Overview

File _patchinfo of Package patchinfo.16361

<patchinfo incident="16361">
  <issue id="1152107" tracker="bnc">VUL-0: CVE-2019-16746: kernel-source: buffer overflow via missing check of  variable elements length in a beacon head in net/wireless/nl80211.c</issue>
  <issue id="1173798" tracker="bnc">VUL-1: CVE-2020-14314: kernel-source: buffer uses out of index in ext3/4 filesystem</issue>
  <issue id="1174205" tracker="bnc">VUL-0: CVE-2020-14331: kernel-source: buffer over write in vgacon_scroll</issue>
  <issue id="1174757" tracker="bnc">VUL-0: CVE-2020-16166: kernel-source: remote attackers may be able to make observations which may reveal  the internal state of the network RNG</issue>
  <issue id="1175691" tracker="bnc">HPE requests porting fix for BZ 1164910 --&gt; SLES 12SP4/SP5 &amp; SLES 15 SP1/SP2</issue>
  <issue id="1176069" tracker="bnc">VUL-0: CVE-2020-14386: kernel-source: local privilege escalation via memory corruption in net/packet/af_packet.c</issue>
  <issue id="2020-14314" tracker="cve" />
  <issue id="2019-16746" tracker="cve" />
  <issue id="2020-16166" tracker="cve" />
  <issue id="2020-14331" tracker="cve" />
  <issue id="2020-14386" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>osalvador</packager>
  <reboot_needed/>
  <description>The SUSE Linux Enterprise 12 SP2 kernel was updated to to receive various security and bugfixes.

The following security bugs were fixed:


- CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
- CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
- CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
- CVE-2019-16746: Fixed an improper check of the length of variable elements in a beacon head, leading to a buffer overflow (bsc#1152107).
- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).

The following non-security bug was fixed:

- mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places