-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3123
                 Security update for the SUSE Linux Kernel
                             11 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           SUSE Linux Enterprise Module
                   SUSE Linux Enterprise Server
                   SUSE Linux Enterprise Workstation
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Increased Privileges -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14386  

Reference:         ESB-2020.3106
                   ESB-2020.3067

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20202580-1
   https://www.suse.com/support/update/announcement/2020/suse-su-20202579-1
   https://www.suse.com/support/update/announcement/2020/suse-su-20202578-1
   https://www.suse.com/support/update/announcement/2020/suse-su-20202577-1

Comment: This bulletin contains four (4) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2580-1
Rating:            important
References:        #1065600 #1136666 #1152148 #1155798 #1156395 #1170232
                   #1171000 #1171073 #1171558 #1172419 #1172873 #1173060
                   #1173267 #1174029 #1174110 #1174111 #1174484 #1174486
                   #1175263 #1175667 #1175787 #1175952 #1175996 #1175997
                   #1175998 #1175999 #1176000 #1176001 #1176022 #1176063
                   #1176069
Cross-References:  CVE-2020-14386
Affected Products:
                   SUSE Linux Enterprise Module for Public Cloud 15-SP2
______________________________________________________________________________

An update that solves one vulnerability and has 30 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various
security and bugfixes.
The following security bug was fixed:

  o CVE-2020-14386: Fixed a potential local privilege escalation via memory
    corruption (bsc#1176069).


The following non-security bugs were fixed:

  o bcache: allocate meta data pages as compound pages (bsc#1172873).
  o block: check queue's limits.discard_granularity in __blkdev_issue_discard()
    (bsc#1152148).
  o block: improve discard bio alignment in __blkdev_issue_discard() (bsc#
    1152148).
  o char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
  o dax: do not print error message for non-persistent memory block device (bsc
    #1171073).
  o dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#
    1171073).
  o device property: Fix the secondary firmware node handling in
    set_primary_fwnode() (git-fixes).
  o dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996).
  o drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes).
  o drm/msm/a6xx: fix crashdec section name typo (git-fixes).
  o drm/msm/adreno: fix updating ring fence (git-fixes).
  o drm/msm/gpu: make ringbuffer readonly (git-fixes).
  o drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).
  o efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc
    #1174111).
  o efi: avoid error message when booting under Xen (bsc#1172419).
  o efi/efivars: Expose RT service availability via efivars abstraction (bsc#
    1174029, bsc#1174110, bsc#1174111).
  o efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#
    1173267).
  o efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#
    1174029, bsc#1174110, bsc#1174111).
  o efi: Register EFI rtc platform device only when available (bsc#1174029, bsc
    #1174110, bsc#1174111).
  o efi: Store mask of supported runtime services in struct efi (bsc#1174029,
    bsc#1174110, bsc#1174111).
  o efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc
    #1174111).
  o efi: Use more granular check for availability for variable services (bsc#
    1174029, bsc#1174110, bsc#1174111).
  o ext4: handle read only external journal device (bsc#1176063).
  o felix: Fix initialization of ioremap resources (bsc#1175997).
  o Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600).
  o infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc
    #1174110, bsc#1174111).
  o integrity: Check properly whether EFI GetVariable() is available (bsc#
    1174029, bsc#1174110, bsc#1174111).
  o kabi: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#
    1174110, bsc#1174111).
  o kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#
    1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are
    only used by drivers/net/dsa/ocelot/
  o mei: fix CNL itouch device number to match the spec (bsc#1175952).
  o mei: me: disable mei interface on LBG servers (bsc#1175952).
  o mei: me: disable mei interface on Mehlow server platforms (bsc#1175952).
  o mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings
    (git-fixes).
  o mmc: mediatek: add optional module reset property (git-fixes).
  o mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes).
  o net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998).
  o net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999).
  o net: enetc: fix an issue about leak system resources (bsc#1176000).
  o net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware
    bridge (bsc#1176001).
  o obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
  o PCI: Add device even if driver attach failed (git-fixes).
  o PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes).
  o PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes).
  o PM: sleep: core: Fix the handling of pending runtime resume requests
    (git-fixes).
  o powerpc/book3s64/radix: Fix boot failure with large amount of guest memory
    (bsc#1176022 ltc#187208).
  o powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395).
  o regulator: fix memory leak on error path of regulator_register()
    (git-fixes).
  o Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#
    1065600).
  o sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler
    functional and performance backports)).
  o sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and
    performance backports)).
  o sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler
    functional and performance backports)).
  o sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU
    scheduler functional and performance backports)).
  o sched/debug: Fix the alignment of the show-state debug output (bnc#1155798
    (CPU scheduler functional and performance backports)).
  o sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler
    functional and performance backports)).
  o sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#
    1155798 (CPU scheduler functional and performance backports)).
  o sched/fair: update_pick_idlest() Select group with lowest group_util when
    idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance
    backports)).
  o sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU
    scheduler functional and performance backports)).
  o sched: nohz: stop passing around unused "ticks" parameter (bnc#1155798 (CPU
    scheduler functional and performance backports)).
  o sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU
    scheduler functional and performance backports)).
  o scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#
    1174110, bsc#1174111).
  o scsi: lpfc: Add and rename a whole bunch of function parameter descriptions
    (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
    jsc#SLE-15449).
  o scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#
    1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#
    1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#
    1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#
    1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc
    #1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666
    bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486
    bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues
    (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
    jsc#SLE-15449).
  o scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#
    1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc
    #1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#
    1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#
    1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558
    bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#
    1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#
    1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666
    bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#
    1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666
    bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558
    bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449). Replace

