Oval Definition:oval:org.opensuse.security:def:68106
Revision Date:2021-03-17Version:1
Title:Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP1) (Important)
Description:

This update for the Linux Kernel 4.12.14-197_75 fixes several issues.

The following security issues were fixed:

- CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). - CVE-2021-0342: Fixed a potential memory corruption due to a use after free which could have led to local escalation of privilege with System execution privileges required (bsc#1180859).
Family:unixClass:patch
Status:Reference(s):1051510
1055117
1071995
1083647
1083710
1102247
1103991
1103992
1104745
1109837
1111666
1112374
1119222
1123080
1127034
1127315
1127611
1129770
1130972
1133021
1134090
1134097
1134390
1134399
1135335
1135642
1136217
1136342
1136460
1136461
1136462
1136467
1137458
1137534
1137535
1137584
1137609
1137811
1137827
1138874
1139358
1139619
1140133
1140139
1140322
1140559
1140652
1140676
1140903
1140945
1140948
1141312
1141401
1141402
1141452
1141453
1141454
1141478
1141558
1142023
1142052
1142083
1142112
1142115
1142119
1142220
1142221
1142254
1142350
1142351
1142354
1142359
1142450
1142623
1142673
1142701
1142868
1143003
1143045
1143105
1143185
1143189
1143191
1143209
1143507
1178684
1179616
1179664
1180859
1181553
CVE-2013-2186
CVE-2014-0050
CVE-2018-20855
CVE-2019-1125
CVE-2019-11810
CVE-2019-13631
CVE-2019-13648
CVE-2019-14283
CVE-2019-14284
CVE-2020-27786
CVE-2020-28374
CVE-2020-29368
CVE-2021-0342
CVE-2021-3347
SUSE-SU-2019:2073-1
SUSE-SU-2021:0818-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Live Patching 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND jakarta-commons-fileupload-1.1.1-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • kernel-default-4.12.14-197.15 is installed
  • OR kernel-default-base-4.12.14-197.15 is installed
  • OR kernel-default-devel-4.12.14-197.15 is installed
  • OR kernel-default-man-4.12.14-197.15 is installed
  • OR kernel-devel-4.12.14-197.15 is installed
  • OR kernel-macros-4.12.14-197.15 is installed
  • OR kernel-source-4.12.14-197.15 is installed
  • OR kernel-zfcpdump-4.12.14-197.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
  • AND kernel-livepatch-4_12_14-197_75-default-3-2.2 is installed
    • BACK