OVAL Reference oval:org.opensuse.security:def:60430

Oval Definition:

oval:org.opensuse.security:def:60430

Revision Date:	2021-12-02	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) The following non-security bugs were fixed: - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf: Move owner type, jited info into array auxiliary data (bsc#1141655). - bpf: Use kvmalloc for map values in syscall (stable-5.14.16). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22913) - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1114648). - fuse: fix page stealing (bsc#1192718). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - i2c: synquacer: fix deferred probing (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mpt3sas: fix spectre issues (bsc#1192802). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - prctl: allow to setup brk for et_dyn executables (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - swiotlb-xen: avoid double free (git-fixes). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - tracing: use %ps format string to print symbols (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen: Fix implicit type conversion (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes).
Family:	unix	Class:	patch
Status:		Reference(s):	1027519 1065386 1069601 1073363 1074562 1085970 1089638 1090296 1090822 1090823 1092631 1102310 1112142 1112143 1112144 1112146 1112147 1112148 1112152 1112153 1114648 1120629 1120630 1120631 1127155 1131823 1133719 1137977 1138301 1138303 1138734 1141655 1142690 1145604 1151021 1154980 1155787 1190523 1191790 1191961 1192045 1192048 1192273 1192718 1192750 1192753 1192781 1192802 1192906 1192987 CVE-2006-4484 CVE-2010-1163 CVE-2010-1646 CVE-2011-0010 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 CVE-2014-8964 CVE-2014-9680 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-4000 CVE-2015-5073 CVE-2015-8380 CVE-2016-1283 CVE-2016-3191 CVE-2016-7032 CVE-2016-7076 CVE-2017-1000367 CVE-2017-1000368 CVE-2017-16612 CVE-2017-18379 CVE-2017-2518 CVE-2018-1059 CVE-2018-10981 CVE-2018-10982 CVE-2018-13785 CVE-2018-16435 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 CVE-2018-3639 CVE-2018-8088 CVE-2019-10161 CVE-2019-10167 CVE-2019-10206 CVE-2019-14835 CVE-2019-18277 CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 SUSE-SU-2017:3214-1 SUSE-SU-2018:1456-1 SUSE-SU-2018:1744-1 SUSE-SU-2018:3923-1 SUSE-SU-2019:0057-1 SUSE-SU-2019:2274-1 SUSE-SU-2019:3050-1 SUSE-SU-2019:3288-1 SUSE-SU-2020:2660-1 SUSE-SU-2021:3877-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information apache2-mod_php7-7.2.5-lp150.2.25 is installed OR php7-7.2.5-lp150.2.25 is installed OR php7-bcmath-7.2.5-lp150.2.25 is installed OR php7-bz2-7.2.5-lp150.2.25 is installed OR php7-calendar-7.2.5-lp150.2.25 is installed OR php7-ctype-7.2.5-lp150.2.25 is installed OR php7-curl-7.2.5-lp150.2.25 is installed OR php7-dba-7.2.5-lp150.2.25 is installed OR php7-devel-7.2.5-lp150.2.25 is installed OR php7-dom-7.2.5-lp150.2.25 is installed OR php7-embed-7.2.5-lp150.2.25 is installed OR php7-enchant-7.2.5-lp150.2.25 is installed OR php7-exif-7.2.5-lp150.2.25 is installed OR php7-fastcgi-7.2.5-lp150.2.25 is installed OR php7-fileinfo-7.2.5-lp150.2.25 is installed OR php7-firebird-7.2.5-lp150.2.25 is installed OR php7-fpm-7.2.5-lp150.2.25 is installed OR php7-ftp-7.2.5-lp150.2.25 is installed OR php7-gd-7.2.5-lp150.2.25 is installed OR php7-gettext-7.2.5-lp150.2.25 is installed OR php7-gmp-7.2.5-lp150.2.25 is installed OR php7-iconv-7.2.5-lp150.2.25 is installed OR php7-intl-7.2.5-lp150.2.25 is installed OR php7-json-7.2.5-lp150.2.25 is installed OR php7-ldap-7.2.5-lp150.2.25 is installed OR php7-mbstring-7.2.5-lp150.2.25 is installed OR php7-mysql-7.2.5-lp150.2.25 is installed OR php7-odbc-7.2.5-lp150.2.25 is installed OR php7-opcache-7.2.5-lp150.2.25 is installed OR php7-openssl-7.2.5-lp150.2.25 is installed OR php7-pcntl-7.2.5-lp150.2.25 is installed OR php7-pdo-7.2.5-lp150.2.25 is installed OR php7-pear-7.2.5-lp150.2.25 is installed OR php7-pear-Archive_Tar-7.2.5-lp150.2.25 is installed OR php7-pgsql-7.2.5-lp150.2.25 is installed OR php7-phar-7.2.5-lp150.2.25 is installed OR php7-posix-7.2.5-lp150.2.25 is installed OR php7-readline-7.2.5-lp150.2.25 is installed OR php7-shmop-7.2.5-lp150.2.25 is installed OR php7-snmp-7.2.5-lp150.2.25 is installed OR php7-soap-7.2.5-lp150.2.25 is installed OR php7-sockets-7.2.5-lp150.2.25 is installed OR php7-sodium-7.2.5-lp150.2.25 is installed OR php7-sqlite-7.2.5-lp150.2.25 is installed OR php7-sysvmsg-7.2.5-lp150.2.25 is installed OR php7-sysvsem-7.2.5-lp150.2.25 is installed OR php7-sysvshm-7.2.5-lp150.2.25 is installed OR php7-tidy-7.2.5-lp150.2.25 is installed OR php7-tokenizer-7.2.5-lp150.2.25 is installed OR php7-wddx-7.2.5-lp150.2.25 is installed OR php7-xmlreader-7.2.5-lp150.2.25 is installed OR php7-xmlrpc-7.2.5-lp150.2.25 is installed OR php7-xmlwriter-7.2.5-lp150.2.25 is installed OR php7-xsl-7.2.5-lp150.2.25 is installed OR php7-zip-7.2.5-lp150.2.25 is installed OR php7-zlib-7.2.5-lp150.2.25 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information neovim-0.3.7-lp151.2.7 is installed OR neovim-lang-0.3.7-lp151.2.7 is installed
