Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
patchinfo.7246
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7246
<patchinfo incident="7246"> <issue id="1076537" tracker="bnc">VUL-0: CVE-2017-13220: kernel-source: An elevation of privilege vulnerability in the Upstream kernel bluez. Product:Android. Versions: Android kernel. Android ID: A-63527053.</issue> <issue id="1082299" tracker="bnc">Backport of shadow variables</issue> <issue id="1083125" tracker="bnc">KGraft: small race in reversion code</issue> <issue id="1083242" tracker="bnc">VUL-0: CVE-2017-18203: kernel: The dm_get_from_kobject function allow local users to cause a DoS by leveraging a racecondition</issue> <issue id="1083275" tracker="bnc">BUG: unable to handle kernel NULL dereference</issue> <issue id="1084536" tracker="bnc">VUL-0: CVE-2018-7757: kernel-source: Memory leak in the sas_smp_get_phy_events function indrivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allowslocal users to cause a denial of service (memory consumption) via many r</issue> <issue id="1085279" tracker="bnc">Kernel crashes when 32-bit ldt_gdt selftest is run on x86_64</issue> <issue id="1085331" tracker="bnc">Compiling of busybox source rpm leads to segmentation faults on kernel 3.0.101-108.35-default</issue> <issue id="1086162" tracker="bnc">VUL-1: CVE-2018-8822: kernel-source: Memory corruption in ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c</issue> <issue id="1086194" tracker="bnc">kernel BUG soft lockup - CPU# stuck for xxs! [PoolThread:254797]</issue> <issue id="1087088" tracker="bnc">VUL-0: EMBARGOED: CVE-2018-8897: POP SS</issue> <issue id="1087260" tracker="bnc">kernel-default-base-3.0.101-108.35.1 breaks certain 32bit binaries running on 64bit SLES11</issue> <issue id="1088147" tracker="bnc">libvirt requires stibp cpu feature flag from qemu</issue> <issue id="1088260" tracker="bnc">VUL-0: CVE-2017-0861: kernel-source: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation</issue> <issue id="1088261" tracker="bnc">VUL-0: CVE-2017-11089: kernel: Out-of-bounds read in nl80211_set_station allows privileged local attacker to cause system crash or possibly code execution</issue> <issue id="1089608" tracker="bnc">VUL-0: CVE-2018-10087: kernel-source: The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13 did not check the pid for INT_MIN</issue> <issue id="1089752" tracker="bnc">VUL-0: CVE-2018-10124: kernel-source: The kill_something_info function in kernel/signal.c in the Linux kernel before4.13, when an unspecified architecture and compiler is used, might allow localusers to cause a denial of service via an IN</issue> <issue id="1090643" tracker="bnc">VUL-0: CVE-2018-8781: kernel-source: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space</issue> <issue id="2018-8781" tracker="cve" /> <issue id="2018-10124" tracker="cve" /> <issue id="2018-10087" tracker="cve" /> <issue id="2018-7757" tracker="cve" /> <issue id="2017-13220" tracker="cve" /> <issue id="2017-11089" tracker="cve" /> <issue id="2017-0861" tracker="cve" /> <issue id="2018-8822" tracker="cve" /> <issue id="2017-18203" tracker="cve" /> <issue id="2018-1087" tracker="cve" /> <issue id="2018-8897" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>alnovak</packager> <reboot_needed/> <description> The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c in might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537). - CVE-2017-11089: A buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). The following non-security bugs were fixed: - Integrate fixes resulting from bsc#1088147 More info in the respective commit messages. - kabi: x86/kaiser: properly align trampoline stack (bsc#1087260). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bsc#1087088). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor