Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

SUSE: 2018:3746-1 Important: Kernel Security Issues Resolved

suse
Calendar Grey November 13, 2018
Dist Suse Esm H88
SUSE Security Patch for Linux Kernel. Numerous vulnerabilities addressed with urgent solutions. Upgrade immediately!
An update that solves 8 vulnerabilities and has 21 fixes is now available

Summary

The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: An issue was discovered in the Linux kernel, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An issue was discovered in the Linux kernel, an information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast

References

#1031240 #1047027 #1049128 #1050431 #1064861

#1065600 #1066674 #1071021 #1081680 #1094244

#1094825 #1103145 #1105799 #1106139 #1106240

#1107371 #1107829 #1107849 #1108314 #1108498

#1109806 #1109818 #1110006 #1110247 #1113337

#1113751 #1113769 #1114460 #923775

Cross- CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273

CVE-2018-14633 CVE-2018-18281 CVE-2018-18386

CVE-2018-18710 CVE-2018-9516

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-EXTRA

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2017-1000407.html

https://www.suse.com/security/cve/CVE-2017-16533.html

https://www.suse.com/security/cve/CVE-2017-7273.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3746-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.