Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2020:0204-1 Critical: Live Kernel Patch DoS Fixes

suse
Calendar Grey January 22, 2020
Dist Suse Esm H88
Essential SUSE security patch addresses vulnerabilities found in the Linux kernel that impact various SLE releases, accompanied by required fix guidelines.
An update that fixes two vulnerabilities is now available

Summary

This update for the Linux Kernel 3.12.74-60_64_110 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Patch Instructions:

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important Linux Kernel SUSE Linux Enterprise live patching

References

#1160467 #1160468

Cross- CVE-2019-14896 CVE-2019-14897

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Module for Live Patching 15-SP1

SUSE Linux Enterprise Module for Live Patching 15

SUSE Linux Enterprise Live Patching 12-SP5

SUSE Linux Enterprise Live Patching 12-SP4

https://www.suse.com/security/cve/CVE-2019-14896.html

https://www.suse.com/security/cve/CVE-2019-14897.html

https://bugzilla.suse.com/1160467

https://bugzilla.suse.com/1160468

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0204-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important Linux Kernel SUSE Linux Enterprise live patching

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here