SUSE-SU-2019:3237-1

Опубликовано: 10 дек. 2019

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-60_64_124 fixes several issues.

The following security issues were fixed:

CVE-2019-15917: Fixed a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bsc#1156334).
CVE-2019-17133: Fixed Buffer Overflow to reject long SSID IE in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c(bsc#1153161).

Список пакетов

SUSE Linux Enterprise Server 12 SP1-LTSS

kgraft-patch-3_12_74-60_64_124-default-2-2.3

kgraft-patch-3_12_74-60_64_124-xen-2-2.3

SUSE Linux Enterprise Server for SAP Applications 12 SP1

kgraft-patch-3_12_74-60_64_124-default-2-2.3

kgraft-patch-3_12_74-60_64_124-xen-2-2.3

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20193237-1/
Link for SUSE-SU-2019:3237-1
https://lists.suse.com/pipermail/sle-security-updates/2019-December/006228.html
E-Mail link for SUSE-SU-2019:3237-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1153161
SUSE Bug 1153161
https://bugzilla.suse.com/1156334
SUSE Bug 1156334
https://www.suse.com/security/cve/CVE-2019-15917/
SUSE CVE CVE-2019-15917 page
https://www.suse.com/security/cve/CVE-2019-17133/
SUSE CVE CVE-2019-17133 page

Описание

An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_124-default-2-2.3

SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_124-xen-2-2.3

SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_124-default-2-2.3

SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_124-xen-2-2.3

Ссылки

https://www.suse.com/security/cve/CVE-2019-15917.html
CVE-2019-15917
https://bugzilla.suse.com/1149539
SUSE Bug 1149539
https://bugzilla.suse.com/1156334
SUSE Bug 1156334

Описание

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_124-default-2-2.3

SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_124-xen-2-2.3

SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_124-default-2-2.3

SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_124-xen-2-2.3

Ссылки

https://www.suse.com/security/cve/CVE-2019-17133.html
CVE-2019-17133
https://bugzilla.suse.com/1153158
SUSE Bug 1153158
https://bugzilla.suse.com/1153161
SUSE Bug 1153161

SUSE-SU-2019:3237-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP1

Ссылки

Уязвимость: CVE-2019-15917

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-17133

Описание

Затронутые продукты

Ссылки