Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:2121-1 important: the Linux Kernel

    Date
    151
    Posted By
    An update that solves 15 vulnerabilities and has 37 fixes is now available.
    
       SUSE Security Update: Security update for the Linux Kernel
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:2121-1
    Rating:             important
    References:         #1051510 #1065729 #1071995 #1085030 #1104967 
                        #1114279 #1144333 #1148868 #1150660 #1152107 
                        #1152472 #1152624 #1158983 #1159058 #1161016 
                        #1162002 #1162063 #1168081 #1169194 #1169514 
                        #1169795 #1170011 #1170592 #1170618 #1171124 
                        #1171424 #1171558 #1171673 #1171732 #1171761 
                        #1171868 #1171904 #1172257 #1172344 #1172458 
                        #1172484 #1172759 #1172775 #1172781 #1172782 
                        #1172783 #1172999 #1173265 #1173280 #1173428 
                        #1173462 #1173514 #1173567 #1173573 #1174115 
                        #1174462 #1174543 
    Cross-References:   CVE-2019-16746 CVE-2019-20810 CVE-2019-20908
                        CVE-2020-0305 CVE-2020-10766 CVE-2020-10767
                        CVE-2020-10768 CVE-2020-10769 CVE-2020-10773
                        CVE-2020-12771 CVE-2020-12888 CVE-2020-13974
                        CVE-2020-14416 CVE-2020-15393 CVE-2020-15780
                       
    Affected Products:
                        SUSE OpenStack Cloud Crowbar 9
                        SUSE OpenStack Cloud 9
                        SUSE Linux Enterprise Server for SAP 12-SP4
                        SUSE Linux Enterprise Server 12-SP4-LTSS
                        SUSE Linux Enterprise Live Patching 12-SP4
                        SUSE Linux Enterprise High Availability 12-SP4
    ______________________________________________________________________________
    
       An update that solves 15 vulnerabilities and has 37 fixes
       is now available.
    
    Description:
    
    
    
       The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive
       various security and bugfixes.
    
       The following security bugs were fixed:
    
       - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
         use-after-free due to a race condition. This could lead to local
         escalation of privilege with System execution privileges needed. User
         interaction is not needed for exploitation (bnc#1174462).
       - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c
         where incorrect access permissions for the efivar_ssdt ACPI variable
         could be used by attackers to bypass lockdown or secure boot
         restrictions, aka CID-1957a85b0032 (bnc#1173567).
       - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c
         where injection of malicious ACPI tables via configfs could be used by
         attackers to bypass lockdown and secure boot restrictions, aka
         CID-75b0cea7bf30 (bnc#1173573).
       - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a
         memory leak, aka CID-28ebeb8db770 (bnc#1173514).
       - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a
         deadlock if a coalescing operation fails (bnc#1171732).
       - CVE-2019-16746: net/wireless/nl80211.c did not check the length of
         variable elements in a beacon head, leading to a buffer overflow
         (bnc#1152107).
       - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access
         disabled memory space (bnc#1171868).
       - CVE-2020-10769: A buffer over-read flaw was found in
         crypto_authenc_extractkeys in crypto/authenc.c in the IPsec
         Cryptographic algorithm's module, authenc. When a payload longer than 4
         bytes, and is not following 4-byte alignment boundary guidelines, it
         causes a buffer over-read threat, leading to a system crash. This flaw
         allowed a local attacker with user privileges to cause a denial of
         service (bnc#1173265).
       - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed
         (bnc#1172999).
       - CVE-2020-14416: A race condition in tty->disc_data handling in the slip
         and slcan line discipline could lead to a use-after-free, aka
         CID-0ace17d56824. This affects drivers/net/slip/slip.c and
         drivers/net/can/slcan.c (bnc#1162002).
       - CVE-2020-10768: Indirect branch speculation could have been enabled
         after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
         (bnc#1172783).
       - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux
         scheduler logical bug allows an attacker to turn off the SSBD
         protection. (bnc#1172781).
       - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled
         when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782).
       - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if
         k_ascii is called several times in a row, aka CID-b86dab054059.
         (bnc#1172775).
       - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c
         in the Linux kernel did not call snd_card_free for a failure path, which
         causes a memory leak, aka CID-9453264ef586 (bnc#1172458).
    
