Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.3618.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:3618-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:3618-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:3618-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target
to be enabled on the victim host. Depending on how the target's code was
built (i.e. depending on a compiler, compile flags and hardware
architecture) an attack may lead to a system crash and thus to a
denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. (bnc#1107829).

CVE-2018-14617: There is a NULL pointer dereference and panic in
hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
purportedly a hard link) in an hfs+ filesystem that has malformed
catalog data, and is mounted read-only without a metadata directory
(bnc#1102870).

CVE-2018-16276: An issue was discovered in yurex_read in
drivers/usb/misc/yurex.c where local attackers could use user access
read/writes with incorrect bounds checking in the yurex USB driver to
crash the kernel or potentially escalate privileges (bnc#1106095).

CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the
POSIX timer code is caused by the way the overrun accounting works.
Depending on interval and expiry time values, the overrun can be larger
than INT_MAX, but the accounting is int based. This basically made the
accounting values, which are visible to user space via
timer_getoverrun(2) and siginfo::si_overrun, random. For example, a
local user can cause a denial of service (signed integer overflow) via
crafted mmap, futex, timer_create, and timer_settime system calls
(bnc#1099922).

The following non-security bugs were fixed:
net: fix neighbours after MAC change (bnc#905299).

powerpc: Fix smp_mb__before_spinlock() (bsc#1110247).

x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967).

x86/fpu: fix signal handling with eager FPU switching (ia32)
(bsc#1108227).

retpoline: Introduce start/end markers of indirect thunk (bsc#1113337).

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
8.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-12896
Common Vulnerability Exposure (CVE) ID: CVE-2018-14617
Common Vulnerability Exposure (CVE) ID: CVE-2018-14633
Common Vulnerability Exposure (CVE) ID: CVE-2018-16276
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.