openSUSE 15.2: Security Update SUSE-SU-2021:0873-1 Critical Kernel Memory
opensuse
June 16, 2021
An update that solves two vulnerabilities and has 57 fixes is now available
Description
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed
attackers to cause a denial of service (panic) because
net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a
full memory barrier upon the assignment of a new table value
(bnc#1184208).
- CVE-2021-29155: Fixed an issue that was discovered in
kernel/bpf/verifier.c that performs undesirable out-of-bounds
speculation on pointer arithmetic, leading to side-channel attacks that
defeat Spectre mitigations and obtain sensitive information from kernel
memory. Specifically, for sequences of pointer arithmetic operations,
the pointer modification performed by the first operation was not
correctly accounted for when restricting subsequent operations
(bnc#1184942).
The following non-security bugs...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-873=1
Package List
- openSUSE Leap 15.2 (noarch):
kernel-devel-rt-5.3.18-lp152.3.11.1
kernel-source-rt-5.3.18-lp152.3.11.1
- openSUSE Leap 15.2 (x86_64):
cluster-md-kmp-rt-5.3.18-lp152.3.11.1
cluster-md-kmp-rt-debuginfo-5.3.18-lp152.3.11.1
cluster-md-kmp-rt_debug-5.3.18-lp152.3.11.1
cluster-md-kmp-rt_debug-debuginfo-5.3.18-lp152.3.11.1
dlm-kmp-rt-5.3.18-lp152.3.11.1
dlm-kmp-rt-debuginfo-5.3.18-lp152.3.11.1
dlm-kmp-rt_debug-5.3.18-lp152.3.11.1
dlm-kmp-rt_debug-debuginfo-5.3.18-lp152.3.11.1
gfs2-kmp-rt-5.3.18-lp152.3.11.1
gfs2-kmp-rt-debuginfo-5.3.18-lp152.3.11.1
gfs2-kmp-rt_debug-5.3.18-lp152.3.11.1
gfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.11.1
kernel-rt-5.3.18-lp152.3.11.1
kernel-rt-debuginfo-5.3.18-lp152.3.11.1
kernel-rt-debugsource-5.3.18-lp152.3.11.1
kernel-rt-devel-5.3.18-lp152.3.11.1
kernel-rt-devel-debuginfo-5.3.18-lp152.3.11.1
kernel-rt-extra-5.3.18-lp152.3.11.1
kernel-rt-extra-debuginfo-5.3.18-lp152.3.11.1
kernel-rt_debug-5.3.18-lp152.3.11.1
kernel-rt_debug-debuginfo-5.3.18-lp152.3.11.1
kernel-rt_debug-debugsource-5.3....
Read the Full AdvisoryReferences
- spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260).
- spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to
NULL (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe
(bsc#1167260).
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write
(bsc#1167260).
- spi: spi-fsl-dspi: Replace interruptible wait queue with a simple
completion (bsc#1167260).
- spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller
(bsc#1167260).
- spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260).
- spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write
(bsc#1167260).
- spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260).
- spi: spi-fsl-dspi: Use dma_request_chan() instead
dma_request_slave_channe...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:0873-1
Rating: important
Affected Products:
openSUSE Leap 15.2
ble.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!