   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1368-1
Rating:             important
References:         #1046610 #1052943 #1068032 #1075087 #1075088 
                    #1080157 #1084760 #1087082 #1087092 #1089895 
                    #1090630 #1090888 #1091041 #1091671 #1091755 
                    #1091815 #1092372 #1092497 #1094019 
Cross-References:   CVE-2017-5715 CVE-2017-5753 CVE-2018-1000199
                    CVE-2018-10675 CVE-2018-3639
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 14 fixes is
   now available.

Description:



   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-3639: Information leaks using "Memory Disambiguation" feature
     in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082).

     A new boot commandline option was introduced,
   "spec_store_bypass_disable", which can have following values:

     - auto: Kernel detects whether your CPU model contains an implementation
       of Speculative Store Bypass and picks the most appropriate mitigation.
     - on: disable Speculative Store Bypass
     - off: enable Speculative Store Bypass
     - prctl: Control Speculative Store Bypass per thread via prctl.
       Speculative Store Bypass is enabled for a process by default. The
       state of the control is inherited on fork.
     - seccomp: Same as "prctl" above, but all seccomp threads will disable
       SSB unless they explicitly opt out.

     The default is "seccomp", meaning programs need explicit opt-in into the
   mitigation.

     Status can be queried via the
   /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:

     - "Vulnerable"
     - "Mitigation: Speculative Store Bypass disabled"
     - "Mitigation: Speculative Store Bypass disabled via prctl"
     - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp"

   - CVE-2018-1000199: An address corruption flaw was discovered while
     modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an
     unprivileged user/process could use this flaw to crash the system kernel
     resulting in DoS OR to potentially escalate privileges on a the system.
     (bsc#1089895)
   - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed
     local users to cause a denial of service (use-after-free) or possibly
     have unspecified other impact via crafted system calls (bnc#1091755).
   - CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled
     also for 32bit x86.
   - CVE-2017-5753: Spectre v1 mitigations have been improved by the versions
     merged from the upstream kernel.

   The following non-security bugs were fixed:

   - Avoid quadratic search when freeing delegations (bsc#1084760).
   - cifs: fix crash due to race in hmac(md5) handling (bsc#1091671).
   - hid: roccat: prevent an out of bounds read in
     kovaplus_profile_activated() (bsc#1087092).
   - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1090888).
   - powerpc/64: Disable gmb() on powerpc
   - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157).
   - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032,
     bsc#1080157).
   - powerpc/64s: Enable barrier_nospec based on firmware settings
     (bsc#1068032, bsc#1080157).
   - powerpc/64s: Enhance the information in cpu_show_meltdown()
     (bsc#1068032, bsc#1075088, bsc#1091815).
   - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
     (bsc#1068032).
   - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
     (bsc#1068032, bsc#1075087, bsc#1091041).
   - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032,
     bsc#1075088, bsc#1091815).
   - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075088,
     bsc#1091815).
   - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157).
   - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075088,
     bsc#1091815).
   - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075088,
     bsc#1091815).
   - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032,
     bsc#1080157).
   - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032,
     bsc#1075088, bsc#1091815).
   - powerpc: Move default security feature flags (bsc#1068032, bsc#1075088,
     bsc#1091815).
   - powerpc: Move local setup.h declarations to arch includes (bsc#1068032,
     bsc#1075088, bsc#1091815).
   - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032,
     bsc#1075088, bsc#1091815).
   - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032,
     bsc#1075088, bsc#1091815).
   - powerpc/pseries: Restore default security feature flags on setup
     (bsc#1068032, bsc#1075088, bsc#1091815).
   - powerpc/pseries: Set or clear security feature flags (bsc#1068032,
     bsc#1075088, bsc#1091815).
   - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
     (bsc#1068032, bsc#1075088, bsc#1091815).
   - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032,
     bsc#1075088, bsc#1091815).
   - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
     (bsc#1068032, bsc#1075088, bsc#1091815).
   - powerpc/rfi-flush: Differentiate enabled and patched flush types
     (bsc#1068032, bsc#1075088, bsc#1091815).
   - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
     (bsc#1068032, bsc#1075088, bsc#1091815).
   - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032,
     bsc#1080157).
   - series.conf: fix the header It was corrupted back in 2015.
   - tracing: Create seq_buf layer in trace_seq (bsc#1091815).
   - Update config files. Enable retpolines for i386 build.
   - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1090888).
   - usb: hub: fix SS hub-descriptor handling (bsc#1092372).
   - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
   - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1090630)
   - x86/xen: disable IBRS around CPU stopper function invocation
   - xen-netfront: fix req_prod check to avoid RX hang when index wraps
     (bsc#1046610).
   - xfs: fix buffer use after free on IO error (bsc#1052943).
   - xfs: prevent recursion in xfs_buf_iorequest (bsc#1052943).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-kernel-20180512-13618=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kernel-20180512-13618=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-20180512-13618=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-20180512-13618=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      kernel-docs-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.48.1
      kernel-default-base-3.0.101-108.48.1
      kernel-default-devel-3.0.101-108.48.1
      kernel-source-3.0.101-108.48.1
      kernel-syms-3.0.101-108.48.1
      kernel-trace-3.0.101-108.48.1
      kernel-trace-base-3.0.101-108.48.1
      kernel-trace-devel-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      kernel-ec2-3.0.101-108.48.1
      kernel-ec2-base-3.0.101-108.48.1
      kernel-ec2-devel-3.0.101-108.48.1
      kernel-xen-3.0.101-108.48.1
      kernel-xen-base-3.0.101-108.48.1
      kernel-xen-devel-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      kernel-bigmem-3.0.101-108.48.1
      kernel-bigmem-base-3.0.101-108.48.1
      kernel-bigmem-devel-3.0.101-108.48.1
      kernel-ppc64-3.0.101-108.48.1
      kernel-ppc64-base-3.0.101-108.48.1
      kernel-ppc64-devel-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-SP4 (s390x):

