SUSE-SU-2019:14157-1

Source
https://www.suse.com/support/update/announcement/2019/suse-su-201914157-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:14157-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2019:14157-1
Related
Published
2019-08-29T14:18:28Z
Modified
2019-08-29T14:18:28Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setupformatparams division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make FSECTPER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189).
  • CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191).
  • CVE-2019-13631: In parsehidreport_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023).
  • CVE-2019-11810: A NULL pointer dereference can occur when megasascreateframepool() fails in megasasalloccmds() in drivers/scsi/megaraid/megaraidsas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399).
  • CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).
  • CVE-2018-20855: An issue was discovered in createqpcommon in drivers/infiniband/hw/mlx5/qp.c, mlx5ibcreateqpresp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045).
  • CVE-2015-9289: A buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allowed larger values such as 23 (bsc#1143179).

The following non-security bugs were fixed:

  • fix detection of race between fcntl-setlk and close (bsc#1140965).
  • ocfs2: add first lock wait time in locking_state (bsc#1134390).
  • ocfs2: add last unlock times in locking_state (bsc#1134390).
  • ocfs2: add locking filter debugfs file (bsc#1134390).
  • powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454).
  • xen-netfront: use napi_complete() correctly to prevent Rx stalling (bsc#1138744).
References

Affected packages

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-bigmem

Package

Name
kernel-bigmem
Purl
pkg:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.101.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.101.1",
            "kernel-default-man": "3.0.101-108.101.1",
            "kernel-ec2": "3.0.101-108.101.1",
            "kernel-default": "3.0.101-108.101.1",
            "kernel-source": "3.0.101-108.101.1",
            "kernel-bigmem": "3.0.101-108.101.1",
            "kernel-pae-base": "3.0.101-108.101.1",
            "kernel-syms": "3.0.101-108.101.1",
            "kernel-bigmem-base": "3.0.101-108.101.1",
            "kernel-pae": "3.0.101-108.101.1",
            "kernel-ppc64-devel": "3.0.101-108.101.1",
            "kernel-ec2-devel": "3.0.101-108.101.1",
            "kernel-ppc64-base": "3.0.101-108.101.1",
            "kernel-trace-devel": "3.0.101-108.101.1",
            "kernel-trace": "3.0.101-108.101.1",
            "kernel-ec2-base": "3.0.101-108.101.1",
            "kernel-ppc64": "3.0.101-108.101.1",
            "kernel-xen-base": "3.0.101-108.101.1",
            "kernel-xen-devel": "3.0.101-108.101.1",
            "kernel-bigmem-devel": "3.0.101-108.101.1",
            "kernel-trace-base": "3.0.101-108.101.1",
            "kernel-default-devel": "3.0.101-108.101.1",
            "kernel-pae-devel": "3.0.101-108.101.1",
            "kernel-xen": "3.0.101-108.101.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.101.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.101.1",
            "kernel-default-man": "3.0.101-108.101.1",
            "kernel-ec2": "3.0.101-108.101.1",
            "kernel-default": "3.0.101-108.101.1",
            "kernel-source": "3.0.101-108.101.1",
            "kernel-bigmem": "3.0.101-108.101.1",
            "kernel-pae-base": "3.0.101-108.101.1",
            "kernel-syms": "3.0.101-108.101.1",
            "kernel-bigmem-base": "3.0.101-108.101.1",
            "kernel-pae": "3.0.101-108.101.1",
            "kernel-ppc64-devel": "3.0.101-108.101.1",
            "kernel-ec2-devel": "3.0.101-108.101.1",
            "kernel-ppc64-base": "3.0.101-108.101.1",
            "kernel-trace-devel": "3.0.101-108.101.1",
            "kernel-trace": "3.0.101-108.101.1",
            "kernel-ec2-base": "3.0.101-108.101.1",
            "kernel-ppc64": "3.0.101-108.101.1",
            "kernel-xen-base": "3.0.101-108.101.1",
            "kernel-xen-devel": "3.0.101-108.101.1",
            "kernel-bigmem-devel": "3.0.101-108.101.1",
            "kernel-trace-base": "3.0.101-108.101.1",
            "kernel-default-devel": "3.0.101-108.101.1",
            "kernel-pae-devel": "3.0.101-108.101.1",
            "kernel-xen": "3.0.101-108.101.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ec2

