The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible
#1065729 #1146351 #1149652 #1152457 #1162002
#1164910 #1170011 #1170618 #1171078 #1171189
#1171191 #1171220 #1171732 #1171988 #1172453
#1172458 #1172775 #1172999 #1173280 #1173658
#1174115 #1174462 #1174543
Cross- CVE-2019-20810 CVE-2019-20812 CVE-2020-0305
CVE-2020-10135 CVE-2020-10711 CVE-2020-10732
CVE-2020-10751 CVE-2020-10773 CVE-2020-12771
CVE-2020-13974 CVE-2020-14416
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server 12-SP3-LTSS
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise High Availability 12-SP3
SUSE Enterprise Storage 5
HPE Helion Openstack 8
https://www.suse.com/sec...
Read the Full Advisory
Get the latest Linux and open source security news straight to your inbox.