Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3658
Security update for the Linux Kernel
23 October 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25645 CVE-2020-25643 CVE-2020-25641
CVE-2020-25212 CVE-2020-24490 CVE-2020-12352
CVE-2020-12351
Reference: ESB-2020.3621
ESB-2020.3595
ESB-2020.3593
ESB-2020.3592
ESB-2020.3516
Original Bulletin:
https://www.suse.com/support/update/announcement/2020/suse-su-20202980-1
https://www.suse.com/support/update/announcement/2020/suse-su-20202981-1
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:2980-1
Rating: critical
References: #1065600 #1065729 #1155798 #1165692 #1168468 #1171675
#1171688 #1174003 #1174098 #1175599 #1175621 #1175807
#1176019 #1176400 #1176907 #1176979 #1177090 #1177109
#1177121 #1177193 #1177194 #1177206 #1177258 #1177271
#1177283 #1177284 #1177285 #1177286 #1177297 #1177384
#1177511 #1177617 #1177681 #1177683 #1177687 #1177694
#1177697 #1177719 #1177724 #1177725 #1177726 #954532
Cross-References: CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 CVE-2020-25641
CVE-2020-25643 CVE-2020-25645
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Legacy Software 15-SP2
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________
An update that solves 6 vulnerabilities and has 36 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2020-12351: Fixed a type confusion while processing AMP packets aka
"BleedingTooth" aka "BadKarma" (bsc#1177724).
o CVE-2020-24490: Fixed a heap buffer overflow when processing extended
advertising report events aka "BleedingTooth" aka "BadVibes" (bsc#1177726).
o CVE-2020-12352: Fixed an information leak when processing certain AMP
packets aka "BleedingTooth" aka "BadChoice" (bsc#1177725).
o CVE-2020-25641: Fixed a zero-length biovec request issued by the block
subsystem could have caused the kernel to enter an infinite loop, causing a
denial of service (bsc#1177121).
o CVE-2020-25643: Fixed a memory corruption and a read overflow which could
have caused by improper input validation in the ppp_cp_parse_cr function
(bsc#1177206).
o CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints
may be unencrypted when IPsec is configured to encrypt traffic for the
specific UDP port used by the GENEVE tunnel allowing anyone between the two
endpoints to read the traffic unencrypted (bsc#1177511).
The following non-security bugs were fixed:
o 9p: Fix memory leak in v9fs_mount (git-fixes).
o ACPI: EC: Reference count query handlers under lock (git-fixes).
o airo: Fix read overflows sending packets (git-fixes).
o ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).
o arm64: Enable PCI write-combine resources under sysfs (bsc#1175807).
o ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes).
o ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1
(git-fixes).
o ASoC: kirkwood: fix IRQ error handling (git-fixes).
o ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions
(git-fixes).
o ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
(git-fixes).
o ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes).
o ath10k: fix array out-of-bounds access (git-fixes).
o ath10k: fix memory leak for tpc_stats_final (git-fixes).
o ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).
o Bluetooth: Fix refcount use-after-free issue (git-fixes).
o Bluetooth: guard against controllers sending zero'd events (git-fixes).
o Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes).
o Bluetooth: L2CAP: handle l2cap config request during open state
(git-fixes).
o Bluetooth: prefetch channel before killing sock (git-fixes).
o brcmfmac: Fix double freeing in the fmac usb data path (git-fixes).
o btrfs: block-group: do not set the wrong READA flag for
btrfs_read_block_groups() (bsc#1176019).
o btrfs: block-group: fix free-space bitmap threshold (bsc#1176019).
o btrfs: block-group: refactor how we delete one block group item (bsc#
1176019).
o btrfs: block-group: refactor how we insert a block group item (bsc#
1176019).
o btrfs: block-group: refactor how we read one block group item (bsc#
1176019).
o btrfs: block-group: rename write_one_cache_group() (bsc#1176019).
o btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#
1177687).
o btrfs: do not set the full sync flag on the inode during page release (bsc#
1177687).
o btrfs: do not take an extra root ref at allocation time (bsc#1176019).
o btrfs: drop logs when we've aborted a transaction (bsc#1176019).
o btrfs: fix a race between scrub and block group removal/allocation (bsc#
1176019).
o Btrfs: fix crash during unmount due to race with delayed inode workers (bsc
#1176019).
o btrfs: fix race between page release and a fast fsync (bsc#1177687).
o btrfs: free block groups after free'ing fs trees (bsc#1176019).
