Oval Definition:oval:org.opensuse.security:def:53515
Revision Date:2020-12-01Version:1
Title:Security update for the Linux Kernel (Important)
Description:





The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775).

The following non-security bugs were fixed:

- Merge ibmvnic reset fixes (bsc#1158755 ltc#182094). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
Family:unixClass:patch
Status:Reference(s):1000102
1017308
1017310
1017311
1017312
1017313
1017314
1017318
1017319
1017320
1017321
1017322
1017324
1017325
1017326
1017421
1020433
1020435
1020436
1020439
1020441
1020443
1020446
1020448
1051510
1065386
1065729
1071995
1077983
1081959
1081961
1081962
1085207
1104967
1152107
1158755
1162002
1162202
1162675
1170011
1171078
1171673
1171732
1171868
1172257
1172775
1172781
1172782
1172783
1172999
1173265
1173280
1173514
1173567
1173573
1173659
1173999
1174000
1174115
1174462
1174543
387731
925225
958501
976942
976943
977614
977615
977616
977617
977621
987553
CVE-2004-2779
CVE-2008-2109
CVE-2010-2529
CVE-2014-8119
CVE-2015-3451
CVE-2015-5191
CVE-2015-7555
CVE-2016-10046
CVE-2016-10048
CVE-2016-10049
CVE-2016-10050
CVE-2016-10051
CVE-2016-10052
CVE-2016-10059
CVE-2016-10060
CVE-2016-10061
CVE-2016-10062
CVE-2016-10063
CVE-2016-10064
CVE-2016-10065
CVE-2016-10068
CVE-2016-10069
CVE-2016-10070
CVE-2016-10071
CVE-2016-10144
CVE-2016-10145
CVE-2016-10146
CVE-2016-10324
CVE-2016-10325
CVE-2016-10326
CVE-2016-2105
CVE-2016-2106
CVE-2016-2107
CVE-2016-2108
CVE-2016-2109
CVE-2016-3977
CVE-2016-4324
CVE-2017-11550
CVE-2017-11551
CVE-2017-16612
CVE-2017-5506
CVE-2017-5507
CVE-2017-5508
CVE-2017-5510
CVE-2017-5511
CVE-2017-5715
CVE-2017-6507
CVE-2017-7853
CVE-2018-1053
CVE-2019-16746
CVE-2019-18634
CVE-2019-20908
CVE-2020-0305
CVE-2020-10766
CVE-2020-10767
CVE-2020-10768
CVE-2020-10769
CVE-2020-10773
CVE-2020-12771
CVE-2020-12888
CVE-2020-13974
CVE-2020-14416
CVE-2020-15393
CVE-2020-15780
SUSE-SU-2015:1249-1
SUSE-SU-2016:1228-1
SUSE-SU-2016:2472-1
SUSE-SU-2017:0529-1
SUSE-SU-2017:3214-1
SUSE-SU-2018:0507-1
SUSE-SU-2018:0708-1
SUSE-SU-2018:0722-1
SUSE-SU-2020:0408-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • apache2-2.4.33-lp150.1 is installed
  • OR apache2-doc-2.4.33-lp150.1 is installed
  • OR apache2-example-pages-2.4.33-lp150.1 is installed
  • OR apache2-prefork-2.4.33-lp150.1 is installed
  • OR apache2-utils-2.4.33-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • bind-9.11.2-lp151.11.3 is installed
  • OR bind-chrootenv-9.11.2-lp151.11.3 is installed
  • OR bind-devel-9.11.2-lp151.11.3 is installed
  • OR bind-devel-32bit-9.11.2-lp151.11.3 is installed
  • OR bind-doc-9.11.2-lp151.11.3 is installed
  • OR bind-lwresd-9.11.2-lp151.11.3 is installed
  • OR bind-utils-9.11.2-lp151.11.3 is installed
  • OR libbind9-160-9.11.2-lp151.11.3 is installed
  • OR libbind9-160-32bit-9.11.2-lp151.11.3 is installed
  • OR libdns169-9.11.2-lp151.11.3 is installed
  • OR libdns169-32bit-9.11.2-lp151.11.3 is installed
  • OR libirs-devel-9.11.2-lp151.11.3 is installed
  • OR libirs160-9.11.2-lp151.11.3 is installed
  • OR libirs160-32bit-9.11.2-lp151.11.3 is installed
  • OR libisc166-9.11.2-lp151.11.3 is installed
  • OR libisc166-32bit-9.11.2-lp151.11.3 is installed
  • OR libisccc160-9.11.2-lp151.11.3 is installed
  • OR libisccc160-32bit-9.11.2-lp151.11.3 is installed
  • OR libisccfg160-9.11.2-lp151.11.3 is installed
  • OR libisccfg160-32bit-9.11.2-lp151.11.3 is installed
  • OR liblwres160-9.11.2-lp151.11.3 is installed
  • OR liblwres160-32bit-9.11.2-lp151.11.3 is installed
  • OR python3-bind-9.11.2-lp151.11.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • freetype2-2.3.7-25.32 is installed
  • OR freetype2-32bit-2.3.7-25.32 is installed
  • OR freetype2-devel-2.3.7-25.32 is installed