      kernel-default-man-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      kernel-pae-3.0.101-108.48.1
      kernel-pae-base-3.0.101-108.48.1
      kernel-pae-devel-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.48.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.48.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-debuginfo-3.0.101-108.48.1
      kernel-default-debugsource-3.0.101-108.48.1
      kernel-trace-debuginfo-3.0.101-108.48.1
      kernel-trace-debugsource-3.0.101-108.48.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.48.1
      kernel-trace-devel-debuginfo-3.0.101-108.48.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.48.1
      kernel-ec2-debugsource-3.0.101-108.48.1
      kernel-xen-debuginfo-3.0.101-108.48.1
      kernel-xen-debugsource-3.0.101-108.48.1
      kernel-xen-devel-debuginfo-3.0.101-108.48.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.48.1
      kernel-bigmem-debugsource-3.0.101-108.48.1
      kernel-ppc64-debuginfo-3.0.101-108.48.1
      kernel-ppc64-debugsource-3.0.101-108.48.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.48.1
      kernel-pae-debugsource-3.0.101-108.48.1
      kernel-pae-devel-debuginfo-3.0.101-108.48.1


References:

   https://www.suse.com/security/cve/CVE-2017-5715.html
   https://www.suse.com/security/cve/CVE-2017-5753.html
   https://www.suse.com/security/cve/CVE-2018-1000199.html
   https://www.suse.com/security/cve/CVE-2018-10675.html
   https://www.suse.com/security/cve/CVE-2018-3639.html
   https://bugzilla.suse.com/1046610
   https://bugzilla.suse.com/1052943
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1075087
   https://bugzilla.suse.com/1075088
   https://bugzilla.suse.com/1080157
   https://bugzilla.suse.com/1084760
   https://bugzilla.suse.com/1087082
   https://bugzilla.suse.com/1087092
   https://bugzilla.suse.com/1089895
   https://bugzilla.suse.com/1090630
   https://bugzilla.suse.com/1090888
   https://bugzilla.suse.com/1091041
   https://bugzilla.suse.com/1091671
   https://bugzilla.suse.com/1091755
   https://bugzilla.suse.com/1091815
   https://bugzilla.suse.com/1092372
   https://bugzilla.suse.com/1092497
   https://bugzilla.suse.com/1094019

