drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
SUSE-SU-2018:2907-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Server 11-EXTRA, SUSE Linux Enterprise Server 11-SP3-LTSS, SUSE Linux Enterprise Point of Sale 11-SP3 |
|
Datum: |
Do, 27. September 2018, 23:34 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15572 |
|
Applikationen: |
Linux |
|
Originalnachricht |
SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2907-1 Rating: important References: #1057199 #1087081 #1092903 #1102517 #1103119 #1104367 #1104684 #1104818 #1105100 #1105296 #1105322 #1105323 #1105536 #1106369 #1106509 #1106511 #1107001 #1107689 #1108912 Cross-References: CVE-2018-10902 CVE-2018-10940 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________
An update that solves 8 vulnerabilities and has 11 fixes is now available.
Description:
The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119).
The following non-security bugs were fixed:
- KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: x86: Free vmx_msr_bitmap_longmode while kvm_init failed (bsc#1104367). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-kernel-13799=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-13799=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-kernel-13799=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-kernel-13799=1
Package List:
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
kernel-default-3.0.101-0.47.106.50.1 kernel-default-base-3.0.101-0.47.106.50.1 kernel-default-devel-3.0.101-0.47.106.50.1 kernel-source-3.0.101-0.47.106.50.1 kernel-syms-3.0.101-0.47.106.50.1 kernel-trace-3.0.101-0.47.106.50.1 kernel-trace-base-3.0.101-0.47.106.50.1 kernel-trace-devel-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):
kernel-ec2-3.0.101-0.47.106.50.1 kernel-ec2-base-3.0.101-0.47.106.50.1 kernel-ec2-devel-3.0.101-0.47.106.50.1 kernel-xen-3.0.101-0.47.106.50.1 kernel-xen-base-3.0.101-0.47.106.50.1 kernel-xen-devel-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):
kernel-bigsmp-3.0.101-0.47.106.50.1 kernel-bigsmp-base-3.0.101-0.47.106.50.1 kernel-bigsmp-devel-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):
kernel-default-man-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586):
kernel-pae-3.0.101-0.47.106.50.1 kernel-pae-base-3.0.101-0.47.106.50.1 kernel-pae-devel-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-bigsmp-extra-3.0.101-0.47.106.50.1 kernel-trace-extra-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
kernel-default-3.0.101-0.47.106.50.1 kernel-default-base-3.0.101-0.47.106.50.1 kernel-default-devel-3.0.101-0.47.106.50.1 kernel-ec2-3.0.101-0.47.106.50.1 kernel-ec2-base-3.0.101-0.47.106.50.1 kernel-ec2-devel-3.0.101-0.47.106.50.1 kernel-pae-3.0.101-0.47.106.50.1 kernel-pae-base-3.0.101-0.47.106.50.1 kernel-pae-devel-3.0.101-0.47.106.50.1 kernel-source-3.0.101-0.47.106.50.1 kernel-syms-3.0.101-0.47.106.50.1 kernel-trace-3.0.101-0.47.106.50.1 kernel-trace-base-3.0.101-0.47.106.50.1 kernel-trace-devel-3.0.101-0.47.106.50.1 kernel-xen-3.0.101-0.47.106.50.1 kernel-xen-base-3.0.101-0.47.106.50.1 kernel-xen-devel-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
kernel-default-debuginfo-3.0.101-0.47.106.50.1 kernel-default-debugsource-3.0.101-0.47.106.50.1 kernel-trace-debuginfo-3.0.101-0.47.106.50.1 kernel-trace-debugsource-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-0.47.106.50.1 kernel-ec2-debugsource-3.0.101-0.47.106.50.1 kernel-xen-debuginfo-3.0.101-0.47.106.50.1 kernel-xen-debugsource-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):
kernel-bigsmp-debuginfo-3.0.101-0.47.106.50.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.50.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586):
kernel-pae-debuginfo-3.0.101-0.47.106.50.1 kernel-pae-debugsource-3.0.101-0.47.106.50.1
References:
https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1057199 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1104367 https://bugzilla.suse.com/1104684 https://bugzilla.suse.com/1104818 https://bugzilla.suse.com/1105100 https://bugzilla.suse.com/1105296 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1107001 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1108912
_______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates
|
|
|
|