SUSE-SU-2019:14127-1

Source
https://www.suse.com/support/update/announcement/2019/suse-su-201914127-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:14127-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2019:14127-1
Related
Published
2019-07-18T15:53:32Z
Modified
2019-07-18T15:53:32Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2019-3459: A heap address information leak while using L2CAPGETCONF_OPT was discovered in the Linux kernel(bnc#1120758).
  • CVE-2019-3460: A heap data infoleak in multiple locations including L2CAPPARSECONF_RSP was found in the Linux kernel before (bnc#1120758).
  • CVE-2019-3896: A double-free could happen in idrremoveall() in lib/idr.c in the Linux kernel. An unprivileged local attacker could use this flaw for a privilege escalation or for a system crash and a denial of service (DoS) (bnc#1138943).
  • CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcpcollapseofoqueue() and tcppruneofoqueue() for every incoming packet which could lead to a denial of service (bnc#1102340).
  • CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smptasktimedout() and smptaskdone() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).
  • CVE-2019-12614: An issue was discovered in dlparparsecc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).
  • CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424 1136446).

The following non-security bugs were fixed:

  • KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).
  • fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer (bsc#1134835).
  • signal: give SENDSIGFORCED more power to beat SIGNAL_UNKILLABLE (bsc#1135650).
  • signal: oomkilltask: use SENDSIGFORCED instead of force_sig() (bsc#1135650).
  • tcp: a regression in the previous fix for the TCP SACK issue was fixed (bnc#1139751)
References

Affected packages

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-bigmem

Package

Name
kernel-bigmem
Purl
pkg:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.98.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.98.1",
            "kernel-default-man": "3.0.101-108.98.1",
            "kernel-ec2": "3.0.101-108.98.1",
            "kernel-default": "3.0.101-108.98.1",
            "kernel-source": "3.0.101-108.98.1",
            "kernel-bigmem": "3.0.101-108.98.1",
            "kernel-pae-base": "3.0.101-108.98.1",
            "kernel-syms": "3.0.101-108.98.1",
            "kernel-bigmem-base": "3.0.101-108.98.1",
            "kernel-pae": "3.0.101-108.98.1",
            "kernel-ppc64-devel": "3.0.101-108.98.1",
            "kernel-ec2-devel": "3.0.101-108.98.1",
            "kernel-ppc64-base": "3.0.101-108.98.1",
            "kernel-trace-devel": "3.0.101-108.98.1",
            "kernel-trace": "3.0.101-108.98.1",
            "kernel-ec2-base": "3.0.101-108.98.1",
            "kernel-ppc64": "3.0.101-108.98.1",
            "kernel-xen-base": "3.0.101-108.98.1",
            "kernel-xen-devel": "3.0.101-108.98.1",
            "kernel-bigmem-devel": "3.0.101-108.98.1",
            "kernel-trace-base": "3.0.101-108.98.1",
            "kernel-default-devel": "3.0.101-108.98.1",
            "kernel-pae-devel": "3.0.101-108.98.1",
            "kernel-xen": "3.0.101-108.98.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.98.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.98.1",
            "kernel-default-man": "3.0.101-108.98.1",
            "kernel-ec2": "3.0.101-108.98.1",
            "kernel-default": "3.0.101-108.98.1",
            "kernel-source": "3.0.101-108.98.1",
            "kernel-bigmem": "3.0.101-108.98.1",
            "kernel-pae-base": "3.0.101-108.98.1",
            "kernel-syms": "3.0.101-108.98.1",
            "kernel-bigmem-base": "3.0.101-108.98.1",
            "kernel-pae": "3.0.101-108.98.1",
            "kernel-ppc64-devel": "3.0.101-108.98.1",
            "kernel-ec2-devel": "3.0.101-108.98.1",
            "kernel-ppc64-base": "3.0.101-108.98.1",
            "kernel-trace-devel": "3.0.101-108.98.1",
            "kernel-trace": "3.0.101-108.98.1",
            "kernel-ec2-base": "3.0.101-108.98.1",
            "kernel-ppc64": "3.0.101-108.98.1",
            "kernel-xen-base": "3.0.101-108.98.1",
            "kernel-xen-devel": "3.0.101-108.98.1",
            "kernel-bigmem-devel": "3.0.101-108.98.1",
            "kernel-trace-base": "3.0.101-108.98.1",
            "kernel-default-devel": "3.0.101-108.98.1",
            "kernel-pae-devel": "3.0.101-108.98.1",
            "kernel-xen": "3.0.101-108.98.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ec2

