Oval Definition:	oval:org.opensuse.security:def:51902
Revision Date: 2021-06-08 Version: 1 Title: Security update for the Linux Kernel (Important) Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724). - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - net/ethernet: Add parse_protocol header_ops support (bsc#1176081). - net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081). - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). - net/packet: Ask driver for protocol if not provided by user (bsc#1176081). - net/packet: Remove redundant skb->protocol set (bsc#1176081). - net: Do not set transport offset to invalid value (bsc#1176081). - net: Introduce parse_protocol header_ops callback (bsc#1176081). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950). - s390/entry: save the caller of psw_idle (bsc#1185677). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - video: hyperv_fb: Add ratelimit on error message (bsc#1185724). Family: unix Class: patch Status: Reference(s): 1111331 1120470 1120502 1120503 1120504 1120584 1120589 1133229 1134348 1135273 1136109 1140709 1149792 1159352 1159812 1159819 1160398 1169511 1169746 1171352 1171978 1172745 1174421 1174628 1176081 1180846 1183947 1184611 1184675 1185642 1185677 1185680 1185724 1185859 1185860 1185862 1185863 1185898 1185899 1185901 1185938 1185950 1185987 1186060 1186061 1186062 1186111 1186285 1186390 1186484 1186498 CVE-2009-0696 CVE-2009-3297 CVE-2009-4022 CVE-2010-1172 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2010-4530 CVE-2011-0414 CVE-2011-0541 CVE-2011-1097 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-3146 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-0292 CVE-2013-1881 CVE-2013-2266 CVE-2013-4854 CVE-2014-0591 CVE-2014-2497 CVE-2014-2855 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2014-9709 CVE-2015-2806 CVE-2015-3202 CVE-2015-3622 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-4008 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6906 CVE-2016-6911 CVE-2016-6912 CVE-2016-7568 CVE-2016-8670 CVE-2016-9317 CVE-2016-9933 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 CVE-2019-10132 CVE-2019-11091 CVE-2019-12838 CVE-2019-16775 CVE-2019-16776 CVE-2019-16777 CVE-2019-17006 CVE-2020-12399 CVE-2020-14344 CVE-2020-15705 CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 CVE-2021-23133 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491 SUSE-SU-2019:0770-1 SUSE-SU-2019:1490-1 SUSE-SU-2019:2229-1 SUSE-SU-2020:0104-1 SUSE-SU-2020:1569-1 SUSE-SU-2020:1677-1 SUSE-SU-2020:2116-1 SUSE-SU-2020:2307-1 SUSE-SU-2021:1891-1 Platform(s): openSUSE Leap 15.0 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gcab-1.1-lp150.1 is installed OR gcab-lang-1.1-lp150.1 is installed OR libgcab-1_0-0-1.1-lp150.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information MozillaFirefox-10.0.7-0.3 is installed OR MozillaFirefox-branding-SLED-7-0.6.7 is installed OR MozillaFirefox-translations-10.0.7-0.3 is installed OR libfreebl3-3.13.6-0.5 is installed OR libfreebl3-32bit-3.13.6-0.5 is installed OR mozilla-nspr-4.9.2-0.6 is installed OR mozilla-nspr-32bit-4.9.2-0.6 is installed OR mozilla-nss-3.13.6-0.5 is installed OR mozilla-nss-32bit-3.13.6-0.5 is installed OR mozilla-nss-tools-3.13.6-0.5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information libxml2-2.7.6-0.31 is installed OR libxml2-32bit-2.7.6-0.31 is installed OR libxml2-python-2.7.6-0.31 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information bind-libs-9.9.5P1-1 is installed OR bind-libs-32bit-9.9.5P1-1 is installed OR bind-utils-9.9.5P1-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information gdk-pixbuf-loader-rsvg-2.40.2-1 is installed OR librsvg-2-2-2.40.2-1 is installed OR librsvg-2-2-32bit-2.40.2-1 is installed OR rsvg-view-2.40.2-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libtasn1-3.7-11 is installed OR libtasn1-6-3.7-11 is installed OR libtasn1-6-32bit-3.7-11 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information dbus-1-glib-0.100.2-3 is installed OR dbus-1-glib-32bit-0.100.2-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information apparmor-docs-2.8.2-49 is installed OR apparmor-parser-2.8.2-49 is installed OR apparmor-profiles-2.8.2-49 is installed OR apparmor-utils-2.8.2-49 is installed OR libapparmor1-2.8.2-49 is installed OR libapparmor1-32bit-2.8.2-49 is installed OR pam_apparmor-2.8.2-49 is installed OR pam_apparmor-32bit-2.8.2-49 is installed OR perl-apparmor-2.8.2-49 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information libvirt-5.1.0-8.3 is installed OR wireshark-plugin-libvirt-5.1.0-8.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information libcaca-0.99.beta19.git20171003-3.3 is installed OR libcaca-devel-0.99.beta19.git20171003-3.3 is installed OR libcaca0-0.99.beta19.git20171003-3.3 is installed OR libcaca0-plugins-0.99.beta19.git20171003-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information grub2-2.02-26.33 is installed OR grub2-x86_64-xen-2.02-26.33 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed AND Package Information libfreebl3-hmac-3.53-3.40 is installed OR libsoftokn3-hmac-3.53-3.40 is installed OR mozilla-nss-3.53-3.40 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs10-10.18.0-1.15 is installed OR nodejs10-devel-10.18.0-1.15 is installed OR nodejs10-docs-10.18.0-1.15 is installed OR npm10-10.18.0-1.