Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.1482.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:1482-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:1482-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:1482-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
This update main focus is a regression fix in SystemV IPC handling.
(bsc#1093600)
The following non-security bugs were fixed:
- Drop cBPF SSBD as classic BPF does not really have a proper concept of
pointers, and without eBPF maps the out-of-bounds access in speculative
execution branch can't be mounted. Moreoever, seccomp BPF uses only such
a subset of BPF that can only do absolute indexing, and therefore
seccomp data buffer boundarier can't be crossed. Information condensed
from Alexei and Kees.
- ibrs used instead of retpoline on Haswell processor with
spectre_v2=retpoline (bsc#1092497)
- ib/mlx4: Convert slave port before building address-handle (bug#919382
FATE#317529).
- KABI protect struct _lowcore (bsc#1089386).
- Update config files, add Spectre mitigation for s390x (bnc#1089386,
LTC#166572).
- Update s390 config files (bsc#1089386).
- fanotify: fix logic of events on child (bsc#1013018).
- ipc/msg: Fix faulty parsing of msgctl args (bsc#1093600,bsc#1072689).
- ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).
- ocfs2/dlm: wait for dlm recovery done when migrating all lock resources
(bsc#1013018).
- powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and
architecture bits (bsc#1087082).
- powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 (FATE#325713,
bsc#1093710).
- s390/cio: update chpid descriptor after resource accessibility event
(bnc#1091659, LTC#167429).
- s390/dasd: fix IO error for newly defined devices (bnc#1091659,
LTC#167398).
- s390/qdio: fix access to uninitialized qdio_q fields (bnc#1091659,
LTC#168037).
- s390/qeth: on channel error, reject further cmd requests (bnc#1088343,
LTC#165985).
- s390: add automatic detection of the spectre defense (bnc#1089386,
LTC#166572).
- s390: add optimized array_index_mask_nospec (bnc#1089386, LTC#166572).
- s390: add sysfs attributes for spectre (bnc#1089386, LTC#166572).
- s390: correct module section names for expoline code revert
(bsc#1089386).
- s390: correct nospec auto detection init order (bnc#1089386, LTC#166572).
- s390: do not bypass BPENTER for interrupt system calls (bnc#1089386,
LTC#166572).
- s390: fix retpoline build on 31bit (bsc#1089386).
- s390: improve cpu alternative handling for gmb and nobp (bnc#1089386,
LTC#166572).
- s390: introduce execute-trampolines for branches (bnc#1089386,
LTC#166572).
- s390: move nobp parameter functions to nospec-branch.c (bnc#1089386,
LTC#166572).
- s390: report spectre mitigation via syslog (bnc#1089386, LTC#166572).
- s390: run user space and KVM guests with modified branch prediction
(bnc#1089386, LTC#166572).
- s390: scrub registers on kernel entry and KVM exit (bnc#1089386,
LTC#166572).
- x86, mce: Fix mce_start_timer semantics (bsc#1090607).
- x86/kaiser: symbol kaiser_set_shadow_pgd() exported with non GPL

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.