SUSE-SU-2021:0740-1: important: Security update for the Linux Kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Mar 9 21:31:08 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:0740-1
Rating:             important
References:         #1065600 #1163592 #1178401 #1178762 #1179014 
                    #1179015 #1179045 #1179082 #1179428 #1179660 
                    #1180058 #1181747 #1181753 #1181843 #1182140 
                    #1182175 
Cross-References:   CVE-2020-29368 CVE-2020-29374 CVE-2021-26930
                    CVE-2021-26931 CVE-2021-26932
CVSS scores:
                    CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-29374 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-29374 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-26931 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
                    CVE-2021-26932 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-26932 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Live Patching 15
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Linux Enterprise High Availability 15
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 11 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 15 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-26930: Fixed an improper error handling in blkback's grant
     mapping (XSA-365 bsc#1181843).
   - CVE-2021-26931: Fixed an issue where Linux  kernel was treating grant
     mapping errors as bugs (XSA-362 bsc#1181753).
   - CVE-2021-26932: Fixed improper error handling issues in Linux grant
     mapping (XSA-361 bsc#1181747). by remote attackers to read or write
     files via directory traversal in an XCOPY request (bsc#178372).
   - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write
     implementation which could have granted unintended write access because
     of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).

   The following non-security bugs were fixed:

   - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
   - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).
   - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)
   - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)
     %split_extra still contained two.
   - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree
     KMP (jsc#SLE-10886) The in-tree KMP that is built with SLE kernels have
     a different scriptlet that is embedded in kernel-binary.spec.in rather
     than *.sh files.
   - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)
     egrep is only a deprecated bash wrapper for "grep -E". So use the latter
     instead.
   - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
   - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls
     (bsc#1178401)
   - rpm/kernel-{source,binary}.spec: do not include ghost symlinks
     (boo#1179082).
   - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit
     kernel due to various bugs (bsc#1178762 to name one).
   - rpm/post.sh: Avoid purge-kernel for the first installed kernel
     (bsc#1180058)
   - xen/netback: avoid race in xenvif_rx_ring_slots_available()
     (bsc#1065600).
   - xen/netback: fix spurious event detection for common event case
     (bsc#1182175).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-740=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-740=1

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-740=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-740=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-740=1

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2021-740=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      kernel-default-4.12.14-150.69.1
      kernel-default-base-4.12.14-150.69.1
      kernel-default-debuginfo-4.12.14-150.69.1
      kernel-default-debugsource-4.12.14-150.69.1
      kernel-default-devel-4.12.14-150.69.1
      kernel-default-devel-debuginfo-4.12.14-150.69.1
      kernel-obs-build-4.12.14-150.69.1
      kernel-obs-build-debugsource-4.12.14-150.69.1
      kernel-syms-4.12.14-150.69.1
      kernel-vanilla-base-4.12.14-150.69.1
      kernel-vanilla-base-debuginfo-4.12.14-150.69.1
      kernel-vanilla-debuginfo-4.12.14-150.69.1
      kernel-vanilla-debugsource-4.12.14-150.69.1
      reiserfs-kmp-default-4.12.14-150.69.1
      reiserfs-kmp-default-debuginfo-4.12.14-150.69.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      kernel-devel-4.12.14-150.69.1
      kernel-docs-4.12.14-150.69.1
      kernel-macros-4.12.14-150.69.1
      kernel-source-4.12.14-150.69.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      kernel-default-4.12.14-150.69.1
      kernel-default-base-4.12.14-150.69.1
      kernel-default-debuginfo-4.12.14-150.69.1
      kernel-default-debugsource-4.12.14-150.69.1
      kernel-default-devel-4.12.14-150.69.1
      kernel-default-devel-debuginfo-4.12.14-150.69.1
      kernel-obs-build-4.12.14-150.69.1
      kernel-obs-build-debugsource-4.12.14-150.69.1
      kernel-syms-4.12.14-150.69.1
      kernel-vanilla-base-4.12.14-150.69.1
      kernel-vanilla-base-debuginfo-4.12.14-150.69.1
      kernel-vanilla-debuginfo-4.12.14-150.69.1
      kernel-vanilla-debugsource-4.12.14-150.69.1
      reiserfs-kmp-default-4.12.14-150.69.1
      reiserfs-kmp-default-debuginfo-4.12.14-150.69.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      kernel-devel-4.12.14-150.69.1
      kernel-docs-4.12.14-150.69.1
      kernel-macros-4.12.14-150.69.1
      kernel-source-4.12.14-150.69.1

