SUSE-SU-2021:1912-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jun 9 16:39:23 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:1912-1
Rating:             important
References:         #1181161 #1183405 #1183738 #1183947 #1184611 
                    #1184675 #1185642 #1185680 #1185725 #1185859 
                    #1185860 #1185862 #1185863 #1185898 #1185899 
                    #1185901 #1185938 #1185950 #1185987 #1186060 
                    #1186061 #1186062 #1186111 #1186285 #1186390 
                    #1186484 #1186498 
Cross-References:   CVE-2020-24586 CVE-2020-24587 CVE-2020-26139
                    CVE-2020-26141 CVE-2020-26145 CVE-2020-26147
                    CVE-2021-23133 CVE-2021-23134 CVE-2021-32399
                    CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
                   
CVSS scores:
                    CVE-2020-24586 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2020-24586 (SUSE): 4.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
                    CVE-2020-24587 (NVD) : 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2020-24587 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26139 (NVD) : 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-26139 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-26141 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26145 (SUSE): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26147 (NVD) : 5.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
                    CVE-2021-23133 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23133 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32399 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32399 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33034 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33034 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
                    CVE-2021-33200 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33200 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3491 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Manager Server 4.0
                    SUSE Manager Retail Branch Server 4.0
                    SUSE Manager Proxy 4.0
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Module for Live Patching 15-SP1
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Availability 15-SP1
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 15 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
     operations by the BPF verifier could be abused to perform out-of-bounds
     reads and writes in kernel memory (bsc#1186484).
   - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
     could lead to writing an arbitrary values. (bsc#1186111)
   - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
     forwards EAPOL frames to other clients even though the sender has not
     yet successfully authenticated to the AP. (bnc#1186062)
   - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed
     local attackers to elevate their privileges. (bnc#1186060)
   - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead
     to privilege escalation from the context of a network service or an
     unprivileged process. (bnc#1184675)
   - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
     vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
     the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
   - CVE-2021-32399: Fixed a race condition when removing the HCI controller
     (bnc#1184611).
   - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected
     Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
     require that received fragments be cleared from memory after
     (re)connecting to a network. Under the right circumstances this can be
     abused to inject arbitrary network packets and/or exfiltrate user data
     (bnc#1185859).
   - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected
     Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
     require that all fragments of a frame are encrypted under the same key.
     An adversary can abuse this to decrypt selected fragments when another
     device sends fragmented frames and the WEP, CCMP, or GCMP encryption key
     is periodically renewed (bnc#1185859 bnc#1185862).
   - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
     fragments, even though some of them were sent in plaintext. This
     vulnerability can be abused to inject packets and/or exfiltrate selected
     fragments when another device sends fragmented frames and the WEP, CCMP,
     or GCMP data-confidentiality protocol is used (bnc#1185859).
   - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305
     4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept
     second (or subsequent) broadcast fragments even when sent in plaintext
     and process them as full unfragmented frames. An adversary can abuse
     this to inject arbitrary network packets independent of the network
     configuration. (bnc#1185860)
   - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
     where the Message Integrity Check (authenticity) of fragmented TKIP
     frames was not verified. An adversary can abuse this to inject and
     possibly decrypt packets in WPA or WPA2 networks that support the TKIP
     data-confidentiality protocol. (bnc#1185987)


   The following non-security bugs were fixed:

   - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
   - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
   - dm: fix redundant IO accounting for bios that need splitting
     (bsc#1183738).
   - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938
     ltc#192043).
   - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
   - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
   - kabi: Fix breakage in NVMe driver (bsc#1181161).
   - kabi: Fix nvmet error log definitions (bsc#1181161).
   - kabi: nvme: fix fast_io_fail_tmo (bsc#1181161).
   - md/raid1: properly indicate failure when ending a failed write request
     (bsc#1185680).
   - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
   - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947
     bsc#1185950).
   - netfilter: conntrack: avoid misleading 'invalid' in log message
     (bsc#1183947 bsc#1185950).
   - netfilter: conntrack: improve RST handling when tuple is re-used
     (bsc#1183947 bsc#1185950).
   - netfilter: conntrack: tcp: only close if RST matches exact sequence
     (bsc#1183947 bsc#1185950).
   - nvme-fabrics: allow to queue requests for live queues (bsc#1181161).
   - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance
     (bsc#1181161).
   - nvme-fabrics: reject I/O to offline device (bsc#1181161).
   - nvme-pci: Sync queues on reset (bsc#1181161).
   - nvme-rdma: avoid race between time out and tear down (bsc#1181161).
   - nvme-rdma: avoid repeated request completion (bsc#1181161).
   - nvme-rdma: avoid request double completion for concurrent
     nvme_rdma_timeout (bsc#1181161).
   - nvme-rdma: fix controller reset hang during traffic (bsc#1181161).
   - nvme-rdma: fix possible hang when failing to set io queues (bsc#1181161).
   - nvme-rdma: fix timeout handler (bsc#1181161).
   - nvme-rdma: serialize controller teardown sequences (bsc#1181161).
   - nvme-tcp: avoid race between time out and tear down (bsc#1181161).
   - nvme-tcp: avoid repeated request completion (bsc#1181161).
   - nvme-tcp: avoid request double completion for concurrent
     nvme_tcp_timeout (bsc#1181161).
   - nvme-tcp: fix controller reset hang during traffic (bsc#1181161).
   - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161).
   - nvme-tcp: fix timeout handler (bsc#1181161).
   - nvme-tcp: serialize controller teardown sequences (bsc#1181161).
   - nvme: Restart request timers in resetting state (bsc#1181161).
   - nvme: add error log page slot definition (bsc#1181161).
   - nvme: include admin_q sync with nvme_sync_queues (bsc#1181161).
   - nvme: introduce "Command Aborted By host" status code (bsc#1181161).
   - nvme: introduce nvme_is_fabrics to check fabrics cmd (bsc#1181161).
   - nvme: introduce nvme_sync_io_queues (bsc#1181161).
   - nvme: make fabrics command run on a separate request queue (bsc#1181161).
   - nvme: prevent warning triggered by nvme_stop_keep_alive (bsc#1181161).
   - nvme: unlink head after removing last namespace (bsc#1181161).
   - nvmet: add error log support for fabrics-cmd (bsc#1181161).
   - nvmet: add error-log definitions (bsc#1181161).
   - video: hyperv_fb: Add ratelimit on error message (bsc#1185725).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 4.0:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1912=1

   - SUSE Manager Retail Branch Server 4.0:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1912=1

   - SUSE Manager Proxy 4.0:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1912=1

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1912=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1912=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1912=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1912=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1912=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1912=1

   - SUSE Linux Enterprise High Availability 15-SP1:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1912=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-1912=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Manager Server 4.0 (ppc64le s390x x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1
      reiserfs-kmp-default-4.12.14-197.92.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.92.1

   - SUSE Manager Server 4.0 (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE Manager Server 4.0 (s390x):

      kernel-default-man-4.12.14-197.92.1
      kernel-zfcpdump-debuginfo-4.12.14-197.92.1
      kernel-zfcpdump-debugsource-4.12.14-197.92.1

   - SUSE Manager Retail Branch Server 4.0 (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE Manager Retail Branch Server 4.0 (x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1
      reiserfs-kmp-default-4.12.14-197.92.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.92.1

   - SUSE Manager Proxy 4.0 (x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1
      reiserfs-kmp-default-4.12.14-197.92.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.92.1

