SuSE Local Security Checks : openSUSE: Security Advisory for the (openSUSE-SU-2020:1153-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.853339

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for the (openSUSE-SU-2020:1153-1)

Zusammenfassung: The remote host is missing an update for the 'the'; package(s) announced via the openSUSE-SU-2020:1153-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'the'
package(s) announced via the openSUSE-SU-2020:1153-1 advisory.

Vulnerability Insight:
The openSUSE Leap 15.1 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c where
it did not check the length of variable elements in a beacon head,
leading to a buffer overflow (bnc#1152107 1173659).

- CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c
did not call snd_card_free for a failure path, which causes a memory
leak, aka CID-9453264ef586 (bnc#1172458).

- CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c
where Incorrect access permissions for the efivar_ssdt ACPI variable
could be used by attackers to bypass lockdown or secure boot
restrictions, aka CID-1957a85b0032 (bnc#1173567).

- CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
use-after-free due to a race condition. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1174462).

- CVE-2020-10135: Legacy pairing and secure-connections pairing
authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier
may have allowed an unauthenticated user to complete authentication
without pairing credentials via adjacent access. An unauthenticated,
adjacent attacker could impersonate a Bluetooth BR/EDR master or slave
to pair with a previously paired remote device to successfully complete
the authentication procedure without knowing the link key (bnc#1171988).

- CVE-2020-10766: Fixed rogue cross-process SSBD shutdown. Linux scheduler
logical bug allowed an attacker to turn off the SSBD protection.
(bnc#1172781).

- CVE-2020-10767: Fixed indirect Branch Prediction Barrier is
force-disabled when STIBP is unavailable or enhanced IBRS is available.
(bnc#1172782).

- CVE-2020-10768: Fixed indirect branch speculation can be enabled after
it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
(bnc#1172783).

- CVE-2020-10769: A buffer over-read flaw was found in
crypto_authenc_extractkeys in crypto/authenc.c in the IPsec
Cryptographic algorithm module, authenc. When a payload longer than 4
bytes, and is not following 4-byte alignment boundary guidelines, it
causes a buffer over-read threat, leading to a system crash. This flaw
allowed a local attacker with user privileges to cause a denial of
service (bnc#1173265).

- CVE-2020-10773: Fixed a kernel stack information leak on s390/s390x.
(bnc#1172999).

- CVE-2020-10781: A zram sysfs resource consumption was fixed.
(bnc#1173074).

Description truncated. Please see the references for more information.

Affected Software/OS:
'the' package(s) on openSUSE Leap 15.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-0305
https://source.android.com/security/bulletin/pixel/2020-06-01
SuSE Security Announcement: openSUSE-SU-2020:1153 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
SuSE Security Announcement: openSUSE-SU-2020:1236 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.853339
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for the (openSUSE-SU-2020:1153-1)
Zusammenfassung:	The remote host is missing an update for the 'the'; package(s) announced via the openSUSE-SU-2020:1153-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'the' package(s) announced via the openSUSE-SU-2020:1153-1 advisory. Vulnerability Insight: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c where it did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10766: Fixed rogue cross-process SSBD shutdown. Linux scheduler logical bug allowed an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Fixed indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-10768: Fixed indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: Fixed a kernel stack information leak on s390/s390x. (bnc#1172999). - CVE-2020-10781: A zram sysfs resource consumption was fixed. (bnc#1173074). Description truncated. Please see the references for more information. Affected Software/OS: 'the' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-0305 https://source.android.com/security/bulletin/pixel/2020-06-01 SuSE Security Announcement: openSUSE-SU-2020:1153 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html SuSE Security Announcement: openSUSE-SU-2020:1236 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH