Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 528
Alerts This Week
Warning Icon 1 528

SUSE Linux RT Kernel 2018:3869-1 Important: DoS and Information Leak

suse
Calendar Grey November 22, 2018
Dist Suse Esm H88
Key announcement for SUSE Linux RT Kernel addresses 8 vulnerabilities and boosts system safety, rectifying major concerns.
An update that solves 8 vulnerabilities and has 21 fixes is now available

Summary

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to 3.0.101-rt130-69.39 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: An issue was discovered in the Linux kernel, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An issue was discovered in the Linux kernel, an information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast

References

#1031240 #1047027 #1049128 #1050431 #1064861

#1065600 #1066674 #1071021 #1081680 #1094244

#1094825 #1103145 #1105799 #1106139 #1106240

#1107371 #1107829 #1107849 #1108314 #1108498

#1109806 #1109818 #1110006 #1110247 #1113337

#1113751 #1113769 #1114460 #923775

Cross- CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273

CVE-2018-14633 CVE-2018-18281 CVE-2018-18386

CVE-2018-18710 CVE-2018-9516

Affected Products:

SUSE Linux Enterprise Real Time Extension 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2017-1000407.html

https://www.suse.com/security/cve/CVE-2017-16533.html

https://www.suse.com/security/cve/CVE-2017-7273.html

https://www.suse.com/security/cve/CVE-2018-14633.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3869-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.