o btrfs: hold a ref on the root on the dead roots list (bsc#1176019).
o btrfs: kill the subvol_srcu (bsc#1176019).
o btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019).
o btrfs: make inodes hold a ref on their roots (bsc#1176019).
o btrfs: make the extent buffer leak check per fs info (bsc#1176019).
o btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#
1176019).
o btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc
#1176019).
o btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019).
o btrfs: only commit delayed items at fsync if we are logging a directory
(bsc#1177687).
o btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).
o btrfs: reduce contention on log trees when logging checksums (bsc#1177687).
o btrfs: release old extent maps during page release (bsc#1177687).
o btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019).
o btrfs: remove no longer needed use of log_writers for the log root tree
(bsc#1177687).
o btrfs: rename member 'trimming' of block group to a more generic name (bsc#
1176019).
o btrfs: scrub, only lookup for csums if we are dealing with a data extent
(bsc#1176019).
o btrfs: stop incremening log_batch for the log root tree when syncing log
(bsc#1177687).
o bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host
removal (git-fixes).
o clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
(git-fixes).
o clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk
(git-fixes).
o clk: tegra: Always program PLL_E when enabled (git-fixes).
o clk/ti/adpll: allocate room for terminating null (git-fixes).
o clocksource/drivers/h8300_timer8: Fix wrong return value in
h8300_8timer_init() (git-fixes).
o clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes).
o create Storage / NVMe subsection
o crypto: algif_aead - Do not set MAY_BACKLOG on the async path (git-fixes).
o crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).
o crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes).
o crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
(git-fixes).
o crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
(git-fixes).
o crypto: omap-sham - fix digcnt register handling with export/import
(git-fixes).
o crypto: picoxcell - Fix potential race condition bug (git-fixes).
o crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA (git-fixes).
o cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).
o Disable CONFIG_LIVEPATCH_IPA_CLONES where not needed Explicitly disable
CONFIG_LIVEPATCH_IPA_CLONES in configs where it is not needed to avoid
confusion and unwanted values due to fragment config files.
o dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq
fails (git-fixes).
o dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
(git-fixes).
o dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
(git-fixes).
o dmaengine: tegra-apb: Prevent race conditions on channel's freeing
(git-fixes).
o dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).
o dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling)
(git-fixes).
o drivers: char: tlclk.c: Avoid data race between init and interrupt handler
(git-fixes).
o drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
(git-fixes).
o drm/radeon: revert "Prefer lower feedback dividers" (bsc#1177384).
o drop Storage / bsc#1171688 subsection No effect on expanded tree.
o e1000: Do not perform reset in reset_task if we are already down
(git-fixes).
o ftrace: Move RCU is watching check after recursion check (git-fixes).
o fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193).
o gpio: mockup: fix resource leak in error path (git-fixes).
o gpio: rcar: Fix runtime PM imbalance on error (git-fixes).
o gpio: siox: explicitly support only threaded irqs (git-fixes).
o gpio: sprd: Clear interrupt when setting the type as edge (git-fixes).
o gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).
o hwmon: (applesmc) check status earlier (git-fixes).
o hwmon: (mlxreg-fan) Fix double "Mellanox" (git-fixes).
o hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61}
(git-fixes).
o i2c: aspeed: Mask IRQ status to relevant bits (git-fixes).
o i2c: core: Call i2c_acpi_install_space_handler() before
i2c_acpi_register_devices() (git-fixes).
o i2c: cpm: Fix i2c_ram structure (git-fixes).
o i2c: i801: Exclude device from suspend direct complete optimization
(git-fixes).
o i2c: meson: fix clock setting overwrite (git-fixes).
o i2c: meson: fixup rate calculation with filter delay (git-fixes).
o i2c: owl: Clear NACK and BUS error bits (git-fixes).
o i2c: tegra: Prevent interrupt triggering after transfer timeout
(git-fixes).
o i2c: tegra: Restore pinmux on system resume (git-fixes).
o ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).
o ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).
o iio: adc: qcom-spmi-adc5: fix driver name (git-fixes).
o ima: extend boot_aggregate with kernel measurements (bsc#1177617).
o Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532).
o iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#
1177297).
o iommu/amd: Fix potential @entry null deref (bsc#1177283).
o iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284).
o iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#
1177285).
o iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc
#1177286).
o iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).
o kabi fix for NFS: Fix flexfiles read failover (git-fixes).
o kabi: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing
PCI_COMMAND_MEMORY (bsc#1176979).
