SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) ______________________________________________________________________________
Announcement ID: SUSE-SU-2020:1656-1 Rating: important References: #1144502 #1171746 #1172140 #1172437 Cross-References: CVE-2018-1000199 CVE-2019-15666 CVE-2020-10757 CVE-2020-13233 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-197_4 fixes several issues.
The following security issues were fixed:
- CVE-2019-13233: Fixed a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bsc#1144502). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-1654=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-1655=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-1656=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
