 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.4.2018.1821.1 |
| Category: | SuSE Local Security Checks |
| Title: | SUSE: Security Advisory (SUSE-SU-2018:1821-1) |
| Summary: | The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:1821-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:1821-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added: - Btrfs: Remove empty block groups in the background The following security bugs were fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Btrfs: Avoid trucating page or punching hole in a already existed hole (bsc#1088998). - Btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1094424). - Btrfs: Fix lost-data-profile caused by auto removing bg. - Btrfs: Fix misuse of chunk mutex - Btrfs: Fix out-of-space bug (bsc#1089231). - Btrfs: Set relative data on clear btrfs_block_group_cache->pinned. - Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239). - Btrfs: add alloc_fs_devices and switch to it (bsc#1089205). - Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204). - Btrfs: add missing discards when unpinning extents with -o discard. - Btrfs: add missing inode update when punching hole (bsc#1089006). - Btrfs: add support for asserts (bsc#1089207). - Btrfs: avoid syncing log in the fast fsync path when not necessary (bsc#1089010). - Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries. - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#1089235). - Btrfs: cleanup backref search commit root flag stuff (bsc#1089200). - Btrfs: delete chunk allocation attemp when setting block group ro. - Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210). - Btrfs: do not mix the ordered extents of all files together during logging the inodes (bsc#1089214). - Btrfs: do not remove extents and xattrs when logging new names (bsc#1089005). - Btrfs: eliminate races in worker stopping code (bsc#1089211). - Btrfs: ensure deletion from pinned_chunks list is protected. - Btrfs: explictly delete unused block groups in close_ctree and ro-remount. - Btrfs: fix -ENOSPC on block group removal. - Btrfs: fix -ENOSPC when finishing block group creation. - Btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group. - Btrfs: fix NULL pointer crash when running balance and scrub concurrently (bsc#1089220). - Btrfs: fix chunk allocation regression leading to transaction abort (bsc#1089236). - Btrfs: fix crash caused by block group removal. - Btrfs: fix data loss in the fast fsync path (bsc#1089007). - Btrfs: fix deadlock caused by fsync when logging directory entries (bsc#1093194). - Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001). - Btrfs: fix directory recovery from fsync log (bsc#1088999). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#1093195). - ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server for SAP Applications 11-SP4. Solution: Please install the updated package(s). CVSS Score: 4.7 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-3665 BugTraq ID: 104460 http://www.securityfocus.com/bid/104460 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://nvidia.custhelp.com/app/answers/detail/a_id/4787 https://security.netapp.com/advisory/ntap-20181016-0001/ https://security.paloaltonetworks.com/CVE-2018-3665 https://support.citrix.com/article/CTX235745 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html https://www.synology.com/support/security/Synology_SA_18_31 Debian Security Information: DSA-4232 (Google Search) https://www.debian.org/security/2018/dsa-4232 FreeBSD Security Advisory: FreeBSD-SA-18:07 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc https://www.oracle.com/security-alerts/cpujul2020.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html RedHat Security Advisories: RHSA-2018:1852 https://access.redhat.com/errata/RHSA-2018:1852 RedHat Security Advisories: RHSA-2018:1944 https://access.redhat.com/errata/RHSA-2018:1944 RedHat Security Advisories: RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2164 RedHat Security Advisories: RHSA-2018:2165 https://access.redhat.com/errata/RHSA-2018:2165 RedHat Security Advisories: RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170 RedHat Security Advisories: RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190 http://www.securitytracker.com/id/1041124 http://www.securitytracker.com/id/1041125 https://usn.ubuntu.com/3696-1/ https://usn.ubuntu.com/3696-2/ https://usn.ubuntu.com/3698-1/ https://usn.ubuntu.com/3698-2/ |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |