SUSE Linux Enterprise 12: 2018:2362-1 Important: Kernel Update

suse

August 16, 2018

An update that solves 6 vulnerabilities and has four fixes is now available

Summary

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group.

Topics Covered

security advisory denial of service local privilege escalation important kernel integer overflow SUSE Linux Enterprise

References

#1012382 #1064232 #1068032 #1087081 #1089343

#1098016 #1099924 #1100416 #1100418 #1103119

Cross- CVE-2018-13053 CVE-2018-13405 CVE-2018-13406

CVE-2018-14734 CVE-2018-3620 CVE-2018-3646

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

SUSE Linux Enterprise Module for Public Cloud 12

https://www.suse.com/security/cve/CVE-2018-13053.html

https://www.suse.com/security/cve/CVE-2018-13405.html

https://www.suse.com/security/cve/CVE-2018-13406.html

https://www.suse.com/security/cve/CVE-2018-14734.html

https://www.suse.com/security/cve/CVE-2018-3620.html

https://www.suse.com/security/cve/CVE-2018-3646.html

https://bugzilla.suse.com/1012382

https://bugzilla.suse.com/1064232

https://bugzilla.suse.com/1068032

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:2362-1

Rating: important

Topics Covered

security advisory denial of service local privilege escalation important kernel integer overflow SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise 12: 2018:2362-1 Important: Kernel Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise 12: 2018:2362-1 Important: Kernel Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!