OVAL Reference oval:org.opensuse.security:def:55844

Oval Definition:

oval:org.opensuse.security:def:55844

Revision Date:	2021-02-11	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ). - CVE-2019-6133: Fixed an issue where the 'start time' protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172). The following non-security bugs were fixed: - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755). - futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755). - futex,rt_mutex: Provide futex specific rt_mutex API (bsc#969755). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bsc#969755). - futex: Avoid freeing an active timer (bsc#969755). - futex: Avoid violating the 10th rule of futex (bsc#969755). - futex: Change locking rules (bsc#969755). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#969755). - futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755). - futex: Fix OWNER_DEAD fixup (bsc#969755). - futex: Fix incorrect should_fail_futex() handling (bsc#969755). - futex: Fix more put_pi_state() vs. exit_pi_state_list() races (bsc#969755). - futex: Fix pi_state->owner serialization (bsc#969755). - futex: Fix small (and harmless looking) inconsistencies (bsc#969755). - futex: Futex_unlock_pi() determinism (bsc#969755). - futex: Handle early deadlock return correctly (bsc#969755). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#969755). - futex: Pull rt_mutex_futex_unlock() out from under hb->lock (bsc#969755). - futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() (bsc#969755). - futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204).
Family:	unix	Class:	patch
Status:		Reference(s):	1006592 1055047 1056336 1061075 1061081 1061086 1063123 1068187 1068191 1070943 1076017 1077355 1083488 1085114 1085447 1087102 1095735 1118319 1118320 1121826 1121872 1157298 1168952 1173942 1176395 1176485 1177411 1178123 1178182 1178589 1178622 1178886 1179107 1179140 1179141 1179204 1179419 1179508 1179509 1179601 1179616 1179663 1179666 1179745 1179877 1179960 1179961 1180008 1180027 1180028 1180029 1180030 1180031 1180032 1180052 1180086 1180559 1180562 1181349 774818 806990 809917 816708 826486 832309 840997 843835 848657 849123 855657 859840 860441 860593 863586 866130 866615 866864 866911 868627 868629 869055 869934 870161 870444 871797 876017 876055 876114 876590 879921 880344 880370 881051 881759 882317 882639 882804 882900 883376 883518 883724 884333 884582 884725 884767 885262 885382 885422 885509 886840 887082 887503 887608 887645 887680 888058 888105 888591 888607 888847 888849 888968 889061 889173 889451 889614 889727 890297 890426 890513 890526 891087 891259 891619 892200 892490 892723 893064 893496 893596 894200 960996 962743 969755 972468 979005 991088 CVE-2013-1864 CVE-2013-1979 CVE-2013-4494 CVE-2013-5653 CVE-2014-0138 CVE-2014-0139 CVE-2014-1739 CVE-2014-2706 CVE-2014-4027 CVE-2014-4171 CVE-2014-4508 CVE-2014-4667 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2015-1142857 CVE-2015-1191 CVE-2015-4871 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2016-0636 CVE-2016-1541 CVE-2016-3120 CVE-2017-13166 CVE-2017-13672 CVE-2017-15289 CVE-2017-15592 CVE-2017-15595 CVE-2017-15597 CVE-2017-5715 CVE-2018-0739 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 CVE-2018-9568 CVE-2019-19063 CVE-2019-20934 CVE-2019-6133 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25285 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27673 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28915 CVE-2020-28974 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 SUSE-SU-2015:0962-1 SUSE-SU-2016:0269-1 SUSE-SU-2016:0959-1 SUSE-SU-2016:1588-1 SUSE-SU-2016:2136-1 SUSE-SU-2016:2817-1 SUSE-SU-2017:3236-1 SUSE-SU-2018:0902-1 SUSE-SU-2018:1032-1 SUSE-SU-2018:1570-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information cups-pk-helper-0.2.6-lp150.1 is installed OR cups-pk-helper-lang-0.2.6-lp150.1 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information bzip2-1.0.6-lp151.5.3 is installed OR bzip2-doc-1.0.6-lp151.5.3 is installed OR libbz2-1-1.0.6-lp151.5.3 is installed OR libbz2-1-32bit-1.0.6-lp151.5.3 is installed OR libbz2-devel-1.0.6-lp151.5.3 is installed OR libbz2-devel-32bit-1.0.6-lp151.5.