Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1745.2
SUSE-SU-2020:1255-1 Security update for the Linux Kernel
18 May 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-11609 CVE-2020-11608 CVE-2020-11494
CVE-2020-10942 CVE-2020-10720 CVE-2020-10690
CVE-2020-9383 CVE-2020-8992 CVE-2020-8649
CVE-2020-8648 CVE-2020-8647 CVE-2020-2732
CVE-2019-20096 CVE-2019-20054 CVE-2019-19966
CVE-2019-19965 CVE-2019-19768 CVE-2019-19767
CVE-2019-19537 CVE-2019-19536 CVE-2019-19535
CVE-2019-19534 CVE-2019-19533 CVE-2019-19532
CVE-2019-19531 CVE-2019-19530 CVE-2019-19527
CVE-2019-19525 CVE-2019-19524 CVE-2019-19523
CVE-2019-19447 CVE-2019-19332 CVE-2019-19319
CVE-2019-19074 CVE-2019-19073 CVE-2019-19066
CVE-2019-19062 CVE-2019-19052 CVE-2019-18683
CVE-2019-18675 CVE-2019-18660 CVE-2019-15213
CVE-2019-14901 CVE-2019-14897 CVE-2019-14896
CVE-2019-14895 CVE-2019-14615 CVE-2019-9458
CVE-2019-9455 CVE-2019-5108 CVE-2019-3701
CVE-2018-21008 CVE-2017-18255
Reference: ESB-2020.1729
ESB-2020.1673
ESB-2020.1669
ESB-2020.1585
Original Bulletin:
https://www.suse.com/support/update/announcement/2020/suse-su-20201255-1.html
Revision History: May 18 2020: Sending with new PGP key
May 15 2020: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:1255-1
Rating: important
References: #1037216 #1075091 #1075994 #1087082 #1087813 #1091041
#1099279 #1120386 #1131107 #1133147 #1136449 #1137325
#1146519 #1146544 #1146612 #1149591 #1153811 #1154844
#1155311 #1155897 #1156060 #1157038 #1157042 #1157070
#1157143 #1157155 #1157157 #1157158 #1157303 #1157324
#1157333 #1157464 #1157804 #1157923 #1158021 #1158132
#1158381 #1158394 #1158398 #1158410 #1158413 #1158417
#1158427 #1158445 #1158819 #1158823 #1158824 #1158827
#1158834 #1158900 #1158903 #1158904 #1159199 #1159285
#1159297 #1159841 #1159908 #1159910 #1159911 #1159912
#1160195 #1162227 #1162298 #1162928 #1162929 #1162931
#1163971 #1164069 #1164078 #1164846 #1165111 #1165311
#1165873 #1165881 #1165984 #1165985 #1167629 #1168075
#1168295 #1168424 #1168829 #1168854 #1170056 #1170345
#1170778
Cross-References: CVE-2017-18255 CVE-2018-21008 CVE-2019-14615 CVE-2019-14895
CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15213
CVE-2019-18660 CVE-2019-18675 CVE-2019-18683 CVE-2019-19052
CVE-2019-19062 CVE-2019-19066 CVE-2019-19073 CVE-2019-19074
CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523
CVE-2019-19524 CVE-2019-19525 CVE-2019-19527 CVE-2019-19530
CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534
CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19767
CVE-2019-19768 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054
CVE-2019-20096 CVE-2019-3701 CVE-2019-5108 CVE-2019-9455
CVE-2019-9458 CVE-2020-10690 CVE-2020-10720 CVE-2020-10942
CVE-2020-11494 CVE-2020-11608 CVE-2020-11609 CVE-2020-2732
CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-8992
CVE-2020-9383
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise High Availability 12-SP2
______________________________________________________________________________
An update that solves 53 vulnerabilities and has 32 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/
slcan.c, which allowed attackers to read uninitialized can_frame data,
potentially containing sensitive information from kernel stack memory, if
the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).
o CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation
of an sk_family field, which might allow attackers to trigger kernel stack
corruption via crafted system calls (bnc#1167629).
o CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize
function in drivers/tty/vt/vt.c (bnc#1162929).
o CVE-2020-8649: Fixed a use-after-free vulnerability in the
vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#
1162931).
o CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which
leads to a wait_til_ready out-of-bounds read (bnc#1165111).
o CVE-2019-9458: In the video driver there was a use after free due to a race
condition. This could lead to local escalation of privilege with no
additional execution privileges needed (bnc#1168295).
o CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system
crash (bnc#1120386).
o CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in
kernel/trace/blktrace.c (bnc#1159285).
o CVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx subsystem
caused by mishandling invalid descriptors (bnc#1168854).
o CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#
1170778).
o CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev
(bsc#1170056).
o CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video
driver. This could lead to local information disclosure with System
execution privileges needed (bnc#1170345).
o CVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c caused by
a NULL pointer dereferences in ov511_mode_init_regs and
ov518_mode_init_regs when there are zero endpoints (bnc#1168829).
o CVE-2017-18255: The perf_cpu_time_max_percent_handler function in kernel/
events/core.c allowed local users to cause a denial of service (integer
overflow) or possibly have unspecified other impact via a large value, as
demonstrated by an incorrect sample-rate calculation (bnc#1087813).
o CVE-2020-8648: There was a use-after-free vulnerability in the
n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928).
o CVE-2020-2732: A flaw was discovered in the way that the KVM hypervisor
handled instruction emulation for an L2 guest when nested virtualisation is
enabled. Under some circumstances, an L2 guest may trick the L0 guest into
accessing sensitive L1 resources that should be inaccessible to the L2
guest (bnc#1163971).
o CVE-2019-5108: Fixed a denial-of-service vulnerability caused by triggering
AP to send IAPP location updates for stations before the required
authentication process has completed (bnc#1159912).
o CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c
allowed attackers to cause a denial of service (soft lockup) via a crafted
journal size (bnc#1164069).
o CVE-2018-21008: Fixed a use-after-free which could be caused by the
function rsi_mac80211_detach in the file drivers/net/wireless/rsi/
rsi_91x_mac80211.c (bnc#1149591).
o CVE-2019-14896: A heap-based buffer overflow vulnerability was found in
Marvell WiFi chip driver. A remote attacker could cause a denial of service
(system crash) or, possibly execute arbitrary code, when the
lbs_ibss_join_existing function is called after a STA connects to an AP
(bnc#1157157).
o CVE-2019-14897: A stack-based buffer overflow was found in Marvell WiFi
chip driver. An attacker is able to cause a denial of service (system
crash) or, possibly execute arbitrary code, when a STA works in IBSS mode
(allows connecting stations together without the use of an AP) and connects
to another STA (bnc#1157155).
o CVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in drivers/
media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation.
This allowed local users (with /dev/video0 access) to obtain read and write
permissions on kernel physical pages, which can possibly result in a
privilege escalation (bnc#1157804).
o CVE-2019-14615: Insufficient control flow in certain data structures for
some Intel(R) Processors with Intel(R) Processor Graphics may have allowed
an unauthenticated user to potentially enable information disclosure via
local access (bnc#1160195, bsc#1165881).
o CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/
sas_discover.c because of mishandling of port disconnection during
discovery, related to a PHY down race condition (bnc#1159911).
o CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in
fs/proc/proc_sysctl.c, related to put_links (bnc#1159910).
o CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/
feat.c, which may cause denial of service (bnc#1159908).
o CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb
/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841).
o CVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem
image, performing some operations, and unmounting could lead to a
use-after-free in ext4_put_super in fs/ext4/super.c, related to
dump_orphan_list in fs/ext4/super.c (bnc#1158819).
o CVE-2019-19319: Fixed an issue with a setxattr operation, after a mount of
a crafted ext4 image, can cause a slab-out-of-bounds write access because
of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large
old_size value is used in a memset call (bnc#1158021).
o CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as
demonstrated by use-after-free errors in __ext4_expand_extra_isize and
ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#
1159297).
o CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in
drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of
service (memory consumption) by triggering bfa_port_get_stats() failures
(bnc#1157303).
o CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid
(bsc#1158827).
o CVE-2019-19537: There was a race condition bug that could have been caused
by a malicious USB device in the USB character device driver layer (bnc#
1158904).
o CVE-2019-19535: There was an info-leak bug that could have been caused by a
malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c
driver (bnc#1158903).
o CVE-2019-19527: There was a use-after-free bug that could have been caused
by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#
1158900).
o CVE-2019-19533: There was an info-leak bug that could have been caused by a
malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver
(bnc#1158834).
o CVE-2019-19532: There were multiple out-of-bounds write bugs that could
have been caused by a malicious USB device in the Linux kernel HID drivers
(bnc#1158824).
o CVE-2019-19523: There was a use-after-free bug that could have been caused
by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#
1158823).
o CVE-2019-15213: An issue was discovered in the Linux kernel, there was a
use-after-free caused by a malicious USB device in the drivers/media/usb/
dvb-usb/dvb-usb-init.c driver (bnc#1146544).
o CVE-2019-19531: There was a use-after-free bug that can be caused by a
malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445).
o CVE-2019-19525: There was a use-after-free bug that can be caused by a
malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#
1158417).
o CVE-2019-19530: There was a use-after-free bug that can be caused by a
malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#
1158410).
o CVE-2019-19536: There was an info-leak bug that can be caused by a
malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c
driver (bnc#1158394).
o CVE-2019-19524: There was a use-after-free bug that can be caused by a
malicious USB device in the drivers/input/ff-memless.c driver (bnc#
1158413).
o CVE-2019-19534: There was an info-leak bug that can be caused by a
malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c
driver (bnc#1158398).
o CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in
Marvell WiFi chip driver. The vulnerability allowed a remote attacker to
cause a system crash, resulting in a denial of service, or execute
arbitrary code. The highest threat with this vulnerability is with the
availability of the system. If code execution occurs, the code will run
with the permissions of root. This will affect both confidentiality and
integrity of files on the system (bnc#1157042).
o CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi chip
driver. The flaw could occur when the station attempts a connection
negotiation during the handling of the remote devices country settings.
This could allow the remote device to cause a denial of service (system
crash) or possibly execute arbitrary code (bnc#1157158).
o CVE-2019-18660: Fixed a information disclosure on powerpc related to the
Spectre-RSB mitigation. This is related to arch/powerpc/kernel/entry_64.S
and arch/powerpc/kernel/security.c (bnc#1157038 1157923).
o CVE-2019-18683: Fixed a privilege escalation where local users have /dev/
video0 access, but only if the driver happens to be loaded. There are
multiple race conditions during streaming stopping in this driver (part of
the V4L2 subsystem) (bnc#1155897).
o CVE-2019-19062: Fixed a memory leak in the crypto_report() function in
crypto/crypto_user_base.c, which allowed attackers to cause a denial of
service (memory consumption) by triggering crypto_report_alg() failures
(bnc#1157333).
o CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/
can/usb/gs_usb.c allowed attackers to cause a denial of service (memory
consumption) by triggering usb_submit_urb() failures (bnc#1157324).
o CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/
net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service
(memory consumption) (bnc#1157143).
o CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c
allowed attackers to cause a denial of service (memory consumption) by
triggering wait_for_completion_timeout() failures (bnc#1157070).