o kabi/severities: ignore kABI for target_core_rbd Match behaviour for all
other Ceph specific modules.
o kernel-binary.spec.in: Exclude .config.old from kernel-devel - use tar
excludes for .kernel-binary.spec.buildenv
o kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.
o leds: mlxreg: Fix possible buffer overflow (git-fixes).
o libceph-add-support-for-CMPEXT-compare-extent-reques.patch: (bsc#1177090).
o mac80211: do not allow bigger VHT MPDUs than the hardware supports
(git-fixes).
o mac80211: skip mpath lookup also for control port tx (git-fixes).
o mac802154: tx: fix use-after-free (git-fixes).
o macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).
o media: camss: Fix a reference count leak (git-fixes).
o media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes).
o media: mc-device.c: fix memleak in media_device_register_entity
(git-fixes).
o media: mx2_emmaprp: Fix memleak in emmaprp_probe (git-fixes).
o media: omap3isp: Fix memleak in isp_probe (git-fixes).
o media: ov5640: Correct Bit Div register in clock tree diagram (git-fixes).
o media: platform: fcp: Fix a reference count leak (git-fixes).
o media: rcar-csi2: Allocate v4l2_async_subdev dynamically (git-fixes).
o media: rcar-vin: Fix a reference count leak (git-fixes).
o media: rc: do not access device via sysfs after rc_unregister_device()
(git-fixes).
o media: rc: uevent sysfs file races with rc_unregister_device() (git-fixes).
o media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state
()" (git-fixes).
o media: rockchip/rga: Fix a reference count leak (git-fixes).
o media: s5p-mfc: Fix a reference count leak (git-fixes).
o media: smiapp: Fix error handling at NVM reading (git-fixes).
o media: staging/intel-ipu3: css: Correctly reset some memory (git-fixes).
o media: stm32-dcmi: Fix a reference count leak (git-fixes).
o media: tc358743: cleanup tc358743_cec_isr (git-fixes).
o media: tc358743: initialize variable (git-fixes).
o media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).
o media: ti-vpe: Fix a missing check and reference count leak (git-fixes).
o media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes).
o media: usbtv: Fix refcounting mixup (git-fixes).
o media: uvcvideo: Set media controller entity functions (git-fixes).
o media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes).
o media: v4l2-async: Document asd allocation requirements (git-fixes).
o mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes).
o mm: call cond_resched() from deferred_init_memmap() (git fixes (mm/init),
bsc#1177697).
o mmc: core: do not set limits.discard_granularity as 0 (git-fixes).
o mmc: core: Rework wp-gpio handling (git-fixes).
o mm, compaction: fully assume capture is not NULL in compact_zone_order()
(git fixes (mm/compaction), bsc#1177681).
o mm, compaction: make capture control handling safe wrt interrupts (git
fixes (mm/compaction), bsc#1177681).
o mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
(git-fixes).
o mmc: sdhci: Add LTR support for some Intel BYT based controllers
(git-fixes).
o mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS
models (git-fixes).
o mm/debug.c: always print flags in dump_page() (git fixes (mm/debug)).
o mm: initialize deferred pages with interrupts enabled (git fixes (mm/init),
bsc#1177697).
o mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() (bsc#
1177694).
o mm/migrate.c: also overwrite error when it is bigger than zero (git fixes
(mm/move_pages), bsc#1177683).
o mm: move_pages: report the number of non-attempted pages (git fixes (mm/
move_pages), bsc#1177683).
o mm: move_pages: return valid node id in status if the page is already on
the target node (git fixes (mm/move_pages), bsc#1177683).
o mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in
deferred init (git fixes (mm/init), bsc#1177697).
o mm, slab/slub: move and improve cache_from_obj() (mm/slub bsc#1165692). mm,
slab/slub: improve error reporting and overhead of cache_from_obj() (mm/
slub bsc#1165692).
o mm, slub: extend checks guarded by slub_debug static key (mm/slub bsc#
1165692).
o mm, slub: extend slub_debug syntax for multiple blocks (mm/slub bsc#
1165692).
o mm, slub: introduce kmem_cache_debug_flags() (mm/slub bsc#1165692).
o mm, slub: introduce static key for slub_debug() (mm/slub bsc#1165692).
o mm, slub: make reclaim_account attribute read-only (mm/slub bsc#1165692).
o mm, slub: make remaining slub_debug related attributes read-only (mm/slub
bsc#1165692).
o mm, slub: make some slub_debug related attributes read-only (mm/slub bsc#
1165692).
