SUSE-SU-2020:3187-1

Опубликовано: 05 нояб. 2020

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-22 fixes several issues.

The following security issues were fixed:

CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381).
CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069).
CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP2

kernel-livepatch-5_3_18-22-default-3-8.2

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203187-1/
Link for SUSE-SU-2020:3187-1
https://lists.suse.com/pipermail/sle-security-updates/2020-November/007709.html
E-Mail link for SUSE-SU-2020:3187-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1175992
SUSE Bug 1175992
https://bugzilla.suse.com/1176072
SUSE Bug 1176072
https://bugzilla.suse.com/1176382
SUSE Bug 1176382
https://www.suse.com/security/cve/CVE-2020-14386/
SUSE CVE CVE-2020-14386 page
https://www.suse.com/security/cve/CVE-2020-24394/
SUSE CVE CVE-2020-24394 page
https://www.suse.com/security/cve/CVE-2020-25212/
SUSE CVE CVE-2020-25212 page

Описание

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-3-8.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-14386.html
CVE-2020-14386
https://bugzilla.suse.com/1176069
SUSE Bug 1176069
https://bugzilla.suse.com/1176072
SUSE Bug 1176072

Описание

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-3-8.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-24394.html
CVE-2020-24394
https://bugzilla.suse.com/1175518
SUSE Bug 1175518
https://bugzilla.suse.com/1175992
SUSE Bug 1175992

Описание

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-3-8.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-25212.html
CVE-2020-25212
https://bugzilla.suse.com/1176381
SUSE Bug 1176381
https://bugzilla.suse.com/1176382
SUSE Bug 1176382
https://bugzilla.suse.com/1177027
SUSE Bug 1177027

SUSE-SU-2020:3187-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP2

Ссылки

Уязвимость: CVE-2020-14386

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-24394

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-25212

Описание

Затронутые продукты

Ссылки