SUSE-SU-2024:4397-1

Опубликовано: 20 дек. 2024

Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).

Список пакетов

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

kernel-default-3.0.101-108.171.1

kernel-default-base-3.0.101-108.171.1

kernel-default-devel-3.0.101-108.171.1

kernel-ec2-3.0.101-108.171.1

kernel-ec2-base-3.0.101-108.171.1

kernel-ec2-devel-3.0.101-108.171.1

kernel-source-3.0.101-108.171.1

kernel-syms-3.0.101-108.171.1

kernel-trace-3.0.101-108.171.1

kernel-trace-base-3.0.101-108.171.1

kernel-trace-devel-3.0.101-108.171.1

kernel-xen-3.0.101-108.171.1

kernel-xen-base-3.0.101-108.171.1

kernel-xen-devel-3.0.101-108.171.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244397-1/
Link for SUSE-SU-2024:4397-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/020041.html
E-Mail link for SUSE-SU-2024:4397-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1232432
SUSE Bug 1232432
https://bugzilla.suse.com/1233479
SUSE Bug 1233479
https://bugzilla.suse.com/1233557
SUSE Bug 1233557
https://www.suse.com/security/cve/CVE-2024-49995/
SUSE CVE CVE-2024-49995 page
https://www.suse.com/security/cve/CVE-2024-50290/
SUSE CVE CVE-2024-50290 page
https://www.suse.com/security/cve/CVE-2024-53063/
SUSE CVE CVE-2024-53063 page

Описание

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.171.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-49995.html
CVE-2024-49995
https://bugzilla.suse.com/1232432
SUSE Bug 1232432
https://bugzilla.suse.com/1232433
SUSE Bug 1232433

Описание

In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.171.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-50290.html
CVE-2024-50290
https://bugzilla.suse.com/1225742
SUSE Bug 1225742
https://bugzilla.suse.com/1233479
SUSE Bug 1233479
https://bugzilla.suse.com/1233681
SUSE Bug 1233681

Описание

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_register_device() won't check for boundaries, as it will rely that a previous call to dvb_register_adapter() would already be enforcing it. On a similar way, dvb_device_open() uses the assumption that the register functions already did the needed checks. This can be fragile if some device ends using different calls. This also generate warnings on static check analysers like Coverity. So, add explicit guards to prevent potential risk of OOM issues.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.171.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-53063.html
CVE-2024-53063
https://bugzilla.suse.com/1225742
SUSE Bug 1225742
https://bugzilla.suse.com/1233557
SUSE Bug 1233557
https://bugzilla.suse.com/1233619
SUSE Bug 1233619

SUSE-SU-2024:4397-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

Ссылки

Уязвимость: CVE-2024-49995

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-50290

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-53063

Описание

Затронутые продукты

Ссылки