Oval Definition:oval:org.opensuse.security:def:64070
Revision Date:2020-12-01Version:1
Title:Security update for the Linux Kernel (Important)
Description:

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).

The following non-security bugs were fixed:

- btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47. - scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen: do not reschedule in preemption off sections (bsc#1175749).
Family:unixClass:patch
Status:Reference(s):1012382
1050242
1051510
1052478
1052484
1053043
1056787
1058115
1061840
1064802
1065600
1065729
1066129
1068546
1071995
1075020
1082387
1083647
1085535
1093389
1099658
1103992
1104353
1104427
1105084
1111666
1111696
1113722
1115688
1117114
1117158
1117561
1117665
1118139
1120091
1120423
1120566
1120902
1124503
1126206
1126356
1127616
1128432
1130699
1131673
1133190
1133612
1133616
1134090
1134671
1134730
1134738
1134743
1134806
1134936
1134945
1134946
1134947
1134948
1134949
1134950
1134951
1134952
1134953
1134972
1134974
1134975
1134980
1134981
1134983
1134987
1134989
1134990
1134994
1134995
1134998
1134999
1135018
1135021
1135024
1135026
1135027
1135028
1135029
1135031
1135033
1135034
1135035
1135036
1135037
1135038
1135039
1135041
1135042
1135044
1135045
1135046
1135047
1135049
1135051
1135052
1135053
1135055
1135056
1135058
1135153
1135542
1135556
1135642
1135661
1136188
1136206
1136215
1136345
1136347
1136348
1136353
1136424
1136428
1136430
1136432
1136434
1136435
1136438
1136439
1136456
1136460
1136461
1136469
1136477
1136478
1136498
1136573
1136586
1136598
1136881
1136922
1136935
1136978
1136990
1137151
1137152
1137153
1137162
1137201
1137224
1137232
1137233
1137236
1137372
1137429
1137444
1137586
1137739
1137752
1137995
1137996
1137998
1137999
1138000
1138002
1138003
1138005
1138006
1138007
1138008
1138009
1138010
1138011
1138012
1138013
1138014
1138015
1138016
1138017
1138018
1138019
1138291
1138293
1138336
1138374
1138375
1139073
1144333
1151494
1154366
1163581
1165629
1171988
1172428
1172963
1173466
1173467
1173469
1173798
1173954
1174157
1174205
1174689
1174699
1174757
1174784
1174978
1175112
1175127
1175193
1175194
1175213
1175228
1175515
1175518
1175691
1175749
1176069
1176569
1178666
1178667
1178668
CVE-2017-12481
CVE-2017-12482
CVE-2017-2807
CVE-2017-2808
CVE-2018-12207
CVE-2019-10124
CVE-2019-11135
CVE-2019-11477
CVE-2019-11478
CVE-2019-11479
CVE-2019-11487
CVE-2019-11779
CVE-2019-12380
CVE-2019-12382
CVE-2019-12456
CVE-2019-12818
CVE-2019-12819
CVE-2019-3846
CVE-2020-10135
CVE-2020-14314
CVE-2020-14331
CVE-2020-14349
CVE-2020-14350
CVE-2020-14356
CVE-2020-14386
CVE-2020-14577
CVE-2020-14578
CVE-2020-14579
CVE-2020-14581
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
CVE-2020-15304
CVE-2020-15305
CVE-2020-15306
CVE-2020-16166
CVE-2020-1749
CVE-2020-24394
CVE-2020-25694
CVE-2020-25695
CVE-2020-25696
openSUSE-SU-2019:1571-1
openSUSE-SU-2019:1779-1
openSUSE-SU-2019:2206-1
openSUSE-SU-2019:2710-1
openSUSE-SU-2020:1015-1
openSUSE-SU-2020:1688-1
SUSE-SU-2020:2861-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE Linux Enterprise Server 12 SP4-LTSS
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • kernel-debug-4.12.14-lp151.28.7 is installed
  • OR kernel-debug-base-4.12.14-lp151.28.7 is installed
  • OR kernel-debug-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-default-4.12.14-lp151.28.7 is installed
  • OR kernel-default-base-4.12.14-lp151.28.7 is installed
  • OR kernel-default-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-docs-4.12.14-lp151.28.7 is installed
  • OR kernel-docs-html-4.12.14-lp151.28.7 is installed
  • OR kernel-kvmsmall-4.12.14-lp151.28.7 is installed
  • OR kernel-kvmsmall-base-4.12.14-lp151.28.7 is installed
  • OR kernel-kvmsmall-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-macros-4.12.14-lp151.28.7 is installed
  • OR kernel-obs-build-4.12.14-lp151.28.7 is installed
  • OR kernel-obs-qa-4.12.14-lp151.28.7 is installed
  • OR kernel-source-4.12.14-lp151.28.7 is installed
  • OR kernel-source-vanilla-4.12.14-lp151.28.7 is installed
  • OR kernel-syms-4.12.14-lp151.28.7 is installed
  • OR kernel-vanilla-4.12.14-lp151.28.7 is installed
  • OR kernel-vanilla-base-4.12.14-lp151.28.7 is installed
  • OR kernel-vanilla-devel-4.12.14-lp151.28.7 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • libIlmImf-2_2-23-2.2.1-lp152.7.5 is installed
  • OR libIlmImf-2_2-23-32bit-2.2.1-lp152.7.5 is installed
  • OR libIlmImfUtil-2_2-23-2.2.1-lp152.7.5 is installed
  • OR libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.5 is installed
  • OR openexr-2.2.1-lp152.7.5 is installed
  • OR openexr-devel-2.2.1-lp152.7.5 is installed
  • OR openexr-doc-2.2.1-lp152.7.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND Package Information
  • kernel-default-4.12.14-95.60 is installed
  • OR kernel-default-base-4.12.14-95.60 is installed
  • OR kernel-default-devel-4.12.14-95.60 is installed
  • OR kernel-devel-4.12.14-95.60 is installed
  • OR kernel-macros-4.12.14-95.60 is installed
  • OR kernel-source-4.12.14-95.60 is installed
  • OR kernel-syms-4.12.14-95.60 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.271-43.41 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.271-43.41 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.271-43.41 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.271-43.41 is installed
    • BACK