OVAL Reference oval:org.opensuse.security:def:55221

Oval Definition:

oval:org.opensuse.security:def:55221

Revision Date:	2021-07-20	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for local privilege escalation. (bsc#1187050) - CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bsc#1186463) - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bsc#1179610) - CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861) - CVE-2021-32399: Fixed a race condition in net/bluetooth/hci_request.c for removal of the HCI controller. (bsc#1184611) - CVE-2021-33034: Fixed an issue in net/bluetooth/hci_event.c where a use-after-free leads to writing an arbitrary value. (bsc#1186111) - CVE-2020-26139: Fixed a bug that allows an Access Point (AP) to forward EAPOL frames to other clients even though the sender has not yet successfully authenticated. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and made it easier to exploit other vulnerabilities in connected clients. (bsc#1186062) - CVE-2021-23134: Fixed a use After Free vulnerability in nfc sockets which allows local attackers to elevate their privileges. (bsc#1186060) - CVE-2020-24586: Fixed a bug that, under the right circumstances, allows to inject arbitrary network packets and/or exfiltrate user data when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP. (bsc#1185859) - CVE-2020-26141: Fixed a flaw that could allows an adversary to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bsc#1185987) - CVE-2020-26145: Fixed a bug in the WEP, WPA, WPA2, and WPA3 implementations that could allows an adversary to inject arbitrary network packets. (bsc#1185860) - CVE-2020-24587: Fixed a bug that allows an adversary to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (bsc#1185862) - CVE-2020-26147: Fixed a bug in the WEP, WPA, WPA2, and WPA3 implementations that could allows an adversary to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames. (bsc#1185987) The following non-security bugs were fixed: - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846).
Family:	unix	Class:	patch
Status:		Reference(s):	1005023 1027779 1032020 1032021 1032022 1049305 1049306 1049307 1049309 1049310 1049311 1049312 1049313 1049314 1049315 1049316 1049317 1049318 1049319 1049320 1049321 1049322 1049323 1049324 1049325 1049326 1049327 1049328 1049329 1049330 1049331 1049332 1052318 1059812 1064071 1064072 1064073 1064075 1064077 1064078 1064079 1064080 1064081 1064082 1064083 1064084 1064085 1064086 1075021 1075026 1075322 1075772 1076696 1076962 1080249 1082858 1091072 1096889 1096890 1101410 1101412 1101591 1101654 1103040 1112758 1113660 1114981 1115518 1119971 1120323 1173144 1176421 1179610 1180846 1184611 1185859 1185860 1185861 1185862 1185863 1185898 1185987 1186060 1186062 1186111 1186390 1186463 1187038 1187050 1187215 1187452 1187595 1187601 1187934 1188062 1188116 798770 829077 833483 842006 854869 858178 862608 864801 865682 867910 878841 880751 881900 882092 891539 895798 895799 895802 897657 934524 934525 934526 934527 934528 934529 CVE-2006-0855 CVE-2007-1669 CVE-2010-4341 CVE-2010-4352 CVE-2011-1758 CVE-2012-2396 CVE-2012-3524 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 CVE-2013-2168 CVE-2013-2877 CVE-2013-4344 CVE-2013-4540 CVE-2014-2599 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2014-3967 CVE-2014-3968 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-7824 CVE-2014-8148 CVE-2014-9732 CVE-2015-0245 CVE-2015-4467 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-12173 CVE-2017-14160 CVE-2017-6845 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-8054 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-10393 CVE-2018-11256 CVE-2018-14679 CVE-2018-16840 CVE-2018-16842 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-5295 CVE-2018-5296 CVE-2018-5308 CVE-2018-5309 CVE-2018-5783 CVE-2018-6871 CVE-2020-15169 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2020-8163 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 SUSE-SU-2015:2215-1 SUSE-SU-2018:0005-1 SUSE-SU-2018:0443-1 SUSE-SU-2018:1324-1 SUSE-SU-2018:2323-1 SUSE-SU-2018:3608-1 SUSE-SU-2019:0135-1 SUSE-SU-2019:0393-1 SUSE-SU-2020:2140-1 SUSE-SU-2020:2686-1 SUSE-SU-2021:2406-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 6-LTSS SUSE OpenStack Cloud 7	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND argyllcms-1.9.2-lp150.2 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information bluez-5.48-lp151.8.3 is installed OR bluez-auto-enable-devices-5.48-lp151.8.3 is installed OR bluez-cups-5.48-lp151.8.3 is installed OR bluez-devel-5.48-lp151.8.3 is installed OR bluez-devel-32bit-5.48-lp151.8.3 is installed OR bluez-test-5.48-lp151.8.3 is installed OR libbluetooth3-5.48-lp151.8.3 is installed OR libbluetooth3-32bit-5.48-lp151.8.