SUSE-SU-2020:14354-1: important: Security update for the Linux Kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Apr 30 13:14:51 MDT 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:14354-1
Rating:             important
References:         #1012382 #1091041 #1105327 #1131107 #1136471 
                    #1136922 #1146519 #1146544 #1146612 #1148871 
                    #1149448 #1152631 #1156652 #1157038 #1157070 
                    #1157143 #1157155 #1157157 #1157303 #1157344 
                    #1157678 #1157804 #1157923 #1158381 #1158410 
                    #1158413 #1158427 #1158445 #1158823 #1158824 
                    #1158834 #1158900 #1158904 #1159285 #1159841 
                    #1159908 #1159911 #1161358 #1162928 #1162929 
                    #1162931 #1164078 #1165111 #1165985 #1167629 
                    #1168075 #1168829 #1168854 
Cross-References:   CVE-2019-12456 CVE-2019-14896 CVE-2019-14897
                    CVE-2019-15213 CVE-2019-15916 CVE-2019-18660
                    CVE-2019-18675 CVE-2019-19066 CVE-2019-19073
                    CVE-2019-19074 CVE-2019-19227 CVE-2019-19523
                    CVE-2019-19524 CVE-2019-19527 CVE-2019-19530
                    CVE-2019-19531 CVE-2019-19532 CVE-2019-19537
                    CVE-2019-19768 CVE-2019-19965 CVE-2019-19966
                    CVE-2019-20096 CVE-2020-10942 CVE-2020-11608
                    CVE-2020-8647 CVE-2020-8648 CVE-2020-8649
                    CVE-2020-9383
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 28 vulnerabilities and has 20 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks
     validation of an sk_family field, which might allow attackers to trigger
     kernel stack corruption via crafted system calls (bsc#1167629).
   - CVE-2020-8647: There was a use-after-free vulnerability in the
     vc_do_resize function in drivers/tty/vt/vt.c (bsc#1162929).
   - CVE-2020-8649: There was a use-after-free vulnerability in the
     vgacon_invert_region function in drivers/video/console/vgacon.c
     (bsc#1162931).
   - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c
     leads to a wait_til_ready out-of-bounds read because the FDC index is
     not checked for errors before assigning it (bsc#1165111).
   - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function
     in kernel/trace/blktrace.c (bsc#1159285).
   - CVE-2020-11608: Fixed a NULL pointer dereferences in
     ov511_mode_init_regs and ov518_mode_init_regs when there are zero
     endpoints (bsc#1168829).
   - CVE-2020-8648: There was a use-after-free vulnerability in the
     n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928).
   - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in
     Marvell WiFi chip driver. A remote attacker could cause a denial of
     service or possibly execute arbitrary code, when the
     lbs_ibss_join_existing function is called after a STA connects to an AP
     (bsc#1157157).
   - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell
     WiFi chip driver. An attacker is able to cause a denial of service or
     possibly execute arbitrary code, when a STA works in IBSS mode and
     connects to another STA (bsc#1157155).
   - CVE-2019-18675: Fixed an Integer Overflow in cpia2_remap_buffer in
     drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap
     implementation. This allowed local users to obtain read and write
     permissions on kernel physical pages, which can possibly result in a
     privilege escalation (bsc#1157804).
   - CVE-2019-19965: Fixed a NULL pointer dereference in
     drivers/scsi/libsas/sas_discover.c because of mishandling of port
     disconnection during discovery, related to a PHY down race condition
     (bsc#1159911).
   - CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in
     drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of
     service by triggering bfa_port_get_stats() failures (bsc#1157303).
   - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in
     net/dccp/feat.c, which may cause denial of service (bsc#1159908).
   - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in
     drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service
     (bsc#1159841).
   - CVE-2019-19532: Fixed multiple out-of-bounds write bugs that can be
     caused by a malicious USB device (bsc#1158824).
   - CVE-2019-19523: Fixed a use-after-free bug that can be caused by a
     malicious USB device in the drivers/usb/misc/adutux.c driver
     (bsc#115882).
   - CVE-2019-19537: Fixed a race condition that can be caused by a malicious
     USB device in the USB character device driver layer (bsc#1158904).
   - CVE-2019-19527, CVE-2019-19530, CVE-2019-19524: Fixed multiple
     use-after-free bug that could be caused by a malicious USB device
     (bsc#1158381, bsc#1158834, bsc#1158900).
   - CVE-2019-15213: Fixed a use-after-free caused by a malicious USB device
     in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bsc#1146544).
   - CVE-2019-19531: Fixed a use-after-free bug that can be caused by a
     malicious USB device in the drivers/usb/misc/yurex.c driver
     (bsc#1158445).
   - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure
     because the Spectre-RSB mitigation is not in place for all applicable
     CPUs (bsc#1157038).
   - CVE-2019-19227: Fixed a potential NULL pointer dereference in the
     AppleTalk subsystem (bsc#1157678).
   - CVE-2019-19074: Fixed a memory leak in the ath9k_wmi_cmd(), which
     allowed attackers to cause a denial of service (bsc#1157143).
   - CVE-2019-19073: Fixed multiple memory leaks in
     drivers/net/wireless/ath/ath9k/htc_hst.c, which allowed attackers to
     cause a denial of service (bsc#1157070).
   - CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() in
     net/core/net-sysfs.c, which could cause denial of service (bsc#1149448).
   - CVE-2019-12456: Fixed a denial of service in _ctl_ioctl_main, which
     could be triggered by a local user (bsc#1136922).

   The following non-security bugs were fixed:

   - Input: add safety guards to input_set_keycode() (bsc#1168075).
   - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
   - blktrace: fix dereference after null check (bsc#1159285).
   - blktrace: fix trace mutex deadlock (bsc#1159285).
   - block: Fix oops scsi_disk_get() (bsc#1105327).
   - fs/xfs: fix f_ffree value for statfs when project quota is set
     (bsc#1165985).
   - kaiser: Fix for 32bit KAISER implementations (bsc#1157344).
   - klist: fix starting point removed bug in klist iterators (bsc#1156652).
   - kobject: Export kobject_get_unless_zero() (bsc#1105327).
   - kobject: fix kset_find_obj() race with concurrent last kobject_put()
     (bsc#1105327).
   - kref: minor cleanup (bsc#1105327).
   - media: ov519: add missing endpoint sanity checks (bsc#1168829).
   - media: stv06xx: add missing descriptor sanity checks (bsc#1168854).
   - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612).
   - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041).
   - powerpc/pseries/mobility: notify network peers after migration
     (bsc#1152631 ltc#181798).
   - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041).
   - powerpc/security: Fix wrong message when RFI Flush is disable
     (bsc#1131107).
   - rpm/kernel-binary.spec.in: Replace Novell with SUSE
   - sched: Fix race between task_group and sched_task_group (bsc#1136471).
   - sched: Remove lockdep check in sched_move_task() (bsc#1136471).
   - scsi: lpfc: Fix driver crash in target reset handler (bsc#1148871).
   - writeback: fix race that cause writeback hung (bsc#1161358).
   - x86: fix speculation bug reporting (bsc#1012382).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-LTSS:

      zypper in -t patch slessp4-kernel-source-14354=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-source-14354=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-source-14354=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.111.1
      kernel-default-base-3.0.101-108.111.1
      kernel-default-devel-3.0.101-108.111.1
      kernel-source-3.0.101-108.111.1
      kernel-syms-3.0.101-108.111.1
      kernel-trace-3.0.101-108.111.1
      kernel-trace-base-3.0.101-108.111.1
      kernel-trace-devel-3.0.101-108.111.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-108.111.1
      kernel-ec2-base-3.0.101-108.111.1
      kernel-ec2-devel-3.0.101-108.111.1
      kernel-xen-3.0.101-108.111.1
      kernel-xen-base-3.0.101-108.111.1
      kernel-xen-devel-3.0.101-108.111.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x):

      kernel-default-man-3.0.101-108.111.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64):

      kernel-bigmem-3.0.101-108.111.1
      kernel-bigmem-base-3.0.101-108.111.1
      kernel-bigmem-devel-3.0.101-108.111.1
      kernel-ppc64-3.0.101-108.111.1
      kernel-ppc64-base-3.0.101-108.111.1
      kernel-ppc64-devel-3.0.101-108.111.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586):

      kernel-pae-3.0.101-108.111.1
      kernel-pae-base-3.0.101-108.111.1
      kernel-pae-devel-3.0.101-108.111.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.111.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.111.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.111.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.111.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.111.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):

      kernel-default-debuginfo-3.0.101-108.111.1
      kernel-default-debugsource-3.0.101-108.111.1
      kernel-trace-debuginfo-3.0.101-108.111.1
      kernel-trace-debugsource-3.0.101-108.111.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.111.1
      kernel-trace-devel-debuginfo-3.0.101-108.111.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.111.1
      kernel-ec2-debugsource-3.0.101-108.111.1
      kernel-xen-debuginfo-3.0.101-108.111.1
      kernel-xen-debugsource-3.0.101-108.111.1
      kernel-xen-devel-debuginfo-3.0.101-108.111.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.111.1
      kernel-bigmem-debugsource-3.0.101-108.111.1
      kernel-ppc64-debuginfo-3.0.101-108.111.1
      kernel-ppc64-debugsource-3.0.101-108.111.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.111.1
      kernel-pae-debugsource-3.0.101-108.111.1
      kernel-pae-devel-debuginfo-3.0.101-108.111.1