The following non-security bugs were fixed:
o blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
o blktrace: fix dereference after null check (bsc#1159285).
o blktrace: fix trace mutex deadlock (bsc#1159285).
o btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (bsc#1155311).
o btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer
dereference (bsc#1155311).
o btrfs: qgroup: Cleanup old subtree swap code (bsc#1155311).
o btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#
1155311).
o btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree
(bsc#1155311).
o btrfs: qgroup: Introduce function to trace two swaped extents (bsc#
1155311).
o btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#
1155311).
o btrfs: qgroup: Only trace data extents in leaves if we're relocating data
block group (bsc#1155311).
o btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1155311).
o btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1155311).
o btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc
#1155311).
o btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON()
(bsc#1155311).
o btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#
1155311).
o btrfs: relocation: fix use-after-free on dead relocation roots (bsc#
1155311).
o btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root
lifespan (bsc#1155311).
o cgroup: avoid copying strings longer than the buffers (bsc#1146544).
o cgroup: use strlcpy() instead of strscpy() to avoid spurious warning (bsc#
1146544).
o enic: prevent waking up stopped tx queues over watchdog reset (bsc#
1133147).
o ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449).
o fix PageHeadHuge() race with THP split (VM Functionality, bsc#1165311).
o fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279 bsc#1156060).
o fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#
1165985).
o futex: Use smp_store_release() in mark_wake_futex() (bsc#1157464).
o Input: add safety guards to input_set_keycode() (bsc#1168075).
o ipv4: correct gso_size for UFO (bsc#1154844).
o ipv6: fix memory accounting during ipv6 queue expire (bsc#1162227) (bsc#
1162227).
o ipvlan: do not add hardware address of master to its unicast filter list
(bsc#1137325).
o media: ov519: add missing endpoint sanity checks (bsc#1168829).
o media: stv06xx: add missing descriptor sanity checks (bsc#1168854).
o netfilter: conntrack: sctp: use distinct states for new SCTP connections
(bsc#1159199).
o netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612).
o powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107).
o powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041).
o powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107).
o powerpc/64s: Add new security feature flags for count cache flush (bsc#
1131107).
o powerpc/64s: Add support for software count cache flush (bsc#1131107).
o powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107).
o powerpc/asm: Add a patch_site macro & helpers for patching instructions
(bsc#1131107).
o powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107).
o powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107).
o powerpc/powernv: Query firmware for count cache flush settings (bsc#
1131107).
o powerpc/pseries: Query hypervisor for count cache flush settings (bsc#
1131107).
o powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041).
o powerpc/security: Fix spectre_v2 reporting (bsc#1131107).
o powerpc/security: Fix wrong message when RFI Flush is disable (bsc#
1131107).
o powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107).
