|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2018:3618-1)|
|Summary:||The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:3618-1 advisory.|
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:3618-1 advisory.
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target
to be enabled on the victim host. Depending on how the target's code was
built (i.e. depending on a compiler, compile flags and hardware
architecture) an attack may lead to a system crash and thus to a
denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
CVE-2018-14617: There is a NULL pointer dereference and panic in
hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
purportedly a hard link) in an hfs+ filesystem that has malformed
catalog data, and is mounted read-only without a metadata directory
CVE-2018-16276: An issue was discovered in yurex_read in
drivers/usb/misc/yurex.c where local attackers could use user access
read/writes with incorrect bounds checking in the yurex USB driver to
crash the kernel or potentially escalate privileges (bnc#1106095).
CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the
POSIX timer code is caused by the way the overrun accounting works.
Depending on interval and expiry time values, the overrun can be larger
than INT_MAX, but the accounting is int based. This basically made the
accounting values, which are visible to user space via
timer_getoverrun(2) and siginfo::si_overrun, random. For example, a
local user can cause a denial of service (signed integer overflow) via
crafted mmap, futex, timer_create, and timer_settime system calls
The following non-security bugs were fixed:
net: fix neighbours after MAC change (bnc#905299).
powerpc: Fix smp_mb__before_spinlock() (bsc#1110247).
x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967).
x86/fpu: fix signal handling with eager FPU switching (ia32)
retpoline: Introduce start/end markers of indirect thunk (bsc#1113337).
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2018-12896|
Common Vulnerability Exposure (CVE) ID: CVE-2018-14617
Common Vulnerability Exposure (CVE) ID: CVE-2018-14633
Common Vulnerability Exposure (CVE) ID: CVE-2018-16276
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.