| Revision Date: | 2018-09-25 | Version: | 1 |
| Title: | Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) |
| Description: |
This update for the Linux Kernel 4.4.90-92_50 fixes several issues.
The following security issues were fixed:
- CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1096723
1102682
1105323
1106191
CVE-2018-1000026
CVE-2018-10902
CVE-2018-10938
CVE-2018-5390
SUSE-SU-2018:2860-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP2-LTSS
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND kgraft-patch-4_4_90-92_50-default-10-2.1 is installed
|