OVAL Reference oval:org.opensuse.security:def:55478

Oval Definition:

oval:org.opensuse.security:def:55478

Revision Date:	2020-12-01	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive various security and bugfixes. This update contains the following feature enablements: - The remote block device (rbd) and ceph drivers have been enabled and are now supported. (FATE#318350) These can be used e.g. for accessing the SUSE Enterprise Storage product services. - Support for Intel Select Bay trail CPUs has been added. (FATE#316038) Following security issues were fixed: - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 did not ensure that Thread Local Storage (TLS) descriptors were loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (bnc#911326). - CVE-2014-7822: A flaw was found in the way the Linux kernels splice() system call validated its parameters. On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system. - CVE-2014-8160: The connection tracking module could be bypassed if a specific protocol module was not loaded, e.g. allowing SCTP traffic while the firewall should have filtered it. - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). The following non-security bugs were fixed: - audit: Allow login in non-init namespaces (bnc#916107). - btrfs: avoid unnecessary switch of path locks to blocking mode. - btrfs: fix directory inconsistency after fsync log replay (bnc#915425). - btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bnc#915425). - btrfs: fix fsync race leading to ordered extent memory leaks (bnc#917128). - btrfs: fix fsync when extend references are added to an inode (bnc#915425). - btrfs: fix missing error handler if submiting re-read bio fails. - btrfs: fix race between transaction commit and empty block group removal (bnc#915550). - btrfs: fix scrub race leading to use-after-free (bnc#915456). - btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454). - btrfs: improve free space cache management and space allocation. - btrfs: make btrfs_search_forward return with nodes unlocked. - btrfs: scrub, fix sleep in atomic context (bnc#915456). - btrfs: unlock nodes earlier when inserting items in a btree. - drm/i915: On G45 enable cursor plane briefly after enabling the display plane (bnc#918161). - Fix Module.supported handling for external modules (bnc#905304). - keys: close race between key lookup and freeing (bnc#912202). - msi: also reject resource with flags all clear. - pci: Add ACS quirk for Emulex NICs (bug#917089). - pci: Add ACS quirk for Intel 10G NICs (bug#917089). - pci: Add ACS quirk for Solarflare SFC9120 & SFC9140 (bug#917089). - Refresh other Xen patches (bsc#909829). - Update patches.suse/btrfs-8177-improve-free-space-cache-management-and-space-.patch (bnc#895805). - be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (bug#908322). - be2net: refactor code that checks flash file compatibility (bug#908322). - ceph: Add necessary clean up if invalid reply received in handle_reply() (bsc#918255). - crush: CHOOSE_LEAF -> CHOOSELEAF throughout (bsc#918255). - crush: add SET_CHOOSE_TRIES rule step (bsc#918255). - crush: add note about r in recursive choose (bsc#918255). - crush: add set_choose_local_[fallback_]tries steps (bsc#918255). - crush: apply chooseleaf_tries to firstn mode too (bsc#918255). - crush: attempts -> tries (bsc#918255). - crush: clarify numrep vs endpos (bsc#918255). - crush: eliminate CRUSH_MAX_SET result size limitation (bsc#918255). - crush: factor out (trivial) crush_destroy_rule() (bsc#918255). - crush: fix crush_choose_firstn comment (bsc#918255). - crush: fix some comments (bsc#918255). - crush: generalize descend_once (bsc#918255). - crush: new SET_CHOOSE_LEAF_TRIES command (bsc#918255). - crush: pass parent r value for indep call (bsc#918255). - crush: pass weight vector size to map function (bsc#918255). - crush: reduce scope of some local variables (bsc#918255). - crush: return CRUSH_ITEM_UNDEF for failed placements with indep (bsc#918255). - crush: strip firstn conditionals out of crush_choose, rename (bsc#918255). - crush: use breadth-first search for indep mode (bsc#918255). - crypto: drbg - panic on continuous self test error (bsc#905482). - dasd: List corruption in error recovery (bnc#914291, LTC#120865). - epoll: optimize setting task running after blocking (epoll-performance). - fips: We need to activate gcm(aes) in FIPS mode, RFCs 4106 and 4543 (bsc#914126,bsc#914457). - fips: __driver-gcm-aes-aesni needs to be listed explicitly inside the testmgr.c file (bsc#914457). - flow_dissector: add tipc support (bnc#916513). - hotplug, powerpc, x86: Remove cpu_hotplug_driver_lock() (bsc#907069). - hyperv: Add support for vNIC hot removal. - kernel: incorrect clock_gettime result (bnc#914291, LTC#121184). - kvm: iommu: Add cond_resched to legacy device assignment code (bsc#898687). - libceph: CEPH_OSD_FLAG_* enum update (bsc#918255). - libceph: add ceph_kv{malloc,free}() and switch to them (bsc#918255). - libceph: add ceph_pg_pool_by_id() (bsc#918255). - libceph: all features fields must be u64 (bsc#918255). - libceph: dout() is missing a newline (bsc#918255). - libceph: factor out logic from ceph_osdc_start_request() (bsc#918255). - libceph: fix error handling in ceph_osdc_init() (bsc#918255). - libceph: follow redirect replies from osds (bsc#918255). - libceph: follow {read,write}_tier fields on osd request submission (bsc#918255). - libceph: introduce and start using oid abstraction (bsc#918255). - libceph: rename MAX_OBJ_NAME_SIZE to CEPH_MAX_OID_NAME_LEN (bsc#918255). - libceph: rename ceph_osd_request::r_{oloc,oid} to r_base_{oloc,oid} (bsc#918255). - libceph: replace ceph_calc_ceph_pg() with ceph_oloc_oid_to_pg() (bsc#918255). - libceph: start using oloc abstraction (bsc#918255). - libceph: take map_sem for read in handle_reply() (bsc#918255). - libceph: update ceph_features.h (bsc#918255). - libceph: use CEPH_MON_PORT when the specified port is 0 (bsc#918255). - locking/mutex: Explicitly mark task as running after wakeup (mutex scalability). - locking/osq: No need for load/acquire when acquire-polling (mutex scalability). - locking/rtmutex: Optimize setting task running after being blocked (mutex scalability). - mm/compaction: fix wrong order check in compact_finished() (VM Performance, bnc#904177). - mm/compaction: stop the isolation when we isolate enough freepage (VM Performance, bnc#904177). - mm: fix negative nr_isolated counts (VM Performance). - mutex-debug: Always clear owner field upon mutex_unlock() (mutex bugfix). - net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes (bsc#918255). - net: allow macvlans to move to net namespace (bnc#915660). - net:socket: set msg_namelen to 0 if msg_name is passed as NULL in msghdr struct from userland (bnc#900270). - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484). - ocfs2: remove filesize checks for sync I/O journal commit (bnc#800255). Update references. - powerpc/xmon: Fix another endiannes issue in RTAS call from xmon (bsc#915188). - pvscsi: support suspend/resume (bsc#902286). - random: account for entropy loss due to overwrites (bsc#904883,bsc#904901). - random: allow fractional bits to be tracked (bsc#904883,bsc#904901). - random: statically compute poolbitshift, poolbytes, poolbits (bsc#904883,bsc#904901). - rbd: add '^A' sysfs rbd device attribute (bsc#918255). - rbd: add support for single-major device number allocation scheme (bsc#918255). - rbd: enable extended devt in single-major mode (bsc#918255). - rbd: introduce rbd_dev_header_unwatch_sync() and switch to it (bsc#918255). - rbd: rbd_device::dev_id is an int, format it as such (bsc#918255). - rbd: refactor rbd_init() a bit (bsc#918255). - rbd: switch to ida for rbd id assignments (bsc#918255). - rbd: tear down watch request if rbd_dev_device_setup() fails (bsc#918255). - rbd: tweak 'loaded' message and module description (bsc#918255). - rbd: wire up is_visible() sysfs callback for rbd bus (bsc#918255). - rpm/kernel-binary.spec.in: Own the modules directory in the devel package (bnc#910322) - s390/dasd: fix infinite loop during format (bnc#914291, LTC#120608). - s390/dasd: remove unused code (bnc#914291, LTC#120608). - sched/Documentation: Remove unneeded word (mutex scalability). - sched/completion: Add lock-free checking of the blocking case (scheduler scalability). - scsifront: avoid acquiring same lock twice if ring is full. - scsifront: do not use bitfields for indicators modified under different locks. - swiotlb: Warn on allocation failure in swiotlb_alloc_coherent (bsc#905783). - uas: Add NO_ATA_1X for VIA VL711 devices (bnc#914254). - uas: Add US_FL_NO_ATA_1X for 2 more Seagate disk enclosures (bnc#914254). - uas: Add US_FL_NO_ATA_1X for Seagate devices with usb-id 0bc2:a013 (bnc#914254). - uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model (bnc#914254). - uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models (bnc#914254). - uas: Add US_FL_NO_ATA_1X quirk for Seagate (0bc2:ab20) drives (bnc#914254). - uas: Add a quirk for rejecting ATA_12 and ATA_16 commands (bnc#914254). - uas: Add missing le16_to_cpu calls to asm1051 / asm1053 usb-id check (bnc#914294). - uas: Add no-report-opcodes quirk (bnc#914254). - uas: Disable uas on ASM1051 devices (bnc#914294). - uas: Do not blacklist ASM1153 disk enclosures (bnc#914294). - uas: Use streams on upcoming 10Gbps / 3.1 USB (bnc#914464). - uas: disable UAS on Apricorn SATA dongles (bnc#914300). - usb-storage: support for more than 8 LUNs (bsc#906196). - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783). - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783). - x86, swiotlb: Try coherent allocations with __GFP_NOWARN (bsc#905783). - x86/hpet: Make boot_hpet_disable extern (bnc#916646). - x86/intel: Add quirk to disable HPET for the Baytrail platform (bnc#916646). - x86: irq: Check for valid irq descriptor incheck_irq_vectors_for_cpu_disable (bnc#914726). - x86: irq: Check for valid irq descriptor in check_irq_vectors_for_cpu_disable (bnc#914726). - xhci: Add broken-streams quirk for Fresco Logic FL1000G xhci controllers (bnc#914112). - zcrypt: Number of supported ap domains is not retrievable (bnc#914291, LTC#120788).
Family:	unix	Class:	patch
Status:		Reference(s):	1005544 1013882 1038564 1042892 1044878 1045315 1050257 1050751 1051188 1060995 1060996 1061000 1072928 1092952 1093095 1095070 1111858 1111859 1112368 1112377 1112384 1112386 1112391 1112397 1112404 1112415 1112417 1112421 1112432 1116686 1118754 1120041 1134689 1139885 1139886 1140100 1140102 1140103 1140106 1140110 1140111 1140501 1140513 1140534 1140538 1140554 1140664 1140666 1140669 1140673 1141171 1158328 799216 800255 840510 844175 860346 875220 877456 884407 885069 895805 896484 897736 898687 900270 901276 902286 902346 902349 902709 903640 904177 904883 904899 904901 905100 905304 905329 905482 905783 906196 907069 908069 908322 908825 908904 909829 910322 911326 912202 912654 912705 913059 914112 914126 914254 914291 914294 914300 914457 914464 914726 915188 915322 915335 915425 915454 915456 915550 915660 916107 916513 916646 917089 917128 918161 918255 938248 CVE-2009-4029 CVE-2012-2673 CVE-2012-6706 CVE-2013-4351 CVE-2013-4402 CVE-2014-3608 CVE-2014-3673 CVE-2014-3687 CVE-2014-3708 CVE-2014-4877 CVE-2014-7230 CVE-2014-7231 CVE-2014-7822 CVE-2014-7841 CVE-2014-8160 CVE-2014-8559 CVE-2014-8750 CVE-2014-9419 CVE-2014-9584 CVE-2015-0259 CVE-2015-2590 CVE-2015-2596 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-3280 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-7548 CVE-2016-4658 CVE-2016-9843 CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2017-7533 CVE-2017-8890 CVE-2017-9242 CVE-2018-10958 CVE-2018-10998 CVE-2018-11531 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 CVE-2019-10130 CVE-2019-11745 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13307 CVE-2019-13308 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 SUSE-SU-2015:0529-1 SUSE-SU-2015:1319-1 SUSE-SU-2016:2650-1 SUSE-SU-2017:1745-1 SUSE-SU-2017:2089-1 SUSE-SU-2017:2094-1 SUSE-SU-2018:3882-2 SUSE-SU-2019:0119-1 SUSE-SU-2019:1511-1 SUSE-SU-2019:2010-1 SUSE-SU-2019:3347-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information ImageMagick-7.0.7.29-lp150.1 is installed OR libMagick++-7_Q16HDRI4-7.0.7.29-lp150.1 is installed OR libMagickCore-7_Q16HDRI6-7.0.7.29-lp150.1 is installed OR libMagickWand-7_Q16HDRI6-7.0.7.29-lp150.1 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information irssi-1.1.3-33 is installed OR irssi-devel-1.1.3-33 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information gpg2-2.0.9-25.33.37 is installed OR gpg2-lang-2.0.9-25.33.37 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND wget-1.11.4-1.19 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information kernel-default-3.12.38-44 is installed OR kernel-default-devel-3.12.38-44 is installed OR kernel-default-extra-3.12.38-44 is installed OR kernel-devel-3.12.38-44 is installed OR kernel-macros-3.12.38-44 is installed OR kernel-source-3.12.38-44 is installed OR kernel-syms-3.12.38-44 is installed OR kernel-xen-3.12.38-44 is installed OR kernel-xen-devel-3.12.38-44 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libecpg6-10.8-1.9 is installed OR libpq5-10.8-1.9 is installed OR libpq5-32bit-10.8-1.9 is installed OR postgresql10-10.8-1.9 is installed OR postgresql10-libs-10.8-1.9 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information exiv2-0.23-12.5 is installed OR libexiv2-12-0.23-12.