patches.suse/lpfc-synchronize-nvme-transport-and-lpfc-driver-devloss_tmo.pa tch
with upstream version of the fix.

- ---------------------------------------------------------------------------------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2579-1
Rating:            important
References:        #1058115 #1112178 #1136666 #1171558 #1173060 #1175691
                   #1176069
Cross-References:  CVE-2020-14386
Affected Products:
                   SUSE Linux Enterprise Module for Public Cloud 15-SP1
______________________________________________________________________________

An update that solves one vulnerability and has 6 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various
security and bugfixes.
The following security bug was fixed:

  o CVE-2020-14386: Fixed a potential local privilege escalation via memory
    corruption (bsc#1176069).


The following non-security bugs were fixed:

  o EDAC: Fix reference count leaks (bsc#1112178).
  o KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#
    1112178).
  o mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#
    1175691).
  o sched/deadline: Initialize ->dl_boosted (bsc#1112178).
  o scsi: lpfc: Add and rename a whole bunch of function parameter descriptions
    (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#
    1171558 bsc#1136666).
  o scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc
    #1171558 bsc#1136666).
  o scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues
    (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc
    #1171558 bsc#1136666).
  o scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#
    1171558 bsc#1136666).
  o scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#
    1171558 bsc#1136666).
  o scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558
    bsc#1136666).
  o scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666).
  o scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666
    bsc#1173060).
  o scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying
    targetport (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#
    1171558 bsc#1136666).
  o scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666).
  o x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178).
  o x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178).
  o x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Public Cloud 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2579=1

Package List:

  o SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch):
       kernel-devel-azure-4.12.14-8.44.1
       kernel-source-azure-4.12.14-8.44.1
  o SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64):
       kernel-azure-4.12.14-8.44.1
       kernel-azure-base-4.12.14-8.44.1
       kernel-azure-base-debuginfo-4.12.14-8.44.1
       kernel-azure-debuginfo-4.12.14-8.44.1
       kernel-azure-devel-4.12.14-8.44.1
       kernel-syms-azure-4.12.14-8.44.1


References:

  o https://www.suse.com/security/cve/CVE-2020-14386.html
  o https://bugzilla.suse.com/1058115
  o https://bugzilla.suse.com/1112178
  o https://bugzilla.suse.com/1136666
  o https://bugzilla.suse.com/1171558
  o https://bugzilla.suse.com/1173060
  o https://bugzilla.suse.com/1175691
  o https://bugzilla.suse.com/1176069


- ---------------------------------------------------------------------------------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2578-1
Rating:            important
References:        #1058115 #1112178 #1136666 #1171558 #1173060 #1175691
                   #1176069
Cross-References:  CVE-2020-14386
Affected Products:
                   SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

An update that solves one vulnerability and has 6 fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to 3.12.31 to receive
various security and bugfixes.
The following security bug was fixed:

  o CVE-2020-14386: Fixed a potential local privilege escalation via memory
    corruption (bsc#1176069).