References:

   https://www.suse.com/security/cve/CVE-2019-12456.html
   https://www.suse.com/security/cve/CVE-2019-14896.html
   https://www.suse.com/security/cve/CVE-2019-14897.html
   https://www.suse.com/security/cve/CVE-2019-15213.html
   https://www.suse.com/security/cve/CVE-2019-15916.html
   https://www.suse.com/security/cve/CVE-2019-18660.html
   https://www.suse.com/security/cve/CVE-2019-18675.html
   https://www.suse.com/security/cve/CVE-2019-19066.html
   https://www.suse.com/security/cve/CVE-2019-19073.html
   https://www.suse.com/security/cve/CVE-2019-19074.html
   https://www.suse.com/security/cve/CVE-2019-19227.html
   https://www.suse.com/security/cve/CVE-2019-19523.html
   https://www.suse.com/security/cve/CVE-2019-19524.html
   https://www.suse.com/security/cve/CVE-2019-19527.html
   https://www.suse.com/security/cve/CVE-2019-19530.html
   https://www.suse.com/security/cve/CVE-2019-19531.html
   https://www.suse.com/security/cve/CVE-2019-19532.html
   https://www.suse.com/security/cve/CVE-2019-19537.html
   https://www.suse.com/security/cve/CVE-2019-19768.html
   https://www.suse.com/security/cve/CVE-2019-19965.html
   https://www.suse.com/security/cve/CVE-2019-19966.html
   https://www.suse.com/security/cve/CVE-2019-20096.html
   https://www.suse.com/security/cve/CVE-2020-10942.html
   https://www.suse.com/security/cve/CVE-2020-11608.html
   https://www.suse.com/security/cve/CVE-2020-8647.html
   https://www.suse.com/security/cve/CVE-2020-8648.html
   https://www.suse.com/security/cve/CVE-2020-8649.html
   https://www.suse.com/security/cve/CVE-2020-9383.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1091041
   https://bugzilla.suse.com/1105327
   https://bugzilla.suse.com/1131107
   https://bugzilla.suse.com/1136471
   https://bugzilla.suse.com/1136922
   https://bugzilla.suse.com/1146519
   https://bugzilla.suse.com/1146544
   https://bugzilla.suse.com/1146612
   https://bugzilla.suse.com/1148871
   https://bugzilla.suse.com/1149448
   https://bugzilla.suse.com/1152631
   https://bugzilla.suse.com/1156652
   https://bugzilla.suse.com/1157038
   https://bugzilla.suse.com/1157070
   https://bugzilla.suse.com/1157143
   https://bugzilla.suse.com/1157155
   https://bugzilla.suse.com/1157157
   https://bugzilla.suse.com/1157303
   https://bugzilla.suse.com/1157344
   https://bugzilla.suse.com/1157678
   https://bugzilla.suse.com/1157804
   https://bugzilla.suse.com/1157923
   https://bugzilla.suse.com/1158381
   https://bugzilla.suse.com/1158410
   https://bugzilla.suse.com/1158413
   https://bugzilla.suse.com/1158427
   https://bugzilla.suse.com/1158445
   https://bugzilla.suse.com/1158823
   https://bugzilla.suse.com/1158824
   https://bugzilla.suse.com/1158834
   https://bugzilla.suse.com/1158900
   https://bugzilla.suse.com/1158904
   https://bugzilla.suse.com/1159285
   https://bugzilla.suse.com/1159841
   https://bugzilla.suse.com/1159908
   https://bugzilla.suse.com/1159911
   https://bugzilla.suse.com/1161358
   https://bugzilla.suse.com/1162928
   https://bugzilla.suse.com/1162929
   https://bugzilla.suse.com/1162931
   https://bugzilla.suse.com/1164078
   https://bugzilla.suse.com/1165111
   https://bugzilla.suse.com/1165985
   https://bugzilla.suse.com/1167629
   https://bugzilla.suse.com/1168075
   https://bugzilla.suse.com/1168829
   https://bugzilla.suse.com/1168854



More information about the sle-updates mailing list