OVAL Reference oval:org.opensuse.security:def:5485

Oval Definition:

oval:org.opensuse.security:def:5485

Revision Date:	2020-12-02	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775). The following non-security bugs were fixed: - Merge ibmvnic reset fixes (bsc#1158755 ltc#182094). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
Family:	unix	Class:	patch
Status:		Reference(s):	1051510 1065729 1071995 1104967 1152107 1158755 1162002 1170011 1171078 1171673 1171732 1171868 1172257 1172515 1172775 1172781 1172782 1172783 1172999 1173265 1173280 1173514 1173567 1173573 1173659 1173999 1174000 1174115 1174462 1174543 1176315 CVE-2009-0159 CVE-2009-1252 CVE-2009-1885 CVE-2009-5029 CVE-2011-0421 CVE-2011-3172 CVE-2012-1162 CVE-2012-1163 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2142 CVE-2013-2207 CVE-2013-4237 CVE-2013-4282 CVE-2013-4282 CVE-2013-4332 CVE-2013-4458 CVE-2013-5211 CVE-2013-7423 CVE-2014-0475 CVE-2014-1545 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9298 CVE-2014-9402 CVE-2014-9622 CVE-2014-9761 CVE-2015-0252 CVE-2015-0295 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-1798 CVE-2015-1799 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2015-2331 CVE-2015-3247 CVE-2015-3247 CVE-2015-3405 CVE-2015-5185 CVE-2015-5260 CVE-2015-5261 CVE-2015-5300 CVE-2015-7183 CVE-2015-7547 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-0749 CVE-2016-1234 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-1856 CVE-2016-1857 CVE-2016-2150 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 CVE-2016-5104 CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 CVE-2020-17507 SUSE-SU-2020:2748-1
Platform(s):	openSUSE 13.1 openSUSE 13.1 NonFree SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Availability 12 SP5 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12 SP3 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Real Time Extension 12 SP2 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2	Product(s):
Definition Synopsis
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information dnsmasq-2.71-4.1 is installed OR dnsmasq-utils-2.71-4.1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information xen-4.2.5_02-0.7.1 is installed OR xen-doc-html-4.2.5_02-0.7.1 is installed OR xen-doc-pdf-4.2.5_02-0.7.1 is installed OR xen-kmp-default-4.2.5_02_3.0.101_0.40-0.7.1 is installed OR xen-libs-4.2.5_02-0.7.1 is installed OR xen-libs-32bit-4.2.5_02-0.7.1 is installed OR xen-tools-4.2.5_02-0.7.1 is installed OR xen-tools-domU-4.2.5_02-0.7.1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND libspice-server1-0.12.5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information glibc-2.22-49 is installed OR glibc-32bit-2.22-49 is installed OR glibc-devel-2.22-49 is installed OR glibc-devel-32bit-2.22-49 is installed OR glibc-i18ndata-2.22-49 is installed OR glibc-locale-2.22-49 is installed OR glibc-locale-32bit-2.22-49 is installed OR nscd-2.22-49 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information cron-4.2-58 is installed OR cronie-1.4.11-58 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information bash-4.3-83.15 is installed OR bash-doc-4.3-83.15 is installed OR bash-lang-4.3-83.15 is installed OR libreadline6-6.3-83.15 is installed OR libreadline6-32bit-6.3-83.15 is installed OR readline-doc-6.3-83.15 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 is installed AND Package Information kgraft-patch-3_12_60-52_54-default-2-2.2 is installed OR kgraft-patch-3_12_60-52_54-xen-2-2.2 is installed OR kgraft-patch-SLE12_Update_15-2-2.2 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 SP1 is installed AND Package Information compat-openssl098-0.9.8j-94.1 is installed OR libopenssl0_9_8-0.9.8j-94.1 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP5 is installed AND conntrack-tools-1.4.2-5 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability Extension 11 SP3 is installed AND conntrack-tools-1.0.0-0.9.1 is installed
