Описание
Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3)
This update for the Linux Kernel 4.4.180-94_138 fixes several issues.
The following security issues were fixed:
- CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616).
- CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684).
- CVE-2020-25645: Fixed an issue where the traffic between two Geneve endpoints may have been unencrypted when IPsec was configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513).
- CVE-2020-0429: Fixed a potential memory corruption due to a use after free which could have led local escalation of privilege with System execution privileges needed (bsc#1176931).
- CVE-2020-1749: Fixed an issue in some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6 where the kernel was not correctly routing tunneled data over the encrypted link rather sending the data unencrypted (bsc#1165631).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
Ссылки
- Link for SUSE-SU-2021:0835-1
- E-Mail link for SUSE-SU-2021:0835-1
- SUSE Security Ratings
- SUSE Bug 1165631
- SUSE Bug 1176931
- SUSE Bug 1177513
- SUSE Bug 1178684
- SUSE Bug 1179616
- SUSE CVE CVE-2020-0429 page
- SUSE CVE CVE-2020-1749 page
- SUSE CVE CVE-2020-25645 page
- SUSE CVE CVE-2020-27786 page
- SUSE CVE CVE-2020-28374 page
Описание
In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806
Затронутые продукты
Ссылки
- CVE-2020-0429
- SUSE Bug 1176724
- SUSE Bug 1176931
- SUSE Bug 1188026
Описание
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Затронутые продукты
Ссылки
- CVE-2020-1749
- SUSE Bug 1165629
- SUSE Bug 1165631
- SUSE Bug 1177511
- SUSE Bug 1177513
- SUSE Bug 1189302
Описание
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Затронутые продукты
Ссылки
- CVE-2020-25645
- SUSE Bug 1177511
- SUSE Bug 1177513
Описание
A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-27786
- SUSE Bug 1179601
- SUSE Bug 1179616
Описание
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.
Затронутые продукты
Ссылки
- CVE-2020-28374
- SUSE Bug 1178372
- SUSE Bug 1178684
- SUSE Bug 1180676