Oval Definition:	oval:org.opensuse.security:def:55289
Revision Date: 2021-02-11 Version: 1 Title: Security update for the Linux Kernel (Important) Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ). - CVE-2019-6133: Fixed an issue where the 'start time' protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172). The following non-security bugs were fixed: - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755). - futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755). - futex,rt_mutex: Provide futex specific rt_mutex API (bsc#969755). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bsc#969755). - futex: Avoid freeing an active timer (bsc#969755). - futex: Avoid violating the 10th rule of futex (bsc#969755). - futex: Change locking rules (bsc#969755). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#969755). - futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755). - futex: Fix OWNER_DEAD fixup (bsc#969755). - futex: Fix incorrect should_fail_futex() handling (bsc#969755). - futex: Fix more put_pi_state() vs. exit_pi_state_list() races (bsc#969755). - futex: Fix pi_state->owner serialization (bsc#969755). - futex: Fix small (and harmless looking) inconsistencies (bsc#969755). - futex: Futex_unlock_pi() determinism (bsc#969755). - futex: Handle early deadlock return correctly (bsc#969755). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#969755). - futex: Pull rt_mutex_futex_unlock() out from under hb->lock (bsc#969755). - futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() (bsc#969755). - futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). Family: unix Class: patch Status: Reference(s): 1040202 1043353 1043354 1047908 1048715 1050037 1050072 1050098 1050100 1050635 1051442 1052470 1052708 1052717 1052721 1052768 1052777 1052781 1054600 1055068 1055374 1055455 1055456 1056127 1056128 1056129 1056131 1056132 1056136 1057000 1060162 1062752 1068032 1068613 1070144 1070943 1071228 1072362 1072901 1073489 1074120 1074125 1074185 1074309 1074572 1075939 1076021 1076051 1076114 1076775 1076813 1082276 1083291 1106222 1108474 1110910 1111006 1111010 1111013 1114422 1114529 1121826 1121872 1136364 1138459 1141853 1157298 1168952 1173942 1176395 1176485 1177411 1178123 1178182 1178589 1178622 1178886 1179107 1179140 1179141 1179204 1179419 1179508 1179509 1179601 1179616 1179663 1179666 1179745 1179877 1179960 1179961 1180008 1180027 1180028 1180029 1180030 1180031 1180032 1180052 1180086 1180559 1180562 1181349 863741 880984 904625 919959 926159 928390 929718 936923 947780 961305 963041 969755 984751 985177 985348 989523 991389 991390 991391 991746 994157 997420 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2012-5134 CVE-2013-1989 CVE-2013-2066 CVE-2014-1912 CVE-2014-8651 CVE-2015-8605 CVE-2016-0772 CVE-2016-1000110 CVE-2016-10245 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-5636 CVE-2016-5699 CVE-2016-6153 CVE-2016-6313 CVE-2016-7141 CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13059 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-14103 CVE-2017-14649 CVE-2017-15119 CVE-2017-15124 CVE-2017-15218 CVE-2017-16845 CVE-2017-17381 CVE-2017-17504 CVE-2017-17681 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18008 CVE-2017-18027 CVE-2017-18029 CVE-2017-18043 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-5715 CVE-2017-9261 CVE-2017-9262 CVE-2018-10839 CVE-2018-15746 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 CVE-2018-20852 CVE-2018-5246 CVE-2018-5683 CVE-2018-5685 CVE-2018-7550 CVE-2019-10160 CVE-2019-19063 CVE-2019-20934 CVE-2019-6133 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25285 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27673 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28915 CVE-2020-28974 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 SUSE-SU-2016:0303-1 SUSE-SU-2016:0481-1 SUSE-SU-2016:2106-1 SUSE-SU-2016:2330-1 SUSE-SU-2016:2345-1 SUSE-SU-2017:2035-1 SUSE-SU-2018:0120-1 SUSE-SU-2018:0349-1 SUSE-SU-2018:0762-1 SUSE-SU-2018:4185-1 SUSE-SU-2019:1570-1 SUSE-SU-2019:2091-1 SUSE-SU-2021:0437-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gdm-3.26.2.1-lp150.10 is installed OR gdm-lang-3.26.2.1-lp150.10 is installed OR gdmflexiserver-3.26.2.1-lp150.10 is installed OR libgdm1-3.26.2.1-lp150.10 is installed OR typelib-1_0-Gdm-1_0-3.26.2.1-lp150.10 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information exim-4.88-lp151.4.6 is installed OR eximon-4.88-lp151.4.6 is installed OR eximstats-html-4.88-lp151.4.6 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information dhcp-4.2.4.P2-0.24 is installed OR dhcp-client-4.2.4.P2-0.24 