Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

SUSE: 2021:5098-1 Critical: Kernel Live Patch Security Flaw

suse
Calendar Grey October 22, 2018
Dist Suse Esm H88
A recent patch addresses significant vulnerabilities in the Linux Kernel for SUSE 15. Urgent measures are advised for users impacted by this update.
An update that fixes two vulnerabilities is now available

Summary

This update for the Linux Kernel 4.12.14-25_16 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was

References

#1107832 #1110233

Cross- CVE-2018-14633 CVE-2018-17182

Affected Products:

SUSE Linux Enterprise Module for Live Patching 15

https://www.suse.com/security/cve/CVE-2018-14633.html

https://www.suse.com/security/cve/CVE-2018-17182.html

https://bugzilla.suse.com/1107832

https://bugzilla.suse.com/1110233

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3272-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.