SUSE: 2020:2582-1 important: the Linux Kernel
Summary
The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2019-16746: Fixed an improper check of the length of variable elements in a beacon head, leading to a buffer overflow (bsc#1152107). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228).
References
#1152107 #1173798 #1174205 #1174757 #1174771
#1175112 #1175127 #1175228 #1175691 #1176069
Cross- CVE-2019-16746 CVE-2020-14314 CVE-2020-14331
CVE-2020-14386 CVE-2020-16166
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server 12-SP3-LTSS
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise High Availability 12-SP3
SUSE Enterprise Storage 5
HPE Helion Openstack 8
https://www.suse.com/security/cve/CVE-2019-16746.html
https://www.suse.com/security/cve/CVE-2020-14314.html
https://www.suse.com/security/cve/CVE-2020-14331.html
https://www.suse.com/security/cve/CVE-2020-14386.html
https://www.suse.com/security/cve/CVE-2020-16166.html
https://bugzilla.suse.com/1152107
https://bugzilla.suse.com/1173798
https://bugzilla.suse.com/1174205
https://bugzilla.suse.com/1174757
https://bugzilla.suse.com/1174771
https://bugzilla.suse.com/1175112
https://bugzilla.suse.com/1175127
https://bugzilla.suse.com/1175228
https://bugzilla.suse.com/1175691
https://bugzilla.suse.com/1176069