SUSE-SU-2024:0112-1 -- SLES kernelID: oval:org.secpod.oval:def:89051371 | Date: (C)2024-01-23 (M)2024-04-29 |
Class: PATCH | Family: unix |
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN . * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call . * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% . * CVE-2023-31085: Fixed a divide-by-zero error in do_div that could cause a local DoS . * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c . * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged attacker to trigger an out-of-bounds read, leading to a crash or information disclosure . * CVE-2023-39192: Fixed an out of bounds read in the netfilter . * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem . * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet . * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path . * CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg . * CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server . * CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel"s ipv4: igmp component that could lead to local privilege escalation . ## Special Instructions and Notes: * Please reboot the system after installing this update.
Platform: |
SUSE Linux Enterprise Server 11 SP4 |