SUSE 11 SP4: Security Advisory 2018:2637-1 Critical Kernel Issues

suse

September 6, 2018

An update that solves 13 vulnerabilities and has 18 fixes is now available

Summary

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2017-13305: A information disclosure vulnerability was fixed in the encrypted-keys handling. (bnc#1094353). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device lead to a local kernel data leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728).

Topics Covered

security advisory denial of service memory corruption important kernel system update information disclosure

References

#1015828 #1037441 #1047487 #1082962 #1083900

#1085107 #1087081 #1089343 #1092904 #1093183

#1094353 #1096480 #1096728 #1097125 #1097234

#1097562 #1098016 #1098658 #1099709 #1099924

#1099942 #1100091 #1100132 #1100418 #1102087

#1103884 #1103909 #1104365 #1104475 #1104684

#909361

Cross- CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204

CVE-2018-1068 CVE-2018-1130 CVE-2018-12233

CVE-2018-13053 CVE-2018-13406 CVE-2018-3620

CVE-2018-3646 CVE-2018-5803 CVE-2018-5814

CVE-2018-7492

Affected Products:

SUSE Linux Enterprise Real Time Extension 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2016-8405.html

https://www.suse.com/security/cve/CVE-2017-13305.html

https://www.suse.com/security/cve/CVE-2018-1000204.html

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:2637-1

Rating: important

Topics Covered

security advisory denial of service memory corruption important kernel system update information disclosure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 11 SP4: Security Advisory 2018:2637-1 Critical Kernel Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 11 SP4: Security Advisory 2018:2637-1 Critical Kernel Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!