Explore top 10 tips to secure your open-source projects now. Read More
×
The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.147 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bsc#1103580). - CVE-2018-10876: A flaw was found in the ext4 filesystem code. A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811)
#1012382 #1064232 #1065364 #1068032 #1076110
#1082653 #1082979 #1085042 #1085536 #1086457
#1087081 #1089343 #1090123 #1090435 #1091171
#1091860 #1092001 #1094244 #1095643 #1096254
#1096978 #1097771 #1098253 #1098599 #1099792
#1099811 #1099813 #1099844 #1099845 #1099846
#1099849 #1099858 #1099863 #1099864 #1100132
#1100843 #1100930 #1101296 #1101331 #1101658
#1101789 #1101822 #1101841 #1102188 #1102197
#1102203 #1102205 #1102207 #1102211 #1102214
#1102215 #1102340 #1102394 #1102683 #1102715
#1102797 #1102851 #1103097 #1103119 #1103269
#1103445 #1103580 #1103717 #1103745 #1103884
#1104174 #1104319 #1104365 #1104494 #1104495
#1104897 #1105292 #970506
Cross- CVE-2017-18344 CVE-2018-10876 CVE-2018-10877
...
Read the Full Advisory
Get the latest Linux and open source security news straight to your inbox.