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information kde4-kgreeter-plugins-4.3.5-0.12.20 is installed OR kdebase4-wallpapers-4.3.5-0.11.20 is installed OR kdebase4-workspace-4.3.5-0.12.20 is installed OR kdebase4-workspace-ksysguardd-4.3.5-0.12.20 is installed OR kdm-4.3.5-0.12.20 is installed OR kwin-4.3.5-0.12.20 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information ImageMagick-6.8.8.1-71.33 is installed OR libMagick++-6_Q16-3-6.8.8.1-71.33 is installed OR libMagickCore-6_Q16-1-6.8.8.1-71.33 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33 is installed OR libMagickWand-6_Q16-1-6.8.8.1-71.33 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libsqlite3-0-3.8.10.2-8 is installed OR libsqlite3-0-32bit-3.8.10.2-8 is installed OR sqlite3-3.8.10.2-8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libXv1-1.0.10-3 is installed OR libXv1-32bit-1.0.10-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_48-default-3-2 is installed OR kgraft-patch-3_12_74-60_64_48-xen-3-2 is installed OR kgraft-patch-SLE12-SP1_Update_17-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND apache-commons-httpclient-3.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-default-4.4.121-92.149.1 is installed OR kernel-default-base-4.4.121-92.149.1 is installed OR kernel-default-devel-4.4.121-92.149.1 is installed OR kernel-devel-4.4.121-92.149.1 is installed OR kernel-macros-4.4.121-92.149.1 is installed OR kernel-source-4.4.121-92.149.1 is installed OR kernel-syms-4.4.121-92.149.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information LibVNCServer-0.9.9-17.8 is installed OR libvncclient0-0.9.9-17.8 is installed OR libvncserver0-0.9.9-17.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information xen-4.7.6_04-43.39 is installed OR xen-doc-html-4.7.6_04-43.39 is installed OR xen-libs-4.7.6_04-43.39 is installed OR xen-libs-32bit-4.7.6_04-43.39 is installed OR xen-tools-4.7.6_04-43.39 is installed OR xen-tools-domU-4.7.6_04-43.39 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND ipsec-tools-0.8.0-18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information java-1_8_0-ibm-1.8.0_sr6.0-30.60 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr6.0-30.60 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr6.0-30.60 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libecpg6-10.9-1.12 is installed OR libpq5-10.9-1.12 is installed OR libpq5-32bit-10.9-1.12 is installed OR postgresql10-10.9-1.12 is installed OR postgresql10-contrib-10.9-1.12 is installed OR postgresql10-docs-10.9-1.12 is installed OR postgresql10-libs-10.9-1.12 is installed OR postgresql10-plperl-10.9-1.12 is installed OR postgresql10-plpython-10.9-1.12 is installed OR postgresql10-pltcl-10.9-1.12 is installed OR postgresql10-server-10.9-1.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information glibc-2.22-62.22 is installed OR glibc-32bit-2.22-62.22 is installed OR glibc-devel-2.22-62.22 is installed OR glibc-devel-32bit-2.22-62.22 is installed OR glibc-html-2.22-62.22 is installed OR glibc-i18ndata-2.22-62.22 is installed OR glibc-info-2.22-62.22 is installed OR glibc-locale-2.22-62.22 is installed OR glibc-locale-32bit-2.22-62.22 is installed OR glibc-profile-2.22-62.22 is installed OR glibc-profile-32bit-2.22-62.22 is installed OR nscd-2.22-62.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libpython2_7-1_0-2.7.13-28.8 is installed OR libpython2_7-1_0-32bit-2.7.13-28.8 is installed OR python-2.7.13-28.8 is installed OR python-32bit-2.7.13-28.8 is installed OR python-base-2.7.13-28.8 is installed OR python-base-32bit-2.7.13-28.8 is installed OR python-curses-2.7.13-28.8 is installed OR python-demo-2.7.13-28.8 is installed OR python-doc-2.7.13-28.8 is installed OR python-doc-pdf-2.7.13-28.8 is installed OR python-gdbm-2.7.13-28.8 is installed OR python-idle-2.7.13-28.8 is installed OR python-tk-2.7.13-28.8 is installed OR python-xml-2.7.13-28.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND ant-1.9.4-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information libmysqlclient-devel-10.0.31-29.3 is installed OR libmysqlclient18-10.0.31-29.3 is installed OR libmysqlclient18-32bit-10.0.31-29.3 is installed OR libmysqlclient_r18-10.0.31-29.3 is installed OR libmysqld-devel-10.0.31-29.3 is installed OR libmysqld18-10.0.31-29.3 is installed OR mariadb-10.0.31-29.3 is installed OR mariadb-client-10.0.31-29.3 is installed OR mariadb-errormessages-10.0.31-29.3 is installed OR mariadb-tools-10.0.31-29.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information ntp-4.2.8p12-64.8 is installed OR ntp-doc-4.2.8p12-64.8 is installed
BACK