   - SUSE Manager Proxy 4.0 (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1
      reiserfs-kmp-default-4.12.14-197.92.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.92.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1
      reiserfs-kmp-default-4.12.14-197.92.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.92.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):

      kernel-default-man-4.12.14-197.92.1
      kernel-zfcpdump-debuginfo-4.12.14-197.92.1
      kernel-zfcpdump-debugsource-4.12.14-197.92.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1
      reiserfs-kmp-default-4.12.14-197.92.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.92.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-livepatch-4.12.14-197.92.1
      kernel-default-livepatch-devel-4.12.14-197.92.1
      kernel-livepatch-4_12_14-197_92-default-1-3.3.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-197.92.1
      cluster-md-kmp-default-debuginfo-4.12.14-197.92.1
      dlm-kmp-default-4.12.14-197.92.1
      dlm-kmp-default-debuginfo-4.12.14-197.92.1
      gfs2-kmp-default-4.12.14-197.92.1
      gfs2-kmp-default-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      ocfs2-kmp-default-4.12.14-197.92.1
      ocfs2-kmp-default-debuginfo-4.12.14-197.92.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1
      reiserfs-kmp-default-4.12.14-197.92.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.92.1

   - SUSE Enterprise Storage 6 (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE CaaS Platform 4.0 (noarch):

      kernel-devel-4.12.14-197.92.1
      kernel-docs-4.12.14-197.92.1
      kernel-macros-4.12.14-197.92.1
      kernel-source-4.12.14-197.92.1

   - SUSE CaaS Platform 4.0 (x86_64):

      kernel-default-4.12.14-197.92.1
      kernel-default-base-4.12.14-197.92.1
      kernel-default-base-debuginfo-4.12.14-197.92.1
      kernel-default-debuginfo-4.12.14-197.92.1
      kernel-default-debugsource-4.12.14-197.92.1
      kernel-default-devel-4.12.14-197.92.1
      kernel-default-devel-debuginfo-4.12.14-197.92.1
      kernel-obs-build-4.12.14-197.92.1
      kernel-obs-build-debugsource-4.12.14-197.92.1
      kernel-syms-4.12.14-197.92.1
      reiserfs-kmp-default-4.12.14-197.92.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.92.1


References:

   https://www.suse.com/security/cve/CVE-2020-24586.html
   https://www.suse.com/security/cve/CVE-2020-24587.html
   https://www.suse.com/security/cve/CVE-2020-26139.html
   https://www.suse.com/security/cve/CVE-2020-26141.html
   https://www.suse.com/security/cve/CVE-2020-26145.html
   https://www.suse.com/security/cve/CVE-2020-26147.html
   https://www.suse.com/security/cve/CVE-2021-23133.html
   https://www.suse.com/security/cve/CVE-2021-23134.html
   https://www.suse.com/security/cve/CVE-2021-32399.html
   https://www.suse.com/security/cve/CVE-2021-33034.html
   https://www.suse.com/security/cve/CVE-2021-33200.html
   https://www.suse.com/security/cve/CVE-2021-3491.html
   https://bugzilla.suse.com/1181161
   https://bugzilla.suse.com/1183405
   https://bugzilla.suse.com/1183738
   https://bugzilla.suse.com/1183947
   https://bugzilla.suse.com/1184611
   https://bugzilla.suse.com/1184675
   https://bugzilla.suse.com/1185642
   https://bugzilla.suse.com/1185680
   https://bugzilla.suse.com/1185725
   https://bugzilla.suse.com/1185859
   https://bugzilla.suse.com/1185860
   https://bugzilla.suse.com/1185862
   https://bugzilla.suse.com/1185863
   https://bugzilla.suse.com/1185898
   https://bugzilla.suse.com/1185899
   https://bugzilla.suse.com/1185901
   https://bugzilla.suse.com/1185938
   https://bugzilla.suse.com/1185950
   https://bugzilla.suse.com/1185987
   https://bugzilla.suse.com/1186060
   https://bugzilla.suse.com/1186061
   https://bugzilla.suse.com/1186062
   https://bugzilla.suse.com/1186111
   https://bugzilla.suse.com/1186285
   https://bugzilla.suse.com/1186390
   https://bugzilla.suse.com/1186484
   https://bugzilla.suse.com/1186498



More information about the sle-security-updates mailing list