English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.2062.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:2062-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:2062-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:2062-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a
denial of service (memory consumption) by triggering a large number of chunks
in an association's output queue (bsc#902351).

The following non-security bugs were fixed:

- ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1045538).
- ALSA: seq: Do not allow resizing pool in use (bsc#1045538).
- Delete patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch (bsc# 1090078)
- IB/mlx4: fix sprintf format warning (bnc#786036).
- RDMA/mlx4: Discard unknown SQP work requests (bnc#786036).
- USB: uss720: fix NULL-deref at probe (bnc#1047487).
- bna: integer overflow bug in debugfs (bnc#780242).
- e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bug#923242).
- e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495).
- fix a leak in /proc/schedstats (bsc#1094876).
- ixgbe: Initialize 64-bit stats seqcounts (bnc#795301).
- mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes).
- module/retpoline: Warn about missing retpoline in module (bnc#1099177).
- net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036).
- net/mlx4_en: Change default QoS settings (bnc#786036 ).
- net/mlx4_en: Use __force to fix a sparse warning in TX datapath (bug#925105).
- netxen: fix incorrect loop counter decrement (bnc#784815).
- powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244).
- s390/qdio: do not merge ERROR output buffers (bnc#1099709).
- s390/qeth: do not dump control cmd twice (bnc#1099709).
- s390/qeth: fix SETIP command handling (bnc#1099709).
- s390/qeth: free netdevice when removing a card (bnc#1099709).
- s390/qeth: lock read device while queueing next buffer (bnc#1099709).
- s390/qeth: when thread completes, wake up all waiters (bnc#1099709).
- sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089).
- scsi: sg: mitigate read/write abuse (bsc#1101296).
- tg3: do not clear stats while tg3_close (bnc#790588).
- video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bnc#1099966).
- vmxnet3: use correct flag to indicate LRO feature (bsc#936423).
- x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408).
- x86-non-upstream-eager-fpu 32bit fix (bnc#1087086, bnc#1100091, bnc#1099598).
- x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177).

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server for SAP Applications 11-SP4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3688
DSA-3060
http://www.debian.org/security/2014/dsa-3060
HPSBGN03282
http://marc.info/?l=bugtraq&m=142722544401658&w=2
HPSBGN03285
http://marc.info/?l=bugtraq&m=142722450701342&w=2
RHSA-2015:0062
http://rhn.redhat.com/errata/RHSA-2015-0062.html
RHSA-2015:0115
http://rhn.redhat.com/errata/RHSA-2015-0115.html
SUSE-SU-2015:0481
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SUSE-SU-2015:0652
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
SUSE-SU-2015:0736
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
USN-2417-1
http://www.ubuntu.com/usn/USN-2417-1
USN-2418-1
http://www.ubuntu.com/usn/USN-2418-1
[oss-security] 20141113 Linux kernel: SCTP issues
http://www.openwall.com/lists/oss-security/2014/11/13/8
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26b87c7881006311828bb0ab271a551a62dcceb4
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
https://bugzilla.redhat.com/show_bug.cgi?id=1155745
https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4
openSUSE-SU-2015:0566
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
CopyrightCopyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.