OVAL Reference oval:org.opensuse.security:def:52780

Oval Definition:

oval:org.opensuse.security:def:52780

Revision Date:	2020-12-01	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775). The following non-security bugs were fixed: - Merge ibmvnic reset fixes (bsc#1158755 ltc#182094). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
Family:	unix	Class:	patch
Status:		Reference(s):	1051510 1065729 1071995 1104967 1152107 1158755 1162002 1165631 1170011 1171078 1171673 1171732 1171868 1172257 1172775 1172781 1172782 1172783 1172999 1173265 1173280 1173514 1173567 1173573 1173659 1173999 1174000 1174115 1174462 1174543 718113 856729 922220 922221 922222 922223 923142 939998 942690 945443 945445 952062 955832 960341 965294 965296 967014 967015 977784 CVE-2006-7250 CVE-2008-4989 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2242 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-1146 CVE-2011-2199 CVE-2011-2511 CVE-2011-3172 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4128 CVE-2011-4576 CVE-2011-4577 CVE-2011-4600 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0390 CVE-2012-0884 CVE-2012-1165 CVE-2012-1569 CVE-2012-1573 CVE-2012-2110 CVE-2012-2686 CVE-2012-3445 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-0170 CVE-2013-1962 CVE-2013-1989 CVE-2013-2062 CVE-2013-2066 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4353 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-4509 CVE-2013-6436 CVE-2013-6449 CVE-2013-6450 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0076 CVE-2014-0092 CVE-2014-0160 CVE-2014-0179 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-1447 CVE-2014-1959 CVE-2014-2977 CVE-2014-2978 CVE-2014-3466 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-3633 CVE-2014-3657 CVE-2014-5139 CVE-2014-7823 CVE-2014-8136 CVE-2014-8275 CVE-2014-8564 CVE-2014-9140 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0236 CVE-2015-0261 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-0294 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2015-3216 CVE-2015-3622 CVE-2015-4000 CVE-2015-5247 CVE-2015-6251 CVE-2015-7554 CVE-2015-8025 CVE-2016-0702 CVE-2016-0705 CVE-2016-0794 CVE-2016-0795 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-6318 CVE-2016-7052 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 CVE-2017-3735 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 CVE-2020-1749 SUSE-SU-2015:0679-1 SUSE-SU-2015:2053-1 SUSE-SU-2016:0160-1 SUSE-SU-2016:1728-1 SUSE-SU-2020:1049-1 SUSE-SU-2020:2106-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 6-LTSS SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND hyper-v-7-lp150.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information libIlmImf-2_2-23-2.2.1-lp151.4.3 is installed OR libIlmImf-2_2-23-32bit-2.2.1-lp151.4.3 is installed OR libIlmImfUtil-2_2-23-2.2.1-lp151.4.3 is installed OR libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.3 is installed OR openexr-2.2.1-lp151.4.3 is installed OR openexr-devel-2.2.1-lp151.4.3 is installed OR openexr-doc-2.2.1-lp151.4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information libxml2-2.7.6-0.25 is installed OR libxml2-32bit-2.7.6-0.25 is installed OR libxml2-python-2.7.6-0.25 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information bind-9.9.6P1-0.19 is installed OR bind-libs-9.9.6P1-0.19 is installed OR bind-libs-32bit-9.9.6P1-0.19 is installed OR bind-utils-9.9.6P1-0.19 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information MozillaFirefox-38.2.1esr-19 is installed OR MozillaFirefox-branding-SLED-31.0-0.12 is installed OR MozillaFirefox-translations-38.2.1esr-19 is installed OR libfreebl3-3.19.2.0-0.16 is installed OR libfreebl3-32bit-3.19.2.0-0.16 is installed OR libsoftokn3-3.19.2.0-0.16 is installed OR libsoftokn3-32bit-3.19.2.0-0.16 is installed OR mozilla-nss-3.19.2.0-0.16 is installed OR mozilla-nss-32bit-3.19.2.0-0.16 is installed OR mozilla-nss-tools-3.19.2.0-0.16 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND tftp-5.2-8 