       The following non-security bugs were fixed:
    
       - ACPI: PM: Avoid using power resources if there are none for D0
         (bsc#1051510).
       - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510).
       - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)).
       - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
       - block, bfq: postpone rq preparation to insert or merge (bsc#1104967
         bsc#1171673).
       - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)).
       - block: sed-opal: fix sparse warning: convert __be64 data (git fixes
         (block drivers)).
       - btrfs: always wait on ordered extents at fsync time (bsc#1171761).
       - btrfs: clean up the left over logged_list usage (bsc#1171761).
       - btrfs: do not zero f_bavail if we have available space (bsc#1168081).
       - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761).
       - btrfs: fix missing data checksums after a ranged fsync (msync)
         (bsc#1171761).
       - btrfs: fix missing file extent item for hole after ranged fsync
         (bsc#1171761).
       - btrfs: fix missing hole after hole punching and fsync when using
         NO_HOLES (bsc#1171761).
       - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761).
       - btrfs: fix rare chances for data loss when doing a fast fsync
         (bsc#1171761).
       - btrfs: Remove extra parentheses from condition in copy_items()
         (bsc#1171761).
       - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761).
       - btrfs: remove no longer used logged range variables when logging extents
         (bsc#1171761).
       - btrfs: remove no longer used 'sync' member from transaction handle
         (bsc#1171761).
       - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761).
       - btrfs: remove the logged extents infrastructure (bsc#1171761).
       - btrfs: remove the wait ordered logic in the log_one_extent path
         (bsc#1171761).
       - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124).
       - CDC-ACM: heed quirk also in error handling (git-fixes).
       - cifs: get rid of unused parameter in reconn_setup_dfs_targets()
         (bsc#1144333).
       - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333
         bsc#1161016).
       - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333
         bsc#1161016).
       - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510).
       - clk: clk-flexgen: fix clock-critical handling (bsc#1051510).
       - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510).
       - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block
         drivers)).
       - compat_ioctl: block: handle Persistent Reservations (git fixes (block
         drivers)).
       - copy_{to,from}_user(): consolidate object size checks (git fixes).
       - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
         fully iterated (git-fixes).
       - dm btree: increase rebalance threshold in __rebalance2() (git fixes
         (block drivers)).
       - dm cache: fix a crash due to incorrect work item cancelling (git fixes
         (block drivers)).
       - dm crypt: fix benbi IV constructor crash if used in authenticated mode
         (git fixes (block drivers)).
       - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block
         drivers)).
       - dm space map common: fix to ensure new block isn't already in use (git
         fixes (block drivers)).
       - dm: various cleanups to md->queue initialization code (git fixes).
       - dm verity fec: fix hash block number in verity_fec_decode (git fixes
         (block drivers)).
       - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block
         drivers)).
       - Drivers: hv: Change flag to write log level in panic msg to false
         (bsc#1170618).
       - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static
         (bsc#1051510).
       - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472)  * context
         changes
       - drm: encoder_slave: fix refcouting error for modules (bsc#1114279)
       - drm/mediatek: Check plane visibility in atomic_update (bsc#1152472)  *
         context changes
       - drm/qxl: Use correct notify port address when creating cursor ring
         (bsc#1152472)
       - drm/radeon: fix double free (bsc#1152472)
       - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472)
       - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510).
       - e1000e: Do not wake up the system via WOL if device wakeup is disabled
         (bsc#1051510).
       - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279).
       - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510).
       - evm: Fix a small race in init_desc() (bsc#1051510).
       - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
         (bsc#1051510).
       - gpiolib: Document that GPIO line names are not globally unique
         (bsc#1051510).
       - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510).
       - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397).
       - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280
         ltc#185369).
       - ibmvnic: Flush existing work items before device removal (bsc#1065729).
       - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
       - iio: buffer: Do not allow buffers without any channels enabled to be
         activated (bsc#1051510).
       - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510).
       - ima: Directly assign the ima_default_policy pointer to ima_rules
         (bsc#1051510).
       - ima: Fix ima digest hash table key calculation (bsc#1051510).