o route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
(bsc#1037216).
o sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132).
o string: drop __must_check from strscpy() and restore strscpy() usages in
cgroup (bsc#1146544).
o x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811).
o x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#
1153811).
o x86/mitigations: Clear CPU buffers on the SYSCALL fast path (bsc#1164846).
o xen/pv: Fix a boot up hang revealed by int3 self test (bsc#1153811).
o xfs: also remove cached ACLs when removing the underlying attr (bsc#
1165873).
o xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#
1165984).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1255=1
o SUSE Linux Enterprise Server for SAP 12-SP2:
zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1255=1
o SUSE Linux Enterprise Server 12-SP2-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1255=1
o SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1255=1
o SUSE Linux Enterprise High Availability 12-SP2:
zypper in -t patch SUSE-SLE-HA-12-SP2-2020-1255=1
Package List:
o SUSE OpenStack Cloud 7 (s390x x86_64):
kernel-default-4.4.121-92.129.1
kernel-default-base-4.4.121-92.129.1
kernel-default-base-debuginfo-4.4.121-92.129.1
kernel-default-debuginfo-4.4.121-92.129.1
kernel-default-debugsource-4.4.121-92.129.1
kernel-default-devel-4.4.121-92.129.1
kernel-syms-4.4.121-92.129.1
o SUSE OpenStack Cloud 7 (x86_64):
kgraft-patch-4_4_121-92_129-default-1-3.3.1
o SUSE OpenStack Cloud 7 (noarch):
kernel-devel-4.4.121-92.129.1
kernel-macros-4.4.121-92.129.1
kernel-source-4.4.121-92.129.1
o SUSE OpenStack Cloud 7 (s390x):
kernel-default-man-4.4.121-92.129.1
o SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
kernel-default-4.4.121-92.129.1
kernel-default-base-4.4.121-92.129.1
kernel-default-base-debuginfo-4.4.121-92.129.1
kernel-default-debuginfo-4.4.121-92.129.1
kernel-default-debugsource-4.4.121-92.129.1
kernel-default-devel-4.4.121-92.129.1
kernel-syms-4.4.121-92.129.1
o SUSE Linux Enterprise Server for SAP 12-SP2 (noarch):
kernel-devel-4.4.121-92.129.1
kernel-macros-4.4.121-92.129.1
kernel-source-4.4.121-92.129.1
o SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64):
kgraft-patch-4_4_121-92_129-default-1-3.3.1
o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):
kernel-default-4.4.121-92.129.1
kernel-default-base-4.4.121-92.129.1
kernel-default-base-debuginfo-4.4.121-92.129.1
kernel-default-debuginfo-4.4.121-92.129.1
kernel-default-debugsource-4.4.121-92.129.1
kernel-default-devel-4.4.121-92.129.1
kernel-syms-4.4.121-92.129.1
o SUSE Linux Enterprise Server 12-SP2-LTSS (noarch):
kernel-devel-4.4.121-92.129.1
kernel-macros-4.4.121-92.129.1
kernel-source-4.4.121-92.129.1
o SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64):
kgraft-patch-4_4_121-92_129-default-1-3.3.1
o SUSE Linux Enterprise Server 12-SP2-LTSS (s390x):
kernel-default-man-4.4.121-92.129.1
o SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
kernel-devel-4.4.121-92.129.1
kernel-macros-4.4.121-92.129.1
kernel-source-4.4.121-92.129.1
o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
kernel-default-4.4.121-92.129.1
kernel-default-base-4.4.121-92.129.1
kernel-default-base-debuginfo-4.4.121-92.129.1
kernel-default-debuginfo-4.4.121-92.129.1
kernel-default-debugsource-4.4.121-92.129.1
kernel-default-devel-4.4.121-92.129.1
kernel-syms-4.4.121-92.129.1
o SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.4.121-92.129.1
cluster-md-kmp-default-debuginfo-4.4.121-92.129.1
cluster-network-kmp-default-4.4.121-92.129.1
cluster-network-kmp-default-debuginfo-4.4.121-92.129.1
