Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2019:3371-1 Important: Kernel Memory and Security Fixes

suse
Calendar Grey December 20, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for the Linux Kernel _________________________________________
An update that solves 24 vulnerabilities and has 58 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038).

References

#1048942 #1051510 #1078248 #1082635 #1089644

#1091041 #1108043 #1113722 #1114279 #1117169

#1131107 #1138039 #1140948 #1143706 #1144333

#1149448 #1150466 #1151548 #1151900 #1152782

#1153628 #1153681 #1153811 #1154043 #1154058

#1154124 #1154355 #1154526 #1154956 #1155021

#1155689 #1155692 #1155836 #1155897 #1155921

#1155982 #1156187 #1156258 #1156429 #1156466

#1156471 #1156494 #1156609 #1156700 #1156729

#1156882 #1157038 #1157042 #1157070 #1157143

#1157145 #1157158 #1157162 #1157171 #1157173

#1157178 #1157180 #1157182 #1157183 #1157184

#1157191 #1157193 #1157197 #1157298 #1157307

#1157324 #1157333 #1157424 #1157463 #1157499

#1157678 #1157698 #1157778 #1157908 #1158049

#1158063 #115...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:3371-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here