Oval Definition:	oval:org.opensuse.security:def:52792
Revision Date: 2020-12-01 Version: 1 Title: Security update for the Linux Kernel (Live Patch 16 for SLE 15) (Important) Description: This update for the Linux Kernel 4.12.14-150_41 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). - CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518). Family: unix Class: patch Status: Reference(s): 1171252 1171254 1175992 1176012 1176072 1176382 1176896 907268 937085 939523 947104 954256 954980 957812 957813 957815 960996 962743 CVE-2004-2771 CVE-2008-5984 CVE-2009-0793 CVE-2010-1205 CVE-2010-2529 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3026 CVE-2011-3048 CVE-2011-3328 CVE-2011-3464 CVE-2012-0862 CVE-2012-2369 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2012-3386 CVE-2013-0157 CVE-2013-4276 CVE-2013-4342 CVE-2014-2524 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-7844 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 CVE-2014-9114 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-4871 CVE-2015-5218 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2015-8833 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2016-10087 CVE-2016-5011 CVE-2020-0431 CVE-2020-12653 CVE-2020-12654 CVE-2020-14381 CVE-2020-14386 CVE-2020-24394 CVE-2020-25212 SUSE-SU-2015:2237-1 SUSE-SU-2016:0027-1 SUSE-SU-2016:0265-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information kernel-default-4.12.14-lp150.11 is installed OR kernel-vanilla-base-4.12.14-lp150.11 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libpython2_7-1_0-2.7.14-lp151.10.3 is installed OR libpython2_7-1_0-32bit-2.7.14-lp151.10.3 is installed OR python-2.7.14-lp151.10.3 is installed OR python-32bit-2.7.14-lp151.10.3 is installed OR python-base-2.7.14-lp151.10.3 is installed OR python-base-32bit-2.7.14-lp151.10.3 is installed OR python-curses-2.7.14-lp151.10.3 is installed OR python-demo-2.7.14-lp151.10.3 is installed OR python-devel-2.7.14-lp151.10.3 is installed OR python-doc-2.7.14-lp151.10.3 is installed OR python-doc-pdf-2.7.14-lp151.10.3 is installed OR python-gdbm-2.7.14-lp151.10.3 is installed OR python-idle-2.7.14-lp151.10.3 is installed OR python-tk-2.7.14-lp151.10.3 is installed OR python-xml-2.7.14-lp151.10.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND ruby-1.8.7.p357-0.9.13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-31.6.0esr-0.8 is installed OR MozillaFirefox-translations-31.6.0esr-0.8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND foomatic-filters-3.0.2-269.39 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND xinetd-2.3.15-7 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND iputils-s20121221-2 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information bash-4.3-78 is installed OR bash-doc-4.3-78 is installed OR bash-lang-4.3-78 is installed OR libreadline6-6.3-78 is installed OR libreadline6-32bit-6.3-78 is installed OR readline-doc-6.3-78 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information lcms-1.19-17 is installed OR liblcms1-1.19-17 is installed OR liblcms1-32bit-1.19-17 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information dia-0.97.3-15 is installed OR dia-lang-0.97.3-15 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-150_41-default-7-2 is installed OR kernel-livepatch-SLE15_Update_16-7-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_4-default-10-2 is installed OR kernel-livepatch-SLE15-SP1_Update_1-10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information dbus-1-glib-0.100.2-3 is installed OR dbus-1-glib-32bit-0.100.2-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information xorg-x11-server-7.6_1.15.2-53.3 is installed OR xorg-x11-server-extra-7.6_1.15.2-53.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information apache-commons-daemon-1.0.15-4 is installed OR apache-commons-daemon-javadoc-1.0.15-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information qemu-2.6.2-41.46 is installed OR qemu-block-curl-2.6.2-41.46 is installed OR qemu-block-rbd-2.6.2-41.46 is installed OR qemu-block-ssh-2.6.2-41.46 is installed OR qemu-guest-agent-2.6.2-41.46 is installed OR qemu-ipxe-1.0.0-41.46 is installed OR qemu-kvm-2.6.2-41.46 is installed OR qemu-lang-2.6.2-41.46 is installed OR qemu-seabios-1.9.1-41.46 is installed OR qemu-sgabios-8-41.46 is installed OR qemu-tools-2.6.2-41.46 is installed OR qemu-vgabios-1.9.1-41.46 is installed OR qemu-x86-2.6.2-41.46 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information xen-4.7.6_04-43.39 is installed OR xen-doc-html-4.7.6_04-43.39 is installed OR xen-libs-4.7.6_04-43.39 is installed OR xen-libs-32bit-4.7.6_04-43.39 is installed OR xen-tools-4.7.6_04-43.39 is installed OR xen-tools-domU-4.7.6_04-43.39 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_32-default-8-2 is installed OR kgraft-patch-SLE12-SP2_Update_11-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gnome-settings-daemon-3.20.1-49 is installed OR gnome-settings-daemon-lang-3.20.1-49 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND gdb-8.3.1-2.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libsolv-0.6.36-2.27.19 is installed OR libsolv-tools-0.6.36-2.27.19 is installed OR libzypp-16.20.2-27.60 is installed OR perl-solv-0.6.36-2.27.19 is installed OR python-solv-0.6.36-2.27.19 is installed OR zypper-1.13.54-18.40 is installed OR zypper-log-1.13.54-18.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libpython3_4m1_0-3.4.6-25.16 is installed OR python3-3.4.6-25.16 is installed OR python3-base-3.4.6-25.16 is installed OR python3-curses-3.4.6-25.16 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND ant-1.9.4-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information grafana-4.5.1-4.3 is installed OR kafka-0.9.0.1-5.3 is installed OR logstash-2.4.1-5.4 is installed OR openstack-monasca-installer-20180622_15.06-3.6 is installed
BACK