SUSE-SU-2024:3617-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20243617-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3617-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:3617-1
- Related
- Published
- 2024-10-14T12:07:08Z
- Modified
- 2024-10-14T12:07:08Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
- CVE-2024-40902: jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227764).
- CVE-2024-42104: nilfs2: add missing check for inode numbers on directory entries (bsc#1228654).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-45021: memcgwriteevent_control(): fix a user-triggerable oops (bsc#1230434).
The following non-security bugs were fixed:
- alarmtimer: Lock k_itimer during timer callback (bsc#1214298).
- alarmtimers: Add alarm_forward functionality (bsc#1214298).
- alarmtimers: Change alarmtimer functions to return alarmtimer_restart (bsc#1214298).
- alarmtimers: Push rearming peroidic timers down into alamrtimer (bsc#1214298).
- alarmtimers: Remove interval cap limit hack (bsc#1214298).
- kABI fix for alarmtimer_restart functionality (bsc#1214298).
- kABI fix update for alarm_forward (bsc#1214298).
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20243617-1/
- https://bugzilla.suse.com/1214298
- https://bugzilla.suse.com/1226606
- https://bugzilla.suse.com/1227764
- https://bugzilla.suse.com/1228487
- https://bugzilla.suse.com/1228654
- https://bugzilla.suse.com/1230434
- https://www.suse.com/security/cve/CVE-2024-38538
- https://www.suse.com/security/cve/CVE-2024-40902
- https://www.suse.com/security/cve/CVE-2024-42104
- https://www.suse.com/security/cve/CVE-2024-42148
- https://www.suse.com/security/cve/CVE-2024-45021
Affected packages
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.165.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.165.1",
"kernel-ec2": "3.0.101-108.165.1",
"kernel-default": "3.0.101-108.165.1",
"kernel-source": "3.0.101-108.165.1",
"kernel-syms": "3.0.101-108.165.1",
"kernel-trace": "3.0.101-108.165.1",
"kernel-trace-devel": "3.0.101-108.165.1",
"kernel-ec2-devel": "3.0.101-108.165.1",
"kernel-ec2-base": "3.0.101-108.165.1",
"kernel-xen-devel": "3.0.101-108.165.1",
"kernel-xen-base": "3.0.101-108.165.1",
"kernel-trace-base": "3.0.101-108.165.1",
"kernel-xen": "3.0.101-108.165.1",
"kernel-default-devel": "3.0.101-108.165.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-ec2
Package
- Name
- kernel-ec2
- Purl
- purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.165.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.165.1",
"kernel-ec2": "3.0.101-108.165.1",
"kernel-default": "3.0.101-108.165.1",
"kernel-source": "3.0.101-108.165.1",
"kernel-syms": "3.0.101-108.165.1",
"kernel-trace": "3.0.101-108.165.1",
"kernel-trace-devel": "3.0.101-108.165.1",
"kernel-ec2-devel": "3.0.101-108.165.1",
"kernel-ec2-base": "3.0.101-108.165.1",
"kernel-xen-devel": "3.0.101-108.165.1",
"kernel-xen-base": "3.0.101-108.165.1",
"kernel-trace-base": "3.0.101-108.165.1",
"kernel-xen": "3.0.101-108.165.1",
"kernel-default-devel": "3.0.101-108.165.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.165.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.165.1",
"kernel-ec2": "3.0.101-108.165.1",
"kernel-default": "3.0.101-108.165.1",
"kernel-source": "3.0.101-108.165.1",
"kernel-syms": "3.0.101-108.165.1",
"kernel-trace": "3.0.101-108.165.1",
"kernel-trace-devel": "3.0.101-108.165.1",
"kernel-ec2-devel": "3.0.101-108.165.1",
"kernel-ec2-base": "3.0.101-108.165.1",
"kernel-xen-devel": "3.0.101-108.165.1",
"kernel-xen-base": "3.0.101-108.165.1",
"kernel-trace-base": "3.0.101-108.165.1",
"kernel-xen": "3.0.101-108.165.1",
"kernel-default-devel": "3.0.101-108.165.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.165.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.165.1",
"kernel-ec2": "3.0.101-108.165.1",
"kernel-default": "3.0.101-108.165.1",
"kernel-source": "3.0.101-108.165.1",
"kernel-syms": "3.0.101-108.165.1",
"kernel-trace": "3.0.101-108.165.1",
"kernel-trace-devel": "3.0.101-108.165.1",
"kernel-ec2-devel": "3.0.101-108.165.1",
"kernel-ec2-base": "3.0.101-108.165.1",
"kernel-xen-devel": "3.0.101-108.165.1",
"kernel-xen-base": "3.0.101-108.165.1",
"kernel-trace-base": "3.0.101-108.165.1",
"kernel-xen": "3.0.101-108.165.1",
"kernel-default-devel": "3.0.101-108.165.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-trace
Package
- Name
- kernel-trace
- Purl
- purl:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.165.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.165.1",
"kernel-ec2": "3.0.101-108.165.1",
"kernel-default": "3.0.101-108.165.1",
"kernel-source": "3.0.101-108.165.1",
"kernel-syms": "3.0.101-108.165.1",
"kernel-trace": "3.0.101-108.165.1",
"kernel-trace-devel": "3.0.101-108.165.1",
"kernel-ec2-devel": "3.0.101-108.165.1",
"kernel-ec2-base": "3.0.101-108.165.1",
"kernel-xen-devel": "3.0.101-108.165.1",
"kernel-xen-base": "3.0.101-108.165.1",
"kernel-trace-base": "3.0.101-108.165.1",
"kernel-xen": "3.0.101-108.165.1",
"kernel-default-devel": "3.0.101-108.165.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-xen
Package
- Name
- kernel-xen
- Purl
- purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.165.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.165.1",
"kernel-ec2": "3.0.101-108.165.1",
"kernel-default": "3.0.101-108.165.1",
"kernel-source": "3.0.101-108.165.1",
"kernel-syms": "3.0.101-108.165.1",
"kernel-trace": "3.0.101-108.165.1",
"kernel-trace-devel": "3.0.101-108.165.1",
"kernel-ec2-devel": "3.0.101-108.165.1",
"kernel-ec2-base": "3.0.101-108.165.1",
"kernel-xen-devel": "3.0.101-108.165.1",
"kernel-xen-base": "3.0.101-108.165.1",
"kernel-trace-base": "3.0.101-108.165.1",
"kernel-xen": "3.0.101-108.165.1",
"kernel-default-devel": "3.0.101-108.165.1"
}
]
}