openSUSE: 2020:1382-1 Important: Kernel Local Privilege Escalation
opensuse
September 8, 2020
An update that solves two vulnerabilities and has 40 fixes is now available.
Description
The openSUSE Leap 15.2 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2020-14314: Fixed potential negative array index in do_split() in
ext4 (bsc#1173798).
- CVE-2020-14386: Fixed an overflow in af_packet, which could lead to
local privilege escalation (bsc#1176069).
The following non-security bugs were fixed:
- ACPICA: Do not increment operation_region reference counts for field
units (git-fixes).
- ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes).
- ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes).
- ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes).
- ALSA: hda: avoid reset of sdo_limit (git-fixes).
- ALSA: isa: fix spelling mistakes in the comments (git-fixes).
- ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes).
- ALSA: usb-audio: Update documentation comment for MS2109 quirk
...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1382=1
Package List
- openSUSE Leap 15.2 (noarch):
kernel-devel-5.3.18-lp152.41.1
kernel-docs-5.3.18-lp152.41.1
kernel-docs-html-5.3.18-lp152.41.1
kernel-macros-5.3.18-lp152.41.1
kernel-source-5.3.18-lp152.41.1
kernel-source-vanilla-5.3.18-lp152.41.1
- openSUSE Leap 15.2 (x86_64):
kernel-debug-5.3.18-lp152.41.1
kernel-debug-debuginfo-5.3.18-lp152.41.1
kernel-debug-debugsource-5.3.18-lp152.41.1
kernel-debug-devel-5.3.18-lp152.41.1
kernel-debug-devel-debuginfo-5.3.18-lp152.41.1
kernel-default-5.3.18-lp152.41.1
kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2
kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2
kernel-default-debuginfo-5.3.18-lp152.41.1
kernel-default-debugsource-5.3.18-lp152.41.1
kernel-default-devel-5.3.18-lp152.41.1
kernel-default-devel-debuginfo-5.3.18-lp152.41.1
kernel-kvmsmall-5.3.18-lp152.41.1
kernel-kvmsmall-debuginfo-5.3.18-lp152.41.1
kernel-kvmsmall-debugsource-5.3.18-lp152.41.1
kernel-kvmsmall-devel-5.3.18-lp152.41.1
kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.41.1
kernel-obs-build-5.3.18-lp152.41....
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2020-14314.html
https://www.suse.com/security/cve/CVE-2020-14386.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1133021
https://bugzilla.suse.com/1154492
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1159058
https://bugzilla.suse.com/1160634
https://bugzilla.suse.com/1169790
https://bugzilla.suse.com/1171634
https://bugzilla.suse.com/1171688
https://bugzilla.suse.com/1172108
https://bugzilla.suse.com/1172418
https://bugzilla.suse.com/1172871
https://bugzilla.suse.com/1173485
https://bugzilla.suse.com/1173798
https://bugzilla.suse.com/1174003
https://bugzilla.suse.com/1174026
https://bugzilla.suse.com/1174387
https://bugzilla.suse.com/1174699
https://bugzilla.suse.com/1174771
https://bugzilla.suse.com/1174777
https://bugzilla.suse.com/1174800
https://bugzilla.suse.com/1175128
https://bugzilla.suse.com/1175199
https://bugzilla.suse.com/1175232
https://bugzilla.suse.com/1175440
htt...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2020:1382-1
Rating: important
Affected Products:
openSUSE Leap 15.2
le.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!