Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.4008
Security update for the Linux Kernel
12 August 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-36946 CVE-2022-20166 CVE-2022-1462
CVE-2021-33656 CVE-2021-33655 CVE-2021-26341
CVE-2020-36558 CVE-2020-36557
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20222723-1
Comment: CVSS (Max): 7.8 CVE-2021-33655 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2723-1
Rating: important
References: #1195775 #1195926 #1198484 #1198829 #1200442 #1200598
#1200910 #1201050 #1201429 #1201635 #1201636 #1201926
#1201930 #1201940
Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-26341 CVE-2021-33655
CVE-2021-33656 CVE-2022-1462 CVE-2022-20166 CVE-2022-36946
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP Applications 15
______________________________________________________________________________
An update that solves 8 vulnerabilities and has 6 fixes is now available.
Description:
The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and
closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
o CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead
to a NULL pointer dereference and general protection fault (bnc#1200910).
o CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional
direct branches, which may potentially result in data leakage (bsc#
1201050).
o CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO
(bnc#1201635).
o CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#
1201636).
o CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem
(bnc#1198829).
o CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety
that could cause local escalation of privilege (bnc#1200598).
o CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that
could lead to remote DoS (bnc#1201940).
The following non-security bugs were fixed:
o Add missing recommends of kernel-install-tools to kernel-source-vanilla
(bsc#1200442)
o cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926).
o cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926).
o cifs: To match file servers, make sure the server hostname matches (bsc#
1201926).
o cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#
1201926).
o cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926).
o cifs: set a minimum of 120s for next dns resolution (bsc#1201926).
o cifs: use the expiry output of dns_query to schedule next resolution (bsc#
1201926).
o kernel-binary.spec: Support radio selection for debuginfo. To disable
debuginfo on 5.18 kernel a radio selection needs to be switched to a
different selection. This requires disabling the currently active option
and selecting NONE as debuginfo type.
o kernel-binary.spec: check s390x vmlinux location As a side effect of
mainline commit edd4a8667355 ("s390/boot: get rid of startup archive"),
vmlinux on s390x moved from "compressed" subdirectory directly into arch/
s390/boot. As the specfile is shared among branches, check both locations
and let objcopy use one that exists.
o kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
o kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#
1201930).
o pahole 1.22 required for full BTF features. also recommend pahole for
kernel-source to make the kernel buildable with standard config
o rpm/*.spec.in: remove backtick usage
o rpm/constraints.in: skip SLOW_DISK workers for kernel-source
o rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
o rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module
(bsc#1195775)
o rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#
1198484).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2723=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2723=1
o SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2723=1
Please note that this is the initial kernel livepatch without fixes itself,
this package is later updated by seperate standalone kernel livepatch
updates.
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2723=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2723=1
o SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-2723=1
Package List:
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
kernel-default-4.12.14-150000.150.98.1
kernel-default-base-4.12.14-150000.150.98.1
kernel-default-debuginfo-4.12.14-150000.150.98.1
kernel-default-debugsource-4.12.14-150000.150.98.1
kernel-default-devel-4.12.14-150000.150.98.1
kernel-default-devel-debuginfo-4.12.14-150000.150.98.1
kernel-obs-build-4.12.14-150000.150.98.1
kernel-obs-build-debugsource-4.12.14-150000.150.98.1
kernel-syms-4.12.14-150000.150.98.1
kernel-vanilla-base-4.12.14-150000.150.98.1
kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1
kernel-vanilla-debuginfo-4.12.14-150000.150.98.1
kernel-vanilla-debugsource-4.12.14-150000.150.98.1
reiserfs-kmp-default-4.12.14-150000.150.98.1
reiserfs-kmp-default-debuginfo-4.12.14-150000.150.98.1
o SUSE Linux Enterprise Server for SAP 15 (noarch):
kernel-devel-4.12.14-150000.150.98.1
kernel-docs-4.12.14-150000.150.98.2
kernel-macros-4.12.14-150000.150.98.1
kernel-source-4.12.14-150000.150.98.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
kernel-default-4.12.14-150000.150.98.1
kernel-default-base-4.12.14-150000.150.98.1
kernel-default-debuginfo-4.12.14-150000.150.98.1