  • OR ft2demos-2.3.7-25.32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • cups-1.3.9-8.46.52 is installed
  • OR cups-client-1.3.9-8.46.52 is installed
  • OR cups-libs-1.3.9-8.46.52 is installed
  • OR cups-libs-32bit-1.3.9-8.46.52 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • krb5-1.6.3-133.49.97 is installed
  • OR krb5-32bit-1.6.3-133.49.97 is installed
  • OR krb5-client-1.6.3-133.49.97 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • augeas-1.2.0-3 is installed
  • OR libaugeas0-1.2.0-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • libreoffice-5.1.5.2-29 is installed
  • OR libreoffice-base-5.1.5.2-29 is installed
  • OR libreoffice-base-drivers-mysql-5.1.5.2-29 is installed
  • OR libreoffice-base-drivers-postgresql-5.1.5.2-29 is installed
  • OR libreoffice-calc-5.1.5.2-29 is installed
  • OR libreoffice-calc-extensions-5.1.5.2-29 is installed
  • OR libreoffice-draw-5.1.5.2-29 is installed
  • OR libreoffice-filters-optional-5.1.5.2-29 is installed
  • OR libreoffice-gnome-5.1.5.2-29 is installed
  • OR libreoffice-icon-theme-galaxy-5.1.5.2-29 is installed
  • OR libreoffice-icon-theme-tango-5.1.5.2-29 is installed
  • OR libreoffice-impress-5.1.5.2-29 is installed
  • OR libreoffice-l10n-af-5.1.5.2-29 is installed
  • OR libreoffice-l10n-ar-5.1.5.2-29 is installed
  • OR libreoffice-l10n-ca-5.1.5.2-29 is installed
  • OR libreoffice-l10n-cs-5.1.5.2-29 is installed
  • OR libreoffice-l10n-da-5.1.5.2-29 is installed
  • OR libreoffice-l10n-de-5.1.5.2-29 is installed
  • OR libreoffice-l10n-en-5.1.5.2-29 is installed
  • OR libreoffice-l10n-es-5.1.5.2-29 is installed
  • OR libreoffice-l10n-fi-5.1.5.2-29 is installed
  • OR libreoffice-l10n-fr-5.1.5.2-29 is installed
  • OR libreoffice-l10n-gu-5.1.5.2-29 is installed
  • OR libreoffice-l10n-hi-5.1.5.2-29 is installed
  • OR libreoffice-l10n-hu-5.1.5.2-29 is installed
  • OR libreoffice-l10n-it-5.1.5.2-29 is installed
  • OR libreoffice-l10n-ja-5.1.5.2-29 is installed
  • OR libreoffice-l10n-ko-5.1.5.2-29 is installed
  • OR libreoffice-l10n-nb-5.1.5.2-29 is installed
  • OR libreoffice-l10n-nl-5.1.5.2-29 is installed
  • OR libreoffice-l10n-nn-5.1.5.2-29 is installed
  • OR libreoffice-l10n-pl-5.1.5.2-29 is installed
  • OR libreoffice-l10n-pt-BR-5.1.5.2-29 is installed
  • OR libreoffice-l10n-pt-PT-5.1.5.2-29 is installed
  • OR libreoffice-l10n-ru-5.1.5.2-29 is installed
  • OR libreoffice-l10n-sk-5.1.5.2-29 is installed
  • OR libreoffice-l10n-sv-5.1.5.2-29 is installed
  • OR libreoffice-l10n-xh-5.1.5.2-29 is installed
  • OR libreoffice-l10n-zh-Hans-5.1.5.2-29 is installed
  • OR libreoffice-l10n-zh-Hant-5.1.5.2-29 is installed
  • OR libreoffice-l10n-zu-5.1.5.2-29 is installed
  • OR libreoffice-mailmerge-5.1.5.2-29 is installed
  • OR libreoffice-math-5.1.5.2-29 is installed
  • OR libreoffice-officebean-5.1.5.2-29 is installed
  • OR libreoffice-pyuno-5.1.5.2-29 is installed
  • OR libreoffice-writer-5.1.5.2-29 is installed
  • OR libreoffice-writer-extensions-5.1.5.2-29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • libXcursor-1.1.14-4.3 is installed
  • OR libXcursor1-1.1.14-4.3 is installed
  • OR libXcursor1-32bit-1.1.14-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libgif6-5.0.5-12 is installed
  • OR libgif6-32bit-5.0.5-12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • apparmor-docs-2.8.2-49 is installed
  • OR apparmor-parser-2.8.2-49 is installed
  • OR apparmor-profiles-2.8.2-49 is installed
  • OR apparmor-utils-2.8.2-49 is installed
  • OR libapparmor1-2.8.2-49 is installed
  • OR libapparmor1-32bit-2.8.2-49 is installed
  • OR pam_apparmor-2.8.2-49 is installed
  • OR pam_apparmor-32bit-2.8.2-49 is installed
  • OR perl-apparmor-2.8.2-49 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • MozillaFirefox-38.4.0esr-51 is installed
