Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel(bnc#1120758).
- CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before (bnc#1120758).
- CVE-2019-3896: A double-free could happen in idr_remove_all() in lib/idr.c in the Linux kernel. An unprivileged local attacker could use this flaw for a privilege escalation or for a system crash and a denial of service (DoS) (bnc#1138943).
- CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could lead to a denial of service (bnc#1102340).
- CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).
- CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424 1136446).
The following non-security bugs were fixed:
- KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).
- fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer (bsc#1134835).
- signal: give SEND_SIG_FORCED more power to beat SIGNAL_UNKILLABLE (bsc#1135650).
- signal: oom_kill_task: use SEND_SIG_FORCED instead of force_sig() (bsc#1135650).
- tcp: a regression in the previous fix for the TCP SACK issue was fixed (bnc#1139751)
Список пакетов
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2019:14127-1
- E-Mail link for SUSE-SU-2019:14127-1
- SUSE Security Ratings
- SUSE Bug 1063416
- SUSE Bug 1090078
- SUSE Bug 1102340
- SUSE Bug 1120758
- SUSE Bug 1134395
- SUSE Bug 1134835
- SUSE Bug 1135650
- SUSE Bug 1136424
- SUSE Bug 1137194
- SUSE Bug 1138943
- SUSE Bug 1139751
- SUSE CVE CVE-2018-20836 page
- SUSE CVE CVE-2018-5390 page
- SUSE CVE CVE-2019-12614 page
- SUSE CVE CVE-2019-3459 page
- SUSE CVE CVE-2019-3460 page
- SUSE CVE CVE-2019-3846 page
Описание
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Затронутые продукты
Ссылки
- CVE-2018-20836
- SUSE Bug 1134395
Описание
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Затронутые продукты
Ссылки
- CVE-2018-5390
- SUSE Bug 1087082
- SUSE Bug 1102340
- SUSE Bug 1102682
- SUSE Bug 1103097
- SUSE Bug 1103098
- SUSE Bug 1156434
Описание
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
Затронутые продукты
Ссылки
- CVE-2019-12614
- SUSE Bug 1137194
Описание
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
Затронутые продукты
Ссылки
- CVE-2019-3459
- SUSE Bug 1120758
Описание
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
Затронутые продукты
Ссылки
- CVE-2019-3460
- SUSE Bug 1120758
- SUSE Bug 1155131
Описание
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
Затронутые продукты
Ссылки
- CVE-2019-3846
- SUSE Bug 1136424
- SUSE Bug 1136446
- SUSE Bug 1156330
Описание
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
Затронутые продукты
Ссылки
- CVE-2019-3896
- SUSE Bug 1138943
- SUSE Bug 1156434
- SUSE Bug 1173987