The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).
The following non-security bugs were fixed:
- cifs: add support for fallocate mode 0 for non-sparse files (bsc#1175122). - cifs: allow unlock flock and OFD lock across fork (bsc#1175122). - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1175122). - cifs: Avoid doing network I/O while holding cache lock (bsc#1175122). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1175122). - cifs: Clean up DFS referral cache (bsc#1175122). - cifs: document and cleanup dfs mount (bsc#1172428 bsc#1175122). - cifs: do not ignore the SYNC flags in getattr (bsc#1175122). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1175122). - cifs: do not share tcons with DFS (bsc#1175122). - cifs: ensure correct super block for DFS reconnect (bsc#1175122). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1175122). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1175122). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1172428 bsc#1175122). - cifs: fix double free error on share and prefix (bsc#1172428 bsc#1175122). - cifs: fix leaked reference on requeued write (bsc#1175122). - cifs: fix NULL dereference in match_prepath (bsc#1175122). - cifs: Fix null pointer check in cifs_read (bsc#1175122). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1175122). - cifs: fix potential mismatch of UNC paths (bsc#1175122). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1175122). - cifs: Fix return value in __update_cache_entry (bsc#1175122). - cifs: fix soft mounts hanging in the reconnect code (bsc#1175122). - cifs: Fix task struct use-after-free on reconnect (bsc#1175122). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1175122). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1175122). - cifs: Get rid of kstrdup_const()'d paths (bsc#1175122). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1175122). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1172428 bsc#1175122). - cifs: handle hostnames that resolve to same ip in failover (bsc#1175122). - cifs: handle prefix paths in reconnect (bsc#1175122). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1172428 bsc#1175122). - cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1175122). - cifs: Introduce helpers for finding TCP connection (bsc#1175122). - cifs: make sure we do not overflow the max EA buffer size (bsc#1175122). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1175122). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1172428 bsc#1175122). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1175122). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1175122). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1172428 bsc#1175122). - cifs: Optimize readdir on reparse points (bsc#1175122). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1175122). - cifs: protect updating server->dstaddr with a spinlock (bsc#1175122). - cifs: reduce number of referral requests in DFS link lookups (bsc#1172428 bsc#1175122). - cifs: rename reconn_inval_dfs_target() (bsc#1172428 bsc#1175122). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1175122). - cifs: set up next DFS target before generic_ip_connect() (bsc#1175122). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1175122). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1175122). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - smb3: fix performance regression with setting mtime (bsc#1175122). - smb3: query attributes on file close (bsc#1175122). - smb3: remove unused flag passed into close functions (bsc#1175122). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6-LTSS SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8