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information acroread-9.5.5-0.5.5 is installed OR acroread-cmaps-9.4.6-0.4.5 is installed OR acroread-fonts-ja-9.4.6-0.4.5 is installed OR acroread-fonts-ko-9.4.6-0.4.5 is installed OR acroread-fonts-zh_CN-9.4.6-0.4.5 is installed OR acroread-fonts-zh_TW-9.4.6-0.4.5 is installed OR acroread_ja-9.4.2-0.4 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information curl-7.19.7-1.38 is installed OR libcurl4-7.19.7-1.38 is installed OR libcurl4-32bit-7.19.7-1.38 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information java-1_7_0-openjdk-1.7.0.95-0.17 is installed OR java-1_7_0-openjdk-demo-1.7.0.95-0.17 is installed OR java-1_7_0-openjdk-devel-1.7.0.95-0.17 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information ghostscript-9.15-17 is installed OR ghostscript-x11-9.15-17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND pigz-2.3-5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kernel-firmware-20160516git-10.13 is installed OR ucode-amd-20160516git-10.13 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information avahi-0.6.32-30 is installed OR avahi-lang-0.6.32-30 is installed OR avahi-utils-0.6.32-30 is installed OR libavahi-client3-0.6.32-30 is installed OR libavahi-client3-32bit-0.6.32-30 is installed OR libavahi-common3-0.6.32-30 is installed OR libavahi-common3-32bit-0.6.32-30 is installed OR libavahi-core7-0.6.32-30 is installed OR libdns_sd-0.6.32-30 is installed OR libdns_sd-32bit-0.6.32-30 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libopenssl-devel-1.0.2j-60.30 is installed OR libopenssl1_0_0-1.0.2j-60.30 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed OR openssl-1.0.2j-60.30 is installed OR openssl-doc-1.0.2j-60.30 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kernel-default-4.4.121-92.149.1 is installed OR kernel-default-base-4.4.121-92.149.1 is installed OR kernel-default-devel-4.4.121-92.149.1 is installed OR kernel-devel-4.4.121-92.149.1 is installed OR kernel-macros-4.4.121-92.149.1 is installed OR kernel-source-4.4.121-92.149.1 is installed OR kernel-syms-4.4.121-92.149.1 is installed OR kgraft-patch-4_4_121-92_149-default-1-3.3.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-11-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gstreamer-plugins-base-1.8.3-12 is installed OR gstreamer-plugins-base-lang-1.8.3-12 is installed OR libgstallocators-1_0-0-1.8.3-12 is installed OR libgstapp-1_0-0-1.8.3-12 is installed OR libgstapp-1_0-0-32bit-1.8.3-12 is installed OR libgstaudio-1_0-0-1.8.3-12 is installed OR libgstaudio-1_0-0-32bit-1.8.3-12 is installed OR libgstfft-1_0-0-1.8.3-12 is installed OR libgstpbutils-1_0-0-1.8.3-12 is installed OR libgstpbutils-1_0-0-32bit-1.8.3-12 is installed OR libgstriff-1_0-0-1.8.3-12 is installed OR libgstrtp-1_0-0-1.8.3-12 is installed OR libgstrtsp-1_0-0-1.8.3-12 is installed OR libgstsdp-1_0-0-1.8.3-12 is installed OR libgsttag-1_0-0-1.8.3-12 is installed OR libgsttag-1_0-0-32bit-1.8.3-12 is installed OR libgstvideo-1_0-0-1.8.3-12 is installed OR libgstvideo-1_0-0-32bit-1.8.3-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libsqlite3-0-3.8.10.2-9.15 is installed OR libsqlite3-0-32bit-3.8.10.2-9.15 is installed OR sqlite3-3.8.10.2-9.15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_176-94_88-default-5-2 is installed OR kgraft-patch-SLE12-SP3_Update_24-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND perl-Archive-Zip-1.34-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information kernel-firmware-20180525-3 is installed OR ucode-amd-20180525-3 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information xen-4.5.5_20-22.36 is installed OR xen-doc-html-4.5.5_20-22.36 is installed OR xen-kmp-default-4.5.5_20_k3.12.74_60.64.63-22.36 is installed OR xen-libs-4.5.5_20-22.36 is installed OR xen-libs-32bit-4.5.5_20-22.36 is installed OR xen-tools-4.5.5_20-22.36 is installed OR xen-tools-domU-4.5.5_20-22.36 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information openstack-nova-14.0.11~dev13-4.22 is installed OR openstack-nova-api-14.0.11~dev13-4.22 is installed OR openstack-nova-cells-14.0.11~dev13-4.22 is installed OR openstack-nova-cert-14.0.11~dev13-4.22 is installed OR openstack-nova-compute-14.0.11~dev13-4.22 is installed OR openstack-nova-conductor-14.0.11~dev13-4.22 is installed OR openstack-nova-console-14.0.11~dev13-4.22 is installed OR openstack-nova-consoleauth-14.0.11~dev13-4.22 is installed OR openstack-nova-doc-14.0.11~dev13-4.22 is installed OR openstack-nova-novncproxy-14.0.11~dev13-4.22 is installed OR openstack-nova-placement-api-14.0.11~dev13-4.22 is installed OR openstack-nova-scheduler-14.0.11~dev13-4.22 is installed OR openstack-nova-serialproxy-14.0.11~dev13-4.22 is installed OR openstack-nova-vncproxy-14.0.11~dev13-4.22 is installed OR python-nova-14.0.11~dev13-4.22 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND ucode-intel-20191112-13.53 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND nodejs6-6.14.3-11.15 is installed

BACK