Oval Definition:oval:org.opensuse.security:def:67817
Revision Date:2021-03-09Version:1
Title:Security update for the Linux Kernel (Important)
Description:

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).

The following non-security bugs were fixed:

- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) The in-tree KMP that is built with SLE kernels have a different scriptlet that is embedded in kernel-binary.spec.in rather than *.sh files. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175).
Family:unixClass:patch
Status:Reference(s):1065600
1163592
1178401
1178762
1179014
1179015
1179045
1179082
1179428
1179660
1180058
1181747
1181753
1181843
1182140
1182175
CVE-2010-1163
CVE-2010-1646
CVE-2011-0010
CVE-2012-2337
CVE-2013-1775
CVE-2013-1776
CVE-2014-2892
CVE-2014-9680
CVE-2016-7032
CVE-2016-7076
CVE-2017-1000367
CVE-2017-1000368
CVE-2020-29368
CVE-2020-29374
CVE-2021-26930
CVE-2021-26931
CVE-2021-26932
SUSE-SU-2021:0740-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND Package Information
  • kernel-default-livepatch-4.12.14-150.69.1 is installed
  • OR kernel-livepatch-4_12_14-150_69-default-1-1.3.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • sudo-1.8.22-4.3 is installed
  • OR sudo-devel-1.8.22-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • libmms-devel-0.6.4-1 is installed
  • OR libmms0-0.6.4-1 is installed
    • BACK