Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2024:0156-1 Important: Kernel Security Update, DoS Threat

opensuse
Calendar Grey January 18, 2024
Dist Opensuse Esm H88
Fedora Linux 36 kernel has been patched with crucial vulnerabilities fixed. Upgrade now to improve your system's safety.
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes

Description

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security

bugfixes.

The following security bugs were fixed:

* CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix

garbage collector's deletion of SKB races with unix_stream_read_generic()on

the socket that the SKB is queued on (bsc#1218447).

* CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing

debug information (bsc#1217946).

* CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race

condition in bt_sock_recvmsg (bsc#1218559).

* CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the

Bluetooth subsystem that would allow replay attacks (bsc#1179610

bsc#1215237).

* CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving

a malformed length from a server (bsc#1217947).

* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via

the GSMIOC_SETCONF ioctl that could lead to local privilege...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service security issue information leak buffer overflow kernel SUSE

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4

zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-156=1

* SUSE Linux Enterprise Real Time 15 SP4

zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2024-156=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4

zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-156=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4

zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-156=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-156=1

* SUSE Manager Proxy 4.3

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-156=1

* SUSE Manager Retail Branch Server 4.3

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-

Server-4.3-2024-156=1

* SUSE Manager...

Read the Full Advisory

Package List

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)

* kernel-64kb-5.14.21-150400.24.103.1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)

* kernel-64kb-devel-debuginfo-5.14.21-150400.24.103.1

* kernel-64kb-debugsource-5.14.21-150400.24.103.1

* kernel-64kb-debuginfo-5.14.21-150400.24.103.1

* kernel-64kb-devel-5.14.21-150400.24.103.1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc

x86_64)

* kernel-default-5.14.21-150400.24.103.1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64

x86_64)

* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.103.1

* kernel-obs-build-5.14.21-150400.24.103.1

* kernel-default-debugsource-5.14.21-150400.24.103.1

* kernel-obs-build-debugsource-5.14.21-150400.24.103.1

* reiserfs-kmp-default-5.14.21-150400.24.103.1

* kernel-default-devel-5.14.21-150400.24.103.1

* kernel-syms-5.14.21-150400.24.103.1

* kernel-default-devel-debuginfo-5.14.21-150400.24.103.1

*...

Read the Full Advisory

References

* bsc#1179610

* bsc#1183045

* bsc#1193285

* bsc#1211162

* bsc#1211226

* bsc#1212584

* bsc#1214747

* bsc#1214823

* bsc#1215237

* bsc#1215696

* bsc#1215885

* bsc#1216057

* bsc#1216559

* bsc#1216776

* bsc#1217036

* bsc#1217217

* bsc#1217250

* bsc#1217602

* bsc#1217692

* bsc#1217790

* bsc#1217801

* bsc#1217933

* bsc#1217938

* bsc#1217946

* bsc#1217947

* bsc#1217980

* bsc#1217981

* bsc#1217982

* bsc#1218056

* bsc#1218139

* bsc#1218184

* bsc#1218234

* bsc#1218253

* bsc#1218258

* bsc#1218335

* bsc#1218357

* bsc#1218447

* bsc#1218515

* bsc#1218559

* bsc#1218569

* bsc#1218659

* jsc#PED-3459

* jsc#PED-5021

* jsc#PED-7322

## References:

* https://www.suse.com/security/cve/CVE-2020-26555.html

* https://www.suse.com/security/cve/CVE-2023-51779.html

* https://www.suse.com/security/cve/CVE-2023-6121.html

* https://www.suse.com/security/cve/CVE-2023-6531.html

* https://www.suse.com/security/cve/CVE-2023-6546.html

* https://www.suse.com/security/cve/CVE-2023-6606.html

* https://www.suse.com/security/cve/CVE-2023-6610.html

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0156-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service security issue information leak buffer overflow kernel SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here