SUSE: 2019:14127-1 important: the Linux Kernel
Summary
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel(bnc#1120758). - CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before (bnc#1120758). - CVE-2019-3896: A double-free could happen in idr_remove_all() in lib/idr.c in the Linux kernel. An unprivileged local attacker could use this flaw for a privilege escalation or for a system crash and a denial of service (DoS) (bnc#1138943). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could lead to a denial of service (bnc#1102340). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424 1136446). The following non-security bugs were fixed: - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer (bsc#1134835). - signal: give SEND_SIG_FORCED more power to beat SIGNAL_UNKILLABLE (bsc#1135650). - signal: oom_kill_task: use SEND_SIG_FORCED instead of force_sig() (bsc#1135650). - tcp: a regression in the previous fix for the TCP SACK issue was fixed (bnc#1139751)
References
#1063416 #1090078 #1102340 #1120758 #1134395
#1134835 #1135650 #1136424 #1137194 #1138943
#1139751
Cross- CVE-2018-20836 CVE-2018-5390 CVE-2019-12614
CVE-2019-3459 CVE-2019-3460 CVE-2019-3846
CVE-2019-3896
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2018-20836.html
https://www.suse.com/security/cve/CVE-2018-5390.html
https://www.suse.com/security/cve/CVE-2019-12614.html
https://www.suse.com/security/cve/CVE-2019-3459.html
https://www.suse.com/security/cve/CVE-2019-3460.html
https://www.suse.com/security/cve/CVE-2019-3846.html
https://www.suse.com/security/cve/CVE-2019-3896.html
https://bugzilla.suse.com/1063416
https://bugzilla.suse.com/1090078
https://bugzilla.suse.com/1102340
https://bugzilla.suse.com/1120758
https://bugzilla.suse.com/1134395
https://bugzilla.suse.com/1134835
https://bugzilla.suse.com/1135650
https://bugzilla.suse.com/1136424
https://bugzilla.suse.com/1137194
https://bugzilla.suse.com/1138943
https://bugzilla.suse.com/1139751