o mm, slub: remove runtime allocation order changes (mm/slub bsc#1165692).
o mm, slub: restore initial kmem_cache flags (mm/slub bsc#1165692).
o Move upstreamed intel-vbtn patch into sorted section
o mt76: add missing locking around ampdu action (git-fixes).
o mt76: clear skb pointers from rx aggregation reorder buffer during cleanup
(git-fixes).
o mt76: do not use devm API for led classdev (git-fixes).
o mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes).
o mt76: fix LED link time failure (git-fixes).
o mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of
cfi_amdstd_setup() (git-fixes).
o mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes).
o mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes).
o net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes).
o nfsd4: fix NULL dereference in nfsd/clients display code (git-fixes).
o NFS: Do not move layouts to plh_return_segs list while in use (git-fixes).
o NFS: Do not return layout segments that are in use (git-fixes).
o NFS: ensure correct writeback errors are returned on close() (git-fixes).
o NFS: Fix flexfiles read failover (git-fixes).
o NFS: Fix security label length not being reset (bsc#1176381).
o NFS: nfs_file_write() should check for writeback errors (git-fixes).
o NFSv4.2: fix client's attribute cache management for copy_file_range
(git-fixes).
o nvme-multipath: retry commands for dying queues (bsc#1171688).
o patches.suse/target-compare-and-write-backend-driver-sense-handli.patch:
(bsc#1177719).
o patches.suse/target-rbd-detect-stripe_unit-SCSI-block-size-misali.patch
(bsc#1177090).
o patches.suse/target-rbd-support-COMPARE_AND_WRITE.patch: (fate#318836, bsc#
1177090).
o PCI: Avoid double hpmemsize MMIO window assignment (git-fixes).
o PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).
o PCI: tegra194: Fix runtime PM imbalance on error (git-fixes).
o PCI: tegra: Fix runtime PM imbalance on error (git-fixes).
o phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes).
o pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB (git-fixes).
o pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).
o Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes).
o platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
(git-fixes).
o platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes).
o platform/x86: intel_pmc_core: do not create a static struct device
(git-fixes).
o platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE
reporting (bsc#1175599).
o platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
(git-fixes).
o platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
(git-fixes).
o pNFS/flexfiles: Ensure we initialise the mirror bsizes correctly on read
(git-fixes).
o powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).
o power: supply: max17040: Correct voltage reading (git-fixes).
o qla2xxx: Return EBUSY on fcport deletion (bsc#1171688).
o r8169: fix data corruption issue on RTL8402 (bsc#1174098).
o rbd-add-rbd_img_fill_cmp_and_write_from_bvecs.patch: (bsc#1177090).
o rbd-add-support-for-COMPARE_AND_WRITE-CMPEXT.patch: (bsc#1177090).
o RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request (bsc#
1175621).
o Refresh patches.suse/
fnic-to-not-call-scsi_done-for-unhandled-commands.patch (bsc#1168468, bsc#
1171675).
o regulator: axp20x: fix LDO2/4 description (git-fixes).
o regulator: resolve supply after creating regulator (git-fixes).
o rename Other drivers / Intel IOMMU subsection to IOMMU
o Rename patches to the same name as in SLE15-SP3.
o Rename scsi-fnic-do-not-call-scsi_done-for-unhandled-commands.patch Fix
typo in patch file name.
o rtc: ds1374: fix possible race condition (git-fixes).
o rtc: sa1100: fix possible race condition (git-fixes).
o s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#
1176979).
o sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU
scheduler functional and performance backports)).
o sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#
1155798 (CPU scheduler functional and performance backports)).
o sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler
functional and performance backports)).
o scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername()
(bsc#1177258).
o scsi: qla2xxx: Add IOCB resource tracking (bsc#1171688 bsc#1174003).
o scsi: qla2xxx: Add rport fields in debugfs (bsc#1171688 bsc#1174003).
o scsi: qla2xxx: Add SLER and PI control support (bsc#1171688 bsc#1174003).
o scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1171688
bsc#1174003).
o scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1171688 bsc
#1174003).
o scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1171688 bsc#
1174003).
o scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1171688 bsc#
1174003).
o scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#
1171688 bsc#1174003).
o scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#
1171688 bsc#1174003).
o scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#
1171688 bsc#1174003).
o scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1171688 bsc#
1174003).
o scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#
1171688 bsc#1174003).
o scsi: qla2xxx: Fix memory size truncation (bsc#1171688 bsc#1174003).
