information LibVNCServer-0.9.10-4.22 is installed OR libvncclient0-0.9.10-4.22 is installed OR libvncserver0-0.9.10-4.22 is installed

BACK