SuSE Local Security Checks : openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3817-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.852140

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3817-1)

Zusammenfassung: The remote host is missing an update for the 'kernel'; package(s) announced via the openSUSE-SU-2018:3817-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the openSUSE-SU-2018:3817-1 advisory.

Vulnerability Insight:
The openSUSE Leap 42.3 kernel was
updated to 4.4.162 to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
pagetable locks. If a syscall such as ftruncate() removes entries from
the pagetables of a task that is in the middle of mremap(), a stale TLB
entry can remain for a short time that permits access to a physical page
after it has been released back to the page allocator and reused.
(bnc#1113769).

- CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
drivers/cdrom/cdrom.c could be used by local attackers to read kernel
memory because a cast from unsigned long to int interferes with bounds
checking. This is similar to CVE-2018-10940 and CVE-2018-16658
(bnc#1113751).

- CVE-2018-18690: A local attacker able to set attributes on an xfs
filesystem could make this filesystem non-operational until the next
mount by triggering an unchecked error condition during an xfs attribute
change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c
mishandled ATTR_REPLACE operations with conversion of an attr from short
to long form (bnc#1105025).

- CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
able to access pseudo terminals) to hang/block further usage of any
pseudo terminal devices due to an EXTPROC versus ICANON confusion in
TIOCINQ (bnc#1094825).

- CVE-2018-9516: A lack of certain checks in the hid_debug_events_read()
function in the drivers/hid/hid-debug.c file might have resulted in
receiving userspace buffer overflow and an out-of-bounds write or to the
infinite loop. (bnc#1108498).

The following non-security bugs were fixed:

- 6lowpan: iphc: reset mac_header after decompress to fix panic
(bnc#1012382).

- Add azure kernel description.

- Add bug reference to
patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack-fix1.patch

- Add graphviz to buildreq for image conversion

- Add reference to bsc#1104124 to
patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-counting-agai.patch

- ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382).

- ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
(bnc#1012382).

- apparmor: remove no-op permission check in policy_unpack (git-fixes).

- ARC: build: Get rid of toolchain check (bnc#1012382).

- ARC: clone syscall to setp r25 as thread pointer (bnc#1012382).

- arch/hexagon: fix kernel/dma.c build warning (bnc#1012382).

- arch-symbols: use bash as interpreter since the script uses bashism.
...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
the on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-9516
Debian Security Information: DSA-4308 (Google Search)
https://www.debian.org/security/2018/dsa-4308
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
RedHat Security Advisories: RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
https://usn.ubuntu.com/3871-1/
https://usn.ubuntu.com/3871-3/
https://usn.ubuntu.com/3871-4/
https://usn.ubuntu.com/3871-5/

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.852140
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3817-1)
Zusammenfassung:	The remote host is missing an update for the 'kernel'; package(s) announced via the openSUSE-SU-2018:3817-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the openSUSE-SU-2018:3817-1 advisory. Vulnerability Insight: The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: A lack of certain checks in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file might have resulted in receiving userspace buffer overflow and an out-of-bounds write or to the infinite loop. (bnc#1108498). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bnc#1012382). - Add azure kernel description. - Add bug reference to patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack-fix1.patch - Add graphviz to buildreq for image conversion - Add reference to bsc#1104124 to patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-counting-agai.patch - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382). - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bnc#1012382). - apparmor: remove no-op permission check in policy_unpack (git-fixes). - ARC: build: Get rid of toolchain check (bnc#1012382). - ARC: clone syscall to setp r25 as thread pointer (bnc#1012382). - arch/hexagon: fix kernel/dma.c build warning (bnc#1012382). - arch-symbols: use bash as interpreter since the script uses bashism. ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: the on openSUSE Leap 42.3. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-9516 Debian Security Information: DSA-4308 (Google Search) https://www.debian.org/security/2018/dsa-4308 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html RedHat Security Advisories: RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 RedHat Security Advisories: RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043 https://usn.ubuntu.com/3871-1/ https://usn.ubuntu.com/3871-3/ https://usn.ubuntu.com/3871-4/ https://usn.ubuntu.com/3871-5/
Copyright	Copyright (C) 2018 Greenbone Networks GmbH