o scsi: qla2xxx: Fix MPI reset needed message (bsc#1171688 bsc#1174003).
o scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1171688
bsc#1174003).
o scsi: qla2xxx: Fix reset of MPI firmware (bsc#1171688 bsc#1174003).
o scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1171688 bsc#
1174003).
o scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#
1171688 bsc#1174003).
o scsi: qla2xxx: Performance tweak (bsc#1171688 bsc#1174003).
o scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1171688 bsc#
1174003).
o scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1171688 bsc#1174003).
o scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1171688 bsc#
1174003).
o scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1171688 bsc#1174003).
o scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1171688 bsc#1174003).
o serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
(git-fixes).
o serial: 8250_omap: Fix sleeping function called from invalid context during
probe (git-fixes).
o serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).
o serial: uartps: Wait for tx_empty in console setup (git-fixes).
o spi: dw-pci: free previously allocated IRQs if desc->setup() fails
(git-fixes).
o spi: fsl-espi: Only process interrupts for expected events (git-fixes).
o spi: omap2-mcspi: Improve performance waiting for CHSTAT (git-fixes).
o spi: sprd: Release DMA channel also on probe deferral (git-fixes).
o spi: stm32: Rate-limit the 'Communication suspended' message (git-fixes).
o svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (git-fixes).
o target-rbd-add-emulate_legacy_capacity-dev-attribute.patch: (bsc#1177109).
o target-rbd-add-WRITE-SAME-support.patch: (bsc#1177090).
o target-rbd-conditionally-fix-off-by-one-bug-in-get_b.patch: (bsc#1177109).
o target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271).
o target-rbd-fix-unmap-handling-with-unmap_zeroes_data.patch: (bsc#1177271).
o thermal: rcar_thermal: Handle probe error gracefully (git-fixes).
o Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#
1177194).
o USB: dwc3: Increase timeout for CmdAct cleared by device controller
(git-fixes).
o USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).
o USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
(git-fixes).
o USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).
o vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#
1176979).
o virtio-net: do not disable guest csum when disable LRO (git-fixes).
o vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).
o wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes).
o wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes).
o x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10
compiled kernels (bsc#1176907).
o xen/events: do not use chip_data for legacy IRQs (bsc#1065600).
o xprtrdma: fix incorrect header size calculations (git-fixes).
o yam: fix possible memory leak in yam_init_driver (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2980=1
o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2980=1
o SUSE Linux Enterprise Module for Legacy Software 15-SP2:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2980=1
o SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2980=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2980=1
o SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2980=1
Package List:
o SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
kernel-default-debuginfo-5.3.18-24.29.2
kernel-default-debugsource-5.3.18-24.29.2
kernel-default-extra-5.3.18-24.29.2
kernel-default-extra-debuginfo-5.3.18-24.29.2
o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-default-debuginfo-5.3.18-24.29.2
kernel-default-debugsource-5.3.18-24.29.2
kernel-default-livepatch-5.3.18-24.29.2
kernel-default-livepatch-devel-5.3.18-24.29.2
kernel-livepatch-5_3_18-24_29-default-1-5.3.3
kernel-livepatch-5_3_18-24_29-default-debuginfo-1-5.3.3
kernel-livepatch-SLE15-SP2_Update_5-debugsource-1-5.3.3
o SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-default-debuginfo-5.3.18-24.29.2
kernel-default-debugsource-5.3.18-24.29.2
reiserfs-kmp-default-5.3.18-24.29.2
reiserfs-kmp-default-debuginfo-5.3.18-24.29.2
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-5.3.18-24.29.2
kernel-obs-build-debugsource-5.3.18-24.29.2