Definition Synopsis
SUSE Linux Enterprise High Performance Computing 12 SP5 is installed AND Package Information hplip-3.16.11-1 is installed OR hplip-hpijs-3.16.11-1 is installed OR hplip-sane-3.16.11-1 is installed
Definition Synopsis
SUSE Linux Enterprise Live Patching 12 SP3 is installed AND Package Information kgraft-patch-4_4_92-6_30-default-3-2 is installed OR kgraft-patch-SLE12-SP3_Update_5-3-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed AND Package Information puppet-3.8.5-15.3.3 is installed OR puppet-server-3.8.5-15.3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 12 is installed AND Package Information ruby2.1-rubygem-passenger-5.0.18-6.1 is installed OR rubygem-passenger-5.0.18-6.1 is installed OR rubygem-passenger-apache2-5.0.18-6.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information compat-openssl098-0.9.8j-78.1 is installed OR libopenssl0_9_8-0.9.8j-78.1 is installed OR libopenssl0_9_8-32bit-0.9.8j-78.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 12 is installed AND Package Information kernel-ec2-3.12.36-38.1 is installed OR kernel-ec2-devel-3.12.36-38.1 is installed OR kernel-ec2-extra-3.12.36-38.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information apache2-mod_php5-5.5.14-22.1 is installed OR php5-5.5.14-22.1 is installed OR php5-bcmath-5.5.14-22.1 is installed OR php5-bz2-5.5.14-22.1 is installed OR php5-calendar-5.5.14-22.1 is installed OR php5-ctype-5.5.14-22.1 is installed OR php5-curl-5.5.14-22.1 is installed OR php5-dba-5.5.14-22.1 is installed OR php5-dom-5.5.14-22.1 is installed OR php5-enchant-5.5.14-22.1 is installed OR php5-exif-5.5.14-22.1 is installed OR php5-fastcgi-5.5.14-22.1 is installed OR php5-fileinfo-5.5.14-22.1 is installed OR php5-fpm-5.5.14-22.1 is installed OR php5-ftp-5.5.14-22.1 is installed OR php5-gd-5.5.14-22.1 is installed OR php5-gettext-5.5.14-22.1 is installed OR php5-gmp-5.5.14-22.1 is installed OR php5-iconv-5.5.14-22.1 is installed OR php5-intl-5.5.14-22.1 is installed OR php5-json-5.5.14-22.1 is installed OR php5-ldap-5.5.14-22.1 is installed OR php5-mbstring-5.5.14-22.1 is installed OR php5-mcrypt-5.5.14-22.1 is installed OR php5-mysql-5.5.14-22.1 is installed OR php5-odbc-5.5.14-22.1 is installed OR php5-openssl-5.5.14-22.1 is installed OR php5-pcntl-5.5.14-22.1 is installed OR php5-pdo-5.5.14-22.1 is installed OR php5-pear-5.5.14-22.1 is installed OR php5-pgsql-5.5.14-22.1 is installed OR php5-pspell-5.5.14-22.1 is installed OR php5-shmop-5.5.14-22.1 is installed OR php5-snmp-5.5.14-22.1 is installed OR php5-soap-5.5.14-22.1 is installed OR php5-sockets-5.5.14-22.1 is installed OR php5-sqlite-5.5.14-22.1 is installed OR php5-suhosin-5.5.14-22.1 is installed OR php5-sysvmsg-5.5.14-22.1 is installed OR php5-sysvsem-5.5.14-22.1 is installed OR php5-sysvshm-5.5.14-22.1 is installed OR php5-tokenizer-5.5.14-22.1 is installed OR php5-wddx-5.5.14-22.1 is installed OR php5-xmlreader-5.5.14-22.1 is installed OR php5-xmlrpc-5.5.14-22.1 is installed OR php5-xmlwriter-5.5.14-22.1 is installed OR php5-xsl-5.5.14-22.1 is installed OR php5-zip-5.5.14-22.1 is installed OR php5-zlib-5.5.14-22.1 is installed
Definition Synopsis
SUSE Linux Enterprise Real Time Extension 12 SP2 is installed AND Package Information cluster-md-kmp-rt-4.4.88-18.1 is installed OR cluster-network-kmp-rt-4.4.88-18.1 is installed OR dlm-kmp-rt-4.4.88-18.1 is installed OR gfs2-kmp-rt-4.4.88-18.1 is installed OR kernel-devel-rt-4.4.88-18.1 is installed OR kernel-rt-4.4.88-18.1 is installed OR kernel-rt-base-4.4.88-18.1 is installed OR kernel-rt-devel-4.4.88-18.1 is installed OR kernel-rt_debug-4.4.88-18.1 is installed OR kernel-rt_debug-devel-4.4.88-18.1 is installed OR kernel-source-rt-4.4.88-18.1 is installed OR kernel-syms-rt-4.4.88-18.1 is installed OR ocfs2-kmp-rt-4.4.88-18.