Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-11652

kernel update [SLES12 SP3 4.4.162-94.69.2]

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Lustre 2.12.0, Lustre 2.10.7
    • Labels:
      None
    • Severity:
      3
    • Rank (Obsolete):
      9223372036854775807

      Description

      The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.162 to receive
      various security and bugfixes.

      The following security bugs were fixed:

      • CVE-2018-14633: A security flaw was found in the
        chap_server_compute_md5() function in the ISCSI target code in a way an
        authentication request from an ISCSI initiator is processed. An
        unauthenticated remote attacker can cause a stack buffer overflow and
        smash up to 17 bytes of the stack. The attack requires the iSCSI target
        to be enabled on the victim host. Depending on how the target's code was
        built (i.e. depending on a compiler, compile flags and hardware
        architecture) an attack may lead to a system crash and thus to a
        denial-of-service or possibly to a non-authorized access to data
        exported by an iSCSI target. Due to the nature of the flaw, privilege
        escalation cannot be fully ruled out, although we believe it is highly
        unlikely. (bnc#1107829).
      • CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
        pagetable locks. If a syscall such as ftruncate() removes entries from
        the pagetables of a task that is in the middle of mremap(), a stale TLB
        entry can remain for a short time that permits access to a physical page
        after it has been released back to the page allocator and reused.
        (bnc#1113769).
      • CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
        able to access pseudo terminals) to hang/block further usage of any
        pseudo terminal devices due to an EXTPROC versus ICANON confusion in
        TIOCINQ (bnc#1094825).
      • CVE-2018-18690: A local attacker able to set attributes on an xfs
        filesystem could make this filesystem non-operational until the next
        mount by triggering an unchecked error condition during an xfs attribute
        change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c
        mishandled ATTR_REPLACE operations with conversion of an attr from short
        to long form (bnc#1105025).
      • CVE-2018-18710: An issue was discovered in the Linux kernel An
        information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c
        could be used by local attackers to read kernel memory because a cast
        from unsigned long to int interferes with bounds checking. This is
        similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).
      • CVE-2018-9516: A lack of certain checks in the hid_debug_events_read()
        function in the drivers/hid/hid-debug.c file might have resulted in
        receiving userspace buffer overflow and an out-of-bounds write or to the
        infinite loop. (bnc#1108498).

      For fixed non-security bugs, please refer to:
      http://lists.suse.com/pipermail/sle-security-updates/2018-November/004844.html

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                yujian Jian Yu
                Reporter:
                yujian Jian Yu
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: