OVAL Reference oval:org.opensuse.security:def:55640

Oval Definition:

oval:org.opensuse.security:def:55640

Revision Date:	2020-12-01	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers were valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a 'double-chroot attack (bnc#926238). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236 (bsc#953796). - Btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053). - Btrfs: fix truncation of compressed and inlined extents (bnc#956053). - Disable some ppc64le netfilter modules to restore the kabi (bsc#951546) - Fix regression in NFSRDMA server (bsc#951110). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - KVM: x86: call irq notifiers with directed EOI (bsc#950862). - NVMe: Add shutdown timeout as module parameter (bnc#936076). - NVMe: Mismatched host/device page size support (bsc#935961). - PCI: Drop 'setting latency timer' messages (bsc#956047). - SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SUNRPC: Fix oops when trace sunrpc_task events in nfs client (bnc#956703). - Sync ppc64le netfilter config options with other archs (bnc#951546) - Update kabi files with sbc_parse_cdb symbol change (bsc#954635). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - apparmor: temporary work around for bug while unloading policy (boo#941867). - audit: correctly record file names with different path name types (bsc#950013). - audit: create private file name copies when auditing inodes (bsc#950013). - cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773). - dlm: make posix locks interruptible, (bsc#947241). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fanotify: fix notification of groups with inode and mount marks (bsc#955533). - genirq: Make sure irq descriptors really exist when __irq_alloc_descs returns (bsc#945626). - hv: vss: run only on supported host versions (bnc#949504). - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags (bsc#947321). - ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321). - ipv6: Extend the route lookups to low priority metrics (bsc#947321). - ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321). - ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ipvs: drop first packet to dead server (bsc#946078). - kABI: protect struct ahci_host_priv. - kABI: protect struct rt6_info changes from bsc#947321 changes (bsc#947321). - kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546). - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635). - kabi: Restore kabi in struct se_cmd (bsc#954635). - kabi: Restore kabi in struct se_subsystem_api (bsc#954635). - kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199). - kgr: fix migration of kthreads to the new universe. - kgr: wake up kthreads periodically. - ktime: add ktime_after and ktime_before helper (bsc#904348). - macvlan: Support bonding events (bsc#948521). - net: add length argument to skb_copy_and_csum_datagram_iovec (bsc#951199). - net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec() (bsc#951199). - pci: Update VPD size with correct length (bsc#924493). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on() (bnc#956711). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtc: cmos: Revert 'rtc-cmos: Add an alarm disable quirk' (bsc#930145). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sunrpc/cache: make cache flushing more reliable (bsc#947478). - supported.conf: Add missing dependencies of supported modules hwmon_vid needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by ramoops - supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666). - target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831). - target/rbd: fix PR info memory leaks (bnc#948831). - target: Send UA upon LUN RESET tmr completion (bsc#933514). - target: use '^A' when allocating UAs (bsc#933514). - usbvision fix overflow of interfaces array (bnc#950998). - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down (bsc#940853). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148). - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in remove_pagetable() (VM Functionality, bnc#955148). - xfs: DIO needs an ioend for writes (bsc#949744). - xfs: DIO write completion size updates race (bsc#949744). - xfs: DIO writes within EOF do not need an ioend (bsc#949744). - xfs: always drain dio before extending aio write submission (bsc#949744). - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744). - xfs: do not allocate an ioend for direct I/O completions (bsc#949744). - xfs: factor DIO write mapping from get_blocks (bsc#949744). - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744). - xfs: move DIO mapping size calculation (bsc#949744). - xfs: using generic_file_direct_write() is unnecessary (bsc#949744). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).
