Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

SUSE: 2018:1855-2 Important: Linux Kernel Denial of Service Threat

suse
Calendar Grey October 18, 2018
Dist Suse Esm H88
SUSE has released a critical Security Update aimed at the Linux Kernel, resolving various vulnerabilities. Discover more details.
An update that solves 14 vulnerabilities and has 15 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and

References

#1068032 #1079152 #1082962 #1083650 #1083900

#1085185 #1086400 #1087007 #1087012 #1087036

#1087086 #1087095 #1089895 #1090534 #1090955

#1092497 #1092552 #1092813 #1092904 #1094033

#1094353 #1094823 #1095042 #1096140 #1096242

#1096281 #1096728 #1097356 #973378

Cross- CVE-2017-13305 CVE-2017-18241 CVE-2017-18249

CVE-2018-1000199 CVE-2018-1000204 CVE-2018-1065

CVE-2018-1092 CVE-2018-1093 CVE-2018-1094

CVE-2018-1130 CVE-2018-3665 CVE-2018-5803

CVE-2018-5848 CVE-2018-7492

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2017-13305.html

https://www.suse.com/security/cve/CVE-2017-18241.html

https://www.suse.com/security/cve/CVE-2017-18249.html

https://www.suse.com/security/cve/CVE-2018-1000199.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:1855-2
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.