Details
-
Bug
-
Resolution: Won't Fix
-
Minor
-
None
-
None
-
None
-
3
-
9223372036854775807
Description
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.140 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow
via a large relative timeout because ktime_add_safe was not used
(bnc#1099924) - CVE-2018-9385: Prevent overread of the "driver_override" buffer
(bsc#1100491) - CVE-2018-13405: The inode_init_owner function allowed local users to
create files with an unintended group ownership allowing attackers to
escalate privileges by making a plain file executable and SGID
(bnc#1100416) - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function
could have result in local attackers being able to crash the kernel or
potentially elevate privileges because kmalloc_array is not used
(bnc#1100418)
For fixed non-security bugs, please refer to:
http://lists.suse.com/pipermail/sle-security-updates/2018-July/004305.html