Family:	unix	Class:	patch
Status:		Reference(s):	1000201 1009254 1016259 1018699 1018700 1018701 1018702 1022610 1024288 1024291 1029696 1031529 1035204 1038564 1042892 1050241 1050751 1071853 1086777 1093536 1094462 1107874 1109845 1120470 1120502 1120503 1120504 1120584 1120589 1136936 1140120 1165471 758040 814440 840997 848657 865241 867595 889013 904348 921949 924493 926238 930145 933514 935961 936076 936773 939826 939926 940776 940853 941113 941202 941867 942938 943959 944296 944749 945626 946078 947241 947321 947478 948521 948685 948831 949100 949192 949463 949504 949706 949744 949936 950013 950580 950750 950862 950998 951110 951165 951199 951440 951546 951638 951864 952384 952666 952758 953717 953796 953826 953830 953971 953980 954635 954986 955136 955148 955224 955354 955422 955533 955644 956047 956053 956147 956284 956703 956711 956717 956801 956876 957395 957546 958504 958510 958647 968050 976942 976943 977614 977615 977617 CVE-2009-1494 CVE-2010-2242 CVE-2011-1146 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-0179 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-4494 CVE-2013-4566 CVE-2013-6436 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8136 CVE-2015-0236 CVE-2015-0272 CVE-2015-0272 CVE-2015-2925 CVE-2015-2925 CVE-2015-5156 CVE-2015-5247 CVE-2015-5283 CVE-2015-5307 CVE-2015-7799 CVE-2015-7799 CVE-2015-7872 CVE-2015-7872 CVE-2015-7990 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-2579 CVE-2017-2580 CVE-2017-5436 CVE-2017-6507 CVE-2017-7533 CVE-2017-7890 CVE-2017-8890 CVE-2017-9242 CVE-2018-10811 CVE-2018-14553 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 CVE-2018-5388 CVE-2018-8975 CVE-2019-11038 SUSE-SU-2015:2194-1 SUSE-SU-2015:2292-1 SUSE-SU-2016:1267-1 SUSE-SU-2017:0111-1 SUSE-SU-2017:1149-1 SUSE-SU-2017:1151-1 SUSE-SU-2017:2089-1 SUSE-SU-2019:1645-1 SUSE-SU-2019:2745-1 SUSE-SU-2019:3266-1 SUSE-SU-2020:0623-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information ghostscript-9.23-lp150.1 is installed OR ghostscript-x11-9.23-lp150.1 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information curl-7.60.0-lp151.5.3 is installed OR curl-mini-7.60.0-lp151.5.3 is installed OR libcurl-devel-7.60.0-lp151.5.3 is installed OR libcurl-devel-32bit-7.60.0-lp151.5.3 is installed OR libcurl-mini-devel-7.60.0-lp151.5.3 is installed OR libcurl4-7.60.0-lp151.5.3 is installed OR libcurl4-32bit-7.60.0-lp151.5.3 is installed OR libcurl4-mini-7.60.0-lp151.5.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information xen-4.1.6_04-0.5 is installed OR xen-doc-html-4.1.6_04-0.5 is installed OR xen-doc-pdf-4.1.6_04-0.5 is installed OR xen-kmp-default-4.1.6_04_3.0.101_0.5-0.5 is installed OR xen-kmp-pae-4.1.6_04_3.0.101_0.5-0.5 is installed OR xen-kmp-trace-4.1.6_04_3.0.101_0.5-0.5 is installed OR xen-libs-4.1.6_04-0.5 is installed OR xen-libs-32bit-4.1.6_04-0.5 is installed OR xen-tools-4.1.6_04-0.5 is installed OR xen-tools-domU-4.1.6_04-0.5 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information kdelibs4-4.3.5-0.14 is installed OR kdelibs4-core-4.3.5-0.14 is installed OR libkde4-4.3.5-0.14 is installed OR libkde4-32bit-4.3.5-0.14 is installed OR libkdecore4-4.3.5-0.14 is installed OR libkdecore4-32bit-4.3.5-0.14 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information kernel-default-3.12.51-52.31 is installed OR kernel-default-devel-3.12.51-52.31 is installed OR kernel-default-extra-3.12.51-52.31 is installed OR kernel-devel-3.12.51-52.31 is installed OR kernel-macros-3.12.51-52.31 is installed OR kernel-source-3.12.51-52.31 is installed OR kernel-syms-3.12.51-52.31 is installed OR kernel-xen-3.12.51-52.31 is installed OR kernel-xen-devel-3.12.51-52.31 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libnetpbm11-10.66.3-8.7 is installed OR libnetpbm11-32bit-10.66.3-8.7 is installed OR netpbm-10.66.3-8.7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND apache2-mod_nss-1.0.8-13 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_48-default-2-2 is installed OR kgraft-patch-3_12_74-60_64_48-xen-2-2 is installed OR kgraft-patch-SLE12-SP1_Update_17-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND binutils-2.26.1-9.12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information git-2.12.3-27.14 is installed OR git-core-2.12.3-27.14 is installed OR git-doc-2.12.3-27.14 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information ghostscript-9.25-23.13 is installed OR ghostscript-x11-9.25-23.13 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_38-default-9-2 is installed OR kgraft-patch-SLE12-SP2_Update_13-9-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libspice-client-glib-2_0-8-0.33-1 is installed OR libspice-client-glib-helper-0.33-1 is installed OR libspice-client-gtk-3_0-5-0.33-1 is installed OR libspice-controller0-0.33-1 is installed OR typelib-1_0-SpiceClientGlib-2_0-0.33-1 is installed OR typelib-1_0-SpiceClientGtk-3_0-0.33-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information pam_radius-1.3.16-239.4 is installed OR pam_radius-32bit-1.3.16-239.