Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:2623-1 important: the Linux Kernel

    Date
    92
    Posted By
    An update that solves 8 vulnerabilities and has 17 fixes is now available.
    
       SUSE Security Update: Security update for the Linux Kernel
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:2623-1
    Rating:             important
    References:         #1058115 #1071995 #1144333 #1154366 #1165629 
                        #1171988 #1172428 #1172963 #1173798 #1173954 
                        #1174205 #1174689 #1174699 #1174757 #1174784 
                        #1174978 #1175112 #1175127 #1175213 #1175228 
                        #1175515 #1175518 #1175691 #1175749 #1176069 
                        
    Cross-References:   CVE-2020-10135 CVE-2020-14314 CVE-2020-14331
                        CVE-2020-14356 CVE-2020-14386 CVE-2020-16166
                        CVE-2020-1749 CVE-2020-24394
    Affected Products:
                        SUSE Linux Enterprise Live Patching 12-SP4
    ______________________________________________________________________________
    
       An update that solves 8 vulnerabilities and has 17 fixes is
       now available.
    
    Description:
    
       The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various
       security and bugfixes.
    
       The following security bugs were fixed:
    
       - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup
         (bsc#1165629).
       - CVE-2020-14314: Fixed a potential negative array index in do_split()
         (bsc#1173798).
       - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem
         which could have led to privilege escalation (bsc#1175213).
       - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling
         (bsc#1174205).
       - CVE-2020-16166: Fixed a potential issue which could have allowed remote
         attackers to make observations that help to obtain sensitive information
         about the internal state of the network RNG (bsc#1174757).
       - CVE-2020-24394: Fixed an issue which could set incorrect permissions on
         new filesystem objects when the filesystem lacks ACL support
         (bsc#1175518).
       - CVE-2020-10135: Legacy pairing and secure-connections pairing
         authentication Bluetooth might have allowed an unauthenticated user to
         complete authentication without pairing credentials via adjacent access
         (bsc#1171988).
       - CVE-2020-14386: Fixed a potential local privilege escalation via memory
         corruption (bsc#1176069).
    
       The following non-security bugs were fixed:
    
       - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).
       - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
       - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333
         bsc#1172428).
       - cifs: fix double free error on share and prefix (bsc#1144333
         bsc#1172428).
       - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333
         bsc#1172428).
       - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect
         (bsc#1144333 bsc#1172428).
       - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect()
         (bsc#1144333 bsc#1172428).
       - cifs: only update prefix path of DFS links in cifs_tree_connect()
         (bsc#1144333 bsc#1172428).
       - cifs: reduce number of referral requests in DFS link lookups
         (bsc#1144333 bsc#1172428).
       - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
       - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops
         (bsc#1175127).
       - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459).
       - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
         (bsc#1175515).
       - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to
         NULL (bsc#1175515).
       - ipvs: fix the connection sync failed in some cases (bsc#1174699).
       - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629).
       - kabi: mask changes to struct ipv6_stub (bsc#1165629).
       - mm: Avoid calling build_all_zonelists_init under hotplug context
         (bsc#1154366).
       - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo
         (bsc#1175691).
       - ocfs2: add trimfs dlm lock resource (bsc#1175228).
       - ocfs2: add trimfs lock to avoid duplicated trims in cluster
         (bsc#1175228).
       - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
       - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
       - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
       - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
       - ocfs2: fix remounting needed after setfacl command (bsc#1173954).
       - ocfs2: fix the application IO timeout when fstrim is running
         (bsc#1175228).
       - ocfs2: load global_inode_alloc (bsc#1172963).
       - ocfs2: load global_inode_alloc (bsc#1172963).
       - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689).
       - powerpc/pseries: PCIE PHB reset (bsc#1174689).
       - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This
         reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b.
       - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts
         commit f04f670651f505cb354f26601ec5f5e4428f2f47.
       - scsi: scsi_dh_alua: skip RTPG for devices only supporting
         active/optimized (bsc#1174978).
       - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).
       - selftests/livepatch: more verification in test-klp-shadow-vars
         (bsc#1071995).
       - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).
       - selftests/livepatch: simplify test-klp-callbacks busy target tests
         (bsc#1071995).
       - Update patch reference for a tipc fix patch (bsc#1175515)
       - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
       - xen: do not reschedule in preemption off sections (bsc#1175749).
    
    
    Special Instructions and Notes:
    
       Please reboot the system after installing this update.
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Live Patching 12-SP4:
    
          zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2623=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
    
          kernel-default-kgraft-4.12.14-95.60.1
          kernel-default-kgraft-devel-4.12.14-95.60.1
          kgraft-patch-4_12_14-95_60-default-1-6.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2020-10135.html
       https://www.suse.com/security/cve/CVE-2020-14314.html
       https://www.suse.com/security/cve/CVE-2020-14331.html
       https://www.suse.com/security/cve/CVE-2020-14356.html
       https://www.suse.com/security/cve/CVE-2020-14386.html
       https://www.suse.com/security/cve/CVE-2020-16166.html
       https://www.suse.com/security/cve/CVE-2020-1749.html
       https://www.suse.com/security/cve/CVE-2020-24394.html
       https://bugzilla.suse.com/1058115
       https://bugzilla.suse.com/1071995
       https://bugzilla.suse.com/1144333
       https://bugzilla.suse.com/1154366
       https://bugzilla.suse.com/1165629
       https://bugzilla.suse.com/1171988
       https://bugzilla.suse.com/1172428
       https://bugzilla.suse.com/1172963
       https://bugzilla.suse.com/1173798
       https://bugzilla.suse.com/1173954
       https://bugzilla.suse.com/1174205
       https://bugzilla.suse.com/1174689
       https://bugzilla.suse.com/1174699
       https://bugzilla.suse.com/1174757
       https://bugzilla.suse.com/1174784
       https://bugzilla.suse.com/1174978
       https://bugzilla.suse.com/1175112
       https://bugzilla.suse.com/1175127
       https://bugzilla.suse.com/1175213
       https://bugzilla.suse.com/1175228
       https://bugzilla.suse.com/1175515
       https://bugzilla.suse.com/1175518
       https://bugzilla.suse.com/1175691
       https://bugzilla.suse.com/1175749
       https://bugzilla.suse.com/1176069
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.