Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2023:0407-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves four vulnerabilities and has five security fixes can now be installed.
Description:
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
The following non-security bugs were fixed:
- Added support for enabling livepatching related packages on -RT (jsc#PED-1706).
- Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
- Reverted "constraints: increase disk space for all architectures" (bsc#1203693).
- HID: betop: check shape of output reports (bsc#1207186).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186).
- HID: check empty report_list in hid_validate_values() (bsc#1206784).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE OpenStack Cloud 9
zypper in -t patch SUSE-OpenStack-Cloud-9-2023-407=1
-
SUSE OpenStack Cloud Crowbar 9
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-407=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4
zypper in -t patch SUSE-SLE-HA-12-SP4-2023-407=1 SUSE-SLE-SAP-12-SP4-2023-407=1
-
SUSE Linux Enterprise High Availability Extension 12 SP4
zypper in -t patch SUSE-SLE-HA-12-SP4-2023-407=1
-
SUSE Linux Enterprise Live Patching 12-SP4
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-407=1
-
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-407=1
-
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-407=1
Package List:
-
SUSE OpenStack Cloud 9 (nosrc x86_64)
- kernel-default-4.12.14-95.117.1
-
SUSE OpenStack Cloud 9 (x86_64)
- kernel-default-devel-debuginfo-4.12.14-95.117.1
- kernel-default-debugsource-4.12.14-95.117.1
- kernel-default-devel-4.12.14-95.117.1
- kernel-default-base-debuginfo-4.12.14-95.117.1
- kernel-default-debuginfo-4.12.14-95.117.1
- kernel-default-base-4.12.14-95.117.1
- kernel-syms-4.12.14-95.117.1
-
SUSE OpenStack Cloud 9 (noarch)
- kernel-devel-4.12.14-95.117.1
- kernel-source-4.12.14-95.117.1
- kernel-macros-4.12.14-95.117.1
-
SUSE OpenStack Cloud Crowbar 9 (nosrc x86_64)
- kernel-default-4.12.14-95.117.1
-
SUSE OpenStack Cloud Crowbar 9 (x86_64)
- kernel-default-devel-debuginfo-4.12.14-95.117.1
- kernel-default-debugsource-4.12.14-95.117.1
- kernel-default-devel-4.12.14-95.117.1
- kernel-default-base-debuginfo-4.12.14-95.117.1
- kernel-default-debuginfo-4.12.14-95.117.1
- kernel-default-base-4.12.14-95.117.1
- kernel-syms-4.12.14-95.117.1
-
SUSE OpenStack Cloud Crowbar 9 (noarch)
- kernel-devel-4.12.14-95.117.1
- kernel-source-4.12.14-95.117.1
- kernel-macros-4.12.14-95.117.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64)
- cluster-md-kmp-default-debuginfo-4.12.14-95.117.1
- ocfs2-kmp-default-debuginfo-4.12.14-95.117.1
- cluster-md-kmp-default-4.12.14-95.117.1
- dlm-kmp-default-4.12.14-95.117.1
- kernel-default-debugsource-4.12.14-95.117.1
- gfs2-kmp-default-4.12.14-95.117.1
- kernel-default-base-debuginfo-4.12.14-95.117.1
- kernel-default-devel-4.12.14-95.117.1
- kernel-default-debuginfo-4.12.14-95.117.1
- dlm-kmp-default-debuginfo-4.12.14-95.117.1
- kernel-default-base-4.12.14-95.117.1
- kernel-syms-4.12.14-95.117.1
- gfs2-kmp-default-debuginfo-4.12.14-95.117.1
- ocfs2-kmp-default-4.12.14-95.117.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (nosrc ppc64le x86_64)
- kernel-default-4.12.14-95.117.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch)
- kernel-devel-4.12.14-95.117.1
- kernel-source-4.12.14-95.117.1
- kernel-macros-4.12.14-95.117.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64)
- kernel-default-devel-debuginfo-4.12.14-95.117.1
-
SUSE Linux Enterprise High Availability Extension 12 SP4 (ppc64le s390x x86_64)
- cluster-md-kmp-default-debuginfo-4.12.14-95.117.1
- ocfs2-kmp-default-debuginfo-4.12.14-95.117.1
- cluster-md-kmp-default-4.12.14-95.117.1
- dlm-kmp-default-4.12.14-95.117.1
- kernel-default-debugsource-4.12.14-95.117.1
- gfs2-kmp-default-4.12.14-95.117.1
- kernel-default-debuginfo-4.12.14-95.117.1
- dlm-kmp-default-debuginfo-4.12.14-95.117.1
- gfs2-kmp-default-debuginfo-4.12.14-95.117.1
- ocfs2-kmp-default-4.12.14-95.117.1
-
SUSE Linux Enterprise High Availability Extension 12 SP4 (nosrc)
- kernel-default-4.12.14-95.117.1
-
SUSE Linux Enterprise Live Patching 12-SP4 (nosrc)
- kernel-default-4.12.14-95.117.1
-
SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64)
- kernel-default-kgraft-devel-4.12.14-95.117.1
- kernel-default-kgraft-4.12.14-95.117.1
- kgraft-patch-4_12_14-95_117-default-1-6.3.1
-
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 nosrc x86_64)
- kernel-default-4.12.14-95.117.1
-
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64)
- kernel-default-debugsource-4.12.14-95.117.1
- kernel-default-devel-4.12.14-95.117.1
- kernel-default-base-debuginfo-4.12.14-95.117.1
- kernel-default-debuginfo-4.12.14-95.117.1
- kernel-default-base-4.12.14-95.117.1
- kernel-syms-4.12.14-95.117.1
-
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch)
- kernel-devel-4.12.14-95.117.1
- kernel-source-4.12.14-95.117.1
- kernel-macros-4.12.14-95.117.1
-
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64)
- kernel-default-devel-debuginfo-4.12.14-95.117.1
-
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-4.12.14-95.117.1
-
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64)
- kernel-default-debugsource-4.12.14-95.117.1
- kernel-default-devel-4.12.14-95.117.1
- kernel-default-base-debuginfo-4.12.14-95.117.1
- kernel-default-debuginfo-4.12.14-95.117.1
- kernel-default-base-4.12.14-95.117.1
- kernel-syms-4.12.14-95.117.1
-
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch)
- kernel-devel-4.12.14-95.117.1
- kernel-source-4.12.14-95.117.1
- kernel-macros-4.12.14-95.117.1
-
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x)
- kernel-default-man-4.12.14-95.117.1
-
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64)
- kernel-default-devel-debuginfo-4.12.14-95.117.1
References:
- https://www.suse.com/security/cve/CVE-2022-3564.html
- https://www.suse.com/security/cve/CVE-2022-4662.html
- https://www.suse.com/security/cve/CVE-2022-47929.html
- https://www.suse.com/security/cve/CVE-2023-23454.html
- https://bugzilla.suse.com/show_bug.cgi?id=1203693
- https://bugzilla.suse.com/show_bug.cgi?id=1205149
- https://bugzilla.suse.com/show_bug.cgi?id=1206073
- https://bugzilla.suse.com/show_bug.cgi?id=1206664
- https://bugzilla.suse.com/show_bug.cgi?id=1206677
- https://bugzilla.suse.com/show_bug.cgi?id=1206784
- https://bugzilla.suse.com/show_bug.cgi?id=1207036
- https://bugzilla.suse.com/show_bug.cgi?id=1207186
- https://bugzilla.suse.com/show_bug.cgi?id=1207237