Oval Definition:	oval:org.opensuse.security:def:56046
Revision Date: 2021-07-20 Version: 1 Title: Security update for the Linux Kernel (Important) Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for local privilege escalation. (bsc#1187050) - CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bsc#1186463) - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bsc#1179610) - CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861) - CVE-2021-32399: Fixed a race condition in net/bluetooth/hci_request.c for removal of the HCI controller. (bsc#1184611) - CVE-2021-33034: Fixed an issue in net/bluetooth/hci_event.c where a use-after-free leads to writing an arbitrary value. (bsc#1186111) - CVE-2020-26139: Fixed a bug that allows an Access Point (AP) to forward EAPOL frames to other clients even though the sender has not yet successfully authenticated. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and made it easier to exploit other vulnerabilities in connected clients. (bsc#1186062) - CVE-2021-23134: Fixed a use After Free vulnerability in nfc sockets which allows local attackers to elevate their privileges. (bsc#1186060) - CVE-2020-24586: Fixed a bug that, under the right circumstances, allows to inject arbitrary network packets and/or exfiltrate user data when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP. (bsc#1185859) - CVE-2020-26141: Fixed a flaw that could allows an adversary to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bsc#1185987) - CVE-2020-26145: Fixed a bug in the WEP, WPA, WPA2, and WPA3 implementations that could allows an adversary to inject arbitrary network packets. (bsc#1185860) - CVE-2020-24587: Fixed a bug that allows an adversary to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (bsc#1185862) - CVE-2020-26147: Fixed a bug in the WEP, WPA, WPA2, and WPA3 implementations that could allows an adversary to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames. (bsc#1185987) The following non-security bugs were fixed: - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846). Family: unix Class: patch Status: Reference(s): 1001374 1005091 1005591 1008047 1008050 1012677 1027575 1031450 1031451 1033054 1033914 1033915 1035905 1036943 1036944 1036945 1036946 1038564 1038856 1042892 1044000 1044002 1044006 1044008 1044009 1044077 1044122 1046191 1050751 1056284 1083304 1083305 1103098 1117951 1124729 1124734 1128378 1131291 1141670 1163933 1168404 1168407 1169066 1179610 1180846 1184611 1185859 1185860 1185861 1185862 1185863 1185898 1185987 1186060 1186062 1186111 1186390 1186463 1187038 1187050 1187215 1187452 1187595 1187601 1187934 1188062 1188116 894999 904625 922709 929718 932996 934119 935634 938344 939709 939712 952474 967999 995964 CVE-2011-4349 CVE-2012-5112 CVE-2012-5133 CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 CVE-2014-3618 CVE-2014-8651 CVE-2015-2330 CVE-2015-2751 CVE-2015-3259 CVE-2015-4164 CVE-2015-5154 CVE-2015-5165 CVE-2015-5166 CVE-2015-7995 CVE-2015-9019 CVE-2015-9542 CVE-2016-2512 CVE-2016-4738 CVE-2016-7098 CVE-2016-7401 CVE-2016-9013 CVE-2016-9014 CVE-2017-12794 CVE-2017-2636 CVE-2017-5029 CVE-2017-7233 CVE-2017-7234 CVE-2017-7533 CVE-2017-7585 CVE-2017-7645 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2017-8890 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 CVE-2017-9242 CVE-2018-5391 CVE-2018-7536 CVE-2018-7537 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 CVE-2020-1927 CVE-2020-1934 CVE-2020-1938 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 SUSE-SU-2015:1472-1 SUSE-SU-2015:1479-2 SUSE-SU-2016:0303-1 SUSE-SU-2016:3268-1 SUSE-SU-2017:1313-1 SUSE-SU-2017:1367-1 SUSE-SU-2017:1769-1 SUSE-SU-2017:2049-1 SUSE-SU-2018:1102-1 SUSE-SU-2019:1124-1 SUSE-SU-2020:1111-1 SUSE-SU-2020:1117-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP2-LTSS-SAP SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information alsa-1.1.5-lp150.4 is installed OR libasound2-1.1.5-lp150.4 is installed OR libasound2-32bit-1.1.5-lp150.4 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information chromedriver-74.0.3729.157-lp151.2.3 is installed OR chromium-74.0.3729.157-lp151.2.3 is installed Definition Synopsis openSUSE Leap 15.1 NonFree is installed AND opera-67.0.3575.97-lp151.2.12 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND kvm-1.4.2-0.22.34 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information kde4-kgreeter-plugins-4.3.5-0.12.20 is installed OR kdebase4-wallpapers-4.3.5-0.11.20 is installed OR kdebase4-workspace-4.3.5-0.12.20 is installed OR kdebase4-workspace-ksysguardd-4.3.5-0.12.20 is installed OR kdm-4.3.5-0.12.20 is installed OR kwin-4.3.5-0.12.20 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libsndfile-1.0.25-35 is installed OR libsndfile1-1.0.25-35 is installed OR libsndfile1-32bit-1.0.25-35 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libquicktime-1.2.4-13 is installed OR libquicktime0-1.2.4-13 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information colord-gtk-lang-0.1.25-3 is installed OR libcolord-gtk1-0.1.25-3 is installed OR libcolord2-1.1.7-5 is installed OR libcolord2-32bit-1.1.7-5 is installed OR libcolorhug2-1.1.7-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_69-60_64_29-default-6-2 is installed OR kgraft-patch-3_12_69-60_64_29-xen-6-2 is installed OR kgraft-patch-SLE12-SP1_Update_12-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND iputils-s20121221-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information MozillaFirefox-60.7.2-109.80 is installed OR MozillaFirefox-devel-60.7.2-109.80 is installed OR MozillaFirefox-translations-common-60.7.2-109.80 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kernel-default-4.4.121-92.92 is installed OR kernel-default-base-4.4.121-92.92 is installed OR kernel-default-devel-4.4.121-92.92 is installed OR kernel-devel-4.4.121-92.92 is installed OR kernel-macros-4.4.121-92.92 is installed OR kernel-source-4.4.121-92.92 is installed OR kernel-syms-4.4.121-92.92 is installed OR kgraft-patch-4_4_121-92_92-default-1-3.7 is installed OR kgraft-patch-SLE12-SP2_Update_24-1-3.7 is installed OR lttng-modules-2.7.1-9.4 is installed OR lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_92-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_24-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information coreutils-8.25-12 is installed OR coreutils-lang-8.25-12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information MozillaFirefox-68.9.0-109.123 is installed OR MozillaFirefox-translations-common-68.9.0-109.123 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information tomcat-8.0.53-29.16 is installed OR tomcat-admin-webapps-8.0.53-29.16 is installed OR tomcat-docs-webapp-8.0.53-29.16 is installed OR tomcat-el-3_0-api-8.0.53-29.16 is installed OR tomcat-javadoc-8.0.53-29.16 is installed OR tomcat-jsp-2_3-api-8.0.53-29.16 is installed OR tomcat-lib-8.0.53-29.16 is installed OR tomcat-servlet-3_1-api-8.0.53-29.16 is installed OR tomcat-webapps-8.0.53-29.16 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information gtk2-data-2.24.31-7 is installed OR gtk2-lang-2.24.31-7 is installed OR gtk2-tools-2.24.31-7 is installed OR gtk2-tools-32bit-2.24.31-7 is installed OR libgtk-2_0-0-2.24.31-7 is installed OR libgtk-2_0-0-32bit-2.24.31-7 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND python-Django-1.8.19-3.6 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND binutils-2.31-9.26 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libsqlite3-0-3.8.10.2-9.15 is installed OR libsqlite3-0-32bit-3.8.10.2-9.15 is installed OR sqlite3-3.8.10.2-9.15 is installed
BACK