Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

SUSE: 2023:4505-1 Critical: Kernel Patch for SLE 15 SP3 Fixes Three Issues

suse
Calendar Grey October 17, 2018
Dist Suse Esm H88
An update resolves multiple security issues in the Linux Kernel for SUSE version 12 SP1, focusing on critical vulnerabilities.
An update that fixes three vulnerabilities is now available

Summary

This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14634: An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable (bsc#1108963). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an

References

#1107832 #1108963 #1110233

Cross- CVE-2018-14633 CVE-2018-14634 CVE-2018-17182

Affected Products:

SUSE Linux Enterprise Server 12-SP1-LTSS

https://www.suse.com/security/cve/CVE-2018-14633.html

https://www.suse.com/security/cve/CVE-2018-14634.html

https://www.suse.com/security/cve/CVE-2018-17182.html

https://bugzilla.suse.com/1107832

https://bugzilla.suse.com/1108963

https://bugzilla.suse.com/1110233

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3171-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.