kernel-syms-5.3.18-24.29.2
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-24.29.2
kernel-preempt-debugsource-5.3.18-24.29.2
kernel-preempt-devel-5.3.18-24.29.2
kernel-preempt-devel-debuginfo-5.3.18-24.29.2
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):
kernel-docs-5.3.18-24.29.2
kernel-source-5.3.18-24.29.2
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
kernel-default-5.3.18-24.29.2
kernel-default-base-5.3.18-24.29.2.9.9.3
kernel-default-debuginfo-5.3.18-24.29.2
kernel-default-debugsource-5.3.18-24.29.2
kernel-default-devel-5.3.18-24.29.2
kernel-default-devel-debuginfo-5.3.18-24.29.2
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):
kernel-preempt-5.3.18-24.29.2
kernel-preempt-debuginfo-5.3.18-24.29.2
kernel-preempt-debugsource-5.3.18-24.29.2
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
kernel-devel-5.3.18-24.29.2
kernel-macros-5.3.18-24.29.2
o SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-5.3.18-24.29.2
cluster-md-kmp-default-debuginfo-5.3.18-24.29.2
dlm-kmp-default-5.3.18-24.29.2
dlm-kmp-default-debuginfo-5.3.18-24.29.2
gfs2-kmp-default-5.3.18-24.29.2
gfs2-kmp-default-debuginfo-5.3.18-24.29.2
kernel-default-debuginfo-5.3.18-24.29.2
kernel-default-debugsource-5.3.18-24.29.2
ocfs2-kmp-default-5.3.18-24.29.2
ocfs2-kmp-default-debuginfo-5.3.18-24.29.2
References:
o https://www.suse.com/security/cve/CVE-2020-12351.html
o https://www.suse.com/security/cve/CVE-2020-12352.html
o https://www.suse.com/security/cve/CVE-2020-24490.html
o https://www.suse.com/security/cve/CVE-2020-25641.html
o https://www.suse.com/security/cve/CVE-2020-25643.html
o https://www.suse.com/security/cve/CVE-2020-25645.html
o https://bugzilla.suse.com/1065600
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1155798
o https://bugzilla.suse.com/1165692
o https://bugzilla.suse.com/1168468
o https://bugzilla.suse.com/1171675
o https://bugzilla.suse.com/1171688
o https://bugzilla.suse.com/1174003
o https://bugzilla.suse.com/1174098
o https://bugzilla.suse.com/1175599
o https://bugzilla.suse.com/1175621
o https://bugzilla.suse.com/1175807
o https://bugzilla.suse.com/1176019
o https://bugzilla.suse.com/1176400
o https://bugzilla.suse.com/1176907
o https://bugzilla.suse.com/1176979
o https://bugzilla.suse.com/1177090
o https://bugzilla.suse.com/1177109
o https://bugzilla.suse.com/1177121
o https://bugzilla.suse.com/1177193
o https://bugzilla.suse.com/1177194
o https://bugzilla.suse.com/1177206
o https://bugzilla.suse.com/1177258
o https://bugzilla.suse.com/1177271
o https://bugzilla.suse.com/1177283
o https://bugzilla.suse.com/1177284
o https://bugzilla.suse.com/1177285
o https://bugzilla.suse.com/1177286
o https://bugzilla.suse.com/1177297
o https://bugzilla.suse.com/1177384
o https://bugzilla.suse.com/1177511
o https://bugzilla.suse.com/1177617
o https://bugzilla.suse.com/1177681
o https://bugzilla.suse.com/1177683
o https://bugzilla.suse.com/1177687
o https://bugzilla.suse.com/1177694
o https://bugzilla.suse.com/1177697
o https://bugzilla.suse.com/1177719
o https://bugzilla.suse.com/1177724
o https://bugzilla.suse.com/1177725
o https://bugzilla.suse.com/1177726
o https://bugzilla.suse.com/954532
- -------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:2981-1
Rating: critical
References: #1065729 #1140683 #1152624 #1172538 #1172757 #1174748
#1175520 #1176381 #1176400 #1176713 #1176946 #1177027
#1177340 #1177359 #1177511 #1177685 #1177687 #1177724
#1177725
Cross-References: CVE-2020-12351 CVE-2020-12352 CVE-2020-25212 CVE-2020-25645
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________
An update that solves four vulnerabilities and has 15 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2020-12351: Fixed a type confusion while processing AMP packets aka
"BleedingTooth" aka "BadKarma" (bsc#1177724).
o CVE-2020-12352: Fixed an information leak when processing certain AMP
packets aka "BleedingTooth" aka "BadChoice" (bsc#1177725).
o CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints
may be unencrypted when IPsec is configured to encrypt traffic for the
specific UDP port used by the GENEVE tunnel allowing anyone between the two
endpoints to read the traffic unencrypted (bsc#1177511).
o CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bsc#
1176381).