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information libxml2-2.7.6-0.25 is installed OR libxml2-32bit-2.7.6-0.25 is installed OR libxml2-python-2.7.6-0.25 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information libmspack-0.0.20060920alpha-74.10 is installed OR libmspack0-0.0.20060920alpha-74.10 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND clamav-0.100.1-33.15 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libipa_hbac0-1.16.1-2 is installed OR libsss_certmap0-1.16.1-2 is installed OR libsss_idmap0-1.16.1-2 is installed OR libsss_nss_idmap0-1.16.1-2 is installed OR libsss_simpleifp0-1.16.1-2 is installed OR libsss_sudo-1.13.4-34.7 is installed OR python-sssd-config-1.16.1-2 is installed OR sssd-1.16.1-2 is installed OR sssd-32bit-1.16.1-2 is installed OR sssd-ad-1.16.1-2 is installed OR sssd-ipa-1.16.1-2 is installed OR sssd-krb5-1.16.1-2 is installed OR sssd-krb5-common-1.16.1-2 is installed OR sssd-ldap-1.16.1-2 is installed OR sssd-proxy-1.16.1-2 is installed OR sssd-tools-1.16.1-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information dbus-1-1.8.16-14 is installed OR dbus-1-x11-1.8.16-14 is installed OR libdbus-1-3-1.8.16-14 is installed OR libdbus-1-3-32bit-1.8.16-14 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_67-60_64_18-default-10-2 is installed OR kgraft-patch-3_12_67-60_64_18-xen-10-2 is installed OR kgraft-patch-SLE12-SP1_Update_9-10-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information cups-filters-1.0.58-13 is installed OR cups-filters-cups-browsed-1.0.58-13 is installed OR cups-filters-foomatic-rip-1.0.58-13 is installed OR cups-filters-ghostscript-1.0.58-13 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-default-4.4.121-92.158.1 is installed OR kernel-default-base-4.4.121-92.158.1 is installed OR kernel-default-devel-4.4.121-92.158.1 is installed OR kernel-devel-4.4.121-92.158.1 is installed OR kernel-macros-4.4.121-92.158.1 is installed OR kernel-source-4.4.121-92.158.1 is installed OR kernel-syms-4.4.121-92.158.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_120-default-2-2 is installed OR kgraft-patch-SLE12-SP2_Update_32-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_35-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_12-10-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information colord-gtk-lang-0.1.26-6 is installed OR libcolord-gtk1-0.1.26-6 is installed OR libcolord2-1.3.3-12 is installed OR libcolord2-32bit-1.3.3-12 is installed OR libcolorhug2-1.3.3-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information ibus-1.5.13-15.11 is installed OR ibus-gtk-1.5.13-15.11 is installed OR ibus-gtk3-1.5.13-15.11 is installed OR ibus-lang-1.5.13-15.11 is installed OR libibus-1_0-5-1.5.13-15.11 is installed OR typelib-1_0-IBus-1_0-1.5.13-15.11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information gvim-7.4.326-17.6 is installed OR vim-7.4.326-17.6 is installed OR vim-data-7.4.326-17.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND clamav-0.100.2-33.18 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information apache2-2.4.23-29.24 is installed OR apache2-doc-2.4.23-29.24 is installed OR apache2-example-pages-2.4.23-29.24 is installed OR apache2-prefork-2.4.23-29.24 is installed OR apache2-utils-2.4.23-29.24 is installed OR apache2-worker-2.4.23-29.24 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information java-1_7_0-openjdk-1.7.0.161-43.7 is installed OR java-1_7_0-openjdk-demo-1.7.0.161-43.7 is installed OR java-1_7_0-openjdk-devel-1.7.0.161-43.7 is installed OR java-1_7_0-openjdk-headless-1.7.0.161-43.7 is installed
Definition Synopsis
SUSE OpenStack Cloud 6-LTSS is installed AND Package Information ruby2.1-rubygem-actionview-4_2-4.2.9-9.9 is installed OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6 is installed OR rubygem-actionview-4_2-4.2.9-9.9 is installed OR rubygem-activesupport-4_2-4.2.9-7.6 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information dnsmasq-2.78-18.3 is installed OR dnsmasq-utils-2.78-18.3 is installed

BACK