Oval Definition:	oval:org.opensuse.security:def:55184
Revision Date: 2021-05-17 Version: 1 Title: Security update for the Linux Kernel (Important) Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). - CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211 bnc#1184952). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022 bnc#1183069 ). - CVE-2020-1749: Fixed a flaw with some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629). The following non-security bugs were fixed: - KVM: Add proper lockdep assertion in I/O bus unregister (bsc#1185555). - KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1185556). - KVM: Stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1185557). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bluetooth: eliminate the potential race condition when removing the HCI controller (bsc#1184611). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Family: unix Class: patch Status: Reference(s): 1012382 1017693 1047118 1047626 1051042 1053188 1054594 1059465 1063675 1064569 1064580 1064583 1066471 1066472 1068032 1069496 1070623 1070905 1071319 1073231 1073246 1073311 1073792 1073874 1074293 1074709 1075091 1075411 1075908 1075992 1075994 1076017 1076110 1076154 1076278 1077182 1077355 1077560 1077922 1081317 1108308 1108630 1108631 1108632 1115717 1122293 1122299 1132728 1132729 1132732 1134297 1165629 1173485 1176720 1178181 1182715 1182716 1182717 1183022 1183069 1183593 1184120 1184167 1184168 1184194 1184198 1184208 1184211 1184391 1184393 1184397 1184509 1184611 1184952 1185555 1185556 1185557 813026 860993 872848 885882 893777 893949 902893 951376 951638 975788 990460 CVE-2013-0788 CVE-2013-0789 CVE-2013-0790 CVE-2013-0791 CVE-2013-0792 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0798 CVE-2013-0799 CVE-2013-0800 CVE-2013-1987 CVE-2014-0038 CVE-2014-2977 CVE-2014-2978 CVE-2014-3566 CVE-2014-4650 CVE-2015-1142857 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2016-6223 CVE-2016-7949 CVE-2016-7950 CVE-2017-1000405 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-12193 CVE-2017-12944 CVE-2017-13194 CVE-2017-13215 CVE-2017-15102 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16649 CVE-2017-16650 CVE-2017-16939 CVE-2017-16997 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-18079 CVE-2017-5715 CVE-2017-7853 CVE-2018-1000001 CVE-2018-1000004 CVE-2018-11212 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 CVE-2018-19210 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 CVE-2020-0433 CVE-2020-1749 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28950 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 CVE-2021-3483 SUSE-SU-2015:1875-1 SUSE-SU-2017:3210-1 SUSE-SU-2018:0056-1 SUSE-SU-2018:0074-1 SUSE-SU-2018:0181-1 SUSE-SU-2018:0525-1 SUSE-SU-2018:3074-1 SUSE-SU-2018:3606-1 SUSE-SU-2018:4191-1 SUSE-SU-2019:1392-1 SUSE-SU-2021:1617-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information java-10-openjdk-10.0.1.0-lp150.1 is installed OR java-10-openjdk-headless-10.0.1.0-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information apache2-mod_php7-7.2.5-lp151.6.3 is installed OR php7-7.2.5-lp151.6.3 is installed OR php7-bcmath-7.2.5-lp151.6.3 is installed OR php7-bz2-7.2.5-lp151.6.3 is installed OR php7-calendar-7.2.5-lp151.6.3 is installed OR php7-ctype-7.2.5-lp151.6.3 is installed OR php7-curl-7.2.5-lp151.6.3 is installed OR php7-dba-7.2.5-lp151.6.3 is installed OR php7-devel-7.2.5-lp151.6.3 is installed OR php7-dom-7.2.5-lp151.6.3 is installed OR php7-embed-7.2.5-lp151.6.3 is installed OR php7-enchant-7.2.5-lp151.6.3 is installed OR php7-exif-7.2.5-lp151.6.3 is installed OR php7-fastcgi-7.2.5-lp151.6.3 is installed OR php7-fileinfo-7.2.5-lp151.6.3 is installed OR php7-firebird-7.2.5-lp151.6.3 is installed OR php7-fpm-7.2.5-lp151.6.3 is installed OR php7-ftp-7.2.5-lp151.6.3 is installed OR php7-gd-7.2.5-lp151.6.3 is installed OR php7-gettext-7.2.5-lp151.6.3 is installed OR php7-gmp-7.2.5-lp151.6.3 is installed OR php7-iconv-7.2.5-lp151.6.3 is installed OR php7-intl-7.2.5-lp151.6.3 is installed OR php7-json-7.2.5-lp151.6.3 is installed OR php7-ldap-7.2.5-lp151.6.3 is installed OR php7-mbstring-7.2.5-lp151.6.3 is installed OR php7-mysql-7.2.5-lp151.6.3 is installed OR php7-odbc-7.2.5-lp151.6.3 is installed OR php7-opcache-7.2.5-lp151.6.3 is installed OR php7-openssl-7.2.5-lp151.6.3 is installed OR php7-pcntl-7.2.5-lp151.6.3 is installed OR php7-pdo-7.2.5-lp151.6.3 is installed OR php7-pear-7.2.5-lp151.6.3 is installed OR php7-pear-Archive_Tar-7.2.5-lp151.6.3 is installed OR php7-pgsql-7.2.5-lp151.6.3 is installed OR php7-phar-7.2.5-lp151.6.3 is installed OR php7-posix-7.2.5-lp151.6.3 is installed OR php7-readline-7.2.5-lp151.6.3 is installed OR php7-shmop-7.2.5-lp151.6.3 is installed OR php7-snmp-7.2.5-lp151.6.3 is installed OR php7-soap-7.2.5-lp151.6.3 is installed OR php7-sockets-7.2.5-lp151.6.3 is installed OR php7-sodium-7.2.5-lp151.6.3 is installed OR php7-sqlite-7.2.5-lp151.6.3 is