The following non-security bugs were fixed:
o btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#
1177687).
o btrfs: do not set the full sync flag on the inode during page release (bsc#
1177687).
o btrfs: fix incorrect updating of log root tree (bsc#1177687).
o btrfs: fix race between page release and a fast fsync (bsc#1177687).
o btrfs: only commit delayed items at fsync if we are logging a directory
(bsc#1177687).
o btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).
o btrfs: reduce contention on log trees when logging checksums (bsc#1177687).
o btrfs: release old extent maps during page release (bsc#1177687).
o btrfs: remove no longer needed use of log_writers for the log root tree
(bsc#1177687).
o btrfs: stop incremening log_batch for the log root tree when syncing log
(bsc#1177687).
o drm/amdgpu: prevent double kfree ttm->sg (git-fixes).
o drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).
o drm/sun4i: mixer: Extend regmap max_register (git-fixes).
o ext4: fix dir_nlink behaviour (bsc#1177359).
o i2c: meson: fix clock setting overwrite (git-fixes).
o include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm
/swap)).
o iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).
o leds: mt6323: move period calculation (git-fixes).
o mac80211: do not allow bigger VHT MPDUs than the hardware supports
(git-fixes).
o macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).
o mfd: sm501: Fix leaks in probe() (git-fixes).
o mmc: core: do not set limits.discard_granularity as 0 (git-fixes).
o mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).
o mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
(git-fixes (mm/hugetlb)).
o mm/ksm.c: do not WARN if page is still mapped in remove_stable_node()
(git-fixes (mm/hugetlb)).
o mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#
1177685).
o mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/
mempolicy)).
o mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes
(mm/mempolicy)).
o mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking
page tables prot_numa (git-fixes (mm/numa)).
o mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages
(git-fixes (mm/debug)).
o mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
(git-fixes (mm/writeback)).
o mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/
writeback)).
o mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide
(git-fixes (mm/writeback)).
o mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).
o mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/
zsmalloc)).
o mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/
zsmalloc)).
o mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/
zsmalloc)).
o mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
(git-fixes (mm/zsmalloc)).
o Move the upstreamed bluetooth fix into sorted section
o net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
(git-fixes).
o NFS: On fatal writeback errors, we need to call nfs_inode_remove_request()
(bsc#1177340).
o NFS: Revalidate the file mapping on all fatal writeback errors (bsc#
1177340).
o NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624).
o nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#
1174748). add two previous futile attempts to fix the bug to blacklist.conf
o nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748).
o nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748).
o nvme: fix possible io failures when removing multipathed ns (bsc#1174748).
o nvme: make nvme_identify_ns propagate errors back (bsc#1174748).
o nvme: make nvme_report_ns_ids propagate error back (bsc#1174748).
o nvme-multipath: do not reset on unknown status (bsc#1174748).
o nvme: Namepace identification descriptor list is optional (bsc#1174748).
o nvme: pass status to nvme_error_status (bsc#1174748).
o nvme-rdma: Avoid double freeing of async event data (bsc#1174748).
o nvme: return error from nvme_alloc_ns() (bsc#1174748).
o platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).
o powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).
o pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes).
o scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#
1140683).
o scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683).
o scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32()
(bsc#1140683).
o scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#
1140683).
o scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#
1140683).
o scsi: hisi_sas: Do some more tidy-up (bsc#1140683).
o scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#
1140683).
o scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs
code (bsc#1140683). Refresh:
o scsi: hisi_sas: No need to check return value of debugfs_create functions
(bsc#1140683). Update:
o scsi: hisi_sas: Some misc tidy-up (bsc#1140683).
o scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#
1172538).
o scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#
1172538).
o scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc
#1172538).
o scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946
bsc#1175520 bsc#1172538).
o scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc
#1175520 bsc#1172538).
o scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#
1175520 bsc#1172538).
o scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#
1175520 bsc#1172538).
o scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#
1176946 bsc#1175520 bsc#1172538).
o scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#
1176946 bsc#1175520 bsc#1172538).
o scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#
1176946 bsc#1175520 bsc#1172538).
o scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#
1175520 bsc#1172538).
o scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#
1176946 bsc#1175520 bsc#1172538).
o scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#
1172538).
o scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#
1172538).
o scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946
bsc#1175520 bsc#1172538).
o scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#
1172538).
o scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#
1175520 bsc#1172538).
o scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#
1176946 bsc#1175520 bsc#1172538).
o scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).
o scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#
1175520 bsc#1172538).
o scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc
#1172538).
o scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#
1175520 bsc#1172538).
o scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520
bsc#1172538).
o scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520
bsc#1172538).
o spi: fsl-espi: Only process interrupts for expected events (git-fixes).
o tty: serial: earlycon dependency (git-fixes).
o x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)).
