Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

SUSE: 2018:1030-1 Important: Kernel Live Patch Critical Buffer Overflow

suse
Calendar Grey April 20, 2018
Scroller Suse Esm H88
SUSE Linux Kernel Live Patch 32 introduces patches addressing three critical vulnerabilities, including potential elevation of user privileges and a buffer overflow risk.
An update that fixes three vulnerabilities is now available.

Summary

This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

#1083488 #1085114 #1085447

Cross- CVE-2017-13166 CVE-2018-1068 CVE-2018-7566

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-13166.html

https://www.suse.com/security/cve/CVE-2018-1068.html

https://www.suse.com/security/cve/CVE-2018-7566.html

https://bugzilla.suse.com/1083488

https://bugzilla.suse.com/1085114

https://bugzilla.suse.com/1085447

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:1030-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.