SUSE: 2018:1368-1 important: the Linux Kernel

May 23, 2018

An update that solves 5 vulnerabilities and has 14 fixes is now available

Summary

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082). A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is "seccomp", meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - "Vulnerable" - "Mitigation: Speculative Store Bypass disabled" - "Mitigation: Speculative Store Bypass disabled via prctl" - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp" - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). - CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86. - CVE-2017-5753: Spectre v1 mitigations have been improved by the versions merged from the upstream kernel. The following non-security bugs were fixed: - Avoid quadratic search when freeing delegations (bsc#1084760). - cifs: fix crash due to race in hmac(md5) handling (bsc#1091671). - hid: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bsc#1087092). - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1090888). - powerpc/64: Disable gmb() on powerpc - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move local setup.h declarations to arch includes (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). - series.conf: fix the header It was corrupted back in 2015. - tracing: Create seq_buf layer in trace_seq (bsc#1091815). - Update config files. Enable retpolines for i386 build. - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1090888). - usb: hub: fix SS hub-descriptor handling (bsc#1092372). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1090630) - x86/xen: disable IBRS around CPU stopper function invocation - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). - xfs: fix buffer use after free on IO error (bsc#1052943). - xfs: prevent recursion in xfs_buf_iorequest (bsc#1052943). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-20180512-13618=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-20180512-13618=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20180512-13618=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-20180512-13618=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.48.1 kernel-default-base-3.0.101-108.48.1 kernel-default-devel-3.0.101-108.48.1 kernel-source-3.0.101-108.48.1 kernel-syms-3.0.101-108.48.1 kernel-trace-3.0.101-108.48.1 kernel-trace-base-3.0.101-108.48.1 kernel-trace-devel-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.48.1 kernel-ec2-base-3.0.101-108.48.1 kernel-ec2-devel-3.0.101-108.48.1 kernel-xen-3.0.101-108.48.1 kernel-xen-base-3.0.101-108.48.1 kernel-xen-devel-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.48.1 kernel-bigmem-base-3.0.101-108.48.1 kernel-bigmem-devel-3.0.101-108.48.1 kernel-ppc64-3.0.101-108.48.1 kernel-ppc64-base-3.0.101-108.48.1 kernel-ppc64-devel-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.48.1 kernel-pae-base-3.0.101-108.48.1 kernel-pae-devel-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.48.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.48.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.48.1 kernel-default-debugsource-3.0.101-108.48.1 kernel-trace-debuginfo-3.0.101-108.48.1 kernel-trace-debugsource-3.0.101-108.48.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.48.1 kernel-trace-devel-debuginfo-3.0.101-108.48.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.48.1 kernel-ec2-debugsource-3.0.101-108.48.1 kernel-xen-debuginfo-3.0.101-108.48.1 kernel-xen-debugsource-3.0.101-108.48.1 kernel-xen-devel-debuginfo-3.0.101-108.48.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.48.1 kernel-bigmem-debugsource-3.0.101-108.48.1 kernel-ppc64-debuginfo-3.0.101-108.48.1 kernel-ppc64-debugsource-3.0.101-108.48.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.48.1 kernel-pae-debugsource-3.0.101-108.48.1 kernel-pae-devel-debuginfo-3.0.101-108.48.1

References

#1046610 #1052943 #1068032 #1075087 #1075088

#1080157 #1084760 #1087082 #1087092 #1089895

#1090630 #1090888 #1091041 #1091671 #1091755

#1091815 #1092372 #1092497 #1094019

Cross- CVE-2017-5715 CVE-2017-5753 CVE-2018-1000199

CVE-2018-10675 CVE-2018-3639

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-EXTRA

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2017-5715.html

https://www.suse.com/security/cve/CVE-2017-5753.html

https://www.suse.com/security/cve/CVE-2018-1000199.html

https://www.suse.com/security/cve/CVE-2018-10675.html

https://www.suse.com/security/cve/CVE-2018-3639.html

https://bugzilla.suse.com/1046610

https://bugzilla.suse.com/1052943

https://bugzilla.suse.com/1068032

https://bugzilla.suse.com/1075087

https://bugzilla.suse.com/1075088

https://bugzilla.suse.com/1080157

https://bugzilla.suse.com/1084760

https://bugzilla.suse.com/1087082

https://bugzilla.suse.com/1087092

https://bugzilla.suse.com/1089895

https://bugzilla.suse.com/1090630

https://bugzilla.suse.com/1090888

https://bugzilla.suse.com/1091041

https://bugzilla.suse.com/1091671

https://bugzilla.suse.com/1091755

https://bugzilla.suse.com/1091815

https://bugzilla.suse.com/1092372

https://bugzilla.suse.com/1092497

https://bugzilla.suse.com/1094019

Severity

Announcement ID: SUSE-SU-2018:1368-1

Rating: important

What Are You Looking For?

SUSE: 2018:1368-1 important: the Linux Kernel

Summary

References

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Security Highlights from KubeCon + CloudNativeCon 2023

Kubernetes Security on AWS: A Practical Guide

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

News

Advisories

HOWTOs

Features

A Complete Guide to Torrenting Safely in 2024

Cloud Security Basics for Small Businesses

Scanning and Defending Networks with Nmap

CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

Cyber Law in the Realm of Open-Source Software Security

About Us

Powered By

What Are You Looking For?

SUSE: 2018:1368-1 important: the Linux Kernel

Summary

References

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By