SUSE Linux 12 SP3: SUSE-SU-2018:3164-1 Important: Kernel Live Patch
suse
October 16, 2018
An update that fixes two vulnerabilities is now available
Summary
This update for the Linux Kernel 4.4.131-94_29 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was
References
#1107832 #1110233
Cross- CVE-2018-14633 CVE-2018-17182
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP3
https://www.suse.com/security/cve/CVE-2018-14633.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://bugzilla.suse.com/1107832
https://bugzilla.suse.com/1110233
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2018:3164-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!