The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2016-8405: An information disclosure vulnerability     in kernel components including the ION subsystem,     Binder, USB driver and networking subsystem could enable     a local malicious application to access data outside of     its permission levels. (bnc#1099942).

  - CVE-2017-13305: A information disclosure vulnerability     existed in the encrypted-keys handling. (bnc#1094353).

  - CVE-2018-1000204: A malformed SG_IO ioctl issued for a     SCSI device could lead to a local kernel information     leak manifesting in up to approximately 1000 memory     pages copied to the userspace. The problem has limited     scope as non-privileged users usually have no     permissions to access SCSI device files. (bnc#1096728).

  - CVE-2018-1068: A flaw was found in the implementation of     32-bit syscall interface for bridging. This allowed a     privileged user to arbitrarily write to a limited range     of kernel memory (bnc#1085107).

  - CVE-2018-1130: A NULL pointer dereference in     dccp_write_xmit() function in net/dccp/output.c allowed     a local user to cause a denial of service by a number of     certain crafted system calls (bnc#1092904).

  - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c     a memory corruption bug in JFS can be triggered by     calling setxattr twice with two different extended     attribute names on the same file. This vulnerability can     be triggered by an unprivileged user with the ability to     create files and execute programs. A kmalloc call is     incorrect, leading to slab-out-of-bounds in jfs_xattr     (bnc#1097234).

  - CVE-2018-13053: The alarm_timer_nsleep function in     kernel/time/alarmtimer.c had an integer overflow via a     large relative timeout because ktime_add_safe is not     used (bnc#1099924).

  - CVE-2018-13406: An integer overflow in the     uvesafb_setcmap function in     drivers/video/fbdev/uvesafb.c kernel could result in     local attackers being able to crash the kernel or     potentially elevate privileges because kmalloc_array is     not used (bnc#1098016 1100418).

  - CVE-2018-3620: Local attackers on baremetal systems     could use speculative code patterns on hyperthreaded     processors to read data present in the L1 Datacache used     by other hyperthreads on the same CPU core, potentially     leaking sensitive data. (bnc#1087081).

  - CVE-2018-3646: Local attackers in virtualized guest     systems could use speculative code patterns on     hyperthreaded processors to read data present in the L1     Datacache used by other hyperthreads on the same CPU     core, potentially leaking sensitive data, even from     other virtual machines or the host system.
    (bnc#1089343).

  - CVE-2018-5803: An error in the '_sctp_make_chunk()'     function (net/sctp/sm_make_chunk.c) when handling SCTP     packets length could be exploited to cause a kernel     crash (bnc#1083900).

  - CVE-2018-5814: Multiple race condition errors when     handling probe, disconnect, and rebind operations could     be exploited to trigger a use-after-free condition or a     NULL pointer dereference by sending multiple USB over IP     packets (bnc#1096480).

  - CVE-2018-7492: A NULL pointer dereference was found in     the net/rds/rdma.c __rds_rdma_map() function allowing     local attackers to cause a system panic and a     denial-of-service, related to RDS_GET_MR and     RDS_GET_MR_FOR_DEST (bnc#1082962).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2366-1) (Foreshadow)

high Nessus Plugin ID 111833

Version 1.7