Oval Definition:oval:org.opensuse.security:def:60121
Revision Date:2020-12-01Version:1
Title:Security update for the Linux Kernel (Important)
Description:

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.



The following security bugs were fixed:



- CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2020-10732: A flaw was found in the implementation of userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458).

The following non-security bugs were fixed:

- intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - x86/dumpstack/64: Handle faults when printing the 'Stack: ' part of an OOPS (bsc#1170383). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1172049).
Family:unixClass:patch
Status:Reference(s):1050257
1051188
1054094
1057357
1060995
1060996
1061000
1061310
1072928
1086598
1092952
1093095
1095070
1109412
1109413
1109414
1111996
1112534
1112535
1113160
1113247
1113252
1113255
1114592
1116827
1118830
1118831
1120640
1120943
1121034
1121035
1121056
1133131
1133232
1134195
1135254
1138822
1141661
1141897
1141913
1142038
1142649
1142654
1142772
1143913
1148177
1148517
1149145
1153090
1153277
1154940
1154968
1155372
1160770
1160888
1162002
1163871
1165921
1168310
1170231
1170383
1170557
1171189
1171191
1171220
1171687
1171732
1171988
1172049
1172453
1172458
1172462
1172745
1172775
1172781
1172782
1172783
1172999
1174115
1174421
1174462
1174543
1176409
1176412
CVE-2009-0035
CVE-2009-0688
CVE-2011-1898
CVE-2012-0029
CVE-2012-0217
CVE-2012-2625
CVE-2012-3432
CVE-2012-3433
CVE-2012-4411
CVE-2012-4535
CVE-2012-4536
CVE-2012-4537
CVE-2012-4538
CVE-2012-4539
CVE-2012-4544
CVE-2012-5510
CVE-2012-5511
CVE-2012-5513
CVE-2012-5514
CVE-2012-5515
CVE-2012-5525
CVE-2012-5634
CVE-2012-6075
CVE-2013-0151
CVE-2013-0152
CVE-2013-0153
CVE-2013-1442
CVE-2013-1917
CVE-2013-1918
CVE-2013-1919
CVE-2013-1922
CVE-2013-1952
CVE-2013-2007
CVE-2013-2062
CVE-2013-3495
CVE-2013-4355
CVE-2013-4356
CVE-2013-4361
CVE-2013-4375
CVE-2013-4416
CVE-2013-4494
CVE-2013-4533
CVE-2013-4534
CVE-2013-4537
CVE-2013-4538
CVE-2013-4539
CVE-2013-4540
CVE-2013-4551
CVE-2013-4553
CVE-2013-4554
CVE-2014-0222
CVE-2014-3124
CVE-2014-3640
CVE-2014-3672
CVE-2014-5146
CVE-2014-5149
CVE-2014-6268
CVE-2014-7154
CVE-2014-7155
CVE-2014-7156
CVE-2014-7188
CVE-2014-7815
CVE-2015-1779
CVE-2015-1782
CVE-2015-3259
CVE-2015-3340
CVE-2015-3456
CVE-2015-4037
CVE-2015-4103
CVE-2015-4104
CVE-2015-4105
CVE-2015-4106
CVE-2015-5154
CVE-2015-5239
CVE-2015-5278
CVE-2015-5307
CVE-2015-6815
CVE-2015-6855
CVE-2015-7311
CVE-2015-7504
CVE-2015-7512
CVE-2015-7549
CVE-2015-7835
CVE-2015-7969
CVE-2015-7970
CVE-2015-7971
CVE-2015-7972
CVE-2015-8104
CVE-2015-8339
CVE-2015-8340
CVE-2015-8341
CVE-2015-8345
CVE-2015-8504
CVE-2015-8550
CVE-2015-8554
CVE-2015-8555
CVE-2015-8558
CVE-2015-8567
CVE-2015-8568
CVE-2015-8613
CVE-2015-8615
CVE-2015-8619
CVE-2015-8743
CVE-2015-8744
CVE-2015-8745
CVE-2016-0787
CVE-2016-10013
CVE-2016-10024
CVE-2016-10025
CVE-2016-1568
CVE-2016-1570
CVE-2016-1571
CVE-2016-1714
CVE-2016-1922
CVE-2016-1981
CVE-2016-2198
CVE-2016-2270
CVE-2016-2271
CVE-2016-2391
CVE-2016-2392
CVE-2016-2538
CVE-2016-2841
CVE-2016-4439
CVE-2016-4441
CVE-2016-5238
CVE-2016-5338
CVE-2016-6258
CVE-2016-6259
CVE-2016-6351
CVE-2016-7092
CVE-2016-7093
CVE-2016-7094
CVE-2016-7777
CVE-2016-7908
CVE-2016-7909
CVE-2016-8667
CVE-2016-8669
CVE-2016-8910
CVE-2016-9377
CVE-2016-9378
CVE-2016-9379
CVE-2016-9380
CVE-2016-9381
CVE-2016-9382
CVE-2016-9383
CVE-2016-9384
CVE-2016-9385
CVE-2016-9386
CVE-2016-9637
CVE-2016-9921
CVE-2016-9922
CVE-2016-9932
CVE-2017-11591
CVE-2017-11683
CVE-2017-14859
CVE-2017-14862
CVE-2017-14864
CVE-2017-14970
CVE-2017-17669
CVE-2017-2615
CVE-2017-2620
CVE-2017-6505
