Revision Date: | 2020-12-02 | Version: | 1 |
Title: | Security update for the Linux Kernel (Important) |
Description: |
The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775).
The following non-security bugs were fixed:
- Merge ibmvnic reset fixes (bsc#1158755 ltc#182094). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1051510 1065729 1071995 1104967 1152107 1158755 1162002 1168994 1170011 1171078 1171673 1171732 1171868 1172257 1172775 1172781 1172782 1172783 1172999 1173265 1173280 1173514 1173567 1173573 1173659 1173999 1174000 1174115 1174462 1174543 1175626 1175656 CVE-2007-6720 CVE-2009-0179 CVE-2009-3995 CVE-2009-3996 CVE-2010-2529 CVE-2010-2546 CVE-2010-3609 CVE-2011-0020 CVE-2011-0064 CVE-2011-3172 CVE-2011-3389 CVE-2011-3602 CVE-2011-3635 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2012-1174 CVE-2012-2673 CVE-2013-0240 CVE-2013-1752 CVE-2013-1799 CVE-2013-4238 CVE-2013-4288 CVE-2014-0467 CVE-2014-2667 CVE-2014-4650 CVE-2014-9116 CVE-2015-1782 CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10713 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 SUSE-SU-2020:2626-1
|
Platform(s): | openSUSE 13.1 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Live Patching 12 SP3 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for High Performance Computing 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Real Time Extension 12 SP2 SUSE Linux Enterprise Real Time Extension 12 SP3 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE OpenStack Cloud 5
| Product(s): | |
Definition Synopsis |
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information
python-keystoneclient-1.0.0-16.1 is installed
OR python-keystoneclient-doc-1.0.0-16.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 11 SP2 is installed
AND Package Information
libproxy0-0.3.1-2.6.1 is installed
OR libproxy0-32bit-0.3.1-2.6.1 is installed
OR libproxy0-config-gnome-0.3.1-2.6.3 is installed
OR libproxy0-config-gnome-32bit-0.3.1-2.6.3 is installed
OR libproxy0-config-kde4-0.3.1-2.6.3 is installed
OR libproxy0-networkmanager-0.3.1-2.6.3 is installed
OR libproxy0-networkmanager-32bit-0.3.1-2.6.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 11 SP3 is installed
AND Package Information
icu-4.0-7.28.1 is installed
OR libicu-4.0-7.28.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 11 SP4 is installed
AND Package Information
flash-player-11.2.202.554-0.29.1 is installed
OR flash-player-gnome-11.2.202.554-0.29.1 is installed
OR flash-player-kde4-11.2.202.554-0.29.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 is installed
AND libgc1-7.2d-3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP1 is installed
AND Package Information
empathy-3.10.3-1 is installed
OR empathy-lang-3.10.3-1 is installed
OR telepathy-mission-control-plugin-goa-3.10.3-1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP2 is installed
AND Package Information
NetworkManager-1.0.12-8 is installed
OR NetworkManager-lang-1.0.12-8 is installed
OR libnm-glib-vpn1-1.0.12-8 is installed
OR libnm-glib4-1.0.12-8 is installed
OR libnm-util2-1.0.12-8 is installed
OR libnm0-1.0.12-8 is installed
OR typelib-1_0-NM-1_0-1.0.12-8 is installed
OR typelib-1_0-NMClient-1_0-1.0.12-8 is installed
OR typelib-1_0-NetworkManager-1_0-1.0.12-8 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP3 is installed
AND Package Information
bzip2-1.0.6-29 is installed
OR libbz2-1-1.0.6-29 is installed
OR libbz2-1-32bit-1.0.6-29 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP4 is installed
AND argyllcms-1.6.3-3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise for SAP 12 is installed
AND Package Information
kgraft-patch-3_12_55-52_42-default-2-2.2 is installed
OR kgraft-patch-3_12_55-52_42-xen-2-2.2 is installed
OR kgraft-patch-SLE12_Update_12-2-2.2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise High Availability 12 SP2 is installed
AND python-PyYAML-3.10-17 is installed
|
Definition Synopsis |
SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
AND Package Information
MozillaFirefox-68.1.0-109.92 is installed
OR MozillaFirefox-translations-common-68.1.0-109.92 is installed
|
Definition Synopsis |
Release Information
SUSE Linux Enterprise High Performance Computing 15-ESPOS is installed
AND
kernel-default-4.12.14-150.55 is installed
OR kernel-default-base-4.12.14-150.55 is installed
