SUSE: 2018:3238-1 Important: Kernel Live Patch 36 Privilege Escalation
suse
October 19, 2018
An update that fixes three vulnerabilities is now available
Summary
This update for the Linux Kernel 3.12.61-52_136 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14634: An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable (bsc#1108963). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an
Topics Covered
References
#1107832 #1108963 #1110233
Cross- CVE-2018-14633 CVE-2018-14634 CVE-2018-17182
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
https://www.suse.com/security/cve/CVE-2018-14633.html
https://www.suse.com/security/cve/CVE-2018-14634.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://bugzilla.suse.com/1107832
https://bugzilla.suse.com/1108963
https://bugzilla.suse.com/1110233
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2018:3238-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!