       - include/asm-generic/topology.h: guard cpumask_of_node() macro argument
         (bsc#1148868).
       - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
       - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS
         (bsc#1114279).
       - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
         (bsc#1114279).
       - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904).
       - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
         (bsc#1171904).
       - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904).
       - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462).
       - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
       - livepatch: Disallow vmlinux.ko (bsc#1071995).
       - livepatch: Make klp_apply_object_relocs static (bsc#1071995).
       - livepatch: Prevent module-specific KLP rela sections from referencing
         vmlinux symbols (bsc#1071995).
       - livepatch: Remove .klp.arch (bsc#1071995).
       - md: Avoid namespace collision with bitmap API (git fixes (block
         drivers)).
       - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes
         (block drivers)).
       - mmc: fix compilation of user API (bsc#1051510).
       - netfilter: connlabels: prefer static lock initialiser (git-fixes).
       - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795).
       - netfilter: not mark a spinlock as __read_mostly (git-fixes).
       - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
         vmxnet3_get_rss() (bsc#1172484).
       - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
         (bsc#1170592).
       - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592).
       - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558
         bsc#1159058).
       - nvme: do not update multipath disk information if the controller is down
         (bcs#1171558 bsc#1159058).
       - objtool: Clean instruction state before each function validation
         (bsc#1169514).
       - objtool: Ignore empty alternatives (bsc#1169514).
       - overflow: Fix -Wtype-limits compilation warnings (git fixes).
       - overflow.h: Add arithmetic shift helper (git fixes).
       - p54usb: add AirVasT USB stick device-id (bsc#1051510).
       - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510).
       - PCI: Fix pci_register_host_bridge() device_register() error handling
         (bsc#1051510).
       - PCI: Program MPS for RCiEP devices (bsc#1051510).
       - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
         (bsc#1051510).
       - perf: Allocate context task_ctx_data for child event (git-fixes).
       - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
       - perf: Copy parent's address filter offsets on clone (git-fixes).
       - perf/core: Add sanity check to deal with pinned event failure
         (git-fixes).
       - perf/core: Avoid freeing static PMU contexts when PMU is unregistered
         (git-fixes).
       - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
       - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
       - perf/core: Fix bad use of igrab() (git fixes (dependent patch)).
       - perf/core: Fix crash when using HW tracing kernel filters (git-fixes).
       - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
       - perf/core: Fix error handling in perf_event_alloc() (git-fixes).
       - perf/core: Fix exclusive events' grouping (git-fixes).
       - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
       - perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
       - perf/core: Fix locking for children siblings group read (git-fixes).
       - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes
         (dependent patch for 18736eef1213)).
       - perf/core: Fix perf_event_read_value() locking (git-fixes).
       - perf/core: Fix perf_pmu_unregister() locking (git-fixes).
       - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent
         patch)).
       - perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
       - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
       - perf/core: Fix race between close() and fork() (git-fixes).
       - perf/core: Fix the address filtering fix (git-fixes).
       - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
       - perf/core: Force USER_DS when recording user stack data (git-fixes).
       - perf/core: Restore mmap record type correctly (git-fixes).
       - perf: Fix header.size for namespace events (git-fixes).
       - perf/ioctl: Add check for the sample_period value (git-fixes).
       - perf, pt, coresight: Fix address filters for vmas with non-zero offset
         (git-fixes).
       - perf: Return proper values for user stack errors (git-fixes).
       - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
       - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus
         precise RIP validity (git-fixes).
       - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
       - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family
         (10h) (git-fixes).
       - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static
         (git-fixes).
       - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3
         PMCs (git-fixes stable).
       - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
       - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf
         events (git-fixes stable).
       - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
       - perf/x86: Fix incorrect PEBS_REGS (git-fixes).
       - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
         (git-fixes).
       - perf/x86/intel: Add proper condition to run sched_task callbacks
         (git-fixes).
       - perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
       - perf/x86/intel: Fix PT PMI handling (git-fixes).
       - perf/x86/intel: Move branch tracing setup to the Intel-specific source
         file (git-fixes).
       - perf/x86/intel/uncore: Add Node ID mask (git-fixes).
       - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
       - perf/x86/pt, coresight: Clean up address filter structure (git fixes
         (dependent patch)).
       - perf/x86/uncore: Fix event group support (git-fixes).
       - pid: Improve the comment about waiting in zap_pid_ns_processes (git
         fixes)).
       - pinctrl: freescale: imx: Fix an error handling path in
         'imx_pinctrl_probe()' (bsc#1051510).
       - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
         (bsc#1051510).
       - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE
         GPIOs (bsc#1051510).
       - pnp: Use list_for_each_entry() instead of open coding (git fixes).
       - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729).
       - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
         (bsc#1065729).
       - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030).
       - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with
         select (bsc#1051510).
       - power: supply: lp8788: Fix an error handling path in
         'lp8788_charger_probe()' (bsc#1051510).
       - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510).
       - raid5: remove gfp flags from scribble_alloc() (git fixes (block
         drivers)).
       - resolve KABI warning for perf-pt-coresight (git-fixes).
       - Revert "bcache: ignore pending signals when creating gc and allocator
         thread" (git fixes (block drivers)).
       - Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" (git
         fixes (block drivers)).
       - Revert "tools lib traceevent: Remove unneeded qsort and uses memmove"
       - rpm/kernel-docs.spec.in: Require python-packaging for build.
       - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194).
       - s390: fix syscall_get_error for compat processes (git-fixes).
       - s390/qdio: consistently restore the IRQ handler (git-fixes).
       - s390/qdio: lock device while installing IRQ handler (git-fixes).
       - s390/qdio: put thinint indicator after early error (git-fixes).
       - s390/qdio: tear down thinint indicator after early error (git-fixes).
       - s390/qeth: fix error handling for isolation mode cmds (git-fixes).
       - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM
         (bsc#1172759 ltc#184814).
       - scsi: qedf: Add port_id getter (bsc#1150660).
       - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request
         (bsc#1158983).
       - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510).
       - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510).
       - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510).
       - SUNRPC: The TCP back channel mustn't disappear while requests are
         outstanding (bsc#1152624).
       - tracing: Fix event trigger to accept redundant spaces (git-fixes).
       - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510).
       - tty: n_gsm: Fix SOF skipping (bsc#1051510).
       - tty: n_gsm: Fix waking up upper tty layer when room available
         (bsc#1051510).
       - usb: dwc2: gadget: move gadget resume after the core is in L0 state
         (bsc#1051510).
       - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null
         check (bsc#1051510).
       - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in
         s3c2410_udc_nuke (bsc#1051510).
       - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
         (bsc#1051510).
       - usb: musb: Fix runtime PM imbalance on error (bsc#1051510).
       - usb: musb: start session in resume for host port (bsc#1051510).
       - usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510).
       - usb: serial: qcserial: add DW5816e QDL support (bsc#1051510).
       - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors
         (bsc#1051510).
       - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors
         (git-fixes).
       - virtio-blk: handle block_device_operations callbacks after hot unplug
         (git fixes (block drivers)).
       - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484).
       - vmxnet3: add support to get/set rx flow hash (bsc#1172484).
       - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484).
       - vmxnet3: avoid format strint overflow warning (bsc#1172484).
       - vmxnet3: prepare for version 4 changes (bsc#1172484).
       - vmxnet3: Remove always false conditional statement (bsc#1172484).
       - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484).
       - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter
         (bsc#1172484).
       - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484).
       - vmxnet3: update to version 4 (bsc#1172484).
       - vmxnet3: use correct hdr reference when packet is encapsulated
         (bsc#1172484).
       - w1: omap-hdq: cleanup to add missing newline for some dev_dbg
         (bsc#1051510).
       - work around mvfs bug (bsc#1162063).
       - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279).
       - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS
         (git-fixes).
       - x86: Fix early boot crash on gcc-10, third try (bsc#1114279).
       - x86/{mce,mm}: Unmap the entire page if the whole page is affected and
         poisoned (bsc#1172257).
       - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279).
       - xfrm: fix error in comment (git fixes).
    