Definition Synopsis
openSUSE Leap 15.2 is installed AND Package Information libwireshark13-3.2.5-lp152.2.3 is installed OR libwiretap10-3.2.5-lp152.2.3 is installed OR libwsutil11-3.2.5-lp152.2.3 is installed OR wireshark-3.2.5-lp152.2.3 is installed OR wireshark-devel-3.2.5-lp152.2.3 is installed OR wireshark-ui-qt-3.2.5-lp152.2.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libpcre1-8.39-7 is installed OR libpcre1-32bit-8.39-7 is installed OR libpcre16-0-8.39-7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libsqlite3-0-3.8.10.2-9.15 is installed OR libsqlite3-0-32bit-3.8.10.2-9.15 is installed OR sqlite3-3.8.10.2-9.15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libvirt-3.3.0-5.40 is installed OR libvirt-admin-3.3.0-5.40 is installed OR libvirt-client-3.3.0-5.40 is installed OR libvirt-daemon-3.3.0-5.40 is installed OR libvirt-daemon-config-network-3.3.0-5.40 is installed OR libvirt-daemon-config-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-interface-3.3.0-5.40 is installed OR libvirt-daemon-driver-libxl-3.3.0-5.40 is installed OR libvirt-daemon-driver-lxc-3.3.0-5.40 is installed OR libvirt-daemon-driver-network-3.3.0-5.40 is installed OR libvirt-daemon-driver-nodedev-3.3.0-5.40 is installed OR libvirt-daemon-driver-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-qemu-3.3.0-5.40 is installed OR libvirt-daemon-driver-secret-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-core-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-disk-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-iscsi-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-logical-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-mpath-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-rbd-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-scsi-3.3.0-5.40 is installed OR libvirt-daemon-hooks-3.3.0-5.40 is installed OR libvirt-daemon-lxc-3.3.0-5.40 is installed OR libvirt-daemon-qemu-3.3.0-5.40 is installed OR libvirt-daemon-xen-3.3.0-5.40 is installed OR libvirt-doc-3.3.0-5.40 is installed OR libvirt-libs-3.3.0-5.40 is installed OR libvirt-lock-sanlock-3.3.0-5.40 is installed OR libvirt-nss-3.3.0-5.40 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libgcrypt-1.6.1-16.62 is installed OR libgcrypt20-1.6.1-16.62 is installed OR libgcrypt20-32bit-1.6.1-16.62 is installed OR libgcrypt20-hmac-1.6.1-16.62 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.62 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information audiofile-0.3.6-10 is installed OR libaudiofile1-0.3.6-10 is installed OR libaudiofile1-32bit-0.3.6-10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND xrdp-0.9.0~git.1456906198.f422461-21.27 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND Package Information MozillaFirefox-78.0.1-112.3 is installed OR MozillaFirefox-branding-SLE-78-35.3 is installed OR MozillaFirefox-devel-78.0.1-112.3 is installed OR MozillaFirefox-translations-common-78.0.1-112.3 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 12 SP5 is installed AND kernel-default-4.12.14-122.103.1 is installed OR kernel-default-base-4.12.14-122.103.1 is installed OR kernel-default-devel-4.12.14-122.103.1 is installed OR kernel-default-man-4.12.14-122.103.1 is installed OR kernel-devel-4.12.14-122.103.1 is installed OR kernel-macros-4.12.14-122.103.1 is installed OR kernel-source-4.12.14-122.103.1 is installed OR kernel-syms-4.12.14-122.103.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND kernel-default-4.12.14-122.103.1 is installed OR kernel-default-base-4.12.14-122.103.1 is installed OR kernel-default-devel-4.12.14-122.103.1 is installed OR kernel-default-man-4.12.14-122.103.1 is installed OR kernel-devel-4.12.14-122.103.1 is installed OR kernel-macros-4.12.14-122.103.1 is installed OR kernel-source-4.12.14-122.103.1 is installed OR kernel-syms-4.12.14-122.103.1 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND slf4j-1.7.12-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND Package Information mariadb-10.2.32-3.28 is installed OR mariadb-galera-10.2.32-3.28 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND ansible-2.4.6.0-3.6 is installed

BACK