Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.1172.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:1172-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:1172-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:1172-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to
potentially escalate their privileges inside a guest. (bsc#1087088)
- CVE-2018-8897: An unprivileged system user could use incorrect set up
interrupt stacks to crash the Linux kernel resulting in DoS issue.
(bsc#1087088)
- CVE-2018-10124: The kill_something_info function in kernel/signal.c
might allow local users to cause a denial of service via an INT_MIN
argument (bnc#1089752).
- CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow
local users to cause a denial of service by triggering an attempted use
of the -INT_MIN value (bnc#1089608).
- CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
of service (memory consumption) via many read accesses to files in the
/sys/class/sas_phy directory, as demonstrated by the
/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536
1087209).
- CVE-2018-7566: A Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL
ioctl write operation to /dev/snd/seq by a local user was fixed
(bnc#1083483).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function
in the ALSA subsystem allowed attackers to gain privileges via
unspecified vectors (bnc#1088260).
- CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel
function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious
NCPFS servers to crash the kernel or execute code (bnc#1086162).
- CVE-2017-13166: An elevation of privilege vulnerability in the kernel
v4l2 video driver. (bnc#1072865).
- CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c
allow local users to cause a denial of service (BUG) by leveraging a
race condition with __dm_destroy during creation and removal of DM
devices (bnc#1083242).
- CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to
disclose kernel memory addresses. Successful exploitation requires that
a USB device is attached over IP (bnc#1078674).
- CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed
local users to cause a denial of service (infinite loop) by triggering
use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).
- CVE-2017-16644: The hdpvr_probe function in
drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a
denial of service (improper error handling and system crash) or possibly
have unspecified other impact via a crafted USB device (bnc#1067118).
- CVE-2018-6927: The futex_requeue function in kernel/futex.c might allow
attackers to cause a denial of service (integer overflow) or possibly
have unspecified other impact by triggering a negative wake or requeue
value (bnc#1080757).
- CVE-2017-1691... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5156
BugTraq ID: 76230
http://www.securityfocus.com/bid/76230
Debian Security Information: DSA-3364 (Google Search)
http://www.debian.org/security/2015/dsa-3364
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171454.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169378.html
RedHat Security Advisories: RHSA-2015:1978
http://rhn.redhat.com/errata/RHSA-2015-1978.html
RedHat Security Advisories: RHSA-2016:0855
http://rhn.redhat.com/errata/RHSA-2016-0855.html
http://www.securitytracker.com/id/1034045
SuSE Security Announcement: SUSE-SU-2015:1727 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
SuSE Security Announcement: SUSE-SU-2015:2292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
http://www.ubuntu.com/usn/USN-2773-1
http://www.ubuntu.com/usn/USN-2774-1
http://www.ubuntu.com/usn/USN-2777-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-7915
BugTraq ID: 94138
http://www.securityfocus.com/bid/94138
RedHat Security Advisories: RHSA-2016:2574
http://rhn.redhat.com/errata/RHSA-2016-2574.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-0861
BugTraq ID: 102329
http://www.securityfocus.com/bid/102329
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://security-tracker.debian.org/tracker/CVE-2017-0861
https://source.android.com/security/bulletin/pixel/2017-11-01
Debian Security Information: DSA-4187 (Google Search)
https://www.debian.org/security/2018/dsa-4187
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html
RedHat Security Advisories: RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2390
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RedHat Security Advisories: RHSA-2020:0036
https://access.redhat.com/errata/RHSA-2020:0036
https://usn.ubuntu.com/3583-1/
https://usn.ubuntu.com/3583-2/
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3632-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-1087
BugTraq ID: 104127
http://www.securityfocus.com/bid/104127
Debian Security Information: DSA-4196 (Google Search)
https://www.debian.org/security/2018/dsa-4196
http://www.openwall.com/lists/oss-security/2018/05/08/5
