SUSE-SU-2023:2506-1 -- SLES kernelID: oval:org.secpod.oval:def:89048955 | Date: (C)2023-07-18 (M)2024-04-25 |
Class: PATCH | Family: unix |
The SUSE Linux Enterprise 11 SP4 LTSS EXTREME CORE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create . * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept was also allowed for a successfully connected AF_NETROM socket . * CVE-2023-1989: Fixed a use after free in btsdio_remove . * CVE-2017-5753: Fixed spectre vulnerability in prlimit . * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system . * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak . * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c . * CVE-2023-0590: Fixed race condition in qdisc_graft . * CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect . * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim in media/rc . * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow . * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler . * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion . * CVE-2022-3567: Fixed a to race condition in inet6_stream_ops/inet6_dgram_ops . The following non-security bugs were fixed: * Do not sign the vanilla kernel . * do not fallthrough in cbq_classify and stop on TC_ACT_SHOT ## Special Instructions and Notes: * Please reboot the system after installing this update.
Platform: |
SUSE Linux Enterprise Server 11 SP4 |