Oval Definition:oval:org.opensuse.security:def:59486
Revision Date:2021-06-08Version:1
Title:Security update for the Linux Kernel (Important)
Description:

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.



The following security bugs were fixed:

- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)

The following non-security bugs were fixed:

- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724). - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - net/ethernet: Add parse_protocol header_ops support (bsc#1176081). - net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081). - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). - net/packet: Ask driver for protocol if not provided by user (bsc#1176081). - net/packet: Remove redundant skb->protocol set (bsc#1176081). - net: Do not set transport offset to invalid value (bsc#1176081). - net: Introduce parse_protocol header_ops callback (bsc#1176081). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950). - s390/entry: save the caller of psw_idle (bsc#1185677). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
Family:unixClass:patch
Status:Reference(s):1022727
1050707
1051150
1052984
1057555
1058565
1058622
1058624
1061107
1063034
1063035
1063037
1063038
1063039
1063040
1063041
1068390
1102840
1103040
1104457
1110723
1115375
1118277
1125330
1127987
1129821
1130262
1132728
1132729
1132732
1132734
1134718
1141780
1141782
1141783
1141784
1141785
1141786
1141787
1141789
1155787
1160039
1167373
1170601
1171863
1171864
1171866
1173027
1173304
1175194
1176081
1178666
1178667
1178668
1180846
1183947
1184611
1184675
1185642
1185677
1185680
1185724
1185859
1185860
1185862
1185863
1185898
1185899
1185901
1185938
1185950
1185987
1186060
1186061
1186062
1186111
1186285
1186390
1186484
1186498
CVE-2006-4197
CVE-2011-1097
CVE-2014-2855
CVE-2014-2977
CVE-2014-2978
CVE-2014-8242
CVE-2014-9512
CVE-2017-12150
CVE-2017-12151
CVE-2017-12163
CVE-2017-12176
CVE-2017-12177
CVE-2017-12178
CVE-2017-12179
CVE-2017-12180
CVE-2017-12181
CVE-2017-12182
CVE-2017-12183
CVE-2017-12184
CVE-2017-12185
CVE-2017-12186
CVE-2017-12187
CVE-2017-13721
CVE-2017-13723
CVE-2017-16837
CVE-2017-2518
CVE-2018-14680
CVE-2018-14681
CVE-2018-14682
CVE-2018-15378
CVE-2018-18335
CVE-2018-18356
CVE-2018-18506
CVE-2018-19788
CVE-2019-10245
CVE-2019-18860
CVE-2019-2602
CVE-2019-2684
CVE-2019-2697
CVE-2019-2698
CVE-2019-2745
CVE-2019-2762
CVE-2019-2766
CVE-2019-2769
CVE-2019-2786
CVE-2019-2816
CVE-2019-2842
CVE-2019-5785
CVE-2019-7317
CVE-2019-9788
CVE-2019-9790
CVE-2019-9791
CVE-2019-9792
CVE-2019-9793
CVE-2019-9794
CVE-2019-9795
CVE-2019-9796
CVE-2019-9801
CVE-2019-9810
CVE-2019-9813
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-14059
CVE-2020-14350
CVE-2020-24586
CVE-2020-24587
CVE-2020-25694
CVE-2020-25695
CVE-2020-25696
CVE-2020-26139
CVE-2020-26141
CVE-2020-26145
CVE-2020-26147
CVE-2020-8177
CVE-2021-23133
CVE-2021-23134
CVE-2021-32399
CVE-2021-33034
CVE-2021-33200
CVE-2021-3491
SUSE-SU-2017:2695-1
SUSE-SU-2017:3047-1
SUSE-SU-2017:3090-1
SUSE-SU-2019:0019-1
SUSE-SU-2019:0852-1
SUSE-SU-2019:1345-1
SUSE-SU-2019:3050-1
SUSE-SU-2020:1662-1
SUSE-SU-2020:1732-1
SUSE-SU-2020:1803-1
SUSE-SU-2020:3477-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND libXinerama1-1.1.3-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • fence-agents-4.4.0+git.1558595666.5f79f9e9-lp151.2.3 is installed
  • OR fence-agents-amt_ws-4.4.0+git.1558595666.5f79f9e9-lp151.2.3 is installed
  • OR fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.45-38.37 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND clamav-0.100.2-33.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • DirectFB-1.7.1-6 is installed
  • OR lib++dfb-1_7-1-1.7.1-6 is installed
  • OR libdirectfb-1_7-1-1.7.1-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND binutils-2.32-9.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • ghostscript-9.27-23.31 is installed
  • OR ghostscript-x11-9.27-23.31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • apache2-2.4.23-29.24 is installed
  • OR apache2-doc-2.4.23-29.24 is installed
  • OR apache2-example-pages-2.4.23-29.24 is installed
  • OR apache2-prefork-2.4.23-29.24 is installed
  • OR apache2-utils-2.4.23-29.24 is installed
  • OR apache2-worker-2.4.23-29.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • bash-4.3-83.15 is installed
  • OR bash-doc-4.3-83.15 is installed
  • OR libreadline6-6.3-83.15 is installed
  • OR libreadline6-32bit-6.3-83.15 is installed
  • OR readline-doc-6.3-83.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND Package Information
  • kernel-default-4.12.14-95.77.1 is installed
  • OR kernel-default-base-4.12.14-95.77.1 is installed
  • OR kernel-default-devel-4.12.14-95.77.1 is installed
  • OR kernel-devel-4.12.14-95.77.1 is installed
  • OR kernel-macros-4.12.14-95.77.1 is installed
  • OR kernel-source-4.12.14-95.77.1 is installed
  • OR kernel-syms-4.12.14-95.77.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • curl-7.37.0-37.47 is installed
  • OR libcurl4-7.37.0-37.47 is installed
  • OR libcurl4-32bit-7.37.0-37.47 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND squid-3.5.21-26.26 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND squid-3.5.21-26.29 is installed
    • BACK