Security update for suse-module-tools SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:0155-1 Final 1 1 2024-01-18T16:00:13Z current 2024-01-18T16:00:13Z 2024-01-18T16:00:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for suse-module-tools This update for suse-module-tools fixes the following issues: Updated to version 15.2.19: - Added a symlink for /boot/.vmlinuz.hmac (bsc#1217775). Updated to version 15.2.18: - CVE-2023-23559: Blacklisted RNDIS modules (bsc#1205767, jsc#PED-5731). - CVE-2023-1829: Blacklisted the cls_tcindex module (bsc#1210335). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP2-BYOS-Azure-2024-155,Image SLES15-SP2-HPC-BYOS-Azure-2024-155,Image SLES15-SP2-SAP-Azure-2024-155,Image SLES15-SP2-SAP-Azure-LI-BYOS-Production-2024-155,Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production-2024-155,Image SLES15-SP2-SAP-BYOS-Azure-2024-155,SUSE-2024-155,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-155,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-155,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-155 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20240155-1/ Link for SUSE-SU-2024:0155-1 https://lists.suse.com/pipermail/sle-security-updates/2024-January/017690.html E-Mail link for SUSE-SU-2024:0155-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1205767 SUSE Bug 1205767 https://bugzilla.suse.com/1210335 SUSE Bug 1210335 https://bugzilla.suse.com/1217775 SUSE Bug 1217775 https://www.suse.com/security/cve/CVE-2023-1829/ SUSE CVE CVE-2023-1829 page https://www.suse.com/security/cve/CVE-2023-23559/ SUSE CVE CVE-2023-23559 page Image SLES15-SP2-BYOS-Azure Image SLES15-SP2-HPC-BYOS-Azure Image SLES15-SP2-SAP-Azure Image SLES15-SP2-SAP-Azure-LI-BYOS-Production Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production Image SLES15-SP2-SAP-BYOS-Azure SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 suse-module-tools-15.2.19-150200.4.18.1 suse-module-tools-legacy-15.2.19-150200.4.18.1 suse-module-tools-15.2.19-150200.4.18.1 as a component of Image SLES15-SP2-BYOS-Azure suse-module-tools-15.2.19-150200.4.18.1 as a component of Image SLES15-SP2-HPC-BYOS-Azure suse-module-tools-15.2.19-150200.4.18.1 as a component of Image SLES15-SP2-SAP-Azure suse-module-tools-15.2.19-150200.4.18.1 as a component of Image SLES15-SP2-SAP-Azure-LI-BYOS-Production suse-module-tools-15.2.19-150200.4.18.1 as a component of Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production suse-module-tools-15.2.19-150200.4.18.1 as a component of Image SLES15-SP2-SAP-BYOS-Azure suse-module-tools-15.2.19-150200.4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS suse-module-tools-15.2.19-150200.4.18.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS suse-module-tools-15.2.19-150200.4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. CVE-2023-1829 Image SLES15-SP2-BYOS-Azure:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-HPC-BYOS-Azure:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-SAP-Azure:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-SAP-BYOS-Azure:suse-module-tools-15.2.19-150200.4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:suse-module-tools-15.2.19-150200.4.18.1 SUSE Linux Enterprise Server 15 SP2-LTSS:suse-module-tools-15.2.19-150200.4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:suse-module-tools-15.2.19-150200.4.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240155-1/ https://www.suse.com/security/cve/CVE-2023-1829.html CVE-2023-1829 https://bugzilla.suse.com/1210335 SUSE Bug 1210335 https://bugzilla.suse.com/1210619 SUSE Bug 1210619 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1220886 SUSE Bug 1220886 https://bugzilla.suse.com/1228311 SUSE Bug 1228311 In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. CVE-2023-23559 Image SLES15-SP2-BYOS-Azure:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-HPC-BYOS-Azure:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-SAP-Azure:suse-module-tools-15.2.19-150200.4.18.1 Image SLES15-SP2-SAP-BYOS-Azure:suse-module-tools-15.2.19-150200.4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:suse-module-tools-15.2.19-150200.4.18.1 SUSE Linux Enterprise Server 15 SP2-LTSS:suse-module-tools-15.2.19-150200.4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:suse-module-tools-15.2.19-150200.4.18.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240155-1/ https://www.suse.com/security/cve/CVE-2023-23559.html CVE-2023-23559 https://bugzilla.suse.com/1207051 SUSE Bug 1207051