Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4059
Security update for the Linux Kernel
16 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25705 CVE-2020-25656 CVE-2020-25285
CVE-2020-16120 CVE-2020-14351 CVE-2020-8694
CVE-2020-0430
Reference: ESB-2020.4049
ESB-2020.3964
ESB-2020.3907
ESB-2020.3775
ESB-2020.3527
Original Bulletin:
https://www.suse.com/support/update/announcement/2020/suse-su-20203326-1
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3326-1
Rating: moderate
References: #1055014 #1058115 #1061843 #1065600 #1065729 #1066382
#1077428 #1112178 #1114648 #1131277 #1134760 #1157424
#1163592 #1167030 #1170415 #1171558 #1172538 #1173432
#1174748 #1175520 #1175721 #1176354 #1176485 #1176560
#1176723 #1176907 #1176946 #1177086 #1177101 #1177271
#1177281 #1177410 #1177411 #1177470 #1177719 #1177740
#1177749 #1177750 #1177753 #1177754 #1177755 #1177766
#1177855 #1177856 #1177861 #1178003 #1178027 #1178166
#1178185 #1178187 #1178188 #1178202 #1178234 #1178330
Cross-References: CVE-2020-0430 CVE-2020-14351 CVE-2020-16120 CVE-2020-25285
CVE-2020-25656 CVE-2020-25705 CVE-2020-8694
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________
An update that solves 7 vulnerabilities, contains one feature and has 47 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bug fixes.
The following security bugs were fixed:
o CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl
(bnc#1177766).
o CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in
mm/hugetlb.c (bnc#1176485).
o CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h
(bnc#1176723).
o CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#
1177086).
o CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).
o CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).
o CVE-2020-25705: A ICMP global rate limiting side-channel was removed which
could lead to e.g. the SADDNS attack (bsc#1175721)
The following non-security bugs were fixed:
o ACPI: dock: fix enum-conversion warning (git-fixes).
o ALSA: bebob: potential info leak in hwdep_read() (git-fixes).
o ALSA: compress_offload: remove redundant initialization (git-fixes).
o ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).
o ALSA: core: pcm: simplify locking for timers (git-fixes).
o ALSA: core: timer: clarify operator precedence (git-fixes).
o ALSA: core: timer: remove redundant assignment (git-fixes).
o ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock
(git-fixes).
o ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).
o ALSA: hda - Do not register a cb func if it is registered already
(git-fixes).
o ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7
(git-fixes).
o ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
(git-fixes).
o ALSA: hda/realtek - The front Mic on a HP machine does not work
(git-fixes).
o ALSA: hda: use semicolons rather than commas to separate statements
(git-fixes).
o ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).
o ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).
o ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).
o ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).
o ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).
o ALSA: usb-audio: fix spelling mistake "Frequence" -> "Frequency"
(git-fixes).
o ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).
o ASoC: qcom: lpass-platform: fix memory leak (git-fixes).
o ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).
o ath10k: Fix the size used in a 'dma_free_coherent()' call in an error
handling path (git-fixes).
o ath10k: provide survey info as accumulated data (git-fixes).
o ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
(git-fixes).
o ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd
() (git-fixes).
o ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
(git-fixes).
o ath9k: hif_usb: fix race condition between usb_get_urb() and
usb_kill_anchored_urbs() (git-fixes).
o blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART
(bsc#1177750).
o block: ensure bdi->io_pages is always initialized (bsc#1177749).
o Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).
o Bluetooth: Only mark socket zapped after unlocking (git-fixes).
o bnxt: do not enable NAPI until rings are ready
(networking-stable-20_09_11).
o bnxt_en: Check for zero dir entries in NVRAM (networking-stable-20_09_11).
o brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).
o brcmfmac: check ndev pointer (git-fixes).
o brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).
o btrfs: do not force read-only after error in drop snapshot (bsc#1176354).
o btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#
1177856).
o btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#
1177855).
o btrfs: remove root usage from can_overcommit (bsc#1131277).
o btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560).
o btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#
1177861).
o can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes).
o can: flexcan: flexcan_chip_stop(): add error handling and propagate error
value (git-fixes).