dlm-kmp-default-4.4.121-92.129.1
dlm-kmp-default-debuginfo-4.4.121-92.129.1
gfs2-kmp-default-4.4.121-92.129.1
gfs2-kmp-default-debuginfo-4.4.121-92.129.1
kernel-default-debuginfo-4.4.121-92.129.1
kernel-default-debugsource-4.4.121-92.129.1
ocfs2-kmp-default-4.4.121-92.129.1
ocfs2-kmp-default-debuginfo-4.4.121-92.129.1
References:
o https://www.suse.com/security/cve/CVE-2017-18255.html
o https://www.suse.com/security/cve/CVE-2018-21008.html
o https://www.suse.com/security/cve/CVE-2019-14615.html
o https://www.suse.com/security/cve/CVE-2019-14895.html
o https://www.suse.com/security/cve/CVE-2019-14896.html
o https://www.suse.com/security/cve/CVE-2019-14897.html
o https://www.suse.com/security/cve/CVE-2019-14901.html
o https://www.suse.com/security/cve/CVE-2019-15213.html
o https://www.suse.com/security/cve/CVE-2019-18660.html
o https://www.suse.com/security/cve/CVE-2019-18675.html
o https://www.suse.com/security/cve/CVE-2019-18683.html
o https://www.suse.com/security/cve/CVE-2019-19052.html
o https://www.suse.com/security/cve/CVE-2019-19062.html
o https://www.suse.com/security/cve/CVE-2019-19066.html
o https://www.suse.com/security/cve/CVE-2019-19073.html
o https://www.suse.com/security/cve/CVE-2019-19074.html
o https://www.suse.com/security/cve/CVE-2019-19319.html
o https://www.suse.com/security/cve/CVE-2019-19332.html
o https://www.suse.com/security/cve/CVE-2019-19447.html
o https://www.suse.com/security/cve/CVE-2019-19523.html
o https://www.suse.com/security/cve/CVE-2019-19524.html
o https://www.suse.com/security/cve/CVE-2019-19525.html
o https://www.suse.com/security/cve/CVE-2019-19527.html
o https://www.suse.com/security/cve/CVE-2019-19530.html
o https://www.suse.com/security/cve/CVE-2019-19531.html
o https://www.suse.com/security/cve/CVE-2019-19532.html
o https://www.suse.com/security/cve/CVE-2019-19533.html
o https://www.suse.com/security/cve/CVE-2019-19534.html
o https://www.suse.com/security/cve/CVE-2019-19535.html
o https://www.suse.com/security/cve/CVE-2019-19536.html
o https://www.suse.com/security/cve/CVE-2019-19537.html
o https://www.suse.com/security/cve/CVE-2019-19767.html
o https://www.suse.com/security/cve/CVE-2019-19768.html
o https://www.suse.com/security/cve/CVE-2019-19965.html
o https://www.suse.com/security/cve/CVE-2019-19966.html
o https://www.suse.com/security/cve/CVE-2019-20054.html
o https://www.suse.com/security/cve/CVE-2019-20096.html
o https://www.suse.com/security/cve/CVE-2019-3701.html
o https://www.suse.com/security/cve/CVE-2019-5108.html
o https://www.suse.com/security/cve/CVE-2019-9455.html
o https://www.suse.com/security/cve/CVE-2019-9458.html
o https://www.suse.com/security/cve/CVE-2020-10690.html
o https://www.suse.com/security/cve/CVE-2020-10720.html
o https://www.suse.com/security/cve/CVE-2020-10942.html
o https://www.suse.com/security/cve/CVE-2020-11494.html
o https://www.suse.com/security/cve/CVE-2020-11608.html
o https://www.suse.com/security/cve/CVE-2020-11609.html
o https://www.suse.com/security/cve/CVE-2020-2732.html
o https://www.suse.com/security/cve/CVE-2020-8647.html
o https://www.suse.com/security/cve/CVE-2020-8648.html
o https://www.suse.com/security/cve/CVE-2020-8649.html
o https://www.suse.com/security/cve/CVE-2020-8992.html
o https://www.suse.com/security/cve/CVE-2020-9383.html
o https://bugzilla.suse.com/1037216
o https://bugzilla.suse.com/1075091
o https://bugzilla.suse.com/1075994
o https://bugzilla.suse.com/1087082
o https://bugzilla.suse.com/1087813
o https://bugzilla.suse.com/1091041
o https://bugzilla.suse.com/1099279
o https://bugzilla.suse.com/1120386
