drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
SUSE-SU-2021:0737-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Module for Live Patching 15-SP1, SUSE Linux Enterprise High Availability 15-SP1, SUSE Enterprise Storage 6, SUSE CaaS Platform 4.0, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.0, SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS, SUSE Linux Enterprise Server 15-SP1-LTSS, SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Linux Enterprise Server 15-SP1-BCL |
|
Datum: |
Mi, 10. März 2021, 07:15 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931 |
|
Applikationen: |
Linux |
|
Originalnachricht |
SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________
Announcement ID: SUSE-SU-2021:0737-1 Rating: important References: #1065600 #1163617 #1170442 #1176855 #1179082 #1179428 #1179660 #1180058 #1180262 #1180964 #1181671 #1181747 #1181753 #1181843 #1181854 #1182047 #1182130 #1182140 #1182175 Cross-References: CVE-2020-29368 CVE-2020-29374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVSS scores: CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26931 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-26932 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26932 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________
An update that solves 5 vulnerabilities and has 14 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
- btrfs: Cleanup try_flush_qgroup (bsc#1182047). - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve (bsc#1182130) - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047). - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ("rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).") - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442). - net: bcmgenet: add support for ethtool rxnfc flows (git-fixes). - net: bcmgenet: code movement (git-fixes). - net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes). - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes). - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes). - net: bcmgenet: set Rx mode before starting netif (git-fixes). - net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes). - net: bcmgenet: Use correct I/O accessors (git-fixes). - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net: moxa: Fix a potential double 'free_irq()' (git-fixes). - net: sun: fix missing release regions in cas_init_one() (git-fixes). - nvme-multipath: Early exit if no path is available (bsc#1180964). - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617). - usb: dwc2: Abort transaction after errors with unknown reason (bsc#1180262). - usb: dwc2: Do not update data length if it is 0 on inbound transfers (bsc#1180262). - usb: dwc2: Make "trimming xfer length" a debug message (bsc#1180262). - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-737=1
- SUSE Manager Retail Branch Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-737=1
- SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-737=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-737=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-737=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-737=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-737=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-737=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-737=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-737=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-737=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
Package List:
- SUSE Manager Server 4.0 (ppc64le s390x x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1 reiserfs-kmp-default-4.12.14-197.86.1 reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Manager Server 4.0 (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE Manager Server 4.0 (s390x):
kernel-default-man-4.12.14-197.86.1 kernel-zfcpdump-debuginfo-4.12.14-197.86.1 kernel-zfcpdump-debugsource-4.12.14-197.86.1
- SUSE Manager Retail Branch Server 4.0 (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE Manager Retail Branch Server 4.0 (x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1 reiserfs-kmp-default-4.12.14-197.86.1 reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Manager Proxy 4.0 (x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1 reiserfs-kmp-default-4.12.14-197.86.1 reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Manager Proxy 4.0 (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1 reiserfs-kmp-default-4.12.14-197.86.1 reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1 reiserfs-kmp-default-4.12.14-197.86.1 reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
kernel-default-man-4.12.14-197.86.1 kernel-zfcpdump-debuginfo-4.12.14-197.86.1 kernel-zfcpdump-debugsource-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1 reiserfs-kmp-default-4.12.14-197.86.1 reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-livepatch-4.12.14-197.86.1 kernel-default-livepatch-devel-4.12.14-197.86.1 kernel-livepatch-4_12_14-197_86-default-1-3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-197.86.1 cluster-md-kmp-default-debuginfo-4.12.14-197.86.1 dlm-kmp-default-4.12.14-197.86.1 dlm-kmp-default-debuginfo-4.12.14-197.86.1 gfs2-kmp-default-4.12.14-197.86.1 gfs2-kmp-default-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 ocfs2-kmp-default-4.12.14-197.86.1 ocfs2-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1 reiserfs-kmp-default-4.12.14-197.86.1 reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
- SUSE Enterprise Storage 6 (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE CaaS Platform 4.0 (noarch):
kernel-devel-4.12.14-197.86.1 kernel-docs-4.12.14-197.86.1 kernel-macros-4.12.14-197.86.1 kernel-source-4.12.14-197.86.1
- SUSE CaaS Platform 4.0 (x86_64):
kernel-default-4.12.14-197.86.1 kernel-default-base-4.12.14-197.86.1 kernel-default-base-debuginfo-4.12.14-197.86.1 kernel-default-debuginfo-4.12.14-197.86.1 kernel-default-debugsource-4.12.14-197.86.1 kernel-default-devel-4.12.14-197.86.1 kernel-default-devel-debuginfo-4.12.14-197.86.1 kernel-obs-build-4.12.14-197.86.1 kernel-obs-build-debugsource-4.12.14-197.86.1 kernel-syms-4.12.14-197.86.1 reiserfs-kmp-default-4.12.14-197.86.1 reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
References:
https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2020-29374.html https://www.suse.com/security/cve/CVE-2021-26930.html https://www.suse.com/security/cve/CVE-2021-26931.html https://www.suse.com/security/cve/CVE-2021-26932.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1163617 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179428 https://bugzilla.suse.com/1179660 https://bugzilla.suse.com/1180058 https://bugzilla.suse.com/1180262 https://bugzilla.suse.com/1180964 https://bugzilla.suse.com/1181671 https://bugzilla.suse.com/1181747 https://bugzilla.suse.com/1181753 https://bugzilla.suse.com/1181843 https://bugzilla.suse.com/1181854 https://bugzilla.suse.com/1182047 https://bugzilla.suse.com/1182130 https://bugzilla.suse.com/1182140 https://bugzilla.suse.com/1182175
|
|
|
|