o can: softing: softing_card_shutdown(): add braces around empty body in an
'if' statement (git-fixes).
o ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234).
o ceph: map snapid to anonymous bdev ID (bsc#1178234).
o ceph: promote to unsigned long long before shifting (bsc#1178187).
o clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).
o clk: at91: remove the checking of parent_name (git-fixes).
o clk: bcm2835: add missing release if devm_clk_hw_register fails
(git-fixes).
o clk: imx8mq: Fix usdhc parents order (git-fixes).
o coredump: fix crash when umh is disabled (bsc#1177753).
o crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).
o crypto: ccp - fix error handling (git-fixes).
o crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
(git-fixes).
o crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
(git-fixes).
o crypto: omap-sham - fix digcnt register handling with export/import
(git-fixes).
o cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).
o cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).
o device property: Do not clear secondary pointer for shared primary firmware
node (git-fixes).
o device property: Keep secondary firmware node secondary by type
(git-fixes).
o Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not
really useful for KMP, and rather confusing, so let's disable it at
building out-of-tree codes
o dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).
o drm/gma500: fix error check (git-fixes).
o drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes).
o EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178).
o eeprom: at25: set minimum read/write access stride to 1 (git-fixes).
o Fix use after free in get_capset_info callback (git-fixes).
o gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY
(networking-stable-20_08_24).
o gtp: add GTPA_LINK info to msg sent to userspace
(networking-stable-20_09_11).
o HID: roccat: add bounds checking in kone_sysfs_write_settings()
(git-fixes).
o HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
(git-fixes).
o i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).
o ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).
o ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).
o ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).
o ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#
177449 git-fixes).
o iio:accel:bma180: Fix use of true when should be iio_shared_by enum
(git-fixes).
o iio:adc:max1118 Fix alignment of timestamp and data leak issues
(git-fixes).
o iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).
o iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).
o iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).
o iio:gyro:itg3200: Fix timestamp alignment and prevent data leak
(git-fixes).
o iio:light:si1145: Fix timestamp alignment and prevent data leak
(git-fixes).
o iio:magn:hmc5843: Fix passing true where iio_shared_by enum required
(git-fixes).
o ima: Remove semicolon at the end of ima_get_binary_runtime_size()
(git-fixes).
o Input: ep93xx_keypad - fix handling of platform_get_irq() error
(git-fixes).
o Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
(git-fixes).
o Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).
o Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).
o Input: twl4030_keypad - fix handling of platform_get_irq() error
(git-fixes).
o iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).
o ip: fix tos reflection in ack and reset packets
(networking-stable-20_09_24).
o ipv4: Restore flowi4_oif update before call to xfrm_lookup_route
(git-fixes).
o iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).
o kbuild: enforce -Werror=return-type (bsc#1177281).
o libceph: clear con->out_msg on Policy::stateful_server faults (bsc#
1178188).
o lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).
o livepatch: Test if -fdump-ipa-clones is really available As of now we add
-fdump-ipa-clones unconditionally. It does not cause a trouble if the
kernel is build with the supported toolchain. Otherwise it could fail
easily. Do the correct thing and test for the availability.
o mac80211: handle lack of sband->bitrates in rates (git-fixes).
o mailbox: avoid timer start from callback (git-fixes).
o media: ati_remote: sanity check for both endpoints (git-fixes).
o media: bdisp: Fix runtime PM imbalance on error (git-fixes).
o media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
(git-fixes).
o media: exynos4-is: Fix a reference count leak (git-fixes).
o media: exynos4-is: Fix several reference count leaks due to
pm_runtime_get_sync (git-fixes).
o media: firewire: fix memory leak (git-fixes).
o media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes).
o media: media/pci: prevent memory leak in bttv_probe (git-fixes).
o media: omap3isp: Fix memleak in isp_probe (git-fixes).
o media: platform: fcp: Fix a reference count leak (git-fixes).
o media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).
o media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).
o media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state
()" (git-fixes).
o media: s5p-mfc: Fix a reference count leak (git-fixes).
o media: saa7134: avoid a shift overflow (git-fixes).
