SUSE-SU-2024:1257-1

Опубликовано: 12 апр. 2024

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-150200_24_163 fixes several issues.

The following security issues were fixed:

CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1219078).
CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1218613).
CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219296).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP2

kernel-livepatch-5_3_18-150200_24_163-default-7-150200.2.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241257-1/
Link for SUSE-SU-2024:1257-1
https://lists.suse.com/pipermail/sle-updates/2024-April/034951.html
E-Mail link for SUSE-SU-2024:1257-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218613
SUSE Bug 1218613
https://bugzilla.suse.com/1219078
SUSE Bug 1219078
https://bugzilla.suse.com/1219296
SUSE Bug 1219296
https://www.suse.com/security/cve/CVE-2023-42753/
SUSE CVE CVE-2023-42753 page
https://www.suse.com/security/cve/CVE-2023-52340/
SUSE CVE CVE-2023-52340 page
https://www.suse.com/security/cve/CVE-2024-0565/
SUSE CVE CVE-2024-0565 page

Описание

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_163-default-7-150200.2.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-42753.html
CVE-2023-42753
https://bugzilla.suse.com/1215150
SUSE Bug 1215150
https://bugzilla.suse.com/1218613
SUSE Bug 1218613

Описание

The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_163-default-7-150200.2.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-52340.html
CVE-2023-52340
https://bugzilla.suse.com/1219295
SUSE Bug 1219295
https://bugzilla.suse.com/1219296
SUSE Bug 1219296
https://bugzilla.suse.com/1224298
SUSE Bug 1224298
https://bugzilla.suse.com/1224878
SUSE Bug 1224878

Описание

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_163-default-7-150200.2.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-0565.html
CVE-2024-0565
https://bugzilla.suse.com/1218832
SUSE Bug 1218832
https://bugzilla.suse.com/1219078
SUSE Bug 1219078

SUSE-SU-2024:1257-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP2

Ссылки

Уязвимость: CVE-2023-42753

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-52340

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-0565

Описание

Затронутые продукты

Ссылки