Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

SUSE: 2020:2194-1 Critical: Linux Kernel Live Update 15

suse
Calendar Grey October 17, 2018
Dist Suse Esm H88
An essential patch for SUSE Linux Kernel tackling major vulnerabilities to improve overall system security.
An update that fixes three vulnerabilities is now available

Summary

This update for the Linux Kernel 3.12.74-60_64_104 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was

References

#1102682 #1107832 #1110233

Cross- CVE-2018-14633 CVE-2018-17182 CVE-2018-5390

Affected Products:

SUSE Linux Enterprise Server 12-SP1-LTSS

https://www.suse.com/security/cve/CVE-2018-14633.html

https://www.suse.com/security/cve/CVE-2018-17182.html

https://www.suse.com/security/cve/CVE-2018-5390.html

https://bugzilla.suse.com/1102682

https://bugzilla.suse.com/1107832

https://bugzilla.suse.com/1110233

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3172-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.