SUSE-SU-2019:14157-1
- Source
- https://www.suse.com/support/update/announcement/2019/suse-su-201914157-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:14157-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2019:14157-1
- Related
- Published
- 2019-08-29T14:18:28Z
- Modified
- 2019-08-29T14:18:28Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setupformatparams division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make FSECTPER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189).
- CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191).
- CVE-2019-13631: In parsehidreport_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023).
- CVE-2019-11810: A NULL pointer dereference can occur when megasascreateframepool() fails in megasasalloccmds() in drivers/scsi/megaraid/megaraidsas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399).
- CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).
- CVE-2018-20855: An issue was discovered in createqpcommon in drivers/infiniband/hw/mlx5/qp.c, mlx5ibcreateqpresp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045).
- CVE-2015-9289: A buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allowed larger values such as 23 (bsc#1143179).
The following non-security bugs were fixed:
- fix detection of race between fcntl-setlk and close (bsc#1140965).
- ocfs2: add first lock wait time in locking_state (bsc#1134390).
- ocfs2: add last unlock times in locking_state (bsc#1134390).
- ocfs2: add locking filter debugfs file (bsc#1134390).
- powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454).
- xen-netfront: use napi_complete() correctly to prevent Rx stalling (bsc#1138744).
- References
-
- https://www.suse.com/support/update/announcement/2019/suse-su-201914157-1/
- https://bugzilla.suse.com/1134390
- https://bugzilla.suse.com/1134399
- https://bugzilla.suse.com/1138744
- https://bugzilla.suse.com/1139358
- https://bugzilla.suse.com/1140945
- https://bugzilla.suse.com/1140965
- https://bugzilla.suse.com/1141401
- https://bugzilla.suse.com/1141402
- https://bugzilla.suse.com/1141452
- https://bugzilla.suse.com/1141453
- https://bugzilla.suse.com/1141454
- https://bugzilla.suse.com/1142023
- https://bugzilla.suse.com/1143045
- https://bugzilla.suse.com/1143179
- https://bugzilla.suse.com/1143189
- https://bugzilla.suse.com/1143191
- https://www.suse.com/security/cve/CVE-2015-9289
- https://www.suse.com/security/cve/CVE-2018-20855
- https://www.suse.com/security/cve/CVE-2019-1125
- https://www.suse.com/security/cve/CVE-2019-11810
- https://www.suse.com/security/cve/CVE-2019-13631
- https://www.suse.com/security/cve/CVE-2019-14283
- https://www.suse.com/security/cve/CVE-2019-14284
Affected packages
SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-bigmem
Package
- Name
- kernel-bigmem
- Purl
- purl:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.101.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.101.1",
"kernel-default-man": "3.0.101-108.101.1",
"kernel-ec2": "3.0.101-108.101.1",
"kernel-default": "3.0.101-108.101.1",
"kernel-source": "3.0.101-108.101.1",
"kernel-bigmem": "3.0.101-108.101.1",
"kernel-pae-base": "3.0.101-108.101.1",