Package

Name
kernel-ec2
Purl
pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.98.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.98.1",
            "kernel-default-man": "3.0.101-108.98.1",
            "kernel-ec2": "3.0.101-108.98.1",
            "kernel-default": "3.0.101-108.98.1",
            "kernel-source": "3.0.101-108.98.1",
            "kernel-bigmem": "3.0.101-108.98.1",
            "kernel-pae-base": "3.0.101-108.98.1",
            "kernel-syms": "3.0.101-108.98.1",
            "kernel-bigmem-base": "3.0.101-108.98.1",
            "kernel-pae": "3.0.101-108.98.1",
            "kernel-ppc64-devel": "3.0.101-108.98.1",
            "kernel-ec2-devel": "3.0.101-108.98.1",
            "kernel-ppc64-base": "3.0.101-108.98.1",
            "kernel-trace-devel": "3.0.101-108.98.1",
            "kernel-trace": "3.0.101-108.98.1",
            "kernel-ec2-base": "3.0.101-108.98.1",
            "kernel-ppc64": "3.0.101-108.98.1",
            "kernel-xen-base": "3.0.101-108.98.1",
            "kernel-xen-devel": "3.0.101-108.98.1",
            "kernel-bigmem-devel": "3.0.101-108.98.1",
            "kernel-trace-base": "3.0.101-108.98.1",
            "kernel-default-devel": "3.0.101-108.98.1",
            "kernel-pae-devel": "3.0.101-108.98.1",
            "kernel-xen": "3.0.101-108.98.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-pae

Package

Name
kernel-pae
Purl
pkg:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.98.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.98.1",
            "kernel-default-man": "3.0.101-108.98.1",
            "kernel-ec2": "3.0.101-108.98.1",
            "kernel-default": "3.0.101-108.98.1",
            "kernel-source": "3.0.101-108.98.1",
            "kernel-bigmem": "3.0.101-108.98.1",
            "kernel-pae-base": "3.0.101-108.98.1",
            "kernel-syms": "3.0.101-108.98.1",
            "kernel-bigmem-base": "3.0.101-108.98.1",
            "kernel-pae": "3.0.101-108.98.1",
            "kernel-ppc64-devel": "3.0.101-108.98.1",
            "kernel-ec2-devel": "3.0.101-108.98.1",
            "kernel-ppc64-base": "3.0.101-108.98.1",
            "kernel-trace-devel": "3.0.101-108.98.1",
            "kernel-trace": "3.0.101-108.98.1",
            "kernel-ec2-base": "3.0.101-108.98.1",
            "kernel-ppc64": "3.0.101-108.98.1",
            "kernel-xen-base": "3.0.101-108.98.1",
            "kernel-xen-devel": "3.0.101-108.98.1",
            "kernel-bigmem-devel": "3.0.101-108.98.1",
            "kernel-trace-base": "3.0.101-108.98.1",
            "kernel-default-devel": "3.0.101-108.98.1",
            "kernel-pae-devel": "3.0.101-108.98.1",
            "kernel-xen": "3.0.101-108.98.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ppc64

Package

Name
kernel-ppc64
Purl
pkg:rpm/suse/kernel-ppc64&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.98.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.98.1",
            "kernel-default-man": "3.0.101-108.98.1",
            "kernel-ec2": "3.0.101-108.98.1",
            "kernel-default": "3.0.101-108.98.1",
            "kernel-source": "3.0.101-108.98.1",
            "kernel-bigmem": "3.0.101-108.98.1",
            "kernel-pae-base": "3.0.101-108.98.1",
            "kernel-syms": "3.0.101-108.98.1",
            "kernel-bigmem-base": "3.0.101-108.98.1",
            "kernel-pae": "3.0.101-108.98.1",
            "kernel-ppc64-devel": "3.0.101-108.98.1",
            "kernel-ec2-devel": "3.0.101-108.98.1",
            "kernel-ppc64-base": "3.0.101-108.98.1",
            "kernel-trace-devel": "3.0.101-108.98.1",
            "kernel-trace": "3.0.101-108.98.1",
            "kernel-ec2-base": "3.0.101-108.98.1",
            "kernel-ppc64": "3.0.101-108.98.1",
            "kernel-xen-base": "3.0.101-108.98.1",
            "kernel-xen-devel": "3.0.101-108.98.1",
            "kernel-bigmem-devel": "3.0.101-108.98.1",
            "kernel-trace-base": "3.0.101-108.98.1",
            "kernel-default-devel": "3.0.101-108.98.1",
            "kernel-pae-devel": "3.0.101-108.98.1",
            "kernel-xen": "3.0.101-108.98.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.98.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.98.1",
            "kernel-default-man": "3.0.101-108.98.1",
            "kernel-ec2": "3.0.101-108.98.1",
            "kernel-default": "3.0.101-108.98.1",
            "kernel-source": "3.0.101-108.98.1",
            "kernel-bigmem": "3.0.101-108.98.1",
            "kernel-pae-base": "3.0.101-108.98.1",
            "kernel-syms": "3.0.101-108.98.1",
            "kernel-bigmem-base": "3.0.101-108.98.1",
            "kernel-pae": "3.0.101-108.98.1",
            "kernel-ppc64-devel": "3.0.101-108.98.1",
            "kernel-ec2-devel": "3.0.101-108.98.1",
            "kernel-ppc64-base": "3.0.101-108.98.1",
            "kernel-trace-devel": "3.0.101-108.98.1",
            "kernel-trace": "3.0.101-108.98.1",
            "kernel-ec2-base": "3.0.101-108.98.1",
            "kernel-ppc64": "3.0.101-108.98.1",
            "kernel-xen-base": "3.0.101-108.98.1",
            "kernel-xen-devel": "3.0.101-108.98.1",
            "kernel-bigmem-devel": "3.0.101-108.98.1",
            "kernel-trace-base": "3.0.101-108.98.1",
            "kernel-default-devel": "3.0.101-108.98.1",
            "kernel-pae-devel": "3.0.101-108.98.1",
            "kernel-xen": "3.0.101-108.98.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.98.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.98.1",
            "kernel-default-man": "3.0.101-108.98.1",
            "kernel-ec2": "3.0.101-108.98.1",
            "kernel-default": "3.0.101-108.98.1",
            "kernel-source": "3.0.101-108.98.1",
            "kernel-bigmem": "3.0.101-108.98.1",
            "kernel-pae-base": "3.0.101-108.98.1",
            "kernel-syms": "3.0.101-108.98.1",
            "kernel-bigmem-base": "3.0.101-108.98.1",
            "kernel-pae": "3.0.101-108.98.1",
            "kernel-ppc64-devel": "3.0.101-108.98.1",
            "kernel-ec2-devel": "3.0.101-108.98.1",
            "kernel-ppc64-base": "3.0.101-108.98.1",
            "kernel-trace-devel": "3.0.101-108.98.1",
            "kernel-trace": "3.0.101-108.98.1",
            "kernel-ec2-base": "3.0.101-108.98.1",
            "kernel-ppc64": "3.0.101-108.98.1",
            "kernel-xen-base": "3.0.101-108.98.1",
            "kernel-xen-devel": "3.0.101-108.98.1",
            "kernel-bigmem-devel": "3.0.101-108.98.1",
            "kernel-trace-base": "3.0.101-108.98.1",
            "kernel-default-devel": "3.0.101-108.98.1",
            "kernel-pae-devel": "3.0.101-108.98.1",
            "kernel-xen": "3.0.101-108.98.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-trace

