Beschreibung: | Summary: The remote host is missing an update for the 'the' package(s) announced via the openSUSE-SU-2020:1325-1 advisory.
Vulnerability Insight: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bnc#1085308 bnc#1087082 bnc#1172782 bnc#1172783). Mitigations for Arm had not been included yet.
- CVE-2020-14314: Fixed potential negative array index in do_split() (bsc#1173798).
- CVE-2020-14331: Fixed a buffer over write in vgacon_scroll (bnc#1174205).
- CVE-2020-14356: A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system (bnc#1175213).
- CVE-2020-1749: Some ipv6 protocols were not encrypted over ipsec tunnels (bsc#1165629).
- CVE-2020-24394: fs/nfsd/vfs.c (in the NFS server) could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered (bnc#1175518).
The following non-security bugs were fixed:
- ACPI: kABI fixes for subsys exports (bsc#1174968).
- ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968).
- ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968).
- ACPI: PM: Introduce 'poweroff' callbacks for ACPI PM domain and LPSS (bsc#1174968).
- ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968).
- af_key: pfkey_dump needs parameter validation (git-fixes).
- agp/intel: Fix a memory leak on module initialisation failure (git-fixes).
- ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666).
- ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666).
- ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666).
- ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666).
- ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666).
- ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666).
- ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666).
- ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666).
- ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666).
- ALSA: hda/ ...
Description truncated. Please see the references for more information.
Affected Software/OS: 'the' package(s) on openSUSE Leap 15.1.
Solution: Please install the updated package(s).
CVSS Score: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
|