[SUSE-SU-2018:2940-1] Security update for the Linux Kernel (Live Patch 1 for SLE 15)
Severity
Important
CVEs
2
Security update for the Linux Kernel (Live Patch 1 for SLE 15)
This update for the Linux Kernel 4.12.14-25_3 fixes several issues.
The following security issues were fixed:
- CVE-2018-10938: It was found that a crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system an attacker could leverage this flaw.
- CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323).
- ID
- SUSE-SU-2018:2940-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2018/suse-su-20182940-1/
- Published
-
2018-09-28T11:14:36
(6 years ago) - Modified
-
2018-09-28T11:14:36
(6 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- DSA-4308-1
- ELSA-2018-3083
- ELSA-2018-4208
- ELSA-2018-4299
- ELSA-2018-4300
- ELSA-2019-0415
- ELSA-2019-4316
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2019:0415
- SUSE-SU-2018:2538-1
- SUSE-SU-2018:2539-1
- SUSE-SU-2018:2775-1
- SUSE-SU-2018:2776-1
- SUSE-SU-2018:2787-1
- SUSE-SU-2018:2858-1
- SUSE-SU-2018:2860-1
- SUSE-SU-2018:2862-1
- SUSE-SU-2018:2864-1
- SUSE-SU-2018:2879-1
- SUSE-SU-2018:2907-1
- SUSE-SU-2018:2908-1
- SUSE-SU-2018:2908-2
- SUSE-SU-2018:2935-1
- SUSE-SU-2018:2938-1
- SUSE-SU-2018:2960-1
- SUSE-SU-2018:2961-1
- SUSE-SU-2018:2962-1
- SUSE-SU-2018:2963-1
- SUSE-SU-2018:2964-1
- SUSE-SU-2018:2980-1
- SUSE-SU-2018:2981-1
- SUSE-SU-2018:3029-1
- SUSE-SU-2018:3083-1
- SUSE-SU-2018:3084-1
- SUSE-SU-2018:3088-1
- SUSE-SU-2018:3961-1
- SUSE-SU-2021:0452-1
- USN-3776-1
- USN-3776-2
- USN-3797-1
- USN-3797-2
- USN-3847-1
- USN-3847-2
- USN-3847-3
- USN-3849-1
- USN-3849-2
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2940-1.json | |
Suse | URL for SUSE-SU-2018:2940-1 | https://www.suse.com/support/update/announcement/2018/suse-su-20182940-1/ | |
Suse | E-Mail link for SUSE-SU-2018:2940-1 | https://lists.suse.com/pipermail/sle-security-updates/2018-September/004625.html | |
Bugzilla | SUSE Bug 1105323 | https://bugzilla.suse.com/1105323 | |
Bugzilla | SUSE Bug 1106191 | https://bugzilla.suse.com/1106191 | |
CVE | SUSE CVE CVE-2018-10902 page | https://www.suse.com/security/cve/CVE-2018-10902/ | |
CVE | SUSE CVE CVE-2018-10938 page | https://www.suse.com/security/cve/CVE-2018-10938/ |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |