Revision Date: | 2020-12-01 | Version: | 1 |
Title: | Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important) |
Description: |
This update for the Linux Kernel 4.12.14-150_14 fixes several issues.
The following security issues were fixed:
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191).
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1124729 1124734 1126284 1128378 1133191 1136446 1136935 1137597 847880 901361 901553 921999 926597 927806 927807 927808 929678 929688 931698 933898 933911 934487 934489 934491 934493 CVE-2010-0624 CVE-2011-0460 CVE-2011-0461 CVE-2011-3177 CVE-2012-3355 CVE-2013-6369 CVE-2013-6370 CVE-2013-6371 CVE-2014-2524 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2014-3566 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2015-0295 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2015-2806 CVE-2015-3216 CVE-2015-3451 CVE-2015-4000 CVE-2016-6321 CVE-2017-13080 CVE-2017-13081 CVE-2017-5715 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 SUSE-SU-2015:1143-1 SUSE-SU-2015:1359-1
|
Platform(s): | openSUSE Leap 15.0 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8
| Product(s): | |
Definition Synopsis |
openSUSE Leap 15.0 is installed AND Package Information
firewall-macros-0.5.3-lp150.1 is installed
OR firewalld-0.5.3-lp150.1 is installed
OR firewalld-lang-0.5.3-lp150.1 is installed
OR python3-firewall-0.5.3-lp150.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 11 SP2 is installed
AND Package Information
MozillaFirefox-10.0.9-0.3 is installed
OR MozillaFirefox-branding-SLED-7-0.6.7 is installed
OR MozillaFirefox-translations-10.0.9-0.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 11 SP3 is installed
AND Package Information
grub2-2.00-0.49 is installed
OR grub2-x86_64-efi-2.00-0.49 is installed
OR grub2-x86_64-xen-2.00-0.49 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 11 SP4 is installed
AND Package Information
java-1_7_0-openjdk-1.7.0.95-0.17 is installed
OR java-1_7_0-openjdk-demo-1.7.0.95-0.17 is installed
OR java-1_7_0-openjdk-devel-1.7.0.95-0.17 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 is installed
AND Package Information
libjson-c2-0.11-2 is installed
OR libjson-c2-32bit-0.11-2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP1 is installed
AND Package Information
aaa_base-13.2+git20140911.61c1681-9 is installed
OR aaa_base-extras-13.2+git20140911.61c1681-9 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP2 is installed
AND Package Information
bash-4.3-78 is installed
OR bash-doc-4.3-78 is installed
OR bash-lang-4.3-78 is installed
OR libreadline6-6.3-78 is installed
OR libreadline6-32bit-6.3-78 is installed
OR readline-doc-6.3-78 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP3 is installed
AND Package Information
libjbig2-2.0-12 is installed
OR libjbig2-32bit-2.0-12 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP4 is installed
AND Package Information
kernel-firmware-20180525-3 is installed
OR ucode-amd-20180525-3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Live Patching 15 is installed
AND Package Information
kernel-livepatch-4_12_14-150_14-default-2-2 is installed
OR kernel-livepatch-SLE15_Update_9-2-2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP1 is installed
AND Package Information
DirectFB-1.7.1-4 is installed
OR lib++dfb-1_7-1-1.7.1-4 is installed
OR libdirectfb-1_7-1-1.7.1-4 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP1-LTSS is installed
AND Package Information
kernel-default-3.12.74-60.64.45 is installed
OR kernel-default-base-3.12.74-60.64.45 is installed
OR kernel-default-devel-3.12.74-60.64.45 is installed
OR kernel-default-man-3.12.74-60.64.45 is installed
OR kernel-devel-3.12.74-60.64.45 is installed
OR kernel-macros-3.12.74-60.64.45 is installed
OR kernel-source-3.12.74-60.64.45 is installed
OR kernel-syms-3.12.74-60.64.45 is installed
OR kernel-xen-3.12.74-60.64.45 is installed
OR kernel-xen-base-3.12.74-60.64.45 is installed
OR kernel-xen-devel-3.12.74-60.64.45 is installed
OR kgraft-patch-3_12_74-60_64_45-default-1-4 is installed
OR kgraft-patch-3_12_74-60_64_45-xen-1-4 is installed
OR kgraft-patch-SLE12-SP1_Update_16-1-4 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2 is installed
AND libpng15-15-1.5.22-4 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2-BCL is installed
AND Package Information
libopenssl-devel-1.0.2j-60.46 is installed
OR libopenssl1_0_0-1.0.2j-60.46 is installed
OR libopenssl1_0_0-32bit-1.0.2j-60.46 is installed
OR libopenssl1_0_0-hmac-1.0.2j-60.46 is installed
OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.46 is installed
OR openssl-1.0.2j-60.46 is installed
OR openssl-doc-1.0.2j-60.46 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
AND ucode-intel-20190514-13.44 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2-LTSS is installed
AND binutils-2.31-9.26 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3 is installed
AND Package Information
audiofile-0.3.6-10 is installed
OR libaudiofile1-0.3.6-10 is installed
OR libaudiofile1-32bit-0.3.6-10 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-BCL is installed
AND Package Information
nfs-client-1.3.0-34.22 is installed
OR nfs-doc-1.3.0-34.22 is installed
OR nfs-kernel-server-1.3.0-34.22 is installed
OR nfs-utils-1.3.0-34.22 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
AND Package Information
MozillaFirefox-60.8.0-109.83 is installed
OR MozillaFirefox-translations-common-60.8.0-109.83 is installed
OR libfreebl3-3.44.1-58.28 is installed
OR libfreebl3-32bit-3.44.1-58.28 is installed
OR libfreebl3-hmac-3.44.1-58.28 is installed
OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed
OR libsoftokn3-3.44.1-58.28 is installed
OR libsoftokn3-32bit-3.44.1-58.28 is installed
OR libsoftokn3-hmac-3.44.1-58.28 is installed
OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed
OR mozilla-nss-3.44.1-58.28 is installed
OR mozilla-nss-32bit-3.44.1-58.28 is installed
OR mozilla-nss-certs-3.44.1-58.28 is installed
OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed
OR mozilla-nss-sysinit-3.44.1-58.28 is installed
OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed
OR mozilla-nss-tools-3.44.1-58.28 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-LTSS is installed
AND sudo-1.8.20p2-3.17 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
AND Package Information
curl-7.37.0-37.26 is installed
OR libcurl4-7.37.0-37.26 is installed
OR libcurl4-32bit-7.37.0-37.26 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP4 is installed
AND Package Information
cups-pk-helper-0.2.5-5 is installed
OR cups-pk-helper-lang-0.2.5-5 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud 6 is installed
AND docker-1.10.3-66 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud 7 is installed
AND Package Information
openstack-cinder-9.1.5~dev6-4.21 is installed
OR openstack-cinder-api-9.1.5~dev6-4.21 is installed
OR openstack-cinder-backup-9.1.5~dev6-4.21 is installed
OR openstack-cinder-doc-9.1.5~dev6-4.21 is installed
OR openstack-cinder-scheduler-9.1.5~dev6-4.21 is installed
OR openstack-cinder-volume-9.1.5~dev6-4.21 is installed
OR openstack-horizon-plugin-designate-ui-3.0.2~dev1-3.9 is installed
OR openstack-neutron-9.4.2~dev21-7.27 is installed
OR openstack-neutron-dhcp-agent-9.4.2~dev21-7.27 is installed
OR openstack-neutron-doc-9.4.2~dev21-7.27 is installed
OR openstack-neutron-ha-tool-9.4.2~dev21-7.27 is installed
OR openstack-neutron-l3-agent-9.4.2~dev21-7.27 is installed
OR openstack-neutron-lbaas-9.2.2~dev11-4.15 is installed
OR openstack-neutron-lbaas-agent-9.2.2~dev11-4.15 is installed
OR openstack-neutron-lbaas-doc-9.2.2~dev11-4.15 is installed
OR openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.27 is installed
OR openstack-neutron-macvtap-agent-9.4.2~dev21-7.27 is installed
OR openstack-neutron-metadata-agent-9.4.2~dev21-7.27 is installed
OR openstack-neutron-metering-agent-9.4.2~dev21-7.27 is installed
OR openstack-neutron-openvswitch-agent-9.4.2~dev21-7.27 is installed
OR openstack-neutron-server-9.4.2~dev21-7.27 is installed
OR python-cinder-9.1.5~dev6-4.21 is installed
OR python-horizon-plugin-designate-ui-3.0.2~dev1-3.9 is installed
OR python-neutron-9.4.2~dev21-7.27 is installed
OR python-neutron-lbaas-9.2.2~dev11-4.15 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud 8 is installed
AND Package Information
kernel-default-4.4.180-94.103 is installed
OR kernel-default-base-4.4.180-94.103 is installed
OR kernel-default-devel-4.4.180-94.103 is installed
OR kernel-devel-4.4.180-94.103 is installed
OR kernel-macros-4.4.180-94.103 is installed
OR kernel-source-4.4.180-94.103 is installed
OR kernel-syms-4.4.180-94.103 is installed
OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed
OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud Crowbar 8 is installed
AND Package Information
ghostscript-9.27-23.31 is installed
OR ghostscript-x11-9.27-23.31 is installed
|