Oval Definition:	oval:org.opensuse.security:def:783
Revision Date: 2022-09-26 Version: 1 Title: Security update for the Linux Kernel (Important) Description: The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-1012: Fixed a memory leak problem that was found in the TCP source port generation algorithm in net/ipv4/tcp.c (bnc#1199482). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). The following non-security bugs were fixed: - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153 bsc#1202335). - tcp: change source port randomizarion at connect() time (bsc#1180153 bsc#1202335). Family: unix Class: patch Status: Reference(s): 1177440 1180153 1186489 1187911 1188944 1191881 1194535 1196616 1197158 1199482 1199665 1201019 1201420 1201705 1201726 1201948 1202096 1202097 1202154 1202335 1202346 1202347 1202393 1202396 1202672 1202897 1202898 1203098 1203107 CVE-2014-2892 CVE-2014-2892 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-5010 CVE-2019-9636 CVE-2019-9674 CVE-2019-9947 CVE-2020-36516 CVE-2020-8492 CVE-2021-33574 CVE-2021-35942 CVE-2021-4203 CVE-2022-1012 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-29581 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-39188 SUSE-SU-2021:3291-1 SUSE-SU-2022:3408-1 Platform(s): openSUSE 13.2 openSUSE Leap 15.4 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for High Performance Computing 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for Rasperry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Package Hub for SUSE Linux Enterprise 12 Product(s): Definition Synopsis openSUSE Leap 15.4 is installed AND Package Information kernel-debug-base-4.12.14-150100.197.123.1 is installed OR kernel-default-man-4.12.14-150100.197.123.1 is installed OR kernel-kvmsmall-base-4.12.14-150100.197.123.1 is installed OR kernel-vanilla-4.12.14-150100.197.123.1 is installed OR kernel-vanilla-base-4.12.14-150100.197.123.1 is installed OR kernel-vanilla-devel-4.12.14-150100.197.123.1 is installed OR kernel-vanilla-livepatch-devel-4.12.14-150100.197.123.1 is installed OR kernel-zfcpdump-man-4.12.14-150100.197.123.1 is installed Definition Synopsis SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information openstack-cinder-2014.2.3.dev13-1 is installed OR openstack-cinder-volume-2014.2.3.dev13-1 is installed OR python-cinder-2014.2.3.dev13-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information MozillaFirefox-31.1.0esr-1 is installed OR MozillaFirefox-translations-31.1.0esr-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND tftp-5.2-10 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information libpython3_6m1_0-3.6.10-3.53.1 is installed OR python3-3.6.10-3.53.1 is installed OR python3-base-3.6.10-3.53.1 is installed OR python3-curses-3.6.10-3.53.1 is installed OR python3-dbm-3.6.10-3.53.1 is installed OR python3-devel-3.6.10-3.53.1 is installed OR python3-idle-3.6.10-3.53.1 is installed OR python3-tk-3.6.10-3.53.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP3 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Storage 7.1 is installed OR SUSE Manager Proxy 4.2 is installed OR SUSE Manager Retail Branch Server 4.2 is installed OR SUSE Manager Server 4.2 is installed AND Package Information glibc-2.31-9.3.2 is installed OR glibc-32bit-2.31-9.3.2 is installed OR glibc-devel-2.31-9.3.2 is installed OR glibc-extra-2.31-9.3.2 is installed OR glibc-i18ndata-2.31-9.3.2 is installed OR glibc-info-2.31-9.3.2 is installed OR glibc-lang-2.31-9.3.2 is installed OR glibc-locale-2.31-9.3.2 is installed OR glibc-locale-base-2.31-9.3.2 is installed OR glibc-locale-base-32bit-2.31-9.3.2 is installed OR glibc-profile-2.31-9.3.2 is installed OR nscd-2.31-9.3.2 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 is installed AND Package Information cluster-md-kmp-default-4.12.14-25.6 is installed OR dlm-kmp-default-4.12.14-25.6 is installed OR gfs2-kmp-default-4.12.14-25.6 is installed OR kernel-default-4.12.14-25.6 is installed OR ocfs2-kmp-default-4.12.14-25.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information libpython3_6m1_0-3.6.10-3.53 is installed OR python3-3.6.10-3.53 is installed OR python3-base-3.6.10-3.53 is installed OR python3-curses-3.6.10-3.53 is installed OR python3-dbm-3.6.10-3.53 is installed OR python3-devel-3.6.10-3.53 is installed OR python3-idle-3.6.10-3.53 is installed OR python3-tk-3.6.10-3.53 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information wireshark-2.4.8-3.6 is installed OR wireshark-devel-2.4.8-3.6 is installed OR wireshark-ui-qt-2.4.8-3.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information libmms-devel-0.6.4-1 is installed OR libmms0-0.6.4-1 is installed Definition Synopsis SUSE Linux Enterprise Module for Development Tools 15 is installed AND Package Information crash-7.2.1-3.2 is installed OR crash-devel-7.2.1-3.2 is installed OR crash-kmp-default-7.2.1_k4.12.14_23-3.2 is installed OR lttng-modules-2.10.0-5.2 is installed OR lttng-modules-kmp-default-2.10.0_k4.12.14_23-5.2 is installed Definition Synopsis SUSE Linux Enterprise Module for High Performance Computing 15 is installed AND Package Information libpmi0-17.11.7-6.3 is installed OR libslurm32-17.11.7-6.3 is installed OR perl-slurm-17.11.7-6.3 is installed OR slurm-17.11.7-6.3 is installed OR slurm-auth-none-17.11.7-6.3 is installed OR slurm-config-17.11.7-6.3 is installed OR slurm-devel-17.11.7-6.3 is installed OR slurm-doc-17.11.7-6.3 is installed OR slurm-lua-17.11.7-6.3 is installed OR slurm-munge-17.11.7-6.3 is installed OR slurm-node-17.11.7-6.3 is installed OR slurm-pam_slurm-17.11.7-6.3 is installed OR slurm-plugins-17.11.7-6.3 is installed OR slurm-slurmdbd-17.11.7-6.3 is installed OR slurm-sql-17.11.7-6.3 is installed OR slurm-torque-17.11.7-6.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information kernel-default-4.12.14-25.6 is installed OR reiserfs-kmp-default-4.12.14-25.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-default-4.12.14-25.6 is installed OR kernel-default-livepatch-4.12.14-25.6 is installed OR kernel-livepatch-4_12_14-25_6-default-1-1.3 is installed OR kernel-livepatch-SLE15_Update_2-1-1.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information containerd-1.1.2-5.3 is installed OR containerd-ctr-1.1.2-5.3 is installed OR containerd-test-1.1.2-5.3 is installed OR docker-18.06.1_ce-6.8 is installed OR docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3 is installed OR docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.3 is installed OR docker-test-18.06.1_ce-6.8 is installed OR docker-zsh-completion-18.06.1_ce-6.8 is installed OR go-1.10.4-3.6 is installed OR go-doc-1.10.4-3.6 is installed OR go1.10-1.10.7-1.5 is installed OR go1.10-doc-1.10.7-1.5 is installed OR golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3 is installed OR golang-packaging-15.0.11-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 15 is installed AND Package Information kernel-azure-4.12.14-5.13 is installed OR kernel-azure-base-4.12.14-5.13 is installed OR kernel-azure-devel-4.12.14-5.13 is installed OR kernel-devel-azure-4.12.14-5.13 is installed OR kernel-source-azure-4.12.14-5.13 is installed OR kernel-syms-azure-4.12.14-5.13 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information xen-4.10.1_06-3.3 is installed OR xen-devel-4.10.1_06-3.3 is installed OR xen-tools-4.10.1_06-3.3 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information kernel-default-4.12.14-25.3 is installed OR kernel-default-extra-4.12.14-25.3 is installed Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 12 is installed AND Package Information chromedriver-53.0.2785.89-96 is installed OR chromium-53.0.2785.89-96 is installed OR chromium-desktop-gnome-53.0.2785.89-96 is installed OR chromium-desktop-kde-53.0.2785.89-96 is installed OR chromium-ffmpegsumo-53.0.2785.89-96 is installed
BACK