SUSE: 2020:3501-1 Important: Remote Access Risks Addressed

suse

November 24, 2020

An update that solves 17 vulnerabilities and has 15 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2017-18204: Fixed a denial of service in the ocfs2_setattr function

Topics Covered

security advisory kernel update critical remote access SUSE service disruption CVE issue

References

#1065600 #1083244 #1131277 #1170415 #1175721

#1175749 #1176011 #1176235 #1176253 #1176278

#1176381 #1176382 #1176423 #1176482 #1176721

#1176722 #1176725 #1176896 #1176922 #1176990

#1177027 #1177086 #1177165 #1177206 #1177226

#1177410 #1177411 #1177511 #1177513 #1177725

#1177766 #1178782

Cross- CVE-2017-18204 CVE-2020-0404 CVE-2020-0427

CVE-2020-0431 CVE-2020-0432 CVE-2020-12352

CVE-2020-14351 CVE-2020-14381 CVE-2020-14390

CVE-2020-25212 CVE-2020-25284 CVE-2020-25643

CVE-2020-25645 CVE-2020-25656 CVE-2020-25705

CVE-2020-26088 CVE-2020-8694

Affected Products:

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Se...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2020:3501-1

Rating: important

Topics Covered

security advisory kernel update critical remote access SUSE service disruption CVE issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:3501-1 Important: Remote Access Risks Addressed

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:3501-1 Important: Remote Access Risks Addressed

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!