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 is installed AND yast2-ldap-server-2.17.21-0.1.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP1-LTSS is installed AND Package Information xorg-x11-libs-7.4-8.26.42.4 is installed OR xorg-x11-libs-32bit-7.4-8.26.42.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP2 is installed AND Package Information NetworkManager-0.7.1_git20090811-3.20.5 is installed OR NetworkManager-glib-0.7.1_git20090811-3.20.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP3 is installed AND LibVNCServer-0.9.1-154.24 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP4 is installed AND NetworkManager-gnome-0.7.1-5.22.28 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND Package Information accountsservice-0.6.35-1 is installed OR accountsservice-lang-0.6.35-1 is installed OR libaccountsservice0-0.6.35-1 is installed OR typelib-1_0-AccountsService-1_0-0.6.35-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information apache2-2.4.16-5 is installed OR apache2-doc-2.4.16-5 is installed OR apache2-example-pages-2.4.16-5 is installed OR apache2-prefork-2.4.16-5 is installed OR apache2-utils-2.4.16-5 is installed OR apache2-worker-2.4.16-5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libblkid1-2.28-42.1 is installed OR libblkid1-32bit-2.28-42.1 is installed OR libfdisk1-2.28-42.1 is installed OR libmount1-2.28-42.1 is installed OR libmount1-32bit-2.28-42.1 is installed OR libsmartcols1-2.28-42.1 is installed OR libuuid1-2.28-42.1 is installed OR libuuid1-32bit-2.28-42.1 is installed OR python-libmount-2.28-42.4 is installed OR util-linux-2.28-42.1 is installed OR util-linux-lang-2.28-42.1 is installed OR util-linux-systemd-2.28-42.3 is installed OR uuidd-2.28-42.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND mutt-1.6.0-54 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND apache2-mod_jk-1.2.40-5 is installed
Definition Synopsis
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information apache-commons-beanutils-1.9.2-1 is installed OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 12 SP1 is installed AND Package Information xorg-x11-server-7.6_1.15.2-53.3 is installed OR xorg-x11-server-extra-7.6_1.15.2-53.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information kernel-default-4.12.14-150.55 is installed OR kernel-default-base-4.12.14-150.55 is installed OR kernel-default-devel-4.12.14-150.55 is installed OR kernel-devel-4.12.14-150.55 is installed OR kernel-docs-4.12.14-150.55 is installed OR kernel-macros-4.12.14-150.55 is installed OR kernel-obs-build-4.12.14-150.55 is installed OR kernel-source-4.12.14-150.55 is installed OR kernel-syms-4.12.14-150.55 is installed OR kernel-vanilla-4.12.14-150.55 is installed OR kernel-vanilla-base-4.12.14-150.55 is installed OR reiserfs-kmp-default-4.12.14-150.55 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP2 is installed AND apache2-mod_fcgid-2.2-31.27.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND Package Information evolution-2.28.2-0.30.1 is installed OR evolution-devel-2.28.2-0.30.1 is installed OR evolution-lang-2.28.2-0.30.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 is installed AND augeas-devel-1.2.0-1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP3 is installed AND Package Information libpng12-compat-devel-1.2.50-19 is installed OR libpng12-devel-1.2.50-19 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP4 is installed AND alsa-devel-1.0.27.2-15 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 is installed AND Package Information dia-0.97.2-13 is installed OR dia-lang-0.97.2-13 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND Package Information colord-1.1.7-5 is installed OR colord-lang-1.1.7-5 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND Package Information libuuid-devel-2.28-42.1 is installed OR util-linux-2.28-42.1 is installed

BACK