SUSE: 2018:1013-1 Critical: Linux Kernel Live Patching Security Fix
suse
April 20, 2018
An update that solves four vulnerabilities and has one errata is now available.
Summary
This update for the Linux Kernel 4.4.90-6_12 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods
References
#1073230 #1076017 #1083488 #1085114 #1085447
Cross- CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068
CVE-2018-7566
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP3
https://www.suse.com/security/cve/CVE-2017-13166.html
https://www.suse.com/security/cve/CVE-2018-1000004.html
https://www.suse.com/security/cve/CVE-2018-1068.html
https://www.suse.com/security/cve/CVE-2018-7566.html
https://bugzilla.suse.com/1073230
https://bugzilla.suse.com/1076017
https://bugzilla.suse.com/1083488
https://bugzilla.suse.com/1085114
https://bugzilla.suse.com/1085447
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2018:1013-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!