Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2509
Security update for the Linux Kernel
23 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-34693 CVE-2021-33909 CVE-2021-33624
CVE-2021-33200 CVE-2021-22555 CVE-2021-3609
CVE-2021-0605 CVE-2021-0512 CVE-2021-0129
CVE-2020-36386 CVE-2020-36385 CVE-2020-26558
CVE-2020-24588
Reference: ESB-2021.2477
ESB-2021.2456
ESB-2021.2443
Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20212427-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212422-1
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2427-1
Rating: important
References: #1153720 #1174978 #1179610 #1181193 #1185428 #1185701
#1185861 #1186463 #1186484 #1187038 #1187050 #1187215
#1187452 #1187554 #1187595 #1187601 #1188062 #1188116
Cross-References: CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386
CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555
CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693
CVE-2021-3609
Affected Products:
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Availability 15-SP1
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________
An update that solves 13 vulnerabilities and has 5 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/
x_tables.c that could allow local provilege escalation. (bsc#1188116)
o CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak
the contents of arbitrary kernel memory (and therefore, of all physical
memory) via a side-channel. (bsc#1187554)
o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187601)
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187595)
o CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing
that could permit a nearby man-in-the-middle attacker to identify the
Passkey used during pairing. (bnc#1179610)
o CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users
to obtain sensitive information from kernel stack memory because parts of a
data structure are uninitialized. (bsc#1187452)
o CVE-2021-0129: Fixed an improper access control in BlueZ that may have
allowed an authenticated user to potentially enable information disclosure
via adjacent access. (bnc#1186463)
o CVE-2020-36386: Fixed an out-of-bounds read in
hci_extended_inquiry_result_evt. (bsc#1187038)
o CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices
that support receiving non-SSP A-MSDU frames to inject arbitrary network
packets. (bsc#1185861 bsc#1185863)
o CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that
allows to andobtain full root privileges. (bsc#1188062)
o CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol
which allows for local privilege escalation. (bsc#1187215)
o CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for
local privilege escalation. (bsc#1187050)
o CVE-2021-33200: Fix leakage of uninitialized bpf stack under speculation.
(bsc#1186484)
The following non-security bugs were fixed:
o af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#
1176081).
o kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
o net: Do not set transport offset to invalid value (bsc#1176081).
o net: Introduce parse_protocol header_ops callback (bsc#1176081).
o net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
o net/mlx5e: Remove the wrong assumption about transport offset (bsc#
1176081).
o net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
o net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
o net/packet: Remove redundant skb->protocol set (bsc#1176081).
o resource: Fix find_next_iomem_res() iteration issue (bsc#1181193).
o scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#
1174978 bsc#1185701).
o SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#
1185428).
o SUNRPC: More fixes for backlog congestion (bsc#1185428).
o x86/crash: Add e820 reserved ranges to kdump kernel's e820 table (bsc#
1181193).
o x86/debug: Extend the lower bound of crash kernel low reservations (bsc#
1153720).
o x86/e820, ioport: Add a new I/O resource descriptor IORES_DESC_RESERVED
(bsc#1181193).
o x86/mm: Rework ioremap resource mapping determination (bsc#1181193).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2427=1
o SUSE Manager Retail Branch Server 4.0:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2427=1
o SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2427=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2427=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2427=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2427=1
o SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2427=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2427=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2427=1
o SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-2427=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-2427=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.