installed OR php7-sysvmsg-7.2.5-lp151.6.3 is installed OR php7-sysvsem-7.2.5-lp151.6.3 is installed OR php7-sysvshm-7.2.5-lp151.6.3 is installed OR php7-testresults-7.2.5-lp151.6.3 is installed OR php7-tidy-7.2.5-lp151.6.3 is installed OR php7-tokenizer-7.2.5-lp151.6.3 is installed OR php7-wddx-7.2.5-lp151.6.3 is installed OR php7-xmlreader-7.2.5-lp151.6.3 is installed OR php7-xmlrpc-7.2.5-lp151.6.3 is installed OR php7-xmlwriter-7.2.5-lp151.6.3 is installed OR php7-xsl-7.2.5-lp151.6.3 is installed OR php7-zip-7.2.5-lp151.6.3 is installed OR php7-zlib-7.2.5-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information MozillaFirefox-17.0.5esr-0.4 is installed OR MozillaFirefox-branding-SLED-7-0.6.9 is installed OR MozillaFirefox-translations-17.0.5esr-0.4 is installed OR libfreebl3-3.14.3-0.4.3 is installed OR libfreebl3-32bit-3.14.3-0.4.3 is installed OR mozilla-nspr-4.9.6-0.3 is installed OR mozilla-nspr-32bit-4.9.6-0.3 is installed OR mozilla-nss-3.14.3-0.4.3 is installed OR mozilla-nss-32bit-3.14.3-0.4.3 is installed OR mozilla-nss-tools-3.14.3-0.4.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information java-1_7_0-openjdk-1.7.0.91-0.14 is installed OR java-1_7_0-openjdk-demo-1.7.0.91-0.14 is installed OR java-1_7_0-openjdk-devel-1.7.0.91-0.14 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libvpx-1.3.0-3.3 is installed OR libvpx1-1.3.0-3.3 is installed OR libvpx1-32bit-1.3.0-3.3 is installed OR vpx-tools-1.3.0-3.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libXrender1-0.9.8-7 is installed OR libXrender1-32bit-0.9.8-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information DirectFB-1.7.1-4 is installed OR lib++dfb-1_7-1-1.7.1-4 is installed OR libdirectfb-1_7-1-1.7.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_40-default-2-3 is installed OR kgraft-patch-3_12_74-60_64_40-xen-2-3 is installed OR kgraft-patch-SLE12-SP1_Update_15-2-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information dracut-044-87 is installed OR dracut-fips-044-87 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-default-4.4.121-92.155.1 is installed OR kernel-default-base-4.4.121-92.155.1 is installed OR kernel-default-devel-4.4.121-92.155.1 is installed OR kernel-devel-4.4.121-92.155.1 is installed OR kernel-macros-4.4.121-92.155.1 is installed OR kernel-source-4.4.121-92.155.1 is installed OR kernel-syms-4.4.121-92.155.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_109-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_29-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_85-default-3-2 is installed OR kgraft-patch-SLE12-SP2_Update_23-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libMagickCore-6_Q16-1-6.8.8.1-70 is installed OR libMagickWand-6_Q16-1-6.8.8.1-70 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libsolv-0.6.36-2.27.19 is installed OR libsolv-tools-0.6.36-2.27.19 is installed OR libzypp-16.20.2-27.60 is installed OR perl-solv-0.6.36-2.27.19 is installed OR python-solv-0.6.36-2.27.19 is installed OR zypper-1.13.54-18.40 is installed OR zypper-log-1.13.54-18.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_100-default-4-2 is installed OR kgraft-patch-SLE12-SP3_Update_27-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information tomcat-8.0.53-29.22 is installed OR tomcat-admin-webapps-8.0.53-29.22 is installed OR tomcat-docs-webapp-8.0.53-29.22 is installed OR tomcat-el-3_0-api-8.0.53-29.22 is installed OR tomcat-javadoc-8.0.53-29.22 is installed OR tomcat-jsp-2_3-api-8.0.53-29.22 is installed OR tomcat-lib-8.0.53-29.22 is installed OR tomcat-servlet-3_1-api-8.0.53-29.22 is installed OR tomcat-webapps-8.0.53-29.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information apache2-2.4.23-29.24 is installed OR apache2-doc-2.4.23-29.24 is installed OR apache2-example-pages-2.4.23-29.24 is installed OR apache2-prefork-2.4.23-29.24 is installed OR apache2-utils-2.4.23-29.24 is installed OR apache2-worker-2.4.23-29.24 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND libmicrohttpd10-0.9.30-5 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information kernel-default-3.12.74-60.64.66 is installed OR kernel-default-base-3.12.74-60.64.66 is installed OR kernel-default-devel-3.12.74-60.64.66 is installed OR kernel-devel-3.12.74-60.64.66 is installed OR kernel-macros-3.12.74-60.64.66 is installed OR kernel-source-3.12.74-60.64.66 is installed OR kernel-syms-3.12.74-60.64.66 is installed OR kernel-xen-3.12.74-60.64.66 is installed OR kernel-xen-base-3.12.74-60.64.66 is installed OR kernel-xen-devel-3.12.74-60.64.66 is installed OR kgraft-patch-3_12_74-60_64_66-default-1-2 is installed OR kgraft-patch-3_12_74-60_64_66-xen-1-2 is installed OR kgraft-patch-SLE12-SP1_Update_23-1-2 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND shadow-4.2.1-27.9 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND sudo-1.8.20p2-3.14 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-requests-2.20.1-4.3 is installed
BACK