Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP4) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:3223-1 Final 1 1 2019-12-10T09:12:02Z current 2019-12-10T09:12:02Z 2019-12-10T09:12:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP4) This update for the Linux Kernel 4.12.14-95_6 fixes several issues. The following security issues were fixed: - CVE-2019-15917: Fixed a use-after-free when hci_uart_register_dev() fails in hci_uart_set_proto() (bsc#1156334). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2018-16871: Fixed an issue where an attacker, who could mount an exported NFS filesystem, was able to trigger a null pointer dereference by using an invalid NFS sequence leading to kernel panic and deny of access to the NFS server (bsc#1156320). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-3223,SUSE-SLE-Live-Patching-12-SP4-2019-3223 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20193223-1/ Link for SUSE-SU-2019:3223-1 https://lists.suse.com/pipermail/sle-security-updates/2019-December/006225.html E-Mail link for SUSE-SU-2019:3223-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1153108 SUSE Bug 1153108 https://bugzilla.suse.com/1156320 SUSE Bug 1156320 https://bugzilla.suse.com/1156321 SUSE Bug 1156321 https://bugzilla.suse.com/1156334 SUSE Bug 1156334 https://www.suse.com/security/cve/CVE-2018-16871/ SUSE CVE CVE-2018-16871 page https://www.suse.com/security/cve/CVE-2019-10220/ SUSE CVE CVE-2019-10220 page https://www.suse.com/security/cve/CVE-2019-13272/ SUSE CVE CVE-2019-13272 page https://www.suse.com/security/cve/CVE-2019-15917/ SUSE CVE CVE-2019-15917 page SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_6-default-7-2.5 kgraft-patch-4_12_14-95_6-default-7-2.5 as a component of SUSE Linux Enterprise Live Patching 12 SP4 A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. CVE-2018-16871 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-7-2.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20193223-1/ https://www.suse.com/security/cve/CVE-2018-16871.html CVE-2018-16871 https://bugzilla.suse.com/1137103 SUSE Bug 1137103 https://bugzilla.suse.com/1156320 SUSE Bug 1156320 Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. CVE-2019-10220 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-7-2.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20193223-1/ https://www.suse.com/security/cve/CVE-2019-10220.html CVE-2019-10220 https://bugzilla.suse.com/1144903 SUSE Bug 1144903 https://bugzilla.suse.com/1153108 SUSE Bug 1153108 In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. CVE-2019-13272 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-7-2.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20193223-1/ https://www.suse.com/security/cve/CVE-2019-13272.html CVE-2019-13272 https://bugzilla.suse.com/1140671 SUSE Bug 1140671 https://bugzilla.suse.com/1156321 SUSE Bug 1156321 https://bugzilla.suse.com/1198122 SUSE Bug 1198122 An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. CVE-2019-15917 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-7-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20193223-1/ https://www.suse.com/security/cve/CVE-2019-15917.html CVE-2019-15917 https://bugzilla.suse.com/1149539 SUSE Bug 1149539 https://bugzilla.suse.com/1156334 SUSE Bug 1156334