   - SUSE Linux Enterprise Server 15-LTSS (s390x):

      kernel-default-man-4.12.14-150.69.1
      kernel-zfcpdump-debuginfo-4.12.14-150.69.1
      kernel-zfcpdump-debugsource-4.12.14-150.69.1

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-150.69.1
      kernel-default-debugsource-4.12.14-150.69.1
      kernel-default-livepatch-4.12.14-150.69.1
      kernel-livepatch-4_12_14-150_69-default-1-1.3.1
      kernel-livepatch-4_12_14-150_69-default-debuginfo-1-1.3.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      kernel-default-4.12.14-150.69.1
      kernel-default-base-4.12.14-150.69.1
      kernel-default-debuginfo-4.12.14-150.69.1
      kernel-default-debugsource-4.12.14-150.69.1
      kernel-default-devel-4.12.14-150.69.1
      kernel-default-devel-debuginfo-4.12.14-150.69.1
      kernel-obs-build-4.12.14-150.69.1
      kernel-obs-build-debugsource-4.12.14-150.69.1
      kernel-syms-4.12.14-150.69.1
      kernel-vanilla-base-4.12.14-150.69.1
      kernel-vanilla-base-debuginfo-4.12.14-150.69.1
      kernel-vanilla-debuginfo-4.12.14-150.69.1
      kernel-vanilla-debugsource-4.12.14-150.69.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      kernel-devel-4.12.14-150.69.1
      kernel-docs-4.12.14-150.69.1
      kernel-macros-4.12.14-150.69.1
      kernel-source-4.12.14-150.69.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      kernel-default-4.12.14-150.69.1
      kernel-default-base-4.12.14-150.69.1
      kernel-default-debuginfo-4.12.14-150.69.1
      kernel-default-debugsource-4.12.14-150.69.1
      kernel-default-devel-4.12.14-150.69.1
      kernel-default-devel-debuginfo-4.12.14-150.69.1
      kernel-obs-build-4.12.14-150.69.1
      kernel-obs-build-debugsource-4.12.14-150.69.1
      kernel-syms-4.12.14-150.69.1
      kernel-vanilla-base-4.12.14-150.69.1
      kernel-vanilla-base-debuginfo-4.12.14-150.69.1
      kernel-vanilla-debuginfo-4.12.14-150.69.1
      kernel-vanilla-debugsource-4.12.14-150.69.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      kernel-devel-4.12.14-150.69.1
      kernel-docs-4.12.14-150.69.1
      kernel-macros-4.12.14-150.69.1
      kernel-source-4.12.14-150.69.1

   - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-150.69.1
      cluster-md-kmp-default-debuginfo-4.12.14-150.69.1
      dlm-kmp-default-4.12.14-150.69.1
      dlm-kmp-default-debuginfo-4.12.14-150.69.1
      gfs2-kmp-default-4.12.14-150.69.1
      gfs2-kmp-default-debuginfo-4.12.14-150.69.1
      kernel-default-debuginfo-4.12.14-150.69.1
      kernel-default-debugsource-4.12.14-150.69.1
      ocfs2-kmp-default-4.12.14-150.69.1
      ocfs2-kmp-default-debuginfo-4.12.14-150.69.1


References:

   https://www.suse.com/security/cve/CVE-2020-29368.html
   https://www.suse.com/security/cve/CVE-2020-29374.html
   https://www.suse.com/security/cve/CVE-2021-26930.html
   https://www.suse.com/security/cve/CVE-2021-26931.html
   https://www.suse.com/security/cve/CVE-2021-26932.html
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1163592
   https://bugzilla.suse.com/1178401
   https://bugzilla.suse.com/1178762
   https://bugzilla.suse.com/1179014
   https://bugzilla.suse.com/1179015
   https://bugzilla.suse.com/1179045
   https://bugzilla.suse.com/1179082
   https://bugzilla.suse.com/1179428
   https://bugzilla.suse.com/1179660
   https://bugzilla.suse.com/1180058
   https://bugzilla.suse.com/1181747
   https://bugzilla.suse.com/1181753
   https://bugzilla.suse.com/1181843
   https://bugzilla.suse.com/1182140
   https://bugzilla.suse.com/1182175



More information about the sle-updates mailing list