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libXi6-1.7.4-9 is installed OR libXi6-32bit-1.7.4-9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_51-default-2-2 is installed OR kgraft-patch-3_12_74-60_64_51-xen-2-2 is installed OR kgraft-patch-SLE12-SP1_Update_18-2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND ctags-5.8-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information ghostscript-9.26a-23.19 is installed OR ghostscript-x11-9.26a-23.19 is installed OR libspectre-0.2.7-12.6 is installed OR libspectre1-0.2.7-12.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND clamav-0.100.1-33.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information openssh-7.2p2-74.30 is installed OR openssh-askpass-gnome-7.2p2-74.30 is installed OR openssh-fips-7.2p2-74.30 is installed OR openssh-helpers-7.2p2-74.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information audiofile-0.3.6-10 is installed OR libaudiofile1-0.3.6-10 is installed OR libaudiofile1-32bit-0.3.6-10 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information ghostscript-9.27-23.31 is installed OR ghostscript-x11-9.27-23.31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information xen-4.9.4_06-3.59 is installed OR xen-doc-html-4.9.4_06-3.59 is installed OR xen-libs-4.9.4_06-3.59 is installed OR xen-libs-32bit-4.9.4_06-3.59 is installed OR xen-tools-4.9.4_06-3.59 is installed OR xen-tools-domU-4.9.4_06-3.59 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed OR libwebkit2gtk3-lang-2.24.4-2.47 is installed OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed OR webkit2gtk3-2.24.4-2.47 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND nmap-6.46-3.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information apache2-2.4.23-29.24 is installed OR apache2-doc-2.4.23-29.24 is installed OR apache2-example-pages-2.4.23-29.24 is installed OR apache2-prefork-2.4.23-29.24 is installed OR apache2-utils-2.4.23-29.24 is installed OR apache2-worker-2.4.23-29.24 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information libX11-1.6.5-3.6 is installed OR libX11-6-1.6.5-3.6 is installed OR libX11-6-32bit-1.6.5-3.6 is installed OR libX11-data-1.6.5-3.6 is installed OR libX11-devel-1.6.5-3.6 is installed OR libX11-xcb1-1.6.5-3.6 is installed OR libX11-xcb1-32bit-1.6.5-3.6 is installed OR libxcb-1.13-3.5 is installed OR libxcb-composite0-1.13-3.5 is installed OR libxcb-damage0-1.13-3.5 is installed OR libxcb-devel-1.13-3.5 is installed OR libxcb-devel-doc-1.13-3.5 is installed OR libxcb-dpms0-1.13-3.5 is installed OR libxcb-dri2-0-1.13-3.5 is installed OR libxcb-dri2-0-32bit-1.13-3.5 is installed OR libxcb-dri3-0-1.13-3.5 is installed OR libxcb-dri3-0-32bit-1.13-3.5 is installed OR libxcb-glx0-1.13-3.5 is installed OR libxcb-glx0-32bit-1.13-3.5 is installed OR libxcb-present0-1.13-3.5 is installed OR libxcb-present0-32bit-1.13-3.5 is installed OR libxcb-randr0-1.13-3.5 is installed OR libxcb-record0-1.13-3.5 is installed OR libxcb-render0-1.13-3.5 is installed OR libxcb-res0-1.13-3.5 is installed OR libxcb-screensaver0-1.13-3.5 is installed OR libxcb-shape0-1.13-3.5 is installed OR libxcb-shm0-1.13-3.5 is installed OR libxcb-sync1-1.13-3.5 is installed OR libxcb-sync1-32bit-1.13-3.5 is installed OR libxcb-xf86dri0-1.13-3.5 is installed OR libxcb-xfixes0-1.13-3.5 is installed OR libxcb-xfixes0-32bit-1.13-3.5 is installed OR libxcb-xinerama0-1.13-3.5 is installed OR libxcb-xinput0-1.13-3.5 is installed OR libxcb-xkb1-1.13-3.5 is installed OR libxcb-xtest0-1.13-3.5 is installed OR libxcb-xv0-1.13-3.5 is installed OR libxcb-xvmc0-1.13-3.5 is installed OR libxcb1-1.13-3.5 is installed OR libxcb1-32bit-1.13-3.5 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND Package Information kernel-default-4.12.14-95.77.1 is installed OR kernel-default-base-4.12.14-95.77.1 is installed OR kernel-default-devel-4.12.14-95.77.1 is installed OR kernel-devel-4.12.14-95.77.1 is installed OR kernel-macros-4.12.14-95.77.1 is installed OR kernel-source-4.12.14-95.77.1 is installed OR kernel-syms-4.12.14-95.77.1 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information java-1_8_0-openjdk-1.8.0.252-3.35 is installed OR java-1_8_0-openjdk-demo-1.8.0.252-3.35 is installed OR java-1_8_0-openjdk-devel-1.8.0.252-3.35 is installed OR java-1_8_0-openjdk-headless-1.8.0.252-3.35 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND ruby2.1-rubygem-extlib-0.9.16-1 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information storm-1.0.5-5 is installed OR storm-nimbus-1.0.5-5 is installed OR storm-supervisor-1.0.5-5 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information xen-4.9.4_06-3.59 is installed OR xen-doc-html-4.9.4_06-3.59 is installed OR xen-libs-4.9.4_06-3.59 is installed OR xen-libs-32bit-4.9.4_06-3.59 is installed OR xen-tools-4.9.4_06-3.59 is installed OR xen-tools-domU-4.9.4_06-3.59 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND ansible-2.4.6.0-3.3 is installed
BACK