Package

Name
kernel-trace
Purl
pkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.98.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.98.1",
            "kernel-default-man": "3.0.101-108.98.1",
            "kernel-ec2": "3.0.101-108.98.1",
            "kernel-default": "3.0.101-108.98.1",
            "kernel-source": "3.0.101-108.98.1",
            "kernel-bigmem": "3.0.101-108.98.1",
            "kernel-pae-base": "3.0.101-108.98.1",
            "kernel-syms": "3.0.101-108.98.1",
            "kernel-bigmem-base": "3.0.101-108.98.1",
            "kernel-pae": "3.0.101-108.98.1",
            "kernel-ppc64-devel": "3.0.101-108.98.1",
            "kernel-ec2-devel": "3.0.101-108.98.1",
            "kernel-ppc64-base": "3.0.101-108.98.1",
            "kernel-trace-devel": "3.0.101-108.98.1",
            "kernel-trace": "3.0.101-108.98.1",
            "kernel-ec2-base": "3.0.101-108.98.1",
            "kernel-ppc64": "3.0.101-108.98.1",
            "kernel-xen-base": "3.0.101-108.98.1",
            "kernel-xen-devel": "3.0.101-108.98.1",
            "kernel-bigmem-devel": "3.0.101-108.98.1",
            "kernel-trace-base": "3.0.101-108.98.1",
            "kernel-default-devel": "3.0.101-108.98.1",
            "kernel-pae-devel": "3.0.101-108.98.1",
            "kernel-xen": "3.0.101-108.98.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.98.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.98.1",
            "kernel-default-man": "3.0.101-108.98.1",
            "kernel-ec2": "3.0.101-108.98.1",
            "kernel-default": "3.0.101-108.98.1",
            "kernel-source": "3.0.101-108.98.1",
            "kernel-bigmem": "3.0.101-108.98.1",
            "kernel-pae-base": "3.0.101-108.98.1",
            "kernel-syms": "3.0.101-108.98.1",
            "kernel-bigmem-base": "3.0.101-108.98.1",
            "kernel-pae": "3.0.101-108.98.1",
            "kernel-ppc64-devel": "3.0.101-108.98.1",
            "kernel-ec2-devel": "3.0.101-108.98.1",
            "kernel-ppc64-base": "3.0.101-108.98.1",
            "kernel-trace-devel": "3.0.101-108.98.1",
            "kernel-trace": "3.0.101-108.98.1",
            "kernel-ec2-base": "3.0.101-108.98.1",
            "kernel-ppc64": "3.0.101-108.98.1",
            "kernel-xen-base": "3.0.101-108.98.1",
            "kernel-xen-devel": "3.0.101-108.98.1",
            "kernel-bigmem-devel": "3.0.101-108.98.1",
            "kernel-trace-base": "3.0.101-108.98.1",
            "kernel-default-devel": "3.0.101-108.98.1",
            "kernel-pae-devel": "3.0.101-108.98.1",
            "kernel-xen": "3.0.101-108.98.1"
        }
    ]
}