Package

Name
kernel-ec2
Purl
pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.101.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.101.1",
            "kernel-default-man": "3.0.101-108.101.1",
            "kernel-ec2": "3.0.101-108.101.1",
            "kernel-default": "3.0.101-108.101.1",
            "kernel-source": "3.0.101-108.101.1",
            "kernel-bigmem": "3.0.101-108.101.1",
            "kernel-pae-base": "3.0.101-108.101.1",
            "kernel-syms": "3.0.101-108.101.1",
            "kernel-bigmem-base": "3.0.101-108.101.1",
            "kernel-pae": "3.0.101-108.101.1",
            "kernel-ppc64-devel": "3.0.101-108.101.1",
            "kernel-ec2-devel": "3.0.101-108.101.1",
            "kernel-ppc64-base": "3.0.101-108.101.1",
            "kernel-trace-devel": "3.0.101-108.101.1",
            "kernel-trace": "3.0.101-108.101.1",
            "kernel-ec2-base": "3.0.101-108.101.1",
            "kernel-ppc64": "3.0.101-108.101.1",
            "kernel-xen-base": "3.0.101-108.101.1",
            "kernel-xen-devel": "3.0.101-108.101.1",
            "kernel-bigmem-devel": "3.0.101-108.101.1",
            "kernel-trace-base": "3.0.101-108.101.1",
            "kernel-default-devel": "3.0.101-108.101.1",
            "kernel-pae-devel": "3.0.101-108.101.1",
            "kernel-xen": "3.0.101-108.101.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-pae

Package

Name
kernel-pae
Purl
pkg:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.101.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.101.1",
            "kernel-default-man": "3.0.101-108.101.1",
            "kernel-ec2": "3.0.101-108.101.1",
            "kernel-default": "3.0.101-108.101.1",
            "kernel-source": "3.0.101-108.101.1",
            "kernel-bigmem": "3.0.101-108.101.1",
            "kernel-pae-base": "3.0.101-108.101.1",
            "kernel-syms": "3.0.101-108.101.1",
            "kernel-bigmem-base": "3.0.101-108.101.1",
            "kernel-pae": "3.0.101-108.101.1",
            "kernel-ppc64-devel": "3.0.101-108.101.1",
            "kernel-ec2-devel": "3.0.101-108.101.1",
            "kernel-ppc64-base": "3.0.101-108.101.1",
            "kernel-trace-devel": "3.0.101-108.101.1",
            "kernel-trace": "3.0.101-108.101.1",
            "kernel-ec2-base": "3.0.101-108.101.1",
            "kernel-ppc64": "3.0.101-108.101.1",
            "kernel-xen-base": "3.0.101-108.101.1",
            "kernel-xen-devel": "3.0.101-108.101.1",
            "kernel-bigmem-devel": "3.0.101-108.101.1",
            "kernel-trace-base": "3.0.101-108.101.1",
            "kernel-default-devel": "3.0.101-108.101.1",
            "kernel-pae-devel": "3.0.101-108.101.1",
            "kernel-xen": "3.0.101-108.101.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ppc64

Package

Name
kernel-ppc64
Purl
pkg:rpm/suse/kernel-ppc64&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.101.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.101.1",
            "kernel-default-man": "3.0.101-108.101.1",
            "kernel-ec2": "3.0.101-108.101.1",
            "kernel-default": "3.0.101-108.101.1",
            "kernel-source": "3.0.101-108.101.1",
            "kernel-bigmem": "3.0.101-108.101.1",
            "kernel-pae-base": "3.0.101-108.101.1",
            "kernel-syms": "3.0.101-108.101.1",
            "kernel-bigmem-base": "3.0.101-108.101.1",
            "kernel-pae": "3.0.101-108.101.1",
            "kernel-ppc64-devel": "3.0.101-108.101.1",
            "kernel-ec2-devel": "3.0.101-108.101.1",
            "kernel-ppc64-base": "3.0.101-108.101.1",
            "kernel-trace-devel": "3.0.101-108.101.1",
            "kernel-trace": "3.0.101-108.101.1",
            "kernel-ec2-base": "3.0.101-108.101.1",
            "kernel-ppc64": "3.0.101-108.101.1",
            "kernel-xen-base": "3.0.101-108.101.1",
            "kernel-xen-devel": "3.0.101-108.101.1",
            "kernel-bigmem-devel": "3.0.101-108.101.1",
            "kernel-trace-base": "3.0.101-108.101.1",
            "kernel-default-devel": "3.0.101-108.101.1",
            "kernel-pae-devel": "3.0.101-108.101.1",
            "kernel-xen": "3.0.101-108.101.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.101.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.101.1",
            "kernel-default-man": "3.0.101-108.101.1",
            "kernel-ec2": "3.0.101-108.101.1",
            "kernel-default": "3.0.101-108.101.1",
            "kernel-source": "3.0.101-108.101.1",
            "kernel-bigmem": "3.0.101-108.101.1",
            "kernel-pae-base": "3.0.101-108.101.1",
            "kernel-syms": "3.0.101-108.101.1",
            "kernel-bigmem-base": "3.0.101-108.101.1",
            "kernel-pae": "3.0.101-108.101.1",
            "kernel-ppc64-devel": "3.0.101-108.101.1",
            "kernel-ec2-devel": "3.0.101-108.101.1",
            "kernel-ppc64-base": "3.0.101-108.101.1",
            "kernel-trace-devel": "3.0.101-108.101.1",
            "kernel-trace": "3.0.101-108.101.1",
            "kernel-ec2-base": "3.0.101-108.101.1",
            "kernel-ppc64": "3.0.101-108.101.1",
            "kernel-xen-base": "3.0.101-108.101.1",
            "kernel-xen-devel": "3.0.101-108.101.1",
            "kernel-bigmem-devel": "3.0.101-108.101.1",
            "kernel-trace-base": "3.0.101-108.101.1",
            "kernel-default-devel": "3.0.101-108.101.1",
            "kernel-pae-devel": "3.0.101-108.101.1",
            "kernel-xen": "3.0.101-108.101.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.101.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.101.1",
            "kernel-default-man": "3.0.101-108.101.1",
            "kernel-ec2": "3.0.101-108.101.1",
            "kernel-default": "3.0.101-108.101.1",
            "kernel-source": "3.0.101-108.101.1",
            "kernel-bigmem": "3.0.101-108.101.1",
            "kernel-pae-base": "3.0.101-108.101.1",
            "kernel-syms": "3.0.101-108.101.1",
            "kernel-bigmem-base": "3.0.101-108.101.1",
            "kernel-pae": "3.0.101-108.101.1",
            "kernel-ppc64-devel": "3.0.101-108.101.1",
            "kernel-ec2-devel": "3.0.101-108.101.1",
            "kernel-ppc64-base": "3.0.101-108.101.1",
            "kernel-trace-devel": "3.0.101-108.101.1",
            "kernel-trace": "3.0.101-108.101.1",
            "kernel-ec2-base": "3.0.101-108.101.1",
            "kernel-ppc64": "3.0.101-108.101.1",
            "kernel-xen-base": "3.0.101-108.101.1",
            "kernel-xen-devel": "3.0.101-108.101.1",
            "kernel-bigmem-devel": "3.0.101-108.101.1",
            "kernel-trace-base": "3.0.101-108.101.1",
            "kernel-default-devel": "3.0.101-108.101.1",
            "kernel-pae-devel": "3.0.101-108.101.1",
            "kernel-xen": "3.0.101-108.101.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-trace

