Oval Definition:	oval:org.opensuse.security:def:61006
Revision Date: 2020-12-01 Version: 1 Title: Security update for the Linux Kernel (Important) Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2020-10732: A flaw was found in the implementation of userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1164910). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - udp: drop corrupt packets earlier to avoid data corruption (bsc#1173658). Family: unix Class: patch Status: Reference(s): 1012382 1019695 1019699 1022604 1027519 1029638 1029639 1029706 1029707 1029751 1031717 1046610 1055321 1059777 1060799 1061076 1061077 1061080 1061081 1061082 1061084 1061086 1061087 1064206 1065729 1068032 1073059 1073069 1075428 1076033 1077560 1083507 1083574 1083745 1083836 1084223 1084310 1084328 1084353 1084452 1084610 1084699 1084829 1084889 1084898 1084914 1084918 1084967 1085042 1085058 1085224 1085383 1085402 1085404 1085487 1085507 1085511 1085679 1085981 1086015 1086162 1086194 1086357 1086499 1086518 1086607 1087088 1087211 1087231 1087260 1087274 1087659 1087845 1087906 1087999 1088050 1088087 1088241 1088267 1088313 1088324 1088600 1088684 1088871 1102840 1110850 1124799 1124800 1124802 1124803 1124805 1124806 1124824 1124825 1124826 1124827 1125099 1133375 1146351 1149652 1152457 1152856 1154212 1156146 1158442 1160039 1162002 1162610 1164910 1170011 1170601 1170618 1170643 1170771 1171078 1171189 1171191 1171220 1171477 1171732 1171863 1171864 1171866 1171930 1171988 1172453 1172458 1172775 1172999 1173280 1173658 1174115 1174120 1174316 1174462 1174543 1176579 802154 CVE-2017-18207 CVE-2017-18257 CVE-2017-5526 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2018-1091 CVE-2018-11784 CVE-2018-7740 CVE-2018-8043 CVE-2018-8822 CVE-2019-14818 CVE-2019-20810 CVE-2019-20812 CVE-2019-2894 CVE-2019-2933 CVE-2019-2933 CVE-2019-2945 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2962 CVE-2019-2964 CVE-2019-2964 CVE-2019-2973 CVE-2019-2973 CVE-2019-2978 CVE-2019-2978 CVE-2019-2981 CVE-2019-2981 CVE-2019-2983 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2989 CVE-2019-2992 CVE-2019-2992 CVE-2019-2999 CVE-2019-2999 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-9928 CVE-2020-0305 CVE-2020-10135 CVE-2020-10543 CVE-2020-10711 CVE-2020-10722 CVE-2020-10732 CVE-2020-10751 CVE-2020-10773 CVE-2020-10878 CVE-2020-12243 CVE-2020-12723 CVE-2020-12771 CVE-2020-13974 CVE-2020-14416 CVE-2020-1472 CVE-2020-3899 CVE-2020-8597 SUSE-SU-2017:2201-1 SUSE-SU-2017:2751-1 SUSE-SU-2018:1048-1 SUSE-SU-2018:2040-1 SUSE-SU-2018:3393-1 SUSE-SU-2019:3084-1 SUSE-SU-2020:0051-1 SUSE-SU-2020:0490-1 SUSE-SU-2020:1662-1 SUSE-SU-2020:2152-1 SUSE-SU-2020:2721-1 Platform(s): openSUSE Leap 15.1 openSUSE Leap 15.2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information graphviz-2.40.1-lp151.6.3 is installed OR graphviz-addons-2.40.1-lp151.6.3 is installed OR graphviz-devel-2.40.1-lp151.6.3 is installed OR graphviz-doc-2.40.1-lp151.6.3 is installed OR graphviz-gd-2.40.1-lp151.6.3 is installed OR graphviz-gnome-2.40.1-lp151.6.3 is installed OR graphviz-guile-2.40.1-lp151.6.3 is installed OR graphviz-gvedit-2.40.1-lp151.6.3 is installed OR graphviz-java-2.40.1-lp151.6.3 is installed OR graphviz-lua-2.40.1-lp151.6.3 is installed OR graphviz-perl-2.40.1-lp151.6.3 is installed OR graphviz-php-2.40.1-lp151.6.3 is installed OR graphviz-plugins-core-2.40.1-lp151.6.3 is installed OR graphviz-python-2.40.1-lp151.6.3 is installed OR graphviz-ruby-2.40.1-lp151.6.3 is installed OR graphviz-smyrna-2.40.1-lp151.6.3 is installed OR graphviz-tcl-2.40.1-lp151.6.3 is installed OR libgraphviz6-2.40.1-lp151.6.3 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information grub2-2.04-lp152.7.3 is installed OR grub2-branding-upstream-2.04-lp152.7.3 is installed OR grub2-i386-efi-2.04-lp152.7.3 is installed OR grub2-i386-efi-debug-2.04-lp152.7.3 is installed OR grub2-i386-pc-2.04-lp152.7.3 is installed OR grub2-i386-pc-debug-2.04-lp152.7.3 is installed OR grub2-i386-xen-2.04-lp152.7.3 is installed OR grub2-snapper-plugin-2.04-lp152.7.3 is installed OR grub2-systemd-sleep-plugin-2.04-lp152.7.3 is installed OR grub2-x86_64-efi-2.04-lp152.7.3 is installed OR grub2-x86_64-efi-debug-2.04-lp152.7.3 is installed OR grub2-x86_64-xen-2.04-lp152.7.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libplist-1.12-20.3 is installed OR libplist3-1.12-20.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information java-1_7_0-openjdk-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-demo-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-devel-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-headless-1.7.0.241-43.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information dpdk-16.11.9-8.15 is installed OR dpdk-kmp-default-16.11.9_k4.4.180_94.127-8.15 is installed OR dpdk-thunderx-16.11.9-8.15 is installed OR dpdk-thunderx-kmp-default-16.11.9_k4.4.180_94.127-8.15 is installed OR dpdk-tools-16.11.9-8.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information perl-5.18.2-12.23 is installed OR perl-32bit-5.18.2-12.23 is installed OR perl-base-5.18.2-12.23 is installed OR perl-doc-5.18.2-12.23 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information gstreamer-plugins-base-1.8.3-13.3 is installed OR gstreamer-plugins-base-lang-1.8.3-13.3 is installed OR libgstallocators-1_0-0-1.8.3-13.3 is installed OR libgstapp-1_0-0-1.8.3-13.3 is installed OR libgstapp-1_0-0-32bit-1.8.3-13.3 is installed OR libgstaudio-1_0-0-1.8.3-13.3 is installed OR libgstaudio-1_0-0-32bit-1.8.3-13.3 is installed OR libgstfft-1_0-0-1.8.3-13.3 is installed OR libgstpbutils-1_0-0-1.8.3-13.3 is installed OR libgstpbutils-1_0-0-32bit-1.8.3-13.3 is installed OR libgstriff-1_0-0-1.8.3-13.3 is installed OR libgstrtp-1_0-0-1.8.3-13.3 is installed OR libgstrtsp-1_0-0-1.8.3-13.3 is installed OR libgstsdp-1_0-0-1.8.3-13.3 is installed OR libgsttag-1_0-0-1.8.3-13.3 is installed OR libgsttag-1_0-0-32bit-1.8.3-13.3 is installed OR libgstvideo-1_0-0-1.8.3-13.3 is installed OR libgstvideo-1_0-0-32bit-1.8.3-13.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dpdk-17.11.4-3 is installed OR dpdk-kmp-default-17.11.4_k4.12.14_94.41-3 is installed OR dpdk-thunderx-17.11.4-3 is installed OR dpdk-thunderx-kmp-default-17.11.4_k4.12.14_94.41-3 is installed OR dpdk-tools-17.11.4-3 is installed OR libdpdk-17_11-17.11.4-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information libzypp-16.21.2-2.45 is installed OR libzypp-devel-16.21.2-2.45 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND python-Django1-1.11.23-3.9 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information kernel-default-4.4.180-94.127 is installed OR kernel-default-base-4.4.180-94.127 is installed OR kernel-default-devel-4.4.180-94.127 is installed OR kernel-default-kgraft-4.4.180-94.127 is installed OR kernel-devel-4.4.180-94.127 is installed OR kernel-macros-4.4.180-94.127 is installed OR kernel-source-4.4.180-94.127 is installed OR kernel-syms-4.4.180-94.127 is installed OR kgraft-patch-4_4_180-94_127-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_34-1-4.3 is installed
BACK