The following non-security bugs were fixed:

  o EDAC: Fix reference count leaks (bsc#1112178).
  o KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#
    1112178).
  o mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#
    1175691).
  o net/mlx5e: Fix error path of device attach (git-fixes).
  o net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes).
  o net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes).
  o sched/deadline: Initialize ->dl_boosted (bsc#1112178).
  o scsi: lpfc: Add and rename a whole bunch of function parameter descriptions
    (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#
    1171558 bsc#1136666).
  o scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc
    #1171558 bsc#1136666).
  o scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues
    (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc
    #1171558 bsc#1136666).
  o scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#
    1171558 bsc#1136666).
  o scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#
    1171558 bsc#1136666).
  o scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558
    bsc#1136666).
  o scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#
    1136666).
  o scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666).
  o scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666
    bsc#1173060).
  o scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying
    targetport (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#
    1171558 bsc#1136666).
  o scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666).
  o scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666).
  o vxlan: Ensure FDB dump is performed under RCU (git-fixes).
  o x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178).
  o x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178).
  o x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2578=1

Package List:

  o SUSE Linux Enterprise Server 12-SP5 (noarch):
       kernel-devel-azure-4.12.14-16.28.1
       kernel-source-azure-4.12.14-16.28.1
  o SUSE Linux Enterprise Server 12-SP5 (x86_64):
       kernel-azure-4.12.14-16.28.1
       kernel-azure-base-4.12.14-16.28.1
       kernel-azure-base-debuginfo-4.12.14-16.28.1
       kernel-azure-debuginfo-4.12.14-16.28.1
       kernel-azure-debugsource-4.12.14-16.28.1
       kernel-azure-devel-4.12.14-16.28.1
       kernel-syms-azure-4.12.14-16.28.1


References:

  o https://www.suse.com/security/cve/CVE-2020-14386.html
  o https://bugzilla.suse.com/1058115
  o https://bugzilla.suse.com/1112178
  o https://bugzilla.suse.com/1136666
  o https://bugzilla.suse.com/1171558
  o https://bugzilla.suse.com/1173060
  o https://bugzilla.suse.com/1175691
  o https://bugzilla.suse.com/1176069


- -----------------------------------------------------------------------------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2577-1
Rating:            important
References:        #1176069
Cross-References:  CVE-2020-14386
Affected Products:
                   SUSE Linux Enterprise Workstation Extension 15-SP2
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
                   SUSE Linux Enterprise Module for Legacy Software 15-SP2
                   SUSE Linux Enterprise Module for Development Tools 15-SP2
                   SUSE Linux Enterprise Module for Basesystem 15-SP2
                   SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security
and bugfixes.
The following security bug was fixed:

  o CVE-2020-14386: Fixed a potential local privilege escalation via memory
    corruption (bsc#1176069).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Workstation Extension 15-SP2:
    zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2577=1
  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2577=1
  o SUSE Linux Enterprise Module for Legacy Software 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2577=1
  o SUSE Linux Enterprise Module for Development Tools 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2577=1
  o SUSE Linux Enterprise Module for Basesystem 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2577=1
  o SUSE Linux Enterprise High Availability 15-SP2:
    zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2577=1

Package List:

