Oval Definition:oval:org.opensuse.security:def:58220
Revision Date:2020-12-01Version:1
Title:Security update for the Linux Kernel (Important)
Description:

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). - CVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).

The following non-security bugs were fixed:

- aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ata: Fix racy link clearance (bsc#1107866). - btrfs: Fix wrong first_key parameter in replace_path (follow up fixes for bsc#1084721). - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (bsc#1113192) - fscache: fix race between enablement and dropping of object (bsc#1107385). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ip: hash fragments consistently (bsc#1042286 bsc#1108145). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - libfc: sync strings with upstream versions (bsc#1114763). - md: reorder flag_bits to match upstream commits The ordering in the patches was backward. - mm: add support for releasing multiple instances of a page (bsc#1100105). - mm: rename __page_frag functions to __page_frag_cache, drop order from drain (bsc#1100105). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - NFS: add nostatflush mount option (bsc#1065726). - nospec: Include dependency (bsc#1114648). - ovl: after setting xattributes, you need to copy the attributes in order to make sure the mode and ctime/mtime is set (bsc#1107299). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - Revert 'kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)' This reverts commit 54da5757cbbb39ab15b3cd09cf922a8a9e32209c. - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1091197). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - sd: disable logical block provisioning if 'lpbme' is not set (bsc#1086095). - tcp: prevent bogus FRTO undos with non-SACK flows (bsc#1086535). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bsc#1105931). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bsc#1105931). - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555, bsc#1117187). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen/blkfront: correct purging of persistent grants (bnc#1065600). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs/dmapi: restore event in xfs_getbmap (bsc#1095344, bsc#1114763). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).
Family:unixClass:patch
Status:Reference(s):1011276
1012266
1012382
1014560
1014566
1019416
1020601
1023175
1024416
1027147
1027519
1042286
1052916
1065600
1065726
1068032
1070805
1075697
1082943
1084632
1084721
1086036
1086095
1086535
1087289
1091158
1091171
1091197
1094725
1094825
1095242
1095344
1096224
1097356
1097521
1097522
1097523
1098599
1098996
1099523
1099597
1100097
1100105
1101555
1102959
1103098
1103624
1104731
1105025
1105402
1105931
1106293
1107256
1107299
1107385
1107829
1107866
1108145
1108498
1109137
1109330
1110286
1110837
1111062
1113192
1113751
1113769
1114190
1114648
1114763
1115433
1115440
1116027
1116183
1116345
1117186
1117187
1117645
1118152
1118319
1118595
1118596
1119019
1119714
1119946
1119947
1120691
1120743
1120758
1121621
1121698
1121805
1122821
1123161
1124728
1124732
1124735
1125315
1127155
1127758
1127961
1128166
1129080
1129179
1168994
1170771
1172906
1172935
1173197
1173812
1174157
1174463
1174570
1175259
1177943
993692
993707
997682
CVE-2016-10156
CVE-2016-9427
CVE-2017-2619
CVE-2017-2885
CVE-2017-5715
CVE-2017-5753
CVE-2018-11806
CVE-2018-12891
CVE-2018-12892
CVE-2018-12893
CVE-2018-12910
CVE-2018-14633
CVE-2018-15518
CVE-2018-16862
CVE-2018-16884
CVE-2018-18281
CVE-2018-18386
CVE-2018-18690
CVE-2018-18710
CVE-2018-19824
CVE-2018-19873
CVE-2018-19985
CVE-2018-20169
CVE-2018-3665
CVE-2018-5391
CVE-2018-5848
CVE-2018-9516
CVE-2018-9568
CVE-2019-17639
CVE-2019-2024
CVE-2019-3459
CVE-2019-3460
CVE-2019-6974
CVE-2019-7221
CVE-2019-7222
CVE-2019-9213
CVE-2020-10713
CVE-2020-12243
CVE-2020-14093
CVE-2020-14154
CVE-2020-14308
CVE-2020-14309
CVE-2020-14310
CVE-2020-14311
CVE-2020-14556
CVE-2020-14577
CVE-2020-14578
CVE-2020-14579
CVE-2020-14581