CVE-2017-8309
CVE-2017-9330
CVE-2018-1000876
CVE-2018-10958
CVE-2018-10998
CVE-2018-11531
CVE-2018-17358
CVE-2018-17359
CVE-2018-17360
CVE-2018-17985
CVE-2018-18309
CVE-2018-18483
CVE-2018-18484
CVE-2018-18605
CVE-2018-18606
CVE-2018-18607
CVE-2018-19931
CVE-2018-19932
CVE-2018-20030
CVE-2018-20623
CVE-2018-20651
CVE-2018-20671
CVE-2018-3741
CVE-2019-1010180
CVE-2019-10215
CVE-2019-14250
CVE-2019-14907
CVE-2019-15043
CVE-2019-15847
CVE-2019-20810
CVE-2019-20812
CVE-2019-9278
CVE-2020-0305
CVE-2020-10135
CVE-2020-10711
CVE-2020-10732
CVE-2020-10751
CVE-2020-10766
CVE-2020-10767
CVE-2020-10768
CVE-2020-10773
CVE-2020-12245
CVE-2020-12771
CVE-2020-13379
CVE-2020-13974
CVE-2020-14392
CVE-2020-14393
CVE-2020-14416
CVE-2020-15705
SUSE-SU-2017:3232-1
SUSE-SU-2018:3882-1
SUSE-SU-2019:2182-1
SUSE-SU-2019:2650-1
SUSE-SU-2020:0233-1
SUSE-SU-2020:0457-1
SUSE-SU-2020:1970-1
SUSE-SU-2020:2304-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • ovmf-2017+git1510945757.b2662641d5-lp150.4.13 is installed
  • OR ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.13 is installed
  • OR qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.13 is installed
  • OR qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.13 is installed
  • OR qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.13 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libxslt-1.1.32-lp151.3.3 is installed
  • OR libxslt-devel-1.1.32-lp151.3.3 is installed
  • OR libxslt-devel-32bit-1.1.32-lp151.3.3 is installed
  • OR libxslt-python-1.1.32-lp151.3.3 is installed
  • OR libxslt-tools-1.1.32-lp151.3.3 is installed
  • OR libxslt1-1.1.32-lp151.3.3 is installed
  • OR libxslt1-32bit-1.1.32-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kernel-default-4.4.121-92.138 is installed
  • OR kernel-default-base-4.4.121-92.138 is installed
  • OR kernel-default-devel-4.4.121-92.138 is installed
  • OR kernel-devel-4.4.121-92.138 is installed
  • OR kernel-macros-4.4.121-92.138 is installed
  • OR kernel-source-4.4.121-92.138 is installed
  • OR kernel-syms-4.4.121-92.138 is installed
  • OR kgraft-patch-4_4_121-92_138-default-1-3.3 is installed
  • OR kgraft-patch-SLE12-SP2_Update_36-1-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • alsa-1.0.27.2-15 is installed
  • OR alsa-docs-1.0.27.2-15 is installed
  • OR libasound2-1.0.27.2-15 is installed
  • OR libasound2-32bit-1.0.27.2-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • xen-4.9.4_06-3.62 is installed
  • OR xen-doc-html-4.9.4_06-3.62 is installed
  • OR xen-libs-4.9.4_06-3.62 is installed
  • OR xen-libs-32bit-4.9.4_06-3.62 is installed
  • OR xen-tools-4.9.4_06-3.62 is installed
  • OR xen-tools-domU-4.9.4_06-3.62 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_178-94_91-default-4-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_25-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND binutils-2.32-9.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • xen-4.9.2_10-3.41 is installed
  • OR xen-doc-html-4.9.2_10-3.41 is installed
  • OR xen-libs-4.9.2_10-3.41 is installed
  • OR xen-libs-32bit-4.9.2_10-3.41 is installed
  • OR xen-tools-4.9.2_10-3.41 is installed
  • OR xen-tools-domU-4.9.2_10-3.41 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • augeas-1.2.0-17.3 is installed
  • OR augeas-lenses-1.2.0-17.3 is installed
  • OR libaugeas0-1.2.0-17.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.8 is installed
  • OR rubygem-rails-html-sanitizer-1.0.3-8.8 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • LibVNCServer-0.9.9-17.31 is installed
  • OR libvncclient0-0.9.9-17.31 is installed
  • OR libvncserver0-0.9.9-17.31 is installed
    • BACK