SUSE: 2018:2860-1 Important: Live Patch Denial of Service Fix
suse
September 25, 2018
An update that fixes four vulnerabilities is now available
Summary
This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not
Topics Covered
References
#1096723 #1102682 #1105323 #1106191
Cross- CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938
CVE-2018-5390
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
https://www.suse.com/security/cve/CVE-2018-1000026.html
https://www.suse.com/security/cve/CVE-2018-10902.html
https://www.suse.com/security/cve/CVE-2018-10938.html
https://www.suse.com/security/cve/CVE-2018-5390.html
https://bugzilla.suse.com/1096723
https://bugzilla.suse.com/1102682
https://bugzilla.suse.com/1105323
https://bugzilla.suse.com/1106191
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2018:2860-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!