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
CVE-2020-14779
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
CVE-2020-14954
CVE-2020-15706
CVE-2020-15707
SUSE-SU-2016:3057-1
SUSE-SU-2017:0279-1
SUSE-SU-2017:0859-1
SUSE-SU-2018:0069-1
SUSE-SU-2018:2081-2
SUSE-SU-2018:2204-2
SUSE-SU-2019:0439-1
SUSE-SU-2019:0828-1
SUSE-SU-2020:1193-1
SUSE-SU-2020:1794-1
SUSE-SU-2020:2076-1
SUSE-SU-2020:2461-1
SUSE-SU-2020:3310-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND telepathy-mission-control-plugin-goa-3.12.14-lp150.6 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • MozillaThunderbird-60.7.2-lp151.2.7 is installed
  • OR MozillaThunderbird-buildsymbols-60.7.2-lp151.2.7 is installed
  • OR MozillaThunderbird-translations-common-60.7.2-lp151.2.7 is installed
  • OR MozillaThunderbird-translations-other-60.7.2-lp151.2.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • gc-7.2d-5 is installed
  • OR libgc1-7.2d-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • xen-4.7.6_02-43.36 is installed
  • OR xen-doc-html-4.7.6_02-43.36 is installed
  • OR xen-libs-4.7.6_02-43.36 is installed
  • OR xen-libs-32bit-4.7.6_02-43.36 is installed
  • OR xen-tools-4.7.6_02-43.36 is installed
  • OR xen-tools-domU-4.7.6_02-43.36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_114-92_67-default-9-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_19-9-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • libsoup-2.62.2-5.7 is installed
  • OR libsoup-2_4-1-2.62.2-5.7 is installed
  • OR libsoup-2_4-1-32bit-2.62.2-5.7 is installed
  • OR libsoup-lang-2.62.2-5.7 is installed
  • OR typelib-1_0-Soup-2_4-2.62.2-5.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • krb5-1.12.5-39 is installed
  • OR krb5-32bit-1.12.5-39 is installed
  • OR krb5-client-1.12.5-39 is installed
  • OR krb5-doc-1.12.5-39 is installed
  • OR krb5-plugin-kdb-ldap-1.12.5-39 is installed
  • OR krb5-plugin-preauth-otp-1.12.5-39 is installed
  • OR krb5-plugin-preauth-pkinit-1.12.5-39 is installed
  • OR krb5-server-1.12.5-39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libldap-2_4-2-2.4.41-18.71 is installed
  • OR libldap-2_4-2-32bit-2.4.41-18.71 is installed
  • OR openldap2-2.4.41-18.71 is installed
  • OR openldap2-back-meta-2.4.41-18.71 is installed
  • OR openldap2-client-2.4.41-18.71 is installed
  • OR openldap2-doc-2.4.41-18.71 is installed
  • OR openldap2-ppolicy-check-password-1.2-18.71 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_103-default-4-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_28-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_103-default-2-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_28-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.201-43.18 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.201-43.18 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.201-43.18 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.201-43.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • jakarta-taglibs-standard-1.1.1-255 is installed
  • OR jakarta-taglibs-standard-javadoc-1.1.1-255 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • kernel-default-4.4.121-92.101 is installed
  • OR kernel-default-base-4.4.121-92.101 is installed
  • OR kernel-default-devel-4.4.121-92.101 is installed
  • OR kernel-default-man-4.4.121-92.101 is installed
  • OR kernel-devel-4.4.121-92.101 is installed
  • OR kernel-macros-4.4.121-92.101 is installed
  • OR kernel-source-4.4.121-92.101 is installed
  • OR kernel-syms-4.4.121-92.101 is installed
  • OR kgraft-patch-4_4_121-92_101-default-1-3.3 is installed
  • OR kgraft-patch-SLE12-SP2_Update_27-1-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • mariadb-10.2.22-4.11 is installed
  • OR mariadb-client-10.2.22-4.11 is installed
  • OR mariadb-errormessages-10.2.22-4.11 is installed
  • OR mariadb-galera-10.2.22-4.11 is installed
  • OR mariadb-tools-10.2.22-4.11 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • mariadb-10.2.31-3.25 is installed
  • OR mariadb-galera-10.2.31-3.25 is installed
    • BACK