Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
openSUSE Update for the openSUSE-SU-2019:2173-1 (the)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'the' package(s) announced via the openSUSE-SU-2019:2173_1 advisory.
Insight
Insight
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814: A heap overflow in mwifiex_set_uap_rates() function of Marvell was fixed. (bnc#1146512). - CVE-2019-14815: A heap overflow in mwifiex_set_wmm_params() function of Marvell Wifi Driver was fixed. (bnc#1146514). - CVE-2019-14816: A heap overflow in mwifiex_update_vs_ie() function of Marvell Wifi Driver was fixed. (bnc#1146516). - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow could lead to guest to host kernel escape during live migration (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read (bnc#1146399). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-1 ... Description truncated. Please see the references for more information.
Affected Software
Affected Software
'the' package(s) on openSUSE Leap 15.0.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).
Common Vulnerabilities and Exposures (CVE)
- CVE-2017-18551
- CVE-2018-20976
- CVE-2018-21008
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14835
- CVE-2019-15030
- CVE-2019-15031
- CVE-2019-15090
- CVE-2019-15098
- CVE-2019-15117
- CVE-2019-15118
- CVE-2019-15211
- CVE-2019-15212
- CVE-2019-15214
- CVE-2019-15215
- CVE-2019-15216
- CVE-2019-15217
- CVE-2019-15218
- CVE-2019-15219
- CVE-2019-15220
- CVE-2019-15221
- CVE-2019-15222
- CVE-2019-15239
- CVE-2019-15290
- CVE-2019-15292
- CVE-2019-15538
- CVE-2019-15666
- CVE-2019-15902
- CVE-2019-15917
- CVE-2019-15919
- CVE-2019-15920
- CVE-2019-15921
- CVE-2019-15924
- CVE-2019-15926
- CVE-2019-15927
- CVE-2019-9456