|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2018:3746-1)|
|Summary:||The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:3746-1 advisory.|
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:3746-1 advisory.
The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81 to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-18281: An issue was discovered in the Linux kernel, the
mremap() syscall performs TLB flushes after dropping pagetable locks. If
a syscall such as ftruncate() removes entries from the pagetables of a
task that is in the middle of mremap(), a stale TLB entry can remain for
a short time that permits access to a physical page after it has been
released back to the page allocator and reused (bnc#1113769).
CVE-2018-18710: An issue was discovered in the Linux kernel, an
information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c
could be used by local attackers to read kernel memory because a cast
from unsigned long to int interferes with bounds checking. This is
similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).
CVE-2018-18386: drivers/tty/n_tty.c in the Linux kernel allowed local
attackers (who are able to access pseudo terminals) to hang/block
further usage of any pseudo terminal devices due to an EXTPROC versus
ICANON confusion in TIOCINQ (bnc#1094825).
CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c
in the Linux kernel 4.x allowed physically proximate attackers to cause
a denial of service (integer underflow) or possibly have unspecified
other impact via a crafted HID report (bnc#1031240).
CVE-2017-16533: The usbhid_parse function in
drivers/hid/usbhid/hid-core.c in the Linux kernel allowed local users to
cause a denial of service (out-of-bounds read and system crash) or
possibly have unspecified other impact via a crafted USB device
CVE-2017-1000407: An denial of service issue was discovered in the Linux
kernel, by flooding the diagnostic port 0x80 an exception can be
triggered leading to a kernel panic (bnc#1071021).
CVE-2018-9516: An issue was discovered in the Linux kernel, the
copy_to_user() inside the HID code does not correctly check the length
before executing (bsc#1108498).
CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in the Linux
kernel in a way an authentication request from an ISCSI initiator is
processed. An unauthenticated remote attacker can cause a stack buffer
overflow and smash up to 17 bytes of the stack. The attack requires the
iSCSI target to be enabled on the victim host. Depending on how the
target's code was built (i.e. depending on a compiler, compile flags and
hardware architecture) an attack may lead to a system crash and thus to
a denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
The following non-security bugs were fixed:
Btrfs: fix deadlock when fi... [Please see the references for more information on the vulnerabilities]
'Linux Kernel' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Debuginfo 11-SP4
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2017-7273|
BugTraq ID: 97190
Common Vulnerability Exposure (CVE) ID: CVE-2018-9516
Debian Security Information: DSA-4308 (Google Search)
RedHat Security Advisories: RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.