English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.851952
Category:SuSE Local Security Checks
Title:SuSE Update for the openSUSE-SU-2018:2407-1 (the)
Summary:The remote host is missing an update for the 'the'; package(s) announced via the openSUSE-SU-2018:2407_1 advisory.
Description:Summary:
The remote host is missing an update for the 'the'
package(s) announced via the openSUSE-SU-2018:2407_1 advisory.

Vulnerability Insight:
The openSUSE Leap 15.0 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2018-10853: A flaw was found in KVM in which certain instructions
such as sgdt/sidt call segmented_write_std doesn't propagate access
correctly. As such, during userspace induced exception, the guest can
incorrectly assume that the exception happened in the kernel and panic
(bnc#1097104).

- CVE-2018-10876: A flaw was found in the ext4 filesystem code. A
use-after-free is possible in ext4_ext_remove_space() function when
mounting and operating a crafted ext4 image. (bnc#1099811)

- CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an
out-of-bound access in the ext4_ext_drop_refs() function when operating
on a crafted ext4 filesystem image. (bnc#1099846)

- CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user
can cause an out-of-bounds write and a denial of service or unspecified
other impact is possible by mounting and operating a crafted ext4
filesystem image. (bnc#1099813)

- CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user
can cause a use-after-free in ext4_xattr_set_entry function and a denial
of service or unspecified other impact may occur by renaming a file in a
crafted ext4 filesystem image. (bnc#1099844)

- CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds
write in the ext4 filesystem code when mounting and writing to a crafted
ext4 image in ext4_update_inline_data(). An attacker could use this to
cause a system crash and a denial of service. (bnc#1099845)

- CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user
can cause an out-of-bound access in ext4_get_group_info function, a
denial of service, and a system crash by mounting and operating on a
crafted ext4 filesystem image. (bnc#1099864)

- CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user
can cause an out-of-bound write in in fs/jbd2/transaction.c code, a
denial of service, and a system crash by unmounting a crafted ext4
filesystem image. (bnc#1099849)

- CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user
can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a
denial of service, and a system crash by mounting and operating on a
crafted ext4 filesystem image. (bnc#1099863)

- CVE-2018-3620: Systems with microprocessors utilizing speculative
execution and address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with local user
access ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
the on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-3620
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://foreshadowattack.eu/
Cisco Security Advisory: 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
Debian Security Information: DSA-4274 (Google Search)
https://www.debian.org/security/2018/dsa-4274
Debian Security Information: DSA-4279 (Google Search)
https://www.debian.org/security/2018/dsa-4279
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
FreeBSD Security Advisory: FreeBSD-SA-18:09
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
https://security.gentoo.org/glsa/201810-06
RedHat Security Advisories: RHSA-2018:2384
https://access.redhat.com/errata/RHSA-2018:2384
RedHat Security Advisories: RHSA-2018:2387
https://access.redhat.com/errata/RHSA-2018:2387
RedHat Security Advisories: RHSA-2018:2388
https://access.redhat.com/errata/RHSA-2018:2388
RedHat Security Advisories: RHSA-2018:2389
https://access.redhat.com/errata/RHSA-2018:2389
RedHat Security Advisories: RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2390
RedHat Security Advisories: RHSA-2018:2391
https://access.redhat.com/errata/RHSA-2018:2391
RedHat Security Advisories: RHSA-2018:2392
https://access.redhat.com/errata/RHSA-2018:2392
RedHat Security Advisories: RHSA-2018:2393
https://access.redhat.com/errata/RHSA-2018:2393
RedHat Security Advisories: RHSA-2018:2394
https://access.redhat.com/errata/RHSA-2018:2394
RedHat Security Advisories: RHSA-2018:2395
https://access.redhat.com/errata/RHSA-2018:2395
RedHat Security Advisories: RHSA-2018:2396
https://access.redhat.com/errata/RHSA-2018:2396
RedHat Security Advisories: RHSA-2018:2402
https://access.redhat.com/errata/RHSA-2018:2402
RedHat Security Advisories: RHSA-2018:2403
https://access.redhat.com/errata/RHSA-2018:2403
RedHat Security Advisories: RHSA-2018:2404
https://access.redhat.com/errata/RHSA-2018:2404
RedHat Security Advisories: RHSA-2018:2602
https://access.redhat.com/errata/RHSA-2018:2602
RedHat Security Advisories: RHSA-2018:2603
https://access.redhat.com/errata/RHSA-2018:2603
https://usn.ubuntu.com/3740-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3742-2/
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3823-1/
CERT/CC vulnerability note: VU#982149
https://www.kb.cert.org/vuls/id/982149
BugTraq ID: 105080
http://www.securityfocus.com/bid/105080
http://www.securitytracker.com/id/1041451
Common Vulnerability Exposure (CVE) ID: CVE-2018-3646
https://usn.ubuntu.com/3756-1/
http://www.securitytracker.com/id/1042004
Common Vulnerability Exposure (CVE) ID: CVE-2018-5391
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
Debian Security Information: DSA-4272 (Google Search)
https://www.debian.org/security/2018/dsa-4272
RedHat Security Advisories: RHSA-2018:2785
https://access.redhat.com/errata/RHSA-2018:2785
RedHat Security Advisories: RHSA-2018:2791
https://access.redhat.com/errata/RHSA-2018:2791
RedHat Security Advisories: RHSA-2018:2846
https://access.redhat.com/errata/RHSA-2018:2846
RedHat Security Advisories: RHSA-2018:2924
https://access.redhat.com/errata/RHSA-2018:2924
RedHat Security Advisories: RHSA-2018:2925
https://access.redhat.com/errata/RHSA-2018:2925
RedHat Security Advisories: RHSA-2018:2933
https://access.redhat.com/errata/RHSA-2018:2933
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RedHat Security Advisories: RHSA-2018:3459
https://access.redhat.com/errata/RHSA-2018:3459
RedHat Security Advisories: RHSA-2018:3540
https://access.redhat.com/errata/RHSA-2018:3540
RedHat Security Advisories: RHSA-2018:3586
https://access.redhat.com/errata/RHSA-2018:3586
RedHat Security Advisories: RHSA-2018:3590
https://access.redhat.com/errata/RHSA-2018:3590
CERT/CC vulnerability note: VU#641765
https://www.kb.cert.org/vuls/id/641765
BugTraq ID: 105108
http://www.securityfocus.com/bid/105108
http://www.securitytracker.com/id/1041476
http://www.securitytracker.com/id/1041637
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.