Описание
Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3)
This update for the Linux Kernel 4.4.82-6_9 fixes several issues.
The following security issues were fixed:
- CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447).
- CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114).
- CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488).
- CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP3
Ссылки
- Link for SUSE-SU-2018:1020-1
- E-Mail link for SUSE-SU-2018:1020-1
- SUSE Security Ratings
- SUSE Bug 1073230
- SUSE Bug 1076017
- SUSE Bug 1083488
- SUSE Bug 1085114
- SUSE Bug 1085447
- SUSE CVE CVE-2017-13166 page
- SUSE CVE CVE-2018-1000004 page
- SUSE CVE CVE-2018-1068 page
- SUSE CVE CVE-2018-7566 page
Описание
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
Затронутые продукты
Ссылки
- CVE-2017-13166
- SUSE Bug 1072865
- SUSE Bug 1085447
- SUSE Bug 1087082
- SUSE Bug 1091815
Описание
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
Затронутые продукты
Ссылки
- CVE-2018-1000004
- SUSE Bug 1076017
- SUSE Bug 1091815
Описание
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
Затронутые продукты
Ссылки
- CVE-2018-1068
- SUSE Bug 1085107
- SUSE Bug 1085114
- SUSE Bug 1087082
- SUSE Bug 1123903
Описание
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
Затронутые продукты
Ссылки
- CVE-2018-7566
- SUSE Bug 1083483
- SUSE Bug 1083488
- SUSE Bug 1087082
- SUSE Bug 1091815