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information automake-1.13.4-4 is installed OR m4-1.4.16-15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND unrar-5.0.14-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information freeradius-server-3.0.3-10 is installed OR freeradius-server-doc-3.0.3-10 is installed OR freeradius-server-krb5-3.0.3-10 is installed OR freeradius-server-ldap-3.0.3-10 is installed OR freeradius-server-libs-3.0.3-10 is installed OR freeradius-server-mysql-3.0.3-10 is installed OR freeradius-server-perl-3.0.3-10 is installed OR freeradius-server-postgresql-3.0.3-10 is installed OR freeradius-server-python-3.0.3-10 is installed OR freeradius-server-sqlite-3.0.3-10 is installed OR freeradius-server-utils-3.0.3-10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libpython2_7-1_0-2.7.13-28.21 is installed OR libpython2_7-1_0-32bit-2.7.13-28.21 is installed OR python-2.7.13-28.21 is installed OR python-32bit-2.7.13-28.21 is installed OR python-base-2.7.13-28.21 is installed OR python-base-32bit-2.7.13-28.21 is installed OR python-curses-2.7.13-28.21 is installed OR python-demo-2.7.13-28.21 is installed OR python-doc-2.7.13-28.21 is installed OR python-doc-pdf-2.7.13-28.21 is installed OR python-gdbm-2.7.13-28.21 is installed OR python-idle-2.7.13-28.21 is installed OR python-tk-2.7.13-28.21 is installed OR python-xml-2.7.13-28.21 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information MozillaFirefox-60.7.0-109.72 is installed OR MozillaFirefox-devel-60.7.0-109.72 is installed OR MozillaFirefox-translations-common-60.7.0-109.72 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_32-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_11-10-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information elfutils-0.158-6 is installed OR libasm1-0.158-6 is installed OR libasm1-32bit-0.158-6 is installed OR libdw1-0.158-6 is installed OR libdw1-32bit-0.158-6 is installed OR libebl1-0.158-6 is installed OR libebl1-32bit-0.158-6 is installed OR libelf1-0.158-6 is installed OR libelf1-32bit-0.158-6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information MozillaFirefox-68.6.0-109.110 is installed OR MozillaFirefox-translations-common-68.6.0-109.110 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_162-94_72-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_22-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libpolkit0-0.113-5.12 is installed OR polkit-0.113-5.12 is installed OR typelib-1_0-Polkit-1_0-0.113-5.12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information krb5-appl-clients-1.0.3-1 is installed OR krb5-appl-servers-1.0.3-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information openstack-nova-12.0.2~a0~dev18-1 is installed OR openstack-nova-api-12.0.2~a0~dev18-1 is installed OR openstack-nova-cells-12.0.2~a0~dev18-1 is installed OR openstack-nova-cert-12.0.2~a0~dev18-1 is installed OR openstack-nova-compute-12.0.2~a0~dev18-1 is installed OR openstack-nova-conductor-12.0.2~a0~dev18-1 is installed OR openstack-nova-console-12.0.2~a0~dev18-1 is installed OR openstack-nova-consoleauth-12.0.2~a0~dev18-1 is installed OR openstack-nova-novncproxy-12.0.2~a0~dev18-1 is installed OR openstack-nova-objectstore-12.0.2~a0~dev18-1 is installed OR openstack-nova-scheduler-12.0.2~a0~dev18-1 is installed OR openstack-nova-serialproxy-12.0.2~a0~dev18-1 is installed OR openstack-nova-vncproxy-12.0.2~a0~dev18-1 is installed OR python-nova-12.0.2~a0~dev18-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information galera-3-25.3.23-8 is installed OR galera-3-wsrep-provider-25.3.23-8 is installed OR libmariadb3-3.0.3-1.3 is installed OR mariadb-10.2.15-7 is installed OR mariadb-client-10.2.15-7 is installed OR mariadb-connector-c-3.0.3-1.3 is installed OR mariadb-errormessages-10.2.15-7 is installed OR mariadb-galera-10.2.15-7 is installed OR mariadb-tools-10.2.15-7 is installed OR ruby2.1-rubygem-mysql2-0.4.10-7 is installed OR rubygem-mysql2-0.4.10-7 is installed OR xtrabackup-2.4.10-5 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information MozillaFirefox-68.1.0-109.89 is installed OR MozillaFirefox-branding-SLE-68-32.8 is installed OR MozillaFirefox-translations-common-68.1.0-109.89 is installed

BACK