| Revision Date: | 2018-09-25 | Version: | 1 |
| Title: | Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) |
| Description: |
This update for the Linux Kernel 4.4.121-92_80 fixes several issues.
The following security issues were fixed:
- CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1102682
1103203
1105323
1106191
CVE-2018-10902
CVE-2018-10938
CVE-2018-5390
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP2-LTSS
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND kgraft-patch-4_4_121-92_80-default-5-2.1 is installed
|