openSUSE Update for the openSUSE-SU-2019:2307-1 (the)

Published: 2019-10-11 02:00:43
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:

The remote host is missing an update for the 'the' Linux Distribution Package(s) announced via the openSUSE-SU-2019:2307_1 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could have used this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2017-18595: A double free might have been caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that can decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865 1146042). The following non-security bugs were fixed: - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). ... Description truncated. Please see the references for more information.

Affected Versions:
'the' Linux Distribution Package(s) on openSUSE Leap 15.0.

Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

CVE Analysis


CVSS Score
SuSE Local Security Checks

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.