SUSE-SU-2024:4397-1

Опубликовано: 20 дек. 2024

Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).

Список пакетов

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

kernel-default-3.0.101-108.171.1

kernel-default-base-3.0.101-108.171.1

kernel-default-devel-3.0.101-108.171.1

kernel-ec2-3.0.101-108.171.1

kernel-ec2-base-3.0.101-108.171.1

kernel-ec2-devel-3.0.101-108.171.1

kernel-source-3.0.101-108.171.1

kernel-syms-3.0.101-108.171.1

kernel-trace-3.0.101-108.171.1

kernel-trace-base-3.0.101-108.171.1

kernel-trace-devel-3.0.101-108.171.1

kernel-xen-3.0.101-108.171.1

kernel-xen-base-3.0.101-108.171.1

kernel-xen-devel-3.0.101-108.171.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244397-1/
Link for SUSE-SU-2024:4397-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/020041.html
E-Mail link for SUSE-SU-2024:4397-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1232432
SUSE Bug 1232432
https://bugzilla.suse.com/1233479
SUSE Bug 1233479
https://bugzilla.suse.com/1233557
SUSE Bug 1233557
https://www.suse.com/security/cve/CVE-2024-49995/
SUSE CVE CVE-2024-49995 page
https://www.suse.com/security/cve/CVE-2024-50290/
SUSE CVE CVE-2024-50290 page
https://www.suse.com/security/cve/CVE-2024-53063/
SUSE CVE CVE-2024-53063 page

Описание

In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.171.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-49995.html
CVE-2024-49995
https://bugzilla.suse.com/1232432
SUSE Bug 1232432
https://bugzilla.suse.com/1232433
SUSE Bug 1232433

Описание

In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.171.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-50290.html
CVE-2024-50290
https://bugzilla.suse.com/1225742
SUSE Bug 1225742
https://bugzilla.suse.com/1233479
SUSE Bug 1233479
https://bugzilla.suse.com/1233681
SUSE Bug 1233681

Описание

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.171.1

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.171.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-53063.html
CVE-2024-53063
https://bugzilla.suse.com/1225742
SUSE Bug 1225742
https://bugzilla.suse.com/1233557
SUSE Bug 1233557
https://bugzilla.suse.com/1233619
SUSE Bug 1233619

SUSE-SU-2024:4397-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

Ссылки

Уязвимость: CVE-2024-49995

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-50290

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-53063

Описание

Затронутые продукты

Ссылки