openSUSE Leap 42.3: 2019:0274-1 Important: Linux Kernel DoS and Info Leak
opensuse
March 1, 2019
An update that solves 5 vulnerabilities and has 33 fixes is now available.
Description
The openSUSE Leap 42.3 kernel was updated to 4.4.175 to receive various
bugfixes.
The following security bugs were fixed:
- CVE-2018-5391: Fixed a vulnerability, which allowed an attacker to cause
a denial of service attack with low rates of packets targeting IP
fragment re-assembly. (bsc#1103097)
- CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM
hypervisor related to the emulation of a preemption timer, allowing an
guest user/process to crash the host kernel. (bsc#1124732).
- CVE-2019-7222: Fixed an information leakage in the KVM hypervisor
related to handling page fault exceptions, which allowed a guest
user/process to use this flaw to leak the host's stack memory contents
to a guest (bsc#1124735).
The following non-security bugs were fixed:
- ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382).
- ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
(bnc#1012382).
-...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-274=1
Package List
- openSUSE Leap 42.3 (noarch):
kernel-devel-4.4.175-89.1
kernel-docs-4.4.175-89.1
kernel-docs-html-4.4.175-89.1
kernel-docs-pdf-4.4.175-89.1
kernel-macros-4.4.175-89.1
kernel-source-4.4.175-89.1
kernel-source-vanilla-4.4.175-89.1
- openSUSE Leap 42.3 (x86_64):
kernel-debug-4.4.175-89.1
kernel-debug-base-4.4.175-89.1
kernel-debug-base-debuginfo-4.4.175-89.1
kernel-debug-debuginfo-4.4.175-89.1
kernel-debug-debugsource-4.4.175-89.1
kernel-debug-devel-4.4.175-89.1
kernel-debug-devel-debuginfo-4.4.175-89.1
kernel-default-4.4.175-89.1
kernel-default-base-4.4.175-89.1
kernel-default-base-debuginfo-4.4.175-89.1
kernel-default-debuginfo-4.4.175-89.1
kernel-default-debugsource-4.4.175-89.1
kernel-default-devel-4.4.175-89.1
kernel-obs-build-4.4.175-89.1
kernel-obs-build-debugsource-4.4.175-89.1
kernel-obs-qa-4.4.175-89.1
kernel-syms-4.4.175-89.1
kernel-vanilla-4.4.175-89.1
kernel-vanilla-base-4.4.175-89.1
kernel-vanilla-base-debuginfo-4.4.175-89.1
kernel-vanilla-debuginfo-4.4.175-89.1
kernel-vanilla-debugsource-4.4.175-89.1
ke...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2018-5391.html
https://www.suse.com/security/cve/CVE-2019-3459.html
https://www.suse.com/security/cve/CVE-2019-3460.html
https://www.suse.com/security/cve/CVE-2019-7221.html
https://www.suse.com/security/cve/CVE-2019-7222.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1020413
https://bugzilla.suse.com/1031492
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1050549
https://bugzilla.suse.com/1078355
https://bugzilla.suse.com/1086095
https://bugzilla.suse.com/1086652
https://bugzilla.suse.com/1099810
https://bugzilla.suse.com/1103097
https://bugzilla.suse.com/1105428
https://bugzilla.suse.com/1106061
https://bugzilla.suse.com/1106929
https://bugzilla.suse.com/1116345
https://bugzilla.suse.com/1117108
https://bugzilla.suse.com/1117645
https://bugzilla.suse.com/1117744
https://bugzilla.suse.com/1120017
https://bugzilla.suse.com/1120758
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1123933
https://bugzilla.suse.com/1124166
https://bugzil...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2019:0274-1
Rating: important
Affected Products:
openSUSE Leap 42.3
le.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!