o x86/xen: disable Firmware First mode for correctable memory errors (bsc#
1176713).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2981=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2981=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2981=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2981=1
o SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2981=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.46.1
kernel-default-debugsource-4.12.14-122.46.1
kernel-default-extra-4.12.14-122.46.1
kernel-default-extra-debuginfo-4.12.14-122.46.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-4.12.14-122.46.1
kernel-obs-build-debugsource-4.12.14-122.46.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.46.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.46.1
kernel-default-base-4.12.14-122.46.1
kernel-default-base-debuginfo-4.12.14-122.46.1
kernel-default-debuginfo-4.12.14-122.46.1
kernel-default-debugsource-4.12.14-122.46.1
kernel-default-devel-4.12.14-122.46.1
kernel-syms-4.12.14-122.46.1
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.46.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.46.1
kernel-macros-4.12.14-122.46.1
kernel-source-4.12.14-122.46.1
o SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.46.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.46.1
kernel-default-debugsource-4.12.14-122.46.1
kernel-default-kgraft-4.12.14-122.46.1
kernel-default-kgraft-devel-4.12.14-122.46.1
kgraft-patch-4_12_14-122_46-default-1-8.5.1
o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.46.1
cluster-md-kmp-default-debuginfo-4.12.14-122.46.1
dlm-kmp-default-4.12.14-122.46.1
dlm-kmp-default-debuginfo-4.12.14-122.46.1
gfs2-kmp-default-4.12.14-122.46.1
gfs2-kmp-default-debuginfo-4.12.14-122.46.1
kernel-default-debuginfo-4.12.14-122.46.1
kernel-default-debugsource-4.12.14-122.46.1
ocfs2-kmp-default-4.12.14-122.46.1
ocfs2-kmp-default-debuginfo-4.12.14-122.46.1
References:
o https://www.suse.com/security/cve/CVE-2020-12351.html
o https://www.suse.com/security/cve/CVE-2020-12352.html
o https://www.suse.com/security/cve/CVE-2020-25212.html
o https://www.suse.com/security/cve/CVE-2020-25645.html
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1140683
o https://bugzilla.suse.com/1152624
o https://bugzilla.suse.com/1172538
o https://bugzilla.suse.com/1172757
o https://bugzilla.suse.com/1174748
o https://bugzilla.suse.com/1175520
o https://bugzilla.suse.com/1176381
o https://bugzilla.suse.com/1176400
o https://bugzilla.suse.com/1176713
o https://bugzilla.suse.com/1176946
o https://bugzilla.suse.com/1177027
o https://bugzilla.suse.com/1177340
o https://bugzilla.suse.com/1177359
o https://bugzilla.suse.com/1177511
o https://bugzilla.suse.com/1177685
o https://bugzilla.suse.com/1177687
o https://bugzilla.suse.com/1177724
o https://bugzilla.suse.com/1177725
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX5JbSuNLKJtyKPYoAQgCQw/6A7i0hSs7g2aQG5FNxLobwjngRPmYt962
kXhfCGEYAteqagomqfNnWlT34Rr6+41J4EzW0ZZNJodF28qGety8+VJV+Q1iIEen
l8rEh1wBnPZePnVH10faOStClhqEN8LqEOQqrKJvYmJsp89NGmuOEUfr5vlJ0O3h
bxtJsEZsfhRUWWKgs5C2WZyqtw0TpnFOetIV/zopL4nWaFbiYoLW6NU04L4caAOS
GFJRVAXz2UQHDdr+hhZ0qfqkgCjf6IeU8fynb4gbWfaV1XJwWbFr94J9TJPkzNsm
/kH1LshyuTMvACfQWunGcUnsBYaI2ZJs5sTDJjBAyWj7T5mIUKraWwpEKfqOQnpB
pRLrFXam/PVY093yku8p7lpu1SMv/HQLTW9sBcxMDSfBHEvXsl61BjbtXl5o2kjw
VIqh8ukGDQ3FUulZRCJzs95Ph1j/fAiq34SnWKHapvm1aQPatx4QSZi2DzdLDDGE
1oE6vfOnn1EEbInI6yGsjjeNgSYqkgUVigM7lBFZJrx02PkLEEAqigwPgxYipNfR
t2KgSEsM9iwnjQ6U89k6xdrmZzlER61HPX2Ye86JCkLz5IPkutVvE5J3ehdx5Uxb
6ASQ2Z3TeAOOKlRT5wxDLtSzqEDXtOtW+dLuCO69c+Ded1o0ElYeh+QKRzJ+xGL+
nUmJMzHlWCA=
=0h69
-----END PGP SIGNATURE-----