Package List:
o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
reiserfs-kmp-default-4.12.14-197.99.1
reiserfs-kmp-default-debuginfo-4.12.14-197.99.1
o SUSE Manager Server 4.0 (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE Manager Server 4.0 (s390x):
kernel-default-man-4.12.14-197.99.1
kernel-zfcpdump-debuginfo-4.12.14-197.99.1
kernel-zfcpdump-debugsource-4.12.14-197.99.1
o SUSE Manager Retail Branch Server 4.0 (x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
reiserfs-kmp-default-4.12.14-197.99.1
reiserfs-kmp-default-debuginfo-4.12.14-197.99.1
o SUSE Manager Retail Branch Server 4.0 (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE Manager Proxy 4.0 (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE Manager Proxy 4.0 (x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
reiserfs-kmp-default-4.12.14-197.99.1
reiserfs-kmp-default-debuginfo-4.12.14-197.99.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
reiserfs-kmp-default-4.12.14-197.99.1
reiserfs-kmp-default-debuginfo-4.12.14-197.99.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
reiserfs-kmp-default-4.12.14-197.99.1
reiserfs-kmp-default-debuginfo-4.12.14-197.99.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
kernel-default-man-4.12.14-197.99.1
kernel-zfcpdump-debuginfo-4.12.14-197.99.1
kernel-zfcpdump-debugsource-4.12.14-197.99.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
reiserfs-kmp-default-4.12.14-197.99.1
reiserfs-kmp-default-debuginfo-4.12.14-197.99.1
o SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-livepatch-4.12.14-197.99.1
kernel-default-livepatch-devel-4.12.14-197.99.1
kernel-livepatch-4_12_14-197_99-default-1-3.3.3
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-4.12.14-197.99.1
cluster-md-kmp-default-debuginfo-4.12.14-197.99.1
dlm-kmp-default-4.12.14-197.99.1
dlm-kmp-default-debuginfo-4.12.14-197.99.1
gfs2-kmp-default-4.12.14-197.99.1
gfs2-kmp-default-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
ocfs2-kmp-default-4.12.14-197.99.1
ocfs2-kmp-default-debuginfo-4.12.14-197.99.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
reiserfs-kmp-default-4.12.14-197.99.1
reiserfs-kmp-default-debuginfo-4.12.14-197.99.1
o SUSE Enterprise Storage 6 (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE CaaS Platform 4.0 (noarch):
kernel-devel-4.12.14-197.99.1
kernel-docs-4.12.14-197.99.1
kernel-macros-4.12.14-197.99.1
kernel-source-4.12.14-197.99.1
o SUSE CaaS Platform 4.0 (x86_64):
kernel-default-4.12.14-197.99.1
kernel-default-base-4.12.14-197.99.1
kernel-default-base-debuginfo-4.12.14-197.99.1
kernel-default-debuginfo-4.12.14-197.99.1
kernel-default-debugsource-4.12.14-197.99.1
kernel-default-devel-4.12.14-197.99.1
kernel-default-devel-debuginfo-4.12.14-197.99.1
kernel-obs-build-4.12.14-197.99.1
kernel-obs-build-debugsource-4.12.14-197.99.1
kernel-syms-4.12.14-197.99.1
reiserfs-kmp-default-4.12.14-197.99.1
reiserfs-kmp-default-debuginfo-4.12.14-197.99.1
References:
o https://www.suse.com/security/cve/CVE-2020-24588.html
o https://www.suse.com/security/cve/CVE-2020-26558.html
o https://www.suse.com/security/cve/CVE-2020-36385.html
o https://www.suse.com/security/cve/CVE-2020-36386.html
o https://www.suse.com/security/cve/CVE-2021-0129.html
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://www.suse.com/security/cve/CVE-2021-22555.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-33624.html
o https://www.suse.com/security/cve/CVE-2021-33909.html
o https://www.suse.com/security/cve/CVE-2021-34693.html
o https://www.suse.com/security/cve/CVE-2021-3609.html
o https://bugzilla.suse.com/1153720
o https://bugzilla.suse.com/1174978
o https://bugzilla.suse.com/1179610
o https://bugzilla.suse.com/1181193
o https://bugzilla.suse.com/1185428
o https://bugzilla.suse.com/1185701
o https://bugzilla.suse.com/1185861
o https://bugzilla.suse.com/1186463
o https://bugzilla.suse.com/1186484
o https://bugzilla.suse.com/1187038
o https://bugzilla.suse.com/1187050
o https://bugzilla.suse.com/1187215
o https://bugzilla.suse.com/1187452
o https://bugzilla.suse.com/1187554
o https://bugzilla.suse.com/1187595
o https://bugzilla.suse.com/1187601
o https://bugzilla.suse.com/1188062
o https://bugzilla.suse.com/1188116
- --------------------------------------------------------------------------------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2422-1
Rating: important
References: #1104967 #1174978 #1179610 #1185701 #1185861 #1186463
#1186484 #1187038 #1187050 #1187215 #1187452 #1187554
#1187595 #1187601 #1187934 #1188062 #1188116
Cross-References: CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386
CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555
CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693
CVE-2021-3609
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Live Patching 12-SP4
SUSE Linux Enterprise High Availability 12-SP4
______________________________________________________________________________
An update that solves 13 vulnerabilities and has four fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/
x_tables.c (bnc#1188116).
o CVE-2021-33909: Extremely large seq buffer allocations in seq_file could
lead to buffer underruns and code execution (bsc#1188062).
o CVE-2021-3609: A use-after-free in can/bcm could have led to privilege
escalation (bsc#1187215).
o CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted
(e.g., because of type confusion) and consequently an unprivileged BPF
program can read arbitrary memory locations via a side-channel attack, aka
CID-9183671af6db (bnc#1187554).
o CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds
read due to a missing bounds check. This could lead to local information
disclosure in the kernel with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1187601).
o CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c,
there is a possible out of bounds write due to a heap buffer overflow. This
could lead to local escalation of privilege with no additional execution
privileges needed. User interaction is not needed for exploitation (bnc#
1187595).
o CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core
Specification 2.1 may permit a nearby man-in-the-middle attacker to
identify the Passkey used during pairing (in the Passkey authentication
procedure) by reflection of the public key and the authentication evidence
of the initiating device, potentially permitting this attacker to complete
authenticated pairing with the responding device using the correct Passkey
for the pairing session. The attack methodology determines the Passkey
value one bit at a time (bnc#1179610 bnc#1186463).
o CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive
information from kernel stack memory because parts of a data structure are
uninitialized (bnc#1187452).
o CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c
has a use-after-free because the ctx is reached via the ctx_list in some
ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c
(bnc#1187050).
o CVE-2021-0129: Improper access control in BlueZ may have allowed an
authenticated user to potentially enable information disclosure via
adjacent access (bnc#1186463).
o CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a
slab out-of-bounds read in hci_extended_inquiry_result_evt, aka
CID-51c19bf3d5cf (bnc#1187038).
o CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that the A-MSDU flag in the plaintext QoS header field is authenticated.
Against devices that support receiving non-SSP A-MSDU frames (which is
mandatory as part of 802.11n), an adversary can abuse this to inject
arbitrary network packets (bnc#1185861).
o CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer
arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform
out-of-bounds reads and writes in kernel memory, leading to local privilege
escalation to root. In particular, there is a corner case where the off reg
causes a masking direction change, which then results in an incorrect final
aux->alu_limit (bnc#1186484).
The following non-security bugs were fixed:
o block: do not use blocking queue entered for recursive bio (bsc#1104967).
o s390/stack: fix possible register corruption with stack switch helper
(git-fixes).
o scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#
1174978 bsc#1185701).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2422=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2422=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2422=1
o SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2422=1
o SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-2422=1
o SUSE Linux Enterprise High Availability 12-SP4:
zypper in -t patch SUSE-SLE-HA-12-SP4-2021-2422=1
Package List:
o SUSE OpenStack Cloud Crowbar 9 (x86_64):
kernel-default-4.12.14-95.80.1
kernel-default-base-4.12.14-95.80.1
kernel-default-base-debuginfo-4.12.14-95.80.1
kernel-default-debuginfo-4.12.14-95.80.1
kernel-default-debugsource-4.12.14-95.80.1
kernel-default-devel-4.12.14-95.80.1
kernel-default-devel-debuginfo-4.12.14-95.80.1
kernel-syms-4.12.14-95.80.1
o SUSE OpenStack Cloud Crowbar 9 (noarch):
kernel-devel-4.12.14-95.80.1
kernel-macros-4.12.14-95.80.1
kernel-source-4.12.14-95.80.1
o SUSE OpenStack Cloud 9 (x86_64):
kernel-default-4.12.14-95.80.1
kernel-default-base-4.12.14-95.80.1
kernel-default-base-debuginfo-4.12.14-95.80.1
kernel-default-debuginfo-4.12.14-95.80.1