    
    Special Instructions and Notes:
    
       Please reboot the system after installing this update.
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE OpenStack Cloud Crowbar 9:
    
          zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2121=1
    
       - SUSE OpenStack Cloud 9:
    
          zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2121=1
    
       - SUSE Linux Enterprise Server for SAP 12-SP4:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2121=1
    
       - SUSE Linux Enterprise Server 12-SP4-LTSS:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2121=1
    
       - SUSE Linux Enterprise Live Patching 12-SP4:
    
          zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2121=1
    
       - SUSE Linux Enterprise High Availability 12-SP4:
    
          zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2121=1
    
    
    
    Package List:
    
       - SUSE OpenStack Cloud Crowbar 9 (x86_64):
    
          kernel-default-4.12.14-95.57.1
          kernel-default-base-4.12.14-95.57.1
          kernel-default-base-debuginfo-4.12.14-95.57.1
          kernel-default-debuginfo-4.12.14-95.57.1
          kernel-default-debugsource-4.12.14-95.57.1
          kernel-default-devel-4.12.14-95.57.1
          kernel-default-devel-debuginfo-4.12.14-95.57.1
          kernel-syms-4.12.14-95.57.1
    
       - SUSE OpenStack Cloud Crowbar 9 (noarch):
    
          kernel-devel-4.12.14-95.57.1
          kernel-macros-4.12.14-95.57.1
          kernel-source-4.12.14-95.57.1
    
       - SUSE OpenStack Cloud 9 (noarch):
    
          kernel-devel-4.12.14-95.57.1
          kernel-macros-4.12.14-95.57.1
          kernel-source-4.12.14-95.57.1
    
       - SUSE OpenStack Cloud 9 (x86_64):
    
          kernel-default-4.12.14-95.57.1
          kernel-default-base-4.12.14-95.57.1
          kernel-default-base-debuginfo-4.12.14-95.57.1
          kernel-default-debuginfo-4.12.14-95.57.1
          kernel-default-debugsource-4.12.14-95.57.1
          kernel-default-devel-4.12.14-95.57.1
          kernel-default-devel-debuginfo-4.12.14-95.57.1
          kernel-syms-4.12.14-95.57.1
    
       - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    
          kernel-default-4.12.14-95.57.1
          kernel-default-base-4.12.14-95.57.1
          kernel-default-base-debuginfo-4.12.14-95.57.1
          kernel-default-debuginfo-4.12.14-95.57.1
          kernel-default-debugsource-4.12.14-95.57.1
          kernel-default-devel-4.12.14-95.57.1
          kernel-syms-4.12.14-95.57.1
    
       - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    
          kernel-devel-4.12.14-95.57.1
          kernel-macros-4.12.14-95.57.1
          kernel-source-4.12.14-95.57.1
    
       - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
    
          kernel-default-devel-debuginfo-4.12.14-95.57.1
    
       - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    
          kernel-default-4.12.14-95.57.1
          kernel-default-base-4.12.14-95.57.1
          kernel-default-base-debuginfo-4.12.14-95.57.1
          kernel-default-debuginfo-4.12.14-95.57.1
          kernel-default-debugsource-4.12.14-95.57.1
          kernel-default-devel-4.12.14-95.57.1
          kernel-syms-4.12.14-95.57.1
    
       - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):
    
          kernel-default-devel-debuginfo-4.12.14-95.57.1
    
       - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    
          kernel-devel-4.12.14-95.57.1
          kernel-macros-4.12.14-95.57.1
          kernel-source-4.12.14-95.57.1
    
       - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):
    
          kernel-default-man-4.12.14-95.57.1
    
       - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
    
          kernel-default-kgraft-4.12.14-95.57.1
          kernel-default-kgraft-devel-4.12.14-95.57.1
          kgraft-patch-4_12_14-95_57-default-1-6.3.1
    
       - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):
    
          cluster-md-kmp-default-4.12.14-95.57.1
          cluster-md-kmp-default-debuginfo-4.12.14-95.57.1
          dlm-kmp-default-4.12.14-95.57.1
          dlm-kmp-default-debuginfo-4.12.14-95.57.1
          gfs2-kmp-default-4.12.14-95.57.1
          gfs2-kmp-default-debuginfo-4.12.14-95.57.1
          kernel-default-debuginfo-4.12.14-95.57.1
          kernel-default-debugsource-4.12.14-95.57.1
          ocfs2-kmp-default-4.12.14-95.57.1
          ocfs2-kmp-default-debuginfo-4.12.14-95.57.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-16746.html
       https://www.suse.com/security/cve/CVE-2019-20810.html
       https://www.suse.com/security/cve/CVE-2019-20908.html
       https://www.suse.com/security/cve/CVE-2020-0305.html
       https://www.suse.com/security/cve/CVE-2020-10766.html
       https://www.suse.com/security/cve/CVE-2020-10767.html
       https://www.suse.com/security/cve/CVE-2020-10768.html
       https://www.suse.com/security/cve/CVE-2020-10769.html
       https://www.suse.com/security/cve/CVE-2020-10773.html
       https://www.suse.com/security/cve/CVE-2020-12771.html
       https://www.suse.com/security/cve/CVE-2020-12888.html
       https://www.suse.com/security/cve/CVE-2020-13974.html
       https://www.suse.com/security/cve/CVE-2020-14416.html
       https://www.suse.com/security/cve/CVE-2020-15393.html
       https://www.suse.com/security/cve/CVE-2020-15780.html
       https://bugzilla.suse.com/1051510
       https://bugzilla.suse.com/1065729
       https://bugzilla.suse.com/1071995
       https://bugzilla.suse.com/1085030
       https://bugzilla.suse.com/1104967
       https://bugzilla.suse.com/1114279
       https://bugzilla.suse.com/1144333
       https://bugzilla.suse.com/1148868
       https://bugzilla.suse.com/1150660
       https://bugzilla.suse.com/1152107
       https://bugzilla.suse.com/1152472
       https://bugzilla.suse.com/1152624
       https://bugzilla.suse.com/1158983
       https://bugzilla.suse.com/1159058
       https://bugzilla.suse.com/1161016
       https://bugzilla.suse.com/1162002
       https://bugzilla.suse.com/1162063
       https://bugzilla.suse.com/1168081
       https://bugzilla.suse.com/1169194
       https://bugzilla.suse.com/1169514
       https://bugzilla.suse.com/1169795
       https://bugzilla.suse.com/1170011
       https://bugzilla.suse.com/1170592
       https://bugzilla.suse.com/1170618
       https://bugzilla.suse.com/1171124
       https://bugzilla.suse.com/1171424
       https://bugzilla.suse.com/1171558
       https://bugzilla.suse.com/1171673
       https://bugzilla.suse.com/1171732
       https://bugzilla.suse.com/1171761
       https://bugzilla.suse.com/1171868
       https://bugzilla.suse.com/1171904
       https://bugzilla.suse.com/1172257
       https://bugzilla.suse.com/1172344
       https://bugzilla.suse.com/1172458
       https://bugzilla.suse.com/1172484
       https://bugzilla.suse.com/1172759
       https://bugzilla.suse.com/1172775
       https://bugzilla.suse.com/1172781
       https://bugzilla.suse.com/1172782
       https://bugzilla.suse.com/1172783
       https://bugzilla.suse.com/1172999
       https://bugzilla.suse.com/1173265
       https://bugzilla.suse.com/1173280
       https://bugzilla.suse.com/1173428
       https://bugzilla.suse.com/1173462
       https://bugzilla.suse.com/1173514
       https://bugzilla.suse.com/1173567
       https://bugzilla.suse.com/1173573
       https://bugzilla.suse.com/1174115
       https://bugzilla.suse.com/1174462
       https://bugzilla.suse.com/1174543
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.