Oval Definition:	oval:org.opensuse.security:def:52893
Revision Date: 2020-12-01 Version: 1 Title: Security update for the Linux Kernel (Critical) Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). The following non-security bugs were fixed: - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748). - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748). - nvme: fix possible io failures when removing multipathed ns (bsc#1174748). - nvme: make nvme_identify_ns propagate errors back (bsc#1174748). Refresh: - patches.suse/nvme-flush-scan_work-when-resetting-controller.patch - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748). - nvme-multipath: do not reset on unknown status (bsc#1174748). - nvme: Namepace identification descriptor list is optional (bsc#1174748). - nvme: pass status to nvme_error_status (bsc#1174748). - nvme-rdma: Avoid double freeing of async event data (bsc#1174748). - nvme: return error from nvme_alloc_ns() (bsc#1174748). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - scsi-hisi-kabi-fixes.patch - scsi-hisi-kabi-fixes.patch - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683). - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683). - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683). - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683). - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683). - scsi: hisi_sas: Do some more tidy-up (bsc#1140683). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh: - scsi-hisi_sas-Issue-internal-abort-on-all-relevant-q.patch - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update: - scsi: hisi_sas: Some misc tidy-up (bsc#1140683). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). Family: unix Class: patch Status: Reference(s): 1065729 1101888 1101889 1140683 1172538 1174748 1175520 1176400 1176946 1177027 1177340 1177511 1177685 1177724 1177725 910764 911792 939367 969820 972907 983232 983234 983253 983259 983292 983305 983308 983521 983523 983527 983533 983739 983746 983752 983774 983794 983796 983799 983803 984014 984018 984023 984028 984032 984035 984135 984137 984142 984144 984145 984149 984150 984160 984166 984172 984179 984181 984183 984184 984185 984186 984187 984191 984193 984370 984372 984373 984374 984375 984379 984394 984398 984400 984401 984404 984406 984408 984409 984427 984433 984436 985442 985448 985451 985456 985460 986608 986609 CVE-2007-4129 CVE-2008-1420 CVE-2009-0159 CVE-2009-1252 CVE-2009-3379 CVE-2011-3848 CVE-2011-3872 CVE-2012-0444 CVE-2012-0804 CVE-2012-2150 CVE-2012-3864 CVE-2012-3865 CVE-2012-3866 CVE-2012-3867 CVE-2013-1985 CVE-2013-1989 CVE-2013-2066 CVE-2013-2126 CVE-2013-2127 CVE-2013-3567 CVE-2013-4761 CVE-2013-4956 CVE-2013-5211 CVE-2014-1829 CVE-2014-1830 CVE-2014-3248 CVE-2014-3253 CVE-2014-9293 CVE-2014-9293 CVE-2014-9294 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9297 CVE-2014-9298 CVE-2014-9298 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2015-1798 CVE-2015-1799 CVE-2015-2296 CVE-2015-3405 CVE-2015-5276 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-2774 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2017-12836 CVE-2018-14394 CVE-2018-14395 CVE-2020-12351 CVE-2020-12352 CVE-2020-25645 SUSE-SU-2015:0274-1 SUSE-SU-2015:2384-1 SUSE-SU-2016:1784-1 SUSE-SU-2016:1791-1 SUSE-SU-2019:1299-1 SUSE-SU-2020:2972-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information alsa-1.1.5-lp150.4 is installed OR libasound2-1.1.5-lp150.4 is installed OR libasound2-32bit-1.1.5-lp150.4 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information update-test-32bit-pkg-5.1-lp151.12 is installed OR update-test-affects-package-manager-5.1-lp151.12 is installed OR update-test-broken-5.1-lp151.12 is installed OR update-test-feature-5.1-lp151.12 is installed OR update-test-interactive-5.1-lp151.12 is installed OR update-test-optional-5.1-lp151.12 is installed OR update-test-reboot-needed-5.1-lp151.12 is installed OR update-test-relogin-suggested-5.1-lp151.12 is installed OR update-test-security-5.1-lp151.12 is installed OR update-test-trivial-5.1-lp151.12 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information dhcp-4.2.4.P2-0.11.13 is installed OR dhcp-client-4.2.4.P2-0.11.13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information gnutls-2.4.1-24.39.51 is installed OR libgnutls26-2.4.1-24.39.51 is installed OR libgnutls26-32bit-2.4.1-24.39.51 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information gnutls-2.4.1-24.39.57 is installed OR libgnutls26-2.4.1-24.39.57 is installed OR libgnutls26-32bit-2.4.1-24.39.57 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information ntp-4.2.6p5-37 is installed OR ntp-doc-4.2.6p5-37 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libXinerama1-1.1.3-3 is installed OR libXinerama1-32bit-1.1.3-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND coolkey-1.1.0-147 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND libraw9-0.15.4-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND cvs-1.12.12-182.3 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information ffmpeg-3.4.2-4.17 is installed OR libavdevice57-3.4.2-4.17 is installed OR libavfilter6-3.4.2-4.17 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.64 is installed OR kernel-default-livepatch-4.12.14-197.64 is installed OR kernel-default-livepatch-devel-4.12.14-197.64 is installed OR kernel-livepatch-4_12_14-197_64-default-1-3.3 is installed OR kernel-livepatch-SLE15-SP1_Update_17-1-3.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information avahi-0.6.31-20 is installed OR avahi-lang-0.6.31-20 is installed OR avahi-utils-0.6.31-20 is installed OR libavahi-client3-0.6.31-20 is installed OR libavahi-client3-32bit-0.6.31-20 is installed OR libavahi-common3-0.6.31-20 is installed OR libavahi-common3-32bit-0.6.31-20 is installed OR libavahi-core7-0.6.31-20 is installed OR libdns_sd-0.6.31-20 is installed OR libdns_sd-32bit-0.6.31-20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information icu-52.1-8.7 is installed OR libicu-doc-52.1-8.7 is installed OR libicu52_1-52.1-8.7 is installed OR libicu52_1-32bit-52.1-8.7 is installed OR libicu52_1-data-52.1-8.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libXcursor1-1.1.14-3 is installed OR libXcursor1-32bit-1.1.14-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information qemu-2.6.2-41.40 is installed OR qemu-block-curl-2.6.2-41.40 is installed OR qemu-block-rbd-2.6.2-41.40 is installed OR qemu-block-ssh-2.6.2-41.40 is installed OR qemu-guest-agent-2.6.2-41.40 is installed OR qemu-ipxe-1.0.0-41.40 is installed OR qemu-kvm-2.6.2-41.40 is installed OR qemu-lang-2.6.2-41.40 is installed OR qemu-seabios-1.9.1-41.40 is installed OR qemu-sgabios-8-41.40 is installed OR qemu-tools-2.6.2-41.40 is installed OR qemu-vgabios-1.9.1-41.40 is installed OR qemu-x86-2.6.2-41.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-8-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND apache-commons-httpclient-3.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information nfs-client-1.3.0-34.22 is installed OR nfs-doc-1.3.0-34.22 is installed OR nfs-kernel-server-1.3.0-34.22 is installed OR nfs-utils-1.3.0-34.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information evince-3.20.2-6.27 is installed OR evince-browser-plugin-3.20.2-6.27 is installed OR evince-lang-3.20.2-6.27 is installed OR evince-plugin-djvudocument-3.20.2-6.27 is installed OR evince-plugin-dvidocument-3.20.2-6.27 is installed OR evince-plugin-pdfdocument-3.20.2-6.27 is installed OR evince-plugin-psdocument-3.20.2-6.27 is installed OR evince-plugin-tiffdocument-3.20.2-6.27 is installed OR evince-plugin-xpsdocument-3.20.2-6.27 is installed OR libevdocument3-4-3.20.2-6.27 is installed OR libevview3-3-3.20.2-6.27 is installed OR nautilus-evince-3.20.2-6.27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libcgroup-0.41.rc1-10.9 is installed OR libcgroup-tools-0.41.rc1-10.9 is installed OR libcgroup1-0.41.rc1-10.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND gd-2.1.0-24.9 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information res-signingkeys-3.0.38-52.26 is installed OR smt-3.0.38-52.26 is installed OR smt-support-3.0.38-52.26 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libpng16-1.6.8-15.5 is installed OR libpng16-16-1.6.8-15.5 is installed OR libpng16-16-32bit-1.6.8-15.5 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND python-ecdsa-0.13.3-5.10 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND couchdb-1.7.2-3.3 is installed
BACK