Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 486
Alerts This Week
Warning Icon 1 486

SUSE: 2018:2678-1 Important: Linux Kernel Live Patch 2 Details

suse
Calendar Grey September 10, 2018
Dist Suse Esm H88
SUSE has released a critical security update that targets significant kernel vulnerabilities within Live Patch 2, designed to improve overall system security and robustness.
An update that solves two vulnerabilities and has one errata is now available

Summary

This update for the Linux Kernel 4.12.14-25_6 fixes several issues. The following security issues were fixed: - CVE-2018-15471: An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c. The Linux netback driver allowed frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks (bsc#1105026). - CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed,

References

#1097108 #1103203 #1105026

Cross- CVE-2018-10853 CVE-2018-15471

Affected Products:

SUSE Linux Enterprise Module for Live Patching 15

https://www.suse.com/security/cve/CVE-2018-10853.html

https://www.suse.com/security/cve/CVE-2018-15471.html

https://bugzilla.suse.com/1097108

https://bugzilla.suse.com/1103203

https://bugzilla.suse.com/1105026

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2678-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.