openSUSE Leap 42.3: 2018:2738-1 Important: Linux Kernel Denial of Service
opensuse
September 16, 2018
An update that solves 14 vulnerabilities and has 93 fixes is now available.
Description
The openSUSE Leap 42.3 kernel was updated to 4.4.155 to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-13093: Prevent NULL pointer dereference and panic in
lookup_slow()
on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs
image. This occured because of a lack of proper validation that cached
inodes are free during allocation (bnc#1100001).
- CVE-2018-13095: Prevent denial of service (memory corruption and BUG)
that could have occured for a corrupted xfs image upon encountering an
inode that is in extent format, but has more extents than fit in the
inode fork (bnc#1099999).
- CVE-2018-13094: Prevent OOPS that might have occured for a corrupted xfs
image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000).
- CVE-2018-12896: Prevent integer overflow in the POSIX timer code is
caused by the way the overrun accounting works. Depending on...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1016=1
Package List
- openSUSE Leap 42.3 (x86_64):
kernel-debug-4.4.155-68.1
kernel-debug-base-4.4.155-68.1
kernel-debug-base-debuginfo-4.4.155-68.1
kernel-debug-debuginfo-4.4.155-68.1
kernel-debug-debugsource-4.4.155-68.1
kernel-debug-devel-4.4.155-68.1
kernel-debug-devel-debuginfo-4.4.155-68.1
kernel-default-4.4.155-68.1
kernel-default-base-4.4.155-68.1
kernel-default-base-debuginfo-4.4.155-68.1
kernel-default-debuginfo-4.4.155-68.1
kernel-default-debugsource-4.4.155-68.1
kernel-default-devel-4.4.155-68.1
kernel-obs-build-4.4.155-68.1
kernel-obs-build-debugsource-4.4.155-68.1
kernel-obs-qa-4.4.155-68.1
kernel-syms-4.4.155-68.1
kernel-vanilla-4.4.155-68.1
kernel-vanilla-base-4.4.155-68.1
kernel-vanilla-base-debuginfo-4.4.155-68.1
kernel-vanilla-debuginfo-4.4.155-68.1
kernel-vanilla-debugsource-4.4.155-68.1
kernel-vanilla-devel-4.4.155-68.1
- openSUSE Leap 42.3 (noarch):
kernel-devel-4.4.155-68.1
kernel-docs-4.4.155-68.1
kernel-docs-html-4.4.155-68.1
kernel-docs-pdf-4.4.155-68.1
kernel-macros-4.4.155-68.1
kernel-source-4.4.155-68.1
ker...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2018-10902.html
https://www.suse.com/security/cve/CVE-2018-10938.html
https://www.suse.com/security/cve/CVE-2018-10940.html
https://www.suse.com/security/cve/CVE-2018-1128.html
https://www.suse.com/security/cve/CVE-2018-1129.html
https://www.suse.com/security/cve/CVE-2018-12896.html
https://www.suse.com/security/cve/CVE-2018-13093.html
https://www.suse.com/security/cve/CVE-2018-13094.html
https://www.suse.com/security/cve/CVE-2018-13095.html
https://www.suse.com/security/cve/CVE-2018-15572.html
https://www.suse.com/security/cve/CVE-2018-16658.html
https://www.suse.com/security/cve/CVE-2018-6554.html
https://www.suse.com/security/cve/CVE-2018-6555.html
https://www.suse.com/security/cve/CVE-2018-9363.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1015342
https://bugzilla.suse.com/1015343
https://bugzilla.suse.com/1017967
https://bugzilla.suse.com/1019695
https://bugzilla.suse.com/1019699
https://bugzilla.suse.com/1020412
https://bugzilla.suse.com/102112...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2018:2738-1
Rating: important
Affected Products:
openSUSE Leap 42.3
le.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!