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information gnutls-3.2.15-11 is installed OR libgnutls28-3.2.15-11 is installed OR libgnutls28-32bit-3.2.15-11 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-32bit-1.7.1-6 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information ibus-chewing-1.4.14-4 is installed OR ibus-pinyin-1.5.0-11 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information cracklib-2.9.0-7 is installed OR libcrack2-2.9.0-7 is installed OR libcrack2-32bit-2.9.0-7 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-default-4.12.14-150.55 is installed OR kernel-default-livepatch-4.12.14-150.55 is installed OR kernel-livepatch-4_12_14-150_55-default-1-1.3 is installed OR kernel-livepatch-SLE15_Update_19-1-1.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_37-default-2-2 is installed OR kernel-livepatch-SLE15-SP1_Update_10-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information coreutils-8.22-9 is installed OR coreutils-lang-8.22-9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_60-default-11-2 is installed OR kgraft-patch-3_12_74-60_64_60-xen-11-2 is installed OR kgraft-patch-SLE12-SP1_Update_21-11-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information strongswan-5.1.3-22 is installed OR strongswan-doc-5.1.3-22 is installed OR strongswan-hmac-5.1.3-22 is installed OR strongswan-ipsec-5.1.3-22 is installed OR strongswan-libs0-5.1.3-22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information MozillaFirefox-60.3.0-109.50 is installed OR MozillaFirefox-devel-60.3.0-109.50 is installed OR MozillaFirefox-translations-common-60.3.0-109.50 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kernel-default-4.4.121-92.85 is installed OR kernel-default-base-4.4.121-92.85 is installed OR kernel-default-devel-4.4.121-92.85 is installed OR kernel-devel-4.4.121-92.85 is installed OR kernel-macros-4.4.121-92.85 is installed OR kernel-source-4.4.121-92.85 is installed OR kernel-syms-4.4.121-92.85 is installed OR kgraft-patch-4_4_121-92_85-default-1-3.5 is installed OR kgraft-patch-SLE12-SP2_Update_23-1-3.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_103-92_53-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_16-4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND ft2demos-2.6.3-7.10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information MozillaFirefox-60.9.0-109.86 is installed OR MozillaFirefox-translations-common-60.9.0-109.86 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_97-default-4-2 is installed OR kgraft-patch-SLE12-SP3_Update_26-4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information bzip2-1.0.6-30.8 is installed OR bzip2-doc-1.0.6-30.8 is installed OR libbz2-1-1.0.6-30.8 is installed OR libbz2-1-32bit-1.0.6-30.8 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information xen-4.9.2_10-3.41 is installed OR xen-doc-html-4.9.2_10-3.41 is installed OR xen-libs-4.9.2_10-3.41 is installed OR xen-libs-32bit-4.9.2_10-3.41 is installed OR xen-tools-4.9.2_10-3.41 is installed OR xen-tools-domU-4.9.2_10-3.41 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND apache2-mod_jk-1.2.40-5 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information strongswan-5.1.3-26.13 is installed OR strongswan-doc-5.1.3-26.13 is installed OR strongswan-hmac-5.1.3-26.13 is installed OR strongswan-ipsec-5.1.3-26.13 is installed OR strongswan-libs0-5.1.3-26.13 is installed
Definition Synopsis
SUSE OpenStack Cloud 6-LTSS is installed AND docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.9 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information libpython3_4m1_0-3.4.10-25.45 is installed OR python3-3.4.10-25.45 is installed OR python3-base-3.4.10-25.45 is installed OR python3-curses-3.4.10-25.45 is installed OR python3-devel-3.4.10-25.45 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information MozillaFirefox-60.7.2-109.80 is installed OR MozillaFirefox-translations-common-60.7.2-109.80 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND python-Twisted-15.2.1-9.8 is installed

BACK