Explore top 10 tips to secure your open-source projects now. Read More
×
This update for the Linux Kernel 4.12.14-25_13 fixes several issues. The following security issues were fixed: - CVE-2018-10938: It was found that a crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system an attacker could leverage this flaw (bsc#1106191). - CVE-2018-15471: It was found that the netback driver allowed frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in
#1097108 #1103203 #1105026 #1106191
Cross- CVE-2018-10853 CVE-2018-10938 CVE-2018-15471
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-10938.html
https://www.suse.com/security/cve/CVE-2018-15471.html
https://bugzilla.suse.com/1097108
https://bugzilla.suse.com/1103203
https://bugzilla.suse.com/1105026
https://bugzilla.suse.com/1106191
Get the latest Linux and open source security news straight to your inbox.