o https://bugzilla.suse.com/1131107
o https://bugzilla.suse.com/1133147
o https://bugzilla.suse.com/1136449
o https://bugzilla.suse.com/1137325
o https://bugzilla.suse.com/1146519
o https://bugzilla.suse.com/1146544
o https://bugzilla.suse.com/1146612
o https://bugzilla.suse.com/1149591
o https://bugzilla.suse.com/1153811
o https://bugzilla.suse.com/1154844
o https://bugzilla.suse.com/1155311
o https://bugzilla.suse.com/1155897
o https://bugzilla.suse.com/1156060
o https://bugzilla.suse.com/1157038
o https://bugzilla.suse.com/1157042
o https://bugzilla.suse.com/1157070
o https://bugzilla.suse.com/1157143
o https://bugzilla.suse.com/1157155
o https://bugzilla.suse.com/1157157
o https://bugzilla.suse.com/1157158
o https://bugzilla.suse.com/1157303
o https://bugzilla.suse.com/1157324
o https://bugzilla.suse.com/1157333
o https://bugzilla.suse.com/1157464
o https://bugzilla.suse.com/1157804
o https://bugzilla.suse.com/1157923
o https://bugzilla.suse.com/1158021
o https://bugzilla.suse.com/1158132
o https://bugzilla.suse.com/1158381
o https://bugzilla.suse.com/1158394
o https://bugzilla.suse.com/1158398
o https://bugzilla.suse.com/1158410
o https://bugzilla.suse.com/1158413
o https://bugzilla.suse.com/1158417
o https://bugzilla.suse.com/1158427
o https://bugzilla.suse.com/1158445
o https://bugzilla.suse.com/1158819
o https://bugzilla.suse.com/1158823
o https://bugzilla.suse.com/1158824
o https://bugzilla.suse.com/1158827
o https://bugzilla.suse.com/1158834
o https://bugzilla.suse.com/1158900
o https://bugzilla.suse.com/1158903
o https://bugzilla.suse.com/1158904
o https://bugzilla.suse.com/1159199
o https://bugzilla.suse.com/1159285
o https://bugzilla.suse.com/1159297
o https://bugzilla.suse.com/1159841
o https://bugzilla.suse.com/1159908
o https://bugzilla.suse.com/1159910
o https://bugzilla.suse.com/1159911
o https://bugzilla.suse.com/1159912
o https://bugzilla.suse.com/1160195
o https://bugzilla.suse.com/1162227
o https://bugzilla.suse.com/1162298
o https://bugzilla.suse.com/1162928
o https://bugzilla.suse.com/1162929
o https://bugzilla.suse.com/1162931
o https://bugzilla.suse.com/1163971
o https://bugzilla.suse.com/1164069
o https://bugzilla.suse.com/1164078
o https://bugzilla.suse.com/1164846
o https://bugzilla.suse.com/1165111
o https://bugzilla.suse.com/1165311
o https://bugzilla.suse.com/1165873
o https://bugzilla.suse.com/1165881
o https://bugzilla.suse.com/1165984
o https://bugzilla.suse.com/1165985
o https://bugzilla.suse.com/1167629
o https://bugzilla.suse.com/1168075
o https://bugzilla.suse.com/1168295
o https://bugzilla.suse.com/1168424
o https://bugzilla.suse.com/1168829
o https://bugzilla.suse.com/1168854
o https://bugzilla.suse.com/1170056
o https://bugzilla.suse.com/1170345
o https://bugzilla.suse.com/1170778
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXsHq2eNLKJtyKPYoAQhW9hAAgPQ6KA+pNWCFjILfBUpOeS5gN6odJhep
a46GqSVB66jlT7rLQLyz9366fhdOb3LIHrPNKyMnyLINvTPE1yFAGFH07DTGCe2H
sMTpI+MUe06htmT2Ut7+UFEYXSjGnOFZzVXz+qfzYVZTsVLF1kh/ZyzGCG4lD8Ct
3iV+BZJV1Fab+8REf1sWQjqKmsvzhZFpBVip1f41E9Hi89O++8M26ZefZNvktAeN
d/XQKtoTJRYwUgujCuanrsjq7fxdqHIgoQ/2ctJ6mwKT1HRClG1E7cXUXgFQ2fZ1
34OyyMHjTAfkc7TgbZmkP9aGAS1nIU5chgYt+SEHvEG2e0OqdY7MX1TAv9RN1J79
oN7dYL/Eo43vHFs9QrU0k1tphdpw7AlUNehs+f8mfTrDZrI9zEgrAiYiltF2jmSx
L0imxvDZiJnwKOuU2o/a0opzjq4z+YqyHPKHb1uqpNC0tHwaPUPEUK1UrKAiCRHB
cTu3fBYOs4PG8CPDrT418kvXTQ/RkjOkhXuVG2k+opBpdZc/MVVQ1h6NJW5bNqps
lu3iXA7QYs/qwm66aqZqLcV0JYvXpKYOWVVuTdai23G6nrniqthECpy1mD5cuUxJ
uIaDIys2U0xJWApeBBHuiOlcAIdGmZfaRbu2K/zGz1eJi92cFDd1gM93+ZUaAjNL
AqVTv8eb7IY=
=frZF
-----END PGP SIGNATURE-----