Test ID:	1.3.6.1.4.1.25623.1.0.854818
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for the (SUSE-SU-2022:2411-1)
Summary:	The remote host is missing an update for the 'the'; package(s) announced via the SUSE-SU-2022:2411-1 advisory.
Description:	Summary: The remote host is missing an update for the 'the' package(s) announced via the SUSE-SU-2022:2411-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318 - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). Special Instructions and Notes: Please reboot the system after installing this update. Affected Software/OS: 'the' package(s) on openSUSE Leap 15.3, openSUSE Leap 15.4. Solution: Please install the updated package(s). CVSS Score: 7.4 CVSS Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-26341 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026 http://www.openwall.com/lists/oss-security/2022/03/18/2 Common Vulnerability Exposure (CVE) ID: CVE-2021-4157 https://security.netapp.com/advisory/ntap-20220602-0007/ https://bugzilla.redhat.com/show_bug.cgi?id=2034342 https://lore.kernel.org/lkml/20210517140244.822185482@linuxfoundation.org/ https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-1679 https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/ https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2022-20132 https://source.android.com/security/bulletin/2022-06-01 Common Vulnerability Exposure (CVE) ID: CVE-2022-20141 Common Vulnerability Exposure (CVE) ID: CVE-2022-20154 https://source.android.com/security/bulletin/pixel/2022-06-01 Common Vulnerability Exposure (CVE) ID: CVE-2022-2318 Debian Security Information: DSA-5191 (Google Search) https://www.debian.org/security/2022/dsa-5191 https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6 Common Vulnerability Exposure (CVE) ID: CVE-2022-26365 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/ https://xenbits.xenproject.org/xsa/advisory-403.txt http://www.openwall.com/lists/oss-security/2022/07/05/6 Common Vulnerability Exposure (CVE) ID: CVE-2022-29900 Debian Security Information: DSA-5207 (Google Search) https://www.debian.org/security/2022/dsa-5207 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/ https://security.gentoo.org/glsa/202402-07 https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/ https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2022-29901 https://comsec.ethz.ch/retbleed https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/ https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html http://www.openwall.com/lists/oss-security/2022/07/12/4 http://www.openwall.com/lists/oss-security/2022/07/12/5 http://www.openwall.com/lists/oss-security/2022/07/12/2 http://www.openwall.com/lists/oss-security/2022/07/13/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-33740 Common Vulnerability Exposure (CVE) ID: CVE-2022-33741 Common Vulnerability Exposure (CVE) ID: CVE-2022-33742 Common Vulnerability Exposure (CVE) ID: CVE-2022-33981 Debian Security Information: DSA-5173 (Google Search) https://www.debian.org/security/2022/dsa-5173 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6 https://exchange.xforce.ibmcloud.com/vulnerabilities/225362 https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf https://seclists.org/oss-sec/2022/q2/66 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.