OR kernel-default-devel-4.12.14-150.55 is installed
OR kernel-devel-4.12.14-150.55 is installed
OR kernel-docs-4.12.14-150.55 is installed
OR kernel-macros-4.12.14-150.55 is installed
OR kernel-obs-build-4.12.14-150.55 is installed
OR kernel-source-4.12.14-150.55 is installed
OR kernel-syms-4.12.14-150.55 is installed
OR kernel-vanilla-4.12.14-150.55 is installed
OR kernel-vanilla-base-4.12.14-150.55 is installed
OR Package Information
SUSE Linux Enterprise High Performance Computing 15-LTSS is installed
AND
kernel-default-4.12.14-150.55 is installed
OR kernel-default-base-4.12.14-150.55 is installed
OR kernel-default-devel-4.12.14-150.55 is installed
OR kernel-devel-4.12.14-150.55 is installed
OR kernel-docs-4.12.14-150.55 is installed
OR kernel-macros-4.12.14-150.55 is installed
OR kernel-obs-build-4.12.14-150.55 is installed
OR kernel-source-4.12.14-150.55 is installed
OR kernel-syms-4.12.14-150.55 is installed
OR kernel-vanilla-4.12.14-150.55 is installed
OR kernel-vanilla-base-4.12.14-150.55 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Live Patching 12 is installed
AND Package Information
kgraft-patch-3_12_59-60_45-default-3-2 is installed
OR kgraft-patch-3_12_59-60_45-xen-3-2 is installed
OR kgraft-patch-SLE12-SP1_Update_6-3-2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Live Patching 12 SP3 is installed
AND Package Information
kgraft-patch-4_4_92-6_18-default-1-4.3 is installed
OR kgraft-patch-SLE12-SP3_Update_4-1-4.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Containers 12 is installed
AND Package Information
ruby2.1-rubygem-passenger-5.0.18-6.1 is installed
OR rubygem-passenger-5.0.18-6.1 is installed
OR rubygem-passenger-apache2-5.0.18-6.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for High Performance Computing 12 is installed
AND Package Information
libpmi0-17.02.9-6.10.1 is installed
OR libslurm29-16.05.8.1-6.1 is installed
OR libslurm31-17.02.9-6.10.1 is installed
OR pdsh-2.33-7.5.17 is installed
OR perl-slurm-17.02.9-6.10.1 is installed
OR slurm-17.02.9-6.10.1 is installed
OR slurm-auth-none-17.02.9-6.10.1 is installed
OR slurm-devel-17.02.9-6.10.1 is installed
OR slurm-doc-17.02.9-6.10.1 is installed
OR slurm-lua-17.02.9-6.10.1 is installed
OR slurm-munge-17.02.9-6.10.1 is installed
OR slurm-pam_slurm-17.02.9-6.10.1 is installed
OR slurm-plugins-17.02.9-6.10.1 is installed
OR slurm-sched-wiki-17.02.9-6.10.1 is installed
OR slurm-slurmdb-direct-17.02.9-6.10.1 is installed
OR slurm-slurmdbd-17.02.9-6.10.1 is installed
OR slurm-sql-17.02.9-6.10.1 is installed
OR slurm-torque-17.02.9-6.10.1 is installed
OR slurmlibs-16.05.8.1-6.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Legacy Software 12 is installed
AND Package Information
compat-openssl098-0.9.8j-66.3 is installed
OR libopenssl0_9_8-0.9.8j-66.3 is installed
OR libopenssl0_9_8-32bit-0.9.8j-66.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Public Cloud 12 is installed
AND python-PyYAML-3.10-15.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Web Scripting 12 is installed
AND Package Information
apache2-mod_php7-7.0.7-15 is installed
OR php7-7.0.7-15 is installed
OR php7-bcmath-7.0.7-15 is installed
OR php7-bz2-7.0.7-15 is installed
OR php7-calendar-7.0.7-15 is installed
OR php7-ctype-7.0.7-15 is installed
OR php7-curl-7.0.7-15 is installed
OR php7-dba-7.0.7-15 is installed
OR php7-dom-7.0.7-15 is installed
OR php7-enchant-7.0.7-15 is installed
OR php7-exif-7.0.7-15 is installed
OR php7-fastcgi-7.0.7-15 is installed
OR php7-fileinfo-7.0.7-15 is installed
OR php7-fpm-7.0.7-15 is installed
OR php7-ftp-7.0.7-15 is installed
OR php7-gd-7.0.7-15 is installed
OR php7-gettext-7.0.7-15 is installed
OR php7-gmp-7.0.7-15 is installed
OR php7-iconv-7.0.7-15 is installed
OR php7-imap-7.0.7-15 is installed
OR php7-intl-7.0.7-15 is installed
OR php7-json-7.0.7-15 is installed
OR php7-ldap-7.0.7-15 is installed
OR php7-mbstring-7.0.7-15 is installed
OR php7-mcrypt-7.0.7-15 is installed
OR php7-mysql-7.0.7-15 is installed
OR php7-odbc-7.0.7-15 is installed
OR php7-opcache-7.0.7-15 is installed
OR php7-openssl-7.0.7-15 is installed
OR php7-pcntl-7.0.7-15 is installed
OR php7-pdo-7.0.7-15 is installed
OR php7-pear-7.0.7-15 is installed
OR php7-pear-Archive_Tar-7.0.7-15 is installed
OR php7-pgsql-7.0.7-15 is installed
OR php7-phar-7.0.7-15 is installed
OR php7-posix-7.0.7-15 is installed
OR php7-pspell-7.0.7-15 is installed
OR php7-shmop-7.0.7-15 is installed
OR php7-snmp-7.0.7-15 is installed
OR php7-soap-7.0.7-15 is installed
OR php7-sockets-7.0.7-15 is installed
OR php7-sqlite-7.0.7-15 is installed
OR php7-sysvmsg-7.0.7-15 is installed
OR php7-sysvsem-7.0.7-15 is installed
OR php7-sysvshm-7.0.7-15 is installed
OR php7-tokenizer-7.0.7-15 is installed
OR php7-wddx-7.0.7-15 is installed
OR php7-xmlreader-7.0.7-15 is installed
OR php7-xmlrpc-7.0.7-15 is installed
OR php7-xmlwriter-7.0.7-15 is installed
OR php7-xsl-7.0.7-15 is installed
OR php7-zip-7.0.7-15 is installed
OR php7-zlib-7.0.7-15 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Real Time Extension 12 SP2 is installed
AND Package Information
crash-7.1.5-15.3 is installed
OR crash-kmp-rt-7.1.5_k4.4.21_6-15.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Real Time Extension 12 SP3 is installed
AND Package Information
cluster-md-kmp-rt-4.4.139-3.17 is installed
OR dlm-kmp-rt-4.4.139-3.17 is installed
OR gfs2-kmp-rt-4.4.139-3.17 is installed
OR kernel-devel-rt-4.4.139-3.17 is installed
OR kernel-rt-4.4.139-3.17 is installed
OR kernel-rt-base-4.4.139-3.17 is installed
OR kernel-rt-devel-4.4.139-3.17 is installed
OR kernel-rt_debug-4.4.139-3.17 is installed
OR kernel-rt_debug-devel-4.4.139-3.17 is installed
OR kernel-source-rt-4.4.139-3.17 is installed
OR kernel-syms-rt-4.4.139-3.17 is installed
OR ocfs2-kmp-rt-4.4.139-3.17 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 11 SP2 is installed
AND Package Information
bind-9.6ESVR5P1-0.8.1 is installed
OR bind-chrootenv-9.6ESVR5P1-0.8.1 is installed
OR bind-doc-9.6ESVR5P1-0.8.1 is installed
OR bind-libs-9.6ESVR5P1-0.8.1 is installed
OR bind-libs-32bit-9.6ESVR5P1-0.8.1 is installed
OR bind-libs-x86-9.6ESVR5P1-0.8.1 is installed
OR bind-utils-9.6ESVR5P1-0.8.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 11 SP4 is installed
AND binutils-2.24-3.62 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 is installed
AND Package Information
automake-1.13.4-4 is installed
OR m4-1.4.16-15 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP1 is installed
AND Package Information
bind-9.9.6P1-32.1 is installed
OR bind-chrootenv-9.9.6P1-32.1 is installed
OR bind-doc-9.9.6P1-32.1 is installed
OR bind-libs-9.9.6P1-32.1 is installed
OR bind-libs-32bit-9.9.6P1-32.1 is installed
OR bind-utils-9.9.6P1-32.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2 is installed
AND stunnel-5.00-3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3 is installed
AND apache-commons-httpclient-3.1-4 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP4 is installed
AND apache2-mod_nss-1.0.14-19.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12-LTSS is installed
AND Package Information
MozillaFirefox-45.3.0esr-78.1 is installed
OR MozillaFirefox-translations-45.3.0esr-78.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
AND procmail-3.22-269.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server for SAP Applications 12 is installed
AND apache2-mod_nss-1.0.14-10.14 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
AND Package Information
libasm-devel-0.158-6 is installed
OR libdw-devel-0.158-6 is installed
OR libebl-devel-0.158-6 is installed
OR libelf-devel-0.158-6 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Software Development Kit 12 SP3 is installed
AND Package Information
ImageMagick-6.8.8.1-70 is installed
OR ImageMagick-devel-6.8.8.1-70 is installed
OR libMagick++-6_Q16-3-6.8.8.1-70 is installed
OR libMagick++-devel-6.8.8.1-70 is installed
OR perl-PerlMagick-6.8.8.1-70 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
AND Package Information
ant-1.9.4-3.3 is installed
OR ant-jmf-1.9.4-3.3 is installed
OR ant-scripts-1.9.4-3.3 is installed
OR ant-swing-1.9.4-3.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Workstation Extension 12 is installed
AND icu-52.1-7.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Workstation Extension 12 SP1 is installed
AND Package Information
kernel-default-3.12.59-60.41.2 is installed
OR kernel-default-extra-3.12.59-60.41.2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Workstation Extension 12 SP2 is installed
AND Package Information
libpcrecpp0-8.39-5.1 is installed
OR libpcrecpp0-32bit-8.39-5.1 is installed
OR pcre-8.39-5.1 is installed
|