openSUSE 15.2: 2021:1477-1 Important: Kernel Security Update
opensuse
November 15, 2021
An update that solves 15 vulnerabilities and has 41 fixes is now available
Description
The openSUSE Leap 15.2 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed
local users to create files with an unintended group ownership, in a
scenario where a directory is SGID to a certain group and is writable by
a user who is not a member of that group. Here, the non-member can
trigger creation of a plain file whose group ownership is that group.
The intended behavior was that the non-member can trigger creation of a
directory (but not a plain file) whose group ownership is that group.
The non-member can escalate privileges by making the plain file
executable and SGID (bnc#1100416 bnc#1129735).
- CVE-2021-33033: The Linux kernel had a use-after-free in cipso_v4_genopt
in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for
the DOI definitions is mishandled, aka CID-ad5d07f4a9cd....
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1477=1
Package List
- openSUSE Leap 15.2 (noarch):
kernel-devel-5.3.18-lp152.102.1
kernel-docs-5.3.18-lp152.102.1
kernel-docs-html-5.3.18-lp152.102.1
kernel-macros-5.3.18-lp152.102.1
kernel-source-5.3.18-lp152.102.1
kernel-source-vanilla-5.3.18-lp152.102.1
- openSUSE Leap 15.2 (x86_64):
kernel-debug-5.3.18-lp152.102.1
kernel-debug-debuginfo-5.3.18-lp152.102.1
kernel-debug-debugsource-5.3.18-lp152.102.1
kernel-debug-devel-5.3.18-lp152.102.1
kernel-debug-devel-debuginfo-5.3.18-lp152.102.1
kernel-default-5.3.18-lp152.102.1
kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1
kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1
kernel-default-debuginfo-5.3.18-lp152.102.1
kernel-default-debugsource-5.3.18-lp152.102.1
kernel-default-devel-5.3.18-lp152.102.1
kernel-default-devel-debuginfo-5.3.18-lp152.102.1
kernel-kvmsmall-5.3.18-lp152.102.1
kernel-kvmsmall-debuginfo-5.3.18-lp152.102.1
kernel-kvmsmall-debugsource-5.3.18-lp152.102.1
kernel-kvmsmall-devel-5.3.18-lp152.102.1
kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.102.1
kernel-o...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2018-13405.html
https://www.suse.com/security/cve/CVE-2021-33033.html
https://www.suse.com/security/cve/CVE-2021-34556.html
https://www.suse.com/security/cve/CVE-2021-3542.html
https://www.suse.com/security/cve/CVE-2021-35477.html
https://www.suse.com/security/cve/CVE-2021-3655.html
https://www.suse.com/security/cve/CVE-2021-3715.html
https://www.suse.com/security/cve/CVE-2021-3760.html
https://www.suse.com/security/cve/CVE-2021-3772.html
https://www.suse.com/security/cve/CVE-2021-3896.html
https://www.suse.com/security/cve/CVE-2021-41864.html
https://www.suse.com/security/cve/CVE-2021-42008.html
https://www.suse.com/security/cve/CVE-2021-42252.html
https://www.suse.com/security/cve/CVE-2021-42739.html
https://www.suse.com/security/cve/CVE-2021-43056.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1100416
https://bugzilla.suse.com/1129735
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1154353
https://bugzi...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:1477-1
Rating: important
Affected Products:
openSUSE Leap 15.2
ble.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!