  o SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
       kernel-default-debuginfo-5.3.18-24.15.1
       kernel-default-debugsource-5.3.18-24.15.1
       kernel-default-extra-5.3.18-24.15.1
       kernel-default-extra-debuginfo-5.3.18-24.15.1
  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-default-debuginfo-5.3.18-24.15.1
       kernel-default-debugsource-5.3.18-24.15.1
       kernel-default-livepatch-5.3.18-24.15.1
       kernel-default-livepatch-devel-5.3.18-24.15.1
       kernel-livepatch-5_3_18-24_15-default-1-5.3.1
       kernel-livepatch-5_3_18-24_15-default-debuginfo-1-5.3.1
       kernel-livepatch-SLE15-SP2_Update_3-debugsource-1-5.3.1
  o SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le
    s390x x86_64):
       kernel-default-debuginfo-5.3.18-24.15.1
       kernel-default-debugsource-5.3.18-24.15.1
       reiserfs-kmp-default-5.3.18-24.15.1
       reiserfs-kmp-default-debuginfo-5.3.18-24.15.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le
    s390x x86_64):
       kernel-obs-build-5.3.18-24.15.1
       kernel-obs-build-debugsource-5.3.18-24.15.1
       kernel-syms-5.3.18-24.15.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):
       kernel-preempt-debuginfo-5.3.18-24.15.1
       kernel-preempt-debugsource-5.3.18-24.15.1
       kernel-preempt-devel-5.3.18-24.15.1
       kernel-preempt-devel-debuginfo-5.3.18-24.15.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):
       kernel-docs-5.3.18-24.15.2
       kernel-source-5.3.18-24.15.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
    x86_64):
       kernel-default-5.3.18-24.15.1
       kernel-default-debuginfo-5.3.18-24.15.1
       kernel-default-debugsource-5.3.18-24.15.1
       kernel-default-devel-5.3.18-24.15.1
       kernel-default-devel-debuginfo-5.3.18-24.15.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):
       kernel-preempt-5.3.18-24.15.1
       kernel-preempt-debuginfo-5.3.18-24.15.1
       kernel-preempt-debugsource-5.3.18-24.15.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
       kernel-devel-5.3.18-24.15.1
       kernel-macros-5.3.18-24.15.1
  o SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x
    x86_64):
       cluster-md-kmp-default-5.3.18-24.15.1
       cluster-md-kmp-default-debuginfo-5.3.18-24.15.1
       dlm-kmp-default-5.3.18-24.15.1
       dlm-kmp-default-debuginfo-5.3.18-24.15.1
       gfs2-kmp-default-5.3.18-24.15.1
       gfs2-kmp-default-debuginfo-5.3.18-24.15.1
       kernel-default-debuginfo-5.3.18-24.15.1
       kernel-default-debugsource-5.3.18-24.15.1
       ocfs2-kmp-default-5.3.18-24.15.1
       ocfs2-kmp-default-debuginfo-5.3.18-24.15.1


References:

  o https://www.suse.com/security/cve/CVE-2020-14386.html
  o https://bugzilla.suse.com/1176069

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX1rkG+NLKJtyKPYoAQiQAw//VKXxEJQgncZG/8HklGB7HKso6SH2j0Qq
wAYkF9c7bbjnxK96ZGxFiIcjkghE/wmBmNrKxVMSEgNTFDUNWNax8T+VtPjH06fp
5yz4g1qBDtxWAyxSo5sAGj83l/EgzYhvNAO3B4/abcAlmzJskjvj3k6DHy3pliGF
kSzokaoj1qMzI0QyfrK16KPYXbT68TF5atntE0GqCCdYclOhRFIQMehNRLOj1Fxr
zhq/PnUdM9wMUoJGvaUdLGc87Ja6+vO7OytGA4jyr7mrR+zndQrES9ekgP1dD5LW
UJo7ucYe5tVIFnwF7+509eFMX1DR5Rp/xakFlPv0VDml4s14q77EsCdUwijSSSoM
VZdkuOJOdhoIZvLfe3jNVyVOVBtjtb8nZ6oZyAOiO8c7dlmidbjgC24Ta4ehY+xB
K3XjXMzpKRuF87Sh6Ud33AMTZba5vuGguY5n7Zi0E7gPPRTsn2q14tx7KJ46S7Hv
sezG+GPzduw0GnOc/mvGTWeElU6UVM1OZOVQYVJaMvT3WmReCQcnDbTXvBT1FxmR
aQQgTN3bqz1AduNl5oTZbe6HgO1jqeOBW0fNe7x+mN6/fHBxB40iY2Yqri7nKd9+
ZrhdetlSxB7NLoTjbbfvk9bdVO7OMi8Lh/P9P2RFsiUm1QeNyiYXpe+vPQP38c9t
5Nde1Q4PKJ8=
=PK40
-----END PGP SIGNATURE-----