Описание
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-22 fixes several issues.
The following security issues were fixed:
- CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724, bsc#1177729, bsc#1178397).
- CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka 'BleedingTooth' aka 'BadVibes' (bsc#1177726, bsc#1177727).
- CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
Ссылки
- Link for SUSE-SU-2020:3389-1
- E-Mail link for SUSE-SU-2020:3389-1
- SUSE Security Ratings
- SUSE Bug 1177513
- SUSE Bug 1177727
- SUSE Bug 1177729
- SUSE CVE CVE-2020-12351 page
- SUSE CVE CVE-2020-24490 page
- SUSE CVE CVE-2020-25645 page
Описание
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Затронутые продукты
Ссылки
- CVE-2020-12351
- SUSE Bug 1177724
- SUSE Bug 1177729
- SUSE Bug 1178397
Описание
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
Затронутые продукты
Ссылки
- CVE-2020-24490
- SUSE Bug 1177726
- SUSE Bug 1177727
Описание
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Затронутые продукты
Ссылки
- CVE-2020-25645
- SUSE Bug 1177511
- SUSE Bug 1177513