Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:2366-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:2366-1 advisory.
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:2366-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2016-8405: An information disclosure vulnerability in kernel
components including the ION subsystem, Binder, USB driver and
networking subsystem could enable a local malicious application to
access data outside of its permission levels. (bnc#1099942).
- CVE-2017-13305: A information disclosure vulnerability existed in the
encrypted-keys handling. (bnc#1094353).
- CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could
lead to a local kernel information leak manifesting in up to
approximately 1000 memory pages copied to the userspace. The problem has
limited scope as non-privileged users usually have no permissions to
access SCSI device files. (bnc#1096728).
- CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall
interface for bridging. This allowed a privileged user to arbitrarily
write to a limited range of kernel memory (bnc#1085107).
- CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function
in net/dccp/output.c allowed a local user to cause a denial of service
by a number of certain crafted system calls (bnc#1092904).
- CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory
corruption bug in JFS can be triggered by calling setxattr twice with
two different extended attribute names on the same file. This
vulnerability can be triggered by an unprivileged user with the ability
to create files and execute programs. A kmalloc call is incorrect,
leading to slab-out-of-bounds in jfs_xattr (bnc#1097234).
- CVE-2018-13053: The alarm_timer_nsleep function in
kernel/time/alarmtimer.c had an integer overflow via a large relative
timeout because ktime_add_safe is not used (bnc#1099924).
- CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in
drivers/video/fbdev/uvesafb.c kernel could result in local attackers
being able to crash the kernel or potentially elevate privileges because
kmalloc_array is not used (bnc#1098016 1100418).
- CVE-2018-3620: Local attackers on baremetal systems could use
speculative code patterns on hyperthreaded processors to read data
present in the L1 Datacache used by other hyperthreads on the same CPU
core, potentially leaking sensitive data. (bnc#1087081).
- CVE-2018-3646: Local attackers in virtualized guest systems could use
speculative code patterns on hyperthreaded processors to read data
present in the L1 Datacache used by other hyperthreads on the same CPU
core, potentially leaking sensitive data, even from other virtual
machines or the host system. (bnc#1089343).
- CVE-2018-5803: An error in the '_sctp_make_chunk()' function
(net/sctp/sm_make_chunk.c) when handling SCTP packets length could be
exploited to cause a kernel crash (bnc#1083900).
- CVE-2018-5814: Multiple race condition errors when handl... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-8405
BugTraq ID: 94686
Debian Security Information: DSA-3791 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2018-1068
BugTraq ID: 103459
Debian Security Information: DSA-4187 (Google Search)
Debian Security Information: DSA-4188 (Google Search)
RedHat Security Advisories: RHSA-2018:1318
RedHat Security Advisories: RHSA-2018:1355
RedHat Security Advisories: RHSA-2018:2948
RedHat Security Advisories: RHSA-2019:1170
RedHat Security Advisories: RHSA-2019:1190
RedHat Security Advisories: RHSA-2019:4159
Common Vulnerability Exposure (CVE) ID: CVE-2018-1130
RedHat Security Advisories: RHSA-2018:1854
RedHat Security Advisories: RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
Common Vulnerability Exposure (CVE) ID: CVE-2018-3620
BugTraq ID: 105080
CERT/CC vulnerability note: VU#982149
Cisco Security Advisory: 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
Debian Security Information: DSA-4274 (Google Search)
Debian Security Information: DSA-4279 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-18:09
RedHat Security Advisories: RHSA-2018:2384
RedHat Security Advisories: RHSA-2018:2387
RedHat Security Advisories: RHSA-2018:2388
RedHat Security Advisories: RHSA-2018:2389
RedHat Security Advisories: RHSA-2018:2390
RedHat Security Advisories: RHSA-2018:2391
RedHat Security Advisories: RHSA-2018:2392
RedHat Security Advisories: RHSA-2018:2393
RedHat Security Advisories: RHSA-2018:2394
RedHat Security Advisories: RHSA-2018:2395
RedHat Security Advisories: RHSA-2018:2396
RedHat Security Advisories: RHSA-2018:2402
RedHat Security Advisories: RHSA-2018:2403
RedHat Security Advisories: RHSA-2018:2404
RedHat Security Advisories: RHSA-2018:2602
RedHat Security Advisories: RHSA-2018:2603
Common Vulnerability Exposure (CVE) ID: CVE-2018-3646
Common Vulnerability Exposure (CVE) ID: CVE-2018-5803
RedHat Security Advisories: RHSA-2019:0641
Common Vulnerability Exposure (CVE) ID: CVE-2018-5814
SuSE Security Announcement: openSUSE-SU-2019:1407 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2018-7492
BugTraq ID: 103185
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.