https://access.redhat.com/security/vulnerabilities/pop_ss
RedHat Security Advisories: RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1318
RedHat Security Advisories: RHSA-2018:1345
https://access.redhat.com/errata/RHSA-2018:1345
RedHat Security Advisories: RHSA-2018:1347
https://access.redhat.com/errata/RHSA-2018:1347
RedHat Security Advisories: RHSA-2018:1348
https://access.redhat.com/errata/RHSA-2018:1348
RedHat Security Advisories: RHSA-2018:1355
https://access.redhat.com/errata/RHSA-2018:1355
RedHat Security Advisories: RHSA-2018:1524
https://access.redhat.com/errata/RHSA-2018:1524
http://www.securitytracker.com/id/1040862
https://usn.ubuntu.com/3641-1/
https://usn.ubuntu.com/3641-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-6927
BugTraq ID: 103023
http://www.securityfocus.com/bid/103023
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15
RedHat Security Advisories: RHSA-2018:0654
https://access.redhat.com/errata/RHSA-2018:0654
RedHat Security Advisories: RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:0676
RedHat Security Advisories: RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1062
https://usn.ubuntu.com/3697-1/
https://usn.ubuntu.com/3697-2/
https://usn.ubuntu.com/3698-1/
https://usn.ubuntu.com/3698-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7566
BugTraq ID: 103605
http://www.securityfocus.com/bid/103605
https://bugzilla.redhat.com/show_bug.cgi?id=1550142
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da
Debian Security Information: DSA-4188 (Google Search)
https://www.debian.org/security/2018/dsa-4188
http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html
RedHat Security Advisories: RHSA-2018:2384
https://access.redhat.com/errata/RHSA-2018:2384
RedHat Security Advisories: RHSA-2018:2395
https://access.redhat.com/errata/RHSA-2018:2395
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
RedHat Security Advisories: RHSA-2019:1483
https://access.redhat.com/errata/RHSA-2019:1483
RedHat Security Advisories: RHSA-2019:1487
https://access.redhat.com/errata/RHSA-2019:1487
SuSE Security Announcement: SUSE-SU-2018:0834 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html
https://usn.ubuntu.com/3631-1/
https://usn.ubuntu.com/3631-2/
https://usn.ubuntu.com/3798-1/
https://usn.ubuntu.com/3798-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7757
BugTraq ID: 103348
http://www.securityfocus.com/bid/103348
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4
https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4
https://usn.ubuntu.com/3654-1/
https://usn.ubuntu.com/3654-2/
https://usn.ubuntu.com/3656-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8822
BugTraq ID: 103476
http://www.securityfocus.com/bid/103476
https://usn.ubuntu.com/3653-1/
https://usn.ubuntu.com/3653-2/
https://usn.ubuntu.com/3655-1/
https://usn.ubuntu.com/3655-2/
https://usn.ubuntu.com/3657-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8897
BugTraq ID: 104071
http://www.securityfocus.com/bid/104071
CERT/CC vulnerability note: VU#631579
https://www.kb.cert.org/vuls/id/631579
Debian Security Information: DSA-4201 (Google Search)
https://www.debian.org/security/2018/dsa-4201
https://www.exploit-db.com/exploits/44697/
https://www.exploit-db.com/exploits/45024/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
http://openwall.com/lists/oss-security/2018/05/08/1
http://openwall.com/lists/oss-security/2018/05/08/4
https://bugzilla.redhat.com/show_bug.cgi?id=1567074
https://github.com/can1357/CVE-2018-8897/
https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
https://patchwork.kernel.org/patch/10386677/
https://support.apple.com/HT208742
https://svnweb.freebsd.org/base?view=revision&revision=333368
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc
https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html
https://xenbits.xen.org/xsa/advisory-260.html
https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
RedHat Security Advisories: RHSA-2018:1319
https://access.redhat.com/errata/RHSA-2018:1319
RedHat Security Advisories: RHSA-2018:1346
https://access.redhat.com/errata/RHSA-2018:1346
RedHat Security Advisories: RHSA-2018:1349
https://access.redhat.com/errata/RHSA-2018:1349
RedHat Security Advisories: RHSA-2018:1350
https://access.redhat.com/errata/RHSA-2018:1350
RedHat Security Advisories: RHSA-2018:1351
https://access.redhat.com/errata/RHSA-2018:1351
RedHat Security Advisories: RHSA-2018:1352
https://access.redhat.com/errata/RHSA-2018:1352
RedHat Security Advisories: RHSA-2018:1353
https://access.redhat.com/errata/RHSA-2018:1353
RedHat Security Advisories: RHSA-2018:1354
https://access.redhat.com/errata/RHSA-2018:1354
http://www.securitytracker.com/id/1040744
http://www.securitytracker.com/id/1040849
http://www.securitytracker.com/id/1040861
http://www.securitytracker.com/id/1040866
http://www.securitytracker.com/id/1040882
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.