English | Deutsch | Espa├▒ol | Portugu├¬s
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SuSE Update for the Linux Kernel openSUSE-SU-2018:3202-1 (kernel)
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The openSUSE Leap 42.3 kernel was updated to 4.4.159
to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2018-13096: A denial of service (out-of-bounds memory access and
BUG) can occur upon encountering an abnormal bitmap size when mounting a
crafted f2fs image (bnc#1100062).

- CVE-2018-13097: There is an out-of-bounds read or a divide-by-zero error
for an incorrect user_block_count in a corrupted f2fs image, leading to
a denial of service (BUG) (bnc#1100061).

- CVE-2018-13098: A denial of service (slab out-of-bounds read and BUG)
can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is
set in an inode (bnc#1100060).

- CVE-2018-13099: A denial of service (out-of-bounds memory access and
BUG) can occur for a modified f2fs filesystem image in which an inline
inode contains an invalid reserved blkaddr (bnc#1100059).

- CVE-2018-13100: An issue was discovered in fs/f2fs/super.c which did not
properly validate secs_per_zone in a corrupted f2fs image, as
demonstrated by a divide-by-zero error (bnc#1100056).

- CVE-2018-14613: There is an invalid pointer dereference in
io_ctl_map_page() when mounting and operating a crafted btrfs image,
because of a lack of block group item validation in check_leaf_item in
fs/btrfs/tree-checker.c (bnc#1102896).

- CVE-2018-14617: There is a NULL pointer dereference and panic in
hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
purportedly a hard link) in an hfs+ filesystem that has malformed
catalog data, and is mounted read-only without a metadata directory

- CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in the Linux
kernel in a way an authentication request from an ISCSI initiator is
processed. An unauthenticated remote attacker can cause a stack buffer
overflow and smash up to 17 bytes of the stack. The attack requires the
iSCSI target to be enabled on the victim host. Depending on how the
target's code was built (i.e. depending on a compiler, compile flags and
hardware architecture) an attack may lead to a system crash and thus to
a denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be
vulnerable (bnc#1107829).

- CVE-2018-16276: Local attackers could use user access read/writes with
incorrect bounds checking in the ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
the on openSUSE Leap 42.3

Please install the updated packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-7480
Debian Security Information: DSA-4188 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2018-7757
BugTraq ID: 103348
Debian Security Information: DSA-4187 (Google Search)
RedHat Security Advisories: RHSA-2018:2948
RedHat Security Advisories: RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
Registered User Login

 Forgot userid or passwd?

Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.