o media: st-delta: Fix reference count leak in delta_run_work (git-fixes).
o media: sti: Fix reference count leaks (git-fixes).
o media: tc358743: initialize variable (git-fixes).
o media: ti-vpe: Fix a missing check and reference count leak (git-fixes).
o media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes).
o media: usbtv: Fix refcounting mixup (git-fixes).
o media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).
o media: vsp1: Fix runtime PM imbalance on error (git-fixes).
o memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
(git-fixes).
o memory: omap-gpmc: Fix a couple off by ones (git-fixes).
o mic: vop: copy data to kernel space then write to io memory (git-fixes).
o misc: mic: scif: Fix error handling path (git-fixes).
o misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).
o misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
(git-fixes).
o mlx5 PPC ringsize workaround (bsc#1173432).
o mlx5: remove support for ib_get_vector_affinity (bsc#1174748).
o mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
o mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).
o mtd: lpddr: fix excessive stack usage with clang (git-fixes).
o mtd: mtdoops: Do not write panic data twice (git-fixes).
o mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).
o mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).
o mwifiex: fix double free (git-fixes).
o mwifiex: remove function pointer check (git-fixes).
o mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
(git-fixes).
o net: disable netpoll on fresh napis (networking-stable-20_09_11).
o net: fec: Fix phy_device lookup for phy_reset_after_clk_enable()
(git-fixes).
o net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
o net: Fix potential wrong skb->protocol in skb_vlan_untag()
(networking-stable-20_08_24).
o net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).
o net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
(networking-stable-20_09_24).
o netlabel: fix problems with mapping removal (networking-stable-20_09_11).
o net/mlx5e: Take common TIR context settings into a function (bsc#1177740).
o net/mlx5e: Turn on HW tunnel offload in all TIRs (bsc#1177740).
o net: phy: Avoid NPD upon phy_detach() when driver is unbound
(networking-stable-20_09_24).
o net: qrtr: fix usage of idr in port assignment to socket
(networking-stable-20_08_24).
o net: systemport: Fix memleak in bcm_sysport_probe
(networking-stable-20_09_11).
o net: usb: dm9601: Add USB ID of Keenetic Plus DSL
(networking-stable-20_09_11).
o net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).
o net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
(git-fixes).
o nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in
nfc_genl_fw_download() (git-fixes).
o nl80211: fix non-split wiphy information (git-fixes).
o NTB: hw: amd: fix an issue about leak system resources (git-fixes).
o nvme: do not update disk info for multipathed device (bsc#1171558).
o nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).
o nvme-rdma: fix crash when connect rejected (bsc#1174748).
o perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1114648).
o perf/x86: Fix n_pair for cancelled txn (bsc#1114648).
o powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load
emulation (bsc#1065729).
o powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).
o powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).
o powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).
o powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).
o powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).
o powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#
1065729).
o powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc
#1077428 ltc#163882 git-fixes).
o powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).
o pwm: lpss: Add range limit check for the base_unit register value
(git-fixes).
o pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
(git-fixes).
o ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).
o rtl8xxxu: prevent potential memory leak (git-fixes).
o scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).
o scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc
#188226).
o sctp: not disable bh in the whole sctp_get_port_local()
(networking-stable-20_09_11).
o tg3: Fix soft lockup when tg3_reset_task() fails
(networking-stable-20_09_11).
o tipc: fix memory leak caused by tipc_buf_append() (git-fixes).
o tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).
o tipc: fix shutdown() of connection oriented socket
(networking-stable-20_09_24).
o tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).
o tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
(networking-stable-20_08_24).
o tipc: use skb_unshare() instead in tipc_buf_append()
(networking-stable-20_09_24).
o tty: ipwireless: fix error handling (git-fixes).
o tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).
o usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).
o usb: cdc-acm: handle broken union descriptors (git-fixes).
o usb: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync()
(git-fixes).
o usb: core: Solve race condition in anchor cleanup functions (git-fixes).
o usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).
o usb: dwc2: Fix parameter type in function pointer prototype (git-fixes).
o usb: dwc3: core: add phy cleanup for probe error handling (git-fixes).
o usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).
o usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).
o usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).
o usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).
o usb: gadget: function: printer: fix use-after-free in __lock_acquire
(git-fixes).
o usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).
o usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).
o usb: ohci: Default to per-port over-current protection (git-fixes).
o usb: serial: qcserial: fix altsetting probing (git-fixes).
o vfs: fix FIGETBSZ ioctl on an overlayfs file (bsc#1178202).
o video: fbdev: sis: fix null ptr dereference (git-fixes).
o video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value
error (git-fixes).
o VMCI: check return value of get_user_pages_fast() for errors (git-fixes).
o w1: mxc_w1: Fix timeout resolution problem leading to bus error
(git-fixes).
o watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).
o watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).
o wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).
o writeback: Avoid skipping inode writeback (bsc#1177755).
o writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755).
o writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).
o x86/apic: Unify duplicated local apic timer clockevent initialization (bsc#
1112178).
o x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1112178).
o xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
o xen/events: add a new "late EOI" evtchn framework (XSA-332 bsc#1177411).
o xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#
1177411).
o xen/events: avoid removing an event channel while handling it (XSA-331 bsc#
1177410).
o xen/events: block rogue events for some time (XSA-332 bsc#1177411).
o xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#
1177411).
o xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
o xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
o xen/events: switch user event channels to lateeoi model (XSA-332 bsc#
1177411).
o xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#
1177411).
o xen/gntdev.c: Mark pages as dirty (bsc#1065600).
o xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
o xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
o xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
o xen: XEN uses irqdesc::irq_data_common::handler_data to store a per
interrupt XEN data pointer which contains XEN specific information (XSA-332
bsc#1065600).
o xfs: avoid infinite loop when cancelling CoW blocks after writeback failure
(bsc#1178027).
o xfs: don't update mtime on COW faults (bsc#1167030).
o xfs: limit entries returned when counting fsmap records (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2020-3326=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3326=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3326=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3326=1
o SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2020-3326=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.51.2
kernel-default-debugsource-4.12.14-122.51.2
kernel-default-extra-4.12.14-122.51.2
kernel-default-extra-debuginfo-4.12.14-122.51.2
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-4.12.14-122.51.2
kernel-obs-build-debugsource-4.12.14-122.51.2
o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.51.2
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.51.2
kernel-default-base-4.12.14-122.51.2
kernel-default-base-debuginfo-4.12.14-122.51.2
kernel-default-debuginfo-4.12.14-122.51.2
kernel-default-debugsource-4.12.14-122.51.2
kernel-default-devel-4.12.14-122.51.2
kernel-syms-4.12.14-122.51.2
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.51.2
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.51.2
kernel-macros-4.12.14-122.51.2
kernel-source-4.12.14-122.51.2
o SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.51.2
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.51.2
kernel-default-debugsource-4.12.14-122.51.2
kernel-default-kgraft-4.12.14-122.51.2
kernel-default-kgraft-devel-4.12.14-122.51.2
kgraft-patch-4_12_14-122_51-default-1-8.5.2
o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.51.2
cluster-md-kmp-default-debuginfo-4.12.14-122.51.2
dlm-kmp-default-4.12.14-122.51.2
dlm-kmp-default-debuginfo-4.12.14-122.51.2
gfs2-kmp-default-4.12.14-122.51.2
gfs2-kmp-default-debuginfo-4.12.14-122.51.2
kernel-default-debuginfo-4.12.14-122.51.2
kernel-default-debugsource-4.12.14-122.51.2
ocfs2-kmp-default-4.12.14-122.51.2
ocfs2-kmp-default-debuginfo-4.12.14-122.51.2
References:
o https://www.suse.com/security/cve/CVE-2020-0430.html
o https://www.suse.com/security/cve/CVE-2020-14351.html
o https://www.suse.com/security/cve/CVE-2020-16120.html
o https://www.suse.com/security/cve/CVE-2020-25285.html
o https://www.suse.com/security/cve/CVE-2020-25656.html
o https://www.suse.com/security/cve/CVE-2020-25705.html
o https://www.suse.com/security/cve/CVE-2020-8694.html
o https://bugzilla.suse.com/1055014
o https://bugzilla.suse.com/1058115
o https://bugzilla.suse.com/1061843
o https://bugzilla.suse.com/1065600
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1066382
o https://bugzilla.suse.com/1077428
o https://bugzilla.suse.com/1112178
o https://bugzilla.suse.com/1114648
o https://bugzilla.suse.com/1131277
o https://bugzilla.suse.com/1134760
o https://bugzilla.suse.com/1157424
o https://bugzilla.suse.com/1163592
o https://bugzilla.suse.com/1167030
o https://bugzilla.suse.com/1170415
o https://bugzilla.suse.com/1171558
o https://bugzilla.suse.com/1172538
o https://bugzilla.suse.com/1173432
o https://bugzilla.suse.com/1174748
o https://bugzilla.suse.com/1175520
o https://bugzilla.suse.com/1175721
o https://bugzilla.suse.com/1176354
o https://bugzilla.suse.com/1176485
o https://bugzilla.suse.com/1176560
o https://bugzilla.suse.com/1176723
o https://bugzilla.suse.com/1176907
o https://bugzilla.suse.com/1176946
o https://bugzilla.suse.com/1177086
o https://bugzilla.suse.com/1177101
o https://bugzilla.suse.com/1177271
o https://bugzilla.suse.com/1177281
o https://bugzilla.suse.com/1177410
o https://bugzilla.suse.com/1177411
o https://bugzilla.suse.com/1177470
o https://bugzilla.suse.com/1177719
o https://bugzilla.suse.com/1177740
o https://bugzilla.suse.com/1177749
o https://bugzilla.suse.com/1177750
o https://bugzilla.suse.com/1177753
o https://bugzilla.suse.com/1177754
o https://bugzilla.suse.com/1177755
o https://bugzilla.suse.com/1177766
o https://bugzilla.suse.com/1177855
o https://bugzilla.suse.com/1177856
o https://bugzilla.suse.com/1177861
o https://bugzilla.suse.com/1178003
o https://bugzilla.suse.com/1178027
o https://bugzilla.suse.com/1178166
o https://bugzilla.suse.com/1178185
o https://bugzilla.suse.com/1178187
o https://bugzilla.suse.com/1178188
o https://bugzilla.suse.com/1178202
o https://bugzilla.suse.com/1178234
o https://bugzilla.suse.com/1178330
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX7HWM+NLKJtyKPYoAQgXSw//Y2vXo15LRIBLTk0rv6yhTpXmSn3+OVYW
aDcIG1bXKbFTDgT/kctY5dqMbENoHK+UFvZlxBuHSnVcxi5O40RoAVNweGC5F6xs
lNSvf7NH+FZzA4M79MI5arDcYtdDP7GVSobxrOvEsMz48SIaWALP++69snz1SVBT
JEY+3yUpaWotFwllcwKiTkteVS7NaNqNm8DyTOwWdTIWlODtc01BDHz7nQhPmYZG
ASMApo5P9eeWlXvs67Ld2i8IiaxWqLDJlGT7tr7n7U2v86trPxtK3uc0DqCAFf/4
hm9HvBU82zLL3xAC09RQZt+KbpCPwnESk9oGYGh5cbvepcZmOArz7SdtjGmZdkQ8
O3q7LXnZCLSkYlcCIAXtbw7eqfAIt6NEPyeGs9NKgKL3ol9LulMMOjJYOaLube4q
4Zh6RUr8BA6z5W+ww/LHqOCVAMXZTSERlfixqFdMoqk9hTpAWCMZGkPq8dwcIRpq
c3b9yiDIRJzITxVYKYQe3HRG6VZ+fOqD8x+5QBfGAk2bBll+/UYoPhVrPZexMH44
KiLZJlP8ayIH+F/6wzSEJ8xN/UEyFkSpx/Pl3fhJt7hMifpCtvKI1MGoUJxwF4mX
oKo0l5FN9hsI+m5gxAaIs25NDfJEJ92vlwtt7L3GMtJDrVqiJwyW2hcQhyW9ZTf2
yZVWfyMJJik=
=uWSv
-----END PGP SIGNATURE-----