kernel-default-debugsource-4.12.14-95.80.1
kernel-default-devel-4.12.14-95.80.1
kernel-default-devel-debuginfo-4.12.14-95.80.1
kernel-syms-4.12.14-95.80.1
o SUSE OpenStack Cloud 9 (noarch):
kernel-devel-4.12.14-95.80.1
kernel-macros-4.12.14-95.80.1
kernel-source-4.12.14-95.80.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
kernel-default-4.12.14-95.80.1
kernel-default-base-4.12.14-95.80.1
kernel-default-base-debuginfo-4.12.14-95.80.1
kernel-default-debuginfo-4.12.14-95.80.1
kernel-default-debugsource-4.12.14-95.80.1
kernel-default-devel-4.12.14-95.80.1
kernel-syms-4.12.14-95.80.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.80.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
kernel-devel-4.12.14-95.80.1
kernel-macros-4.12.14-95.80.1
kernel-source-4.12.14-95.80.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-95.80.1
kernel-default-base-4.12.14-95.80.1
kernel-default-base-debuginfo-4.12.14-95.80.1
kernel-default-debuginfo-4.12.14-95.80.1
kernel-default-debugsource-4.12.14-95.80.1
kernel-default-devel-4.12.14-95.80.1
kernel-syms-4.12.14-95.80.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.80.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
kernel-devel-4.12.14-95.80.1
kernel-macros-4.12.14-95.80.1
kernel-source-4.12.14-95.80.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):
kernel-default-man-4.12.14-95.80.1
o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kernel-default-kgraft-4.12.14-95.80.1
kernel-default-kgraft-devel-4.12.14-95.80.1
kgraft-patch-4_12_14-95_80-default-1-6.3.1
o SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-95.80.1
cluster-md-kmp-default-debuginfo-4.12.14-95.80.1
dlm-kmp-default-4.12.14-95.80.1
dlm-kmp-default-debuginfo-4.12.14-95.80.1
gfs2-kmp-default-4.12.14-95.80.1
gfs2-kmp-default-debuginfo-4.12.14-95.80.1
kernel-default-debuginfo-4.12.14-95.80.1
kernel-default-debugsource-4.12.14-95.80.1
ocfs2-kmp-default-4.12.14-95.80.1
ocfs2-kmp-default-debuginfo-4.12.14-95.80.1
References:
o https://www.suse.com/security/cve/CVE-2020-24588.html
o https://www.suse.com/security/cve/CVE-2020-26558.html
o https://www.suse.com/security/cve/CVE-2020-36385.html
o https://www.suse.com/security/cve/CVE-2020-36386.html
o https://www.suse.com/security/cve/CVE-2021-0129.html
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://www.suse.com/security/cve/CVE-2021-22555.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-33624.html
o https://www.suse.com/security/cve/CVE-2021-33909.html
o https://www.suse.com/security/cve/CVE-2021-34693.html
o https://www.suse.com/security/cve/CVE-2021-3609.html
o https://bugzilla.suse.com/1104967
o https://bugzilla.suse.com/1174978
o https://bugzilla.suse.com/1179610
o https://bugzilla.suse.com/1185701
o https://bugzilla.suse.com/1185861
o https://bugzilla.suse.com/1186463
o https://bugzilla.suse.com/1186484
o https://bugzilla.suse.com/1187038
o https://bugzilla.suse.com/1187050
o https://bugzilla.suse.com/1187215
o https://bugzilla.suse.com/1187452
o https://bugzilla.suse.com/1187554
o https://bugzilla.suse.com/1187595
o https://bugzilla.suse.com/1187601
o https://bugzilla.suse.com/1187934
o https://bugzilla.suse.com/1188062
o https://bugzilla.suse.com/1188116
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYPoVbONLKJtyKPYoAQh5FA/9G8JZhkZsyvVMW0uUzsLyf0Jsxwkk0cvp
rJOMk3hb2Y1aAk78aFliphUpM2Ej3uZyngxA3nqEKM4iQpUxgfYeyia9NsuYzshz
UqJVHD0UEuzqjO9zp+73gzmG1GKd97I6JecC+LCrajVIzA82wyJIIofqnQpjTDVO
eyr8Aa4hSTNUwPiDQpfMFdnXi4jRJgY4J91BbC5RFpP9+KtdREKth1JO8VToXHkP
wj0H2dD3HSHLOAyQV8YDZ0SFjGJ3FgyMhzwNOHnSRrl/3IoBynusrlnA04mbpV63
7RkRZ/VUS57B1zVJR8xfDKhv4ESrZFlAfIxUakT82glupbv0LTJr/ku1oYU4FFiQ
6fs4Y/5StavDpIqVwVy6vRoCj1/PaQYeL6HNKAHXV4shrQeICXwsJTR+Qm4T2a4t
CXciR42mhyv+tiXXGFoKJEPqMIAXjd4mnHrr2pFkpQsmMNDO2BCbe6eML/RMY4cn
SbbCCUnHj4OINw0ZKhYo1mnbAdS/abiOj3Xwm+ODHkJZQKVx2j0ydamEe7E/M8gU
fQ47XjJyLZgy3V0wXX9DnqFlgHfGznUuH3YHyQI8gU6doGmkX/UqWMydQJ0oBsn4
fQ/i2T+QjhzHzPyJ2QwtGx+DYAwrntDl1iBnO3nh0ph5JtX+jueGH3Cj2inutzIn
LOnGPeaucZk=
=bWBJ
-----END PGP SIGNATURE-----