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information dovecot22-2.2.31-19.17 is installed OR dovecot22-backend-mysql-2.2.31-19.17 is installed OR dovecot22-backend-pgsql-2.2.31-19.17 is installed OR dovecot22-backend-sqlite-2.2.31-19.17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information xen-4.9.4_06-3.59 is installed OR xen-doc-html-4.9.4_06-3.59 is installed OR xen-libs-4.9.4_06-3.59 is installed OR xen-libs-32bit-4.9.4_06-3.59 is installed OR xen-tools-4.9.4_06-3.59 is installed OR xen-tools-domU-4.9.4_06-3.59 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information qemu-2.9.1-6.34 is installed OR qemu-block-curl-2.9.1-6.34 is installed OR qemu-block-iscsi-2.9.1-6.34 is installed OR qemu-block-rbd-2.9.1-6.34 is installed OR qemu-block-ssh-2.9.1-6.34 is installed OR qemu-guest-agent-2.9.1-6.34 is installed OR qemu-ipxe-1.0.0+-6.34 is installed OR qemu-kvm-2.9.1-6.34 is installed OR qemu-lang-2.9.1-6.34 is installed OR qemu-seabios-1.10.2-6.34 is installed OR qemu-sgabios-8-6.34 is installed OR qemu-tools-2.9.1-6.34 is installed OR qemu-vgabios-1.10.2-6.34 is installed OR qemu-x86-2.9.1-6.34 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dbus-1-1.8.22-29.10 is installed OR dbus-1-x11-1.8.22-29.10 is installed OR libdbus-1-3-1.8.22-29.10 is installed OR libdbus-1-3-32bit-1.8.22-29.10 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND memcached-1.4.15-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information openstack-dashboard-10.0.6~dev4-4.15 is installed OR openstack-heat-7.0.7~dev10-5.12 is installed OR openstack-heat-api-7.0.7~dev10-5.12 is installed OR openstack-heat-api-cfn-7.0.7~dev10-5.12 is installed OR openstack-heat-api-cloudwatch-7.0.7~dev10-5.12 is installed OR openstack-heat-doc-7.0.7~dev10-5.12 is installed OR openstack-heat-engine-7.0.7~dev10-5.12 is installed OR openstack-heat-plugin-heat_docker-7.0.7~dev10-5.12 is installed OR openstack-heat-test-7.0.7~dev10-5.12 is installed OR openstack-horizon-plugin-designate-ui-3.0.2~dev1-3.6 is installed OR openstack-keystone-10.0.3~dev9-7.12 is installed OR openstack-keystone-doc-10.0.3~dev9-7.12 is installed OR openstack-nova-14.0.11~dev13-4.25 is installed OR openstack-nova-api-14.0.11~dev13-4.25 is installed OR openstack-nova-cells-14.0.11~dev13-4.25 is installed OR openstack-nova-cert-14.0.11~dev13-4.25 is installed OR openstack-nova-compute-14.0.11~dev13-4.25 is installed OR openstack-nova-conductor-14.0.11~dev13-4.25 is installed OR openstack-nova-console-14.0.11~dev13-4.25 is installed OR openstack-nova-consoleauth-14.0.11~dev13-4.25 is installed OR openstack-nova-doc-14.0.11~dev13-4.25 is installed OR openstack-nova-novncproxy-14.0.11~dev13-4.25 is installed OR openstack-nova-placement-api-14.0.11~dev13-4.25 is installed OR openstack-nova-scheduler-14.0.11~dev13-4.25 is installed OR openstack-nova-serialproxy-14.0.11~dev13-4.25 is installed OR openstack-nova-vncproxy-14.0.11~dev13-4.25 is installed OR python-heat-7.0.7~dev10-5.12 is installed OR python-horizon-10.0.6~dev4-4.15 is installed OR python-horizon-plugin-designate-ui-3.0.2~dev1-3.6 is installed OR python-keystone-10.0.3~dev9-7.12 is installed OR python-nova-14.0.11~dev13-4.25 is installed OR python-os-vif-1.2.1-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information ceph-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR ceph-common-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR libcephfs2-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR librados2-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR libradosstriper1-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR librbd1-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR librgw2-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR python-cephfs-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR python-rados-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR python-rbd-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR python-rgw-12.2.12+git.1587570958.35d78d0243-2.45 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND squid-3.5.21-26.17 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND python-urllib3-1.23-3.6 is installed

BACK