  • OR MozillaFirefox-translations-38.4.0esr-51 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_69-60_64_35-default-7-2 is installed
  • OR kgraft-patch-3_12_69-60_64_35-xen-7-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_14-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • gnutls-3.2.15-11 is installed
  • OR libgnutls-openssl27-3.2.15-11 is installed
  • OR libgnutls28-3.2.15-11 is installed
  • OR libgnutls28-32bit-3.2.15-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • apache2-2.4.23-29.24 is installed
  • OR apache2-doc-2.4.23-29.24 is installed
  • OR apache2-example-pages-2.4.23-29.24 is installed
  • OR apache2-prefork-2.4.23-29.24 is installed
  • OR apache2-utils-2.4.23-29.24 is installed
  • OR apache2-worker-2.4.23-29.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • bash-4.3-83.10 is installed
  • OR bash-doc-4.3-83.10 is installed
  • OR libreadline6-6.3-83.10 is installed
  • OR libreadline6-32bit-6.3-83.10 is installed
  • OR readline-doc-6.3-83.10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • xen-4.7.5_04-43.33 is installed
  • OR xen-doc-html-4.7.5_04-43.33 is installed
  • OR xen-libs-4.7.5_04-43.33 is installed
  • OR xen-libs-32bit-4.7.5_04-43.33 is installed
  • OR xen-tools-4.7.5_04-43.33 is installed
  • OR xen-tools-domU-4.7.5_04-43.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • curl-7.37.0-36 is installed
  • OR libcurl4-7.37.0-36 is installed
  • OR libcurl4-32bit-7.37.0-36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND log4j-1.2.15-126.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_156-94_57-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_18-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • xen-4.9.2_10-3.41 is installed
  • OR xen-doc-html-4.9.2_10-3.41 is installed
  • OR xen-libs-4.9.2_10-3.41 is installed
  • OR xen-libs-32bit-4.9.2_10-3.41 is installed
  • OR xen-tools-4.9.2_10-3.41 is installed
  • OR xen-tools-domU-4.9.2_10-3.41 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND libXfont1-1.5.1-11.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND Package Information
  • kernel-default-4.12.14-150.55 is installed
  • OR kernel-default-base-4.12.14-150.55 is installed
  • OR kernel-default-devel-4.12.14-150.55 is installed
  • OR kernel-default-man-4.12.14-150.55 is installed
  • OR kernel-devel-4.12.14-150.55 is installed
  • OR kernel-docs-4.12.14-150.55 is installed
  • OR kernel-macros-4.12.14-150.55 is installed
  • OR kernel-obs-build-4.12.14-150.55 is installed
  • OR kernel-source-4.12.14-150.55 is installed
  • OR kernel-syms-4.12.14-150.55 is installed
  • OR kernel-vanilla-4.12.14-150.55 is installed
  • OR kernel-vanilla-base-4.12.14-150.55 is installed
  • OR kernel-zfcpdump-4.12.14-150.55 is installed
  • OR reiserfs-kmp-default-4.12.14-150.55 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • containerd-0.2.4+gitr565_0366d7e-9 is installed
  • OR docker-1.12.3-81 is installed
  • OR runc-0.1.1+gitr2816_02f8fa7-9 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • apache2-2.4.23-29.27 is installed
  • OR apache2-doc-2.4.23-29.27 is installed
  • OR apache2-example-pages-2.4.23-29.27 is installed
  • OR apache2-prefork-2.4.23-29.27 is installed
  • OR apache2-utils-2.4.23-29.27 is installed
  • OR apache2-worker-2.4.23-29.27 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libmysqlclient18-10.0.38-29.27 is installed
  • OR mariadb-10.0.38-29.27 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • xen-4.9.4_06-3.59 is installed
  • OR xen-doc-html-4.9.4_06-3.59 is installed
  • OR xen-libs-4.9.4_06-3.59 is installed
  • OR xen-libs-32bit-4.9.4_06-3.59 is installed
  • OR xen-tools-4.9.4_06-3.59 is installed
  • OR xen-tools-domU-4.9.4_06-3.59 is installed
    • BACK