"kernel-syms": "3.0.101-108.101.1",
"kernel-bigmem-base": "3.0.101-108.101.1",
"kernel-pae": "3.0.101-108.101.1",
"kernel-ppc64-devel": "3.0.101-108.101.1",
"kernel-ec2-devel": "3.0.101-108.101.1",
"kernel-ppc64-base": "3.0.101-108.101.1",
"kernel-trace-devel": "3.0.101-108.101.1",
"kernel-trace": "3.0.101-108.101.1",
"kernel-ec2-base": "3.0.101-108.101.1",
"kernel-ppc64": "3.0.101-108.101.1",
"kernel-xen-base": "3.0.101-108.101.1",
"kernel-xen-devel": "3.0.101-108.101.1",
"kernel-bigmem-devel": "3.0.101-108.101.1",
"kernel-trace-base": "3.0.101-108.101.1",
"kernel-default-devel": "3.0.101-108.101.1",
"kernel-pae-devel": "3.0.101-108.101.1",
"kernel-xen": "3.0.101-108.101.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.101.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.101.1",
"kernel-default-man": "3.0.101-108.101.1",
"kernel-ec2": "3.0.101-108.101.1",
"kernel-default": "3.0.101-108.101.1",
"kernel-source": "3.0.101-108.101.1",
"kernel-bigmem": "3.0.101-108.101.1",
"kernel-pae-base": "3.0.101-108.101.1",
"kernel-syms": "3.0.101-108.101.1",
"kernel-bigmem-base": "3.0.101-108.101.1",
"kernel-pae": "3.0.101-108.101.1",
"kernel-ppc64-devel": "3.0.101-108.101.1",
"kernel-ec2-devel": "3.0.101-108.101.1",
"kernel-ppc64-base": "3.0.101-108.101.1",
"kernel-trace-devel": "3.0.101-108.101.1",
"kernel-trace": "3.0.101-108.101.1",
"kernel-ec2-base": "3.0.101-108.101.1",
"kernel-ppc64": "3.0.101-108.101.1",
"kernel-xen-base": "3.0.101-108.101.1",
"kernel-xen-devel": "3.0.101-108.101.1",
"kernel-bigmem-devel": "3.0.101-108.101.1",
"kernel-trace-base": "3.0.101-108.101.1",
"kernel-default-devel": "3.0.101-108.101.1",
"kernel-pae-devel": "3.0.101-108.101.1",
"kernel-xen": "3.0.101-108.101.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ec2
Package
- Name
- kernel-ec2
- Purl
- purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.101.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.101.1",
"kernel-default-man": "3.0.101-108.101.1",
"kernel-ec2": "3.0.101-108.101.1",
"kernel-default": "3.0.101-108.101.1",
"kernel-source": "3.0.101-108.101.1",
"kernel-bigmem": "3.0.101-108.101.1",
"kernel-pae-base": "3.0.101-108.101.1",
"kernel-syms": "3.0.101-108.101.1",
"kernel-bigmem-base": "3.0.101-108.101.1",
"kernel-pae": "3.0.101-108.101.1",
"kernel-ppc64-devel": "3.0.101-108.101.1",
"kernel-ec2-devel": "3.0.101-108.101.1",
"kernel-ppc64-base": "3.0.101-108.101.1",
"kernel-trace-devel": "3.0.101-108.101.1",
"kernel-trace": "3.0.101-108.101.1",
"kernel-ec2-base": "3.0.101-108.101.1",
"kernel-ppc64": "3.0.101-108.101.1",
"kernel-xen-base": "3.0.101-108.101.1",
"kernel-xen-devel": "3.0.101-108.101.1",
"kernel-bigmem-devel": "3.0.101-108.101.1",
"kernel-trace-base": "3.0.101-108.101.1",
"kernel-default-devel": "3.0.101-108.101.1",
"kernel-pae-devel": "3.0.101-108.101.1",
"kernel-xen": "3.0.101-108.101.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-pae
Package
- Name
- kernel-pae
- Purl
- purl:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.101.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.101.1",
"kernel-default-man": "3.0.101-108.101.1",
"kernel-ec2": "3.0.101-108.101.1",
"kernel-default": "3.0.101-108.101.1",
"kernel-source": "3.0.101-108.101.1",
"kernel-bigmem": "3.0.101-108.101.1",
"kernel-pae-base": "3.0.101-108.101.1",
"kernel-syms": "3.0.101-108.101.1",
"kernel-bigmem-base": "3.0.101-108.101.1",
"kernel-pae": "3.0.101-108.101.1",
"kernel-ppc64-devel": "3.0.101-108.101.1",
"kernel-ec2-devel": "3.0.101-108.101.1",
"kernel-ppc64-base": "3.0.101-108.101.1",
"kernel-trace-devel": "3.0.101-108.101.1",
"kernel-trace": "3.0.101-108.101.1",
"kernel-ec2-base": "3.0.101-108.101.1",
"kernel-ppc64": "3.0.101-108.101.1",
"kernel-xen-base": "3.0.101-108.101.1",
"kernel-xen-devel": "3.0.101-108.101.1",
"kernel-bigmem-devel": "3.0.101-108.101.1",
"kernel-trace-base": "3.0.101-108.101.1",
"kernel-default-devel": "3.0.101-108.101.1",
"kernel-pae-devel": "3.0.101-108.101.1",
"kernel-xen": "3.0.101-108.101.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ppc64
Package
- Name
- kernel-ppc64
- Purl
- purl:rpm/suse/kernel-ppc64&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.101.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.101.1",
"kernel-default-man": "3.0.101-108.101.1",
"kernel-ec2": "3.0.101-108.101.1",
"kernel-default": "3.0.101-108.101.1",
"kernel-source": "3.0.101-108.101.1",
"kernel-bigmem": "3.0.101-108.101.1",
"kernel-pae-base": "3.0.101-108.101.1",
"kernel-syms": "3.0.101-108.101.1",
"kernel-bigmem-base": "3.0.101-108.101.1",
"kernel-pae": "3.0.101-108.101.1",
"kernel-ppc64-devel": "3.0.101-108.101.1",
"kernel-ec2-devel": "3.0.101-108.101.1",
"kernel-ppc64-base": "3.0.101-108.101.1",
"kernel-trace-devel": "3.0.101-108.101.1",
"kernel-trace": "3.0.101-108.101.1",
"kernel-ec2-base": "3.0.101-108.101.1",
"kernel-ppc64": "3.0.101-108.101.1",
"kernel-xen-base": "3.0.101-108.101.1",
"kernel-xen-devel": "3.0.101-108.101.1",
"kernel-bigmem-devel": "3.0.101-108.101.1",
"kernel-trace-base": "3.0.101-108.101.1",
"kernel-default-devel": "3.0.101-108.101.1",
"kernel-pae-devel": "3.0.101-108.101.1",
"kernel-xen": "3.0.101-108.101.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.101.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.101.1",
"kernel-default-man": "3.0.101-108.101.1",
"kernel-ec2": "3.0.101-108.101.1",
"kernel-default": "3.0.101-108.101.1",
"kernel-source": "3.0.101-108.101.1",
"kernel-bigmem": "3.0.101-108.101.1",
"kernel-pae-base": "3.0.101-108.101.1",
"kernel-syms": "3.0.101-108.101.1",
"kernel-bigmem-base": "3.0.101-108.101.1",
"kernel-pae": "3.0.101-108.101.1",
"kernel-ppc64-devel": "3.0.101-108.101.1",
"kernel-ec2-devel": "3.0.101-108.101.1",
"kernel-ppc64-base": "3.0.101-108.101.1",
"kernel-trace-devel": "3.0.101-108.101.1",
"kernel-trace": "3.0.101-108.101.1",
"kernel-ec2-base": "3.0.101-108.101.1",
"kernel-ppc64": "3.0.101-108.101.1",
"kernel-xen-base": "3.0.101-108.101.1",
"kernel-xen-devel": "3.0.101-108.101.1",
"kernel-bigmem-devel": "3.0.101-108.101.1",
"kernel-trace-base": "3.0.101-108.101.1",
"kernel-default-devel": "3.0.101-108.101.1",
"kernel-pae-devel": "3.0.101-108.101.1",
"kernel-xen": "3.0.101-108.101.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.101.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.101.1",
"kernel-default-man": "3.0.101-108.101.1",
"kernel-ec2": "3.0.101-108.101.1",
"kernel-default": "3.0.101-108.101.1",
"kernel-source": "3.0.101-108.101.1",
"kernel-bigmem": "3.0.101-108.101.1",
"kernel-pae-base": "3.0.101-108.101.1",
"kernel-syms": "3.0.101-108.101.1",
"kernel-bigmem-base": "3.0.101-108.101.1",
"kernel-pae": "3.0.101-108.101.1",
"kernel-ppc64-devel": "3.0.101-108.101.1",
"kernel-ec2-devel": "3.0.101-108.101.1",
"kernel-ppc64-base": "3.0.101-108.101.1",
"kernel-trace-devel": "3.0.101-108.101.1",
"kernel-trace": "3.0.101-108.101.1",
"kernel-ec2-base": "3.0.101-108.101.1",
"kernel-ppc64": "3.0.101-108.101.1",
"kernel-xen-base": "3.0.101-108.101.1",
"kernel-xen-devel": "3.0.101-108.101.1",
"kernel-bigmem-devel": "3.0.101-108.101.1",
"kernel-trace-base": "3.0.101-108.101.1",
"kernel-default-devel": "3.0.101-108.101.1",
"kernel-pae-devel": "3.0.101-108.101.1",
"kernel-xen": "3.0.101-108.101.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-trace
Package
- Name
- kernel-trace
- Purl
- purl:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.101.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.101.1",
"kernel-default-man": "3.0.101-108.101.1",
"kernel-ec2": "3.0.101-108.101.1",
"kernel-default": "3.0.101-108.101.1",
"kernel-source": "3.0.101-108.101.1",
"kernel-bigmem": "3.0.101-108.101.1",
"kernel-pae-base": "3.0.101-108.101.1",
"kernel-syms": "3.0.101-108.101.1",
"kernel-bigmem-base": "3.0.101-108.101.1",
"kernel-pae": "3.0.101-108.101.1",
"kernel-ppc64-devel": "3.0.101-108.101.1",
"kernel-ec2-devel": "3.0.101-108.101.1",
"kernel-ppc64-base": "3.0.101-108.101.1",
"kernel-trace-devel": "3.0.101-108.101.1",
"kernel-trace": "3.0.101-108.101.1",
"kernel-ec2-base": "3.0.101-108.101.1",
"kernel-ppc64": "3.0.101-108.101.1",
"kernel-xen-base": "3.0.101-108.101.1",
"kernel-xen-devel": "3.0.101-108.101.1",
"kernel-bigmem-devel": "3.0.101-108.101.1",
"kernel-trace-base": "3.0.101-108.101.1",
"kernel-default-devel": "3.0.101-108.101.1",
"kernel-pae-devel": "3.0.101-108.101.1",
"kernel-xen": "3.0.101-108.101.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-xen
Package
- Name
- kernel-xen
- Purl
- purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.101.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.101.1",
"kernel-default-man": "3.0.101-108.101.1",
"kernel-ec2": "3.0.101-108.101.1",
"kernel-default": "3.0.101-108.101.1",
"kernel-source": "3.0.101-108.101.1",
"kernel-bigmem": "3.0.101-108.101.1",
"kernel-pae-base": "3.0.101-108.101.1",
"kernel-syms": "3.0.101-108.101.1",
"kernel-bigmem-base": "3.0.101-108.101.1",
"kernel-pae": "3.0.101-108.101.1",
"kernel-ppc64-devel": "3.0.101-108.101.1",
"kernel-ec2-devel": "3.0.101-108.101.1",
"kernel-ppc64-base": "3.0.101-108.101.1",
"kernel-trace-devel": "3.0.101-108.101.1",
"kernel-trace": "3.0.101-108.101.1",
"kernel-ec2-base": "3.0.101-108.101.1",
"kernel-ppc64": "3.0.101-108.101.1",
"kernel-xen-base": "3.0.101-108.101.1",
"kernel-xen-devel": "3.0.101-108.101.1",
"kernel-bigmem-devel": "3.0.101-108.101.1",
"kernel-trace-base": "3.0.101-108.101.1",
"kernel-default-devel": "3.0.101-108.101.1",
"kernel-pae-devel": "3.0.101-108.101.1",
"kernel-xen": "3.0.101-108.101.1"
}
]
}