Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

openSUSE: 2020:2260-1 Important: Critical Kernel DoS Fixes

opensuse
Calendar Grey December 15, 2020
Dist Opensuse Esm H88
A significant security patch for Fedora resolves numerous concerns, encompassing kernel weaknesses and urgent corrections.
An update that solves 12 vulnerabilities and has 72 fixes is now available

Description

The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive

various security and bugfixes.

The following security bugs were fixed:

- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c

which could have allowed local users to gain privileges or cause a

denial of service (bsc#1179141).

- CVE-2020-15437: Fixed a null pointer dereference which could have

allowed local users to cause a denial of service(bsc#1179140).

- CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op

(bsc#1178123).

- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()

(bsc#1178182).

- CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()

(bsc#1178393).

- CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)

- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could

have been used by local attackers to read kernel memory (bsc#1178886).

-...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service security update critical DoS critical fix kernel fix system reboot openSUSE use after free

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2260=1

Package List

- openSUSE Leap 15.2 (x86_64):

kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1

kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1

References

https://www.suse.com/security/cve/CVE-2020-15436.html

https://www.suse.com/security/cve/CVE-2020-15437.html

https://www.suse.com/security/cve/CVE-2020-25668.html

https://www.suse.com/security/cve/CVE-2020-25669.html

https://www.suse.com/security/cve/CVE-2020-25704.html

https://www.suse.com/security/cve/CVE-2020-27777.html

https://www.suse.com/security/cve/CVE-2020-28915.html

https://www.suse.com/security/cve/CVE-2020-28941.html

https://www.suse.com/security/cve/CVE-2020-28974.html

https://www.suse.com/security/cve/CVE-2020-29369.html

https://www.suse.com/security/cve/CVE-2020-29371.html

https://www.suse.com/security/cve/CVE-2020-4788.html

https://bugzilla.suse.com/1149032

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1153274

https://bugzilla.suse.com/1154353

https://bugzilla.suse.com/1155518

https://bugzilla.suse.com/1160634

https://bugzilla.suse.com/1166146

https://bugzilla.suse.com/1166166

https://bugzilla.suse.com/1167030

https://bugzilla.suse.com/1167773

https://bugzilla.suse.com/1170139

ht...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:2260-1
Rating: important
Affected Products: openSUSE Leap 15.2 able.

Topics%20covered

Topics Covered

security advisory denial of service security update critical DoS critical fix kernel fix system reboot openSUSE use after free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here