Package

Name
kernel-trace
Purl
pkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.101.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.101.1",
            "kernel-default-man": "3.0.101-108.101.1",
            "kernel-ec2": "3.0.101-108.101.1",
            "kernel-default": "3.0.101-108.101.1",
            "kernel-source": "3.0.101-108.101.1",
            "kernel-bigmem": "3.0.101-108.101.1",
            "kernel-pae-base": "3.0.101-108.101.1",
            "kernel-syms": "3.0.101-108.101.1",
            "kernel-bigmem-base": "3.0.101-108.101.1",
            "kernel-pae": "3.0.101-108.101.1",
            "kernel-ppc64-devel": "3.0.101-108.101.1",
            "kernel-ec2-devel": "3.0.101-108.101.1",
            "kernel-ppc64-base": "3.0.101-108.101.1",
            "kernel-trace-devel": "3.0.101-108.101.1",
            "kernel-trace": "3.0.101-108.101.1",
            "kernel-ec2-base": "3.0.101-108.101.1",
            "kernel-ppc64": "3.0.101-108.101.1",
            "kernel-xen-base": "3.0.101-108.101.1",
            "kernel-xen-devel": "3.0.101-108.101.1",
            "kernel-bigmem-devel": "3.0.101-108.101.1",
            "kernel-trace-base": "3.0.101-108.101.1",
            "kernel-default-devel": "3.0.101-108.101.1",
            "kernel-pae-devel": "3.0.101-108.101.1",
            "kernel-xen": "3.0.101-108.101.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.101.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.101.1",
            "kernel-default-man": "3.0.101-108.101.1",
            "kernel-ec2": "3.0.101-108.101.1",
            "kernel-default": "3.0.101-108.101.1",
            "kernel-source": "3.0.101-108.101.1",
            "kernel-bigmem": "3.0.101-108.101.1",
            "kernel-pae-base": "3.0.101-108.101.1",
            "kernel-syms": "3.0.101-108.101.1",
            "kernel-bigmem-base": "3.0.101-108.101.1",
            "kernel-pae": "3.0.101-108.101.1",
            "kernel-ppc64-devel": "3.0.101-108.101.1",
            "kernel-ec2-devel": "3.0.101-108.101.1",
            "kernel-ppc64-base": "3.0.101-108.101.1",
            "kernel-trace-devel": "3.0.101-108.101.1",
            "kernel-trace": "3.0.101-108.101.1",
            "kernel-ec2-base": "3.0.101-108.101.1",
            "kernel-ppc64": "3.0.101-108.101.1",
            "kernel-xen-base": "3.0.101-108.101.1",
            "kernel-xen-devel": "3.0.101-108.101.1",
            "kernel-bigmem-devel": "3.0.101-108.101.1",
            "kernel-trace-base": "3.0.101-108.101.1",
            "kernel-default-devel": "3.0.101-108.101.1",
            "kernel-pae-devel": "3.0.101-108.101.1",
            "kernel-xen": "3.0.101-108.101.1"
        }
    ]
}