kernel-default-debugsource-4.12.14-150000.150.98.1
kernel-default-devel-4.12.14-150000.150.98.1
kernel-default-devel-debuginfo-4.12.14-150000.150.98.1
kernel-obs-build-4.12.14-150000.150.98.1
kernel-obs-build-debugsource-4.12.14-150000.150.98.1
kernel-syms-4.12.14-150000.150.98.1
kernel-vanilla-base-4.12.14-150000.150.98.1
kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1
kernel-vanilla-debuginfo-4.12.14-150000.150.98.1
kernel-vanilla-debugsource-4.12.14-150000.150.98.1
reiserfs-kmp-default-4.12.14-150000.150.98.1
reiserfs-kmp-default-debuginfo-4.12.14-150000.150.98.1
o SUSE Linux Enterprise Server 15-LTSS (noarch):
kernel-devel-4.12.14-150000.150.98.1
kernel-docs-4.12.14-150000.150.98.2
kernel-macros-4.12.14-150000.150.98.1
kernel-source-4.12.14-150000.150.98.1
o SUSE Linux Enterprise Server 15-LTSS (s390x):
kernel-default-man-4.12.14-150000.150.98.1
kernel-zfcpdump-debuginfo-4.12.14-150000.150.98.1
kernel-zfcpdump-debugsource-4.12.14-150000.150.98.1
o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-150000.150.98.1
kernel-default-debugsource-4.12.14-150000.150.98.1
kernel-default-livepatch-4.12.14-150000.150.98.1
kernel-livepatch-4_12_14-150000_150_98-default-1-150000.1.3.1
kernel-livepatch-4_12_14-150000_150_98-default-debuginfo-1-150000.1.3.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
kernel-default-4.12.14-150000.150.98.1
kernel-default-base-4.12.14-150000.150.98.1
kernel-default-debuginfo-4.12.14-150000.150.98.1
kernel-default-debugsource-4.12.14-150000.150.98.1
kernel-default-devel-4.12.14-150000.150.98.1
kernel-default-devel-debuginfo-4.12.14-150000.150.98.1
kernel-obs-build-4.12.14-150000.150.98.1
kernel-obs-build-debugsource-4.12.14-150000.150.98.1
kernel-syms-4.12.14-150000.150.98.1
kernel-vanilla-base-4.12.14-150000.150.98.1
kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1
kernel-vanilla-debuginfo-4.12.14-150000.150.98.1
kernel-vanilla-debugsource-4.12.14-150000.150.98.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
kernel-devel-4.12.14-150000.150.98.1
kernel-docs-4.12.14-150000.150.98.2
kernel-macros-4.12.14-150000.150.98.1
kernel-source-4.12.14-150000.150.98.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-150000.150.98.1
kernel-default-base-4.12.14-150000.150.98.1
kernel-default-debuginfo-4.12.14-150000.150.98.1
kernel-default-debugsource-4.12.14-150000.150.98.1
kernel-default-devel-4.12.14-150000.150.98.1
kernel-default-devel-debuginfo-4.12.14-150000.150.98.1
kernel-obs-build-4.12.14-150000.150.98.1
kernel-obs-build-debugsource-4.12.14-150000.150.98.1
kernel-syms-4.12.14-150000.150.98.1
kernel-vanilla-base-4.12.14-150000.150.98.1
kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1
kernel-vanilla-debuginfo-4.12.14-150000.150.98.1
kernel-vanilla-debugsource-4.12.14-150000.150.98.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
kernel-devel-4.12.14-150000.150.98.1
kernel-docs-4.12.14-150000.150.98.2
kernel-macros-4.12.14-150000.150.98.1
kernel-source-4.12.14-150000.150.98.1
o SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-150000.150.98.1
cluster-md-kmp-default-debuginfo-4.12.14-150000.150.98.1
dlm-kmp-default-4.12.14-150000.150.98.1
dlm-kmp-default-debuginfo-4.12.14-150000.150.98.1
gfs2-kmp-default-4.12.14-150000.150.98.1
gfs2-kmp-default-debuginfo-4.12.14-150000.150.98.1
kernel-default-debuginfo-4.12.14-150000.150.98.1
kernel-default-debugsource-4.12.14-150000.150.98.1
ocfs2-kmp-default-4.12.14-150000.150.98.1
ocfs2-kmp-default-debuginfo-4.12.14-150000.150.98.1
References:
o https://www.suse.com/security/cve/CVE-2020-36557.html
o https://www.suse.com/security/cve/CVE-2020-36558.html
o https://www.suse.com/security/cve/CVE-2021-26341.html
o https://www.suse.com/security/cve/CVE-2021-33655.html
o https://www.suse.com/security/cve/CVE-2021-33656.html
o https://www.suse.com/security/cve/CVE-2022-1462.html
o https://www.suse.com/security/cve/CVE-2022-20166.html
o https://www.suse.com/security/cve/CVE-2022-36946.html
o https://bugzilla.suse.com/1195775
o https://bugzilla.suse.com/1195926
o https://bugzilla.suse.com/1198484
o https://bugzilla.suse.com/1198829
o https://bugzilla.suse.com/1200442
o https://bugzilla.suse.com/1200598
o https://bugzilla.suse.com/1200910
o https://bugzilla.suse.com/1201050
o https://bugzilla.suse.com/1201429
o https://bugzilla.suse.com/1201635
o https://bugzilla.suse.com/1201636
o https://bugzilla.suse.com/1201926
o https://bugzilla.suse.com/1201930
o https://bugzilla.suse.com/1201940
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYvWxeckNZI30y1K9AQgT7Q//ZZb8h4pAhDwf1CBvtUQsLNBOFtuTnVnJ
px3qG2qYAQLPiizo0aHL96cMVu16ch82B0r9pCzt92tL/EFQsbhva36YyzCGx9C7
/zfeZR3zRnvJCXs5xwj2HALzuCsbfobatY3E0JrGZF8T2veqQuYeVNlYOrFF8P1Q
gBMwa29QsF2eRrJ1S3ic52uCsdRJFSJltVCmCSrVAsvUYjXKstFqV5w23cwH33jd
GebbEe/HScuaix5Z3UnOKkXSFGWa521IcfkLRs2CBRnQct2oG2m0vgVMJu3qjI01
TUHfkWtTT3xN9H90brrIPcM3z/hpvCSyvk5cBR7aiCqiVU4bXPbztivT/Hr6+GJj
nGx35W8SV7h9oYq8WMQnWSm6zC8uxIK9k9csIjBbSfd29BroFUvjElB10Hnrk7Qe
UlruYTk7hTecgRl0cLQCqrtensAPdO3J78j7gPuUvdEeOzvXpO2FC8XtEj+tdAVc
GrGyP7e4whzmWiC8GzOnDjWIEzokTwUyDq/xKdvGgk+dnhO+9lWLyFSZXkPNcylf
3Y68bIErNQqb9mGTGrtcTddq6Zo7jOiymToURF1+GLH9iIcBxydAq+BmOiLPVcmK
z+MvSJkVg5trsDFQVoUQYCZZEMrTreo6DotWTbzpSRQvj+eRt+bfl6v3IyWugJ9z
gt7XVPJnHb0=
=uz8G
-----END PGP SIGNATURE-----