Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0660-1 Final 1 1 2018-03-12T06:47:24Z current 2018-03-12T06:47:24Z 2018-03-12T06:47:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - cdc-acm: apply quirk for card reader (bsc#1060279). - Enable CPU vulnerabilities reporting via sysfs - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - Move kABI fixup for retpolines to proper place. - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-kernel-20180212-13505,slessp3-kernel-20180212-13505,slexsp3-kernel-20180212-13505 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/ Link for SUSE-SU-2018:0660-1 https://lists.suse.com/pipermail/sle-security-updates/2018-March/003803.html E-Mail link for SUSE-SU-2018:0660-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1012382 SUSE Bug 1012382 https://bugzilla.suse.com/1054305 SUSE Bug 1054305 https://bugzilla.suse.com/1060279 SUSE Bug 1060279 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1068984 SUSE Bug 1068984 https://bugzilla.suse.com/1070781 SUSE Bug 1070781 https://bugzilla.suse.com/1073311 SUSE Bug 1073311 https://bugzilla.suse.com/1074488 SUSE Bug 1074488 https://bugzilla.suse.com/1074621 SUSE Bug 1074621 https://bugzilla.suse.com/1075091 SUSE Bug 1075091 https://bugzilla.suse.com/1075410 SUSE Bug 1075410 https://bugzilla.suse.com/1075617 SUSE Bug 1075617 https://bugzilla.suse.com/1075621 SUSE Bug 1075621 https://bugzilla.suse.com/1075908 SUSE Bug 1075908 https://bugzilla.suse.com/1075994 SUSE Bug 1075994 https://bugzilla.suse.com/1076017 SUSE Bug 1076017 https://bugzilla.suse.com/1076154 SUSE Bug 1076154 https://bugzilla.suse.com/1076278 SUSE Bug 1076278 https://bugzilla.suse.com/1076849 SUSE Bug 1076849 https://bugzilla.suse.com/1077406 SUSE Bug 1077406 https://bugzilla.suse.com/1077560 SUSE Bug 1077560 https://bugzilla.suse.com/1077922 SUSE Bug 1077922 https://www.suse.com/security/cve/CVE-2017-13215/ SUSE CVE CVE-2017-13215 page https://www.suse.com/security/cve/CVE-2017-17741/ SUSE CVE CVE-2017-17741 page https://www.suse.com/security/cve/CVE-2017-18017/ SUSE CVE CVE-2017-18017 page https://www.suse.com/security/cve/CVE-2017-18079/ SUSE CVE CVE-2017-18079 page https://www.suse.com/security/cve/CVE-2017-5715/ SUSE CVE CVE-2017-5715 page https://www.suse.com/security/cve/CVE-2018-1000004/ SUSE CVE CVE-2018-1000004 page https://www.suse.com/security/cve/CVE-2018-5332/ SUSE CVE CVE-2018-5332 page https://www.suse.com/security/cve/CVE-2018-5333/ SUSE CVE CVE-2018-5333 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS kernel-default-3.0.101-0.47.106.19.1 kernel-default-base-3.0.101-0.47.106.19.1 kernel-default-devel-3.0.101-0.47.106.19.1 kernel-ec2-3.0.101-0.47.106.19.1 kernel-ec2-base-3.0.101-0.47.106.19.1 kernel-ec2-devel-3.0.101-0.47.106.19.1 kernel-pae-3.0.101-0.47.106.19.1 kernel-pae-base-3.0.101-0.47.106.19.1 kernel-pae-devel-3.0.101-0.47.106.19.1 kernel-source-3.0.101-0.47.106.19.1 kernel-syms-3.0.101-0.47.106.19.1 kernel-trace-3.0.101-0.47.106.19.1 kernel-trace-base-3.0.101-0.47.106.19.1 kernel-trace-devel-3.0.101-0.47.106.19.1 kernel-xen-3.0.101-0.47.106.19.1 kernel-xen-base-3.0.101-0.47.106.19.1 kernel-xen-devel-3.0.101-0.47.106.19.1 kernel-bigsmp-3.0.101-0.47.106.19.1 kernel-bigsmp-base-3.0.101-0.47.106.19.1 kernel-bigsmp-devel-3.0.101-0.47.106.19.1 kernel-default-man-3.0.101-0.47.106.19.1 kernel-default-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-default-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-default-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-ec2-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-ec2-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-ec2-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-pae-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-pae-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-pae-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-source-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-syms-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-trace-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-trace-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-trace-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-xen-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-xen-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-xen-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 kernel-bigsmp-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-bigsmp-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-bigsmp-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-default-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-default-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-default-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-default-man-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-ec2-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-ec2-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-ec2-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-pae-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-pae-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-pae-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-source-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-syms-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-trace-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-trace-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-trace-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-xen-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-xen-base-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS kernel-xen-devel-3.0.101-0.47.106.19.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel. CVE-2017-13215 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-man-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-devel-3.0.101-0.47.106.19.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/ https://www.suse.com/security/cve/CVE-2017-13215.html CVE-2017-13215 https://bugzilla.suse.com/1075908 SUSE Bug 1075908 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. CVE-2017-17741 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-man-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-devel-3.0.101-0.47.106.19.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/ https://www.suse.com/security/cve/CVE-2017-17741.html CVE-2017-17741 https://bugzilla.suse.com/1073311 SUSE Bug 1073311 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. CVE-2017-18017 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-man-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-devel-3.0.101-0.47.106.19.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/ https://www.suse.com/security/cve/CVE-2017-18017.html CVE-2017-18017 https://bugzilla.suse.com/1074488 SUSE Bug 1074488 https://bugzilla.suse.com/1080255 SUSE Bug 1080255 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/971126 SUSE Bug 971126 drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. CVE-2017-18079 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-man-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-devel-3.0.101-0.47.106.19.1 low 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/ https://www.suse.com/security/cve/CVE-2017-18079.html CVE-2017-18079 https://bugzilla.suse.com/1077922 SUSE Bug 1077922 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2017-5715 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-man-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-devel-3.0.101-0.47.106.19.1 important 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/ https://www.suse.com/security/cve/CVE-2017-5715.html CVE-2017-5715 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1074562 SUSE Bug 1074562 https://bugzilla.suse.com/1074578 SUSE Bug 1074578 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1074741 SUSE Bug 1074741 https://bugzilla.suse.com/1074919 SUSE Bug 1074919 https://bugzilla.suse.com/1075006 SUSE Bug 1075006 https://bugzilla.suse.com/1075007 SUSE Bug 1075007 https://bugzilla.suse.com/1075262 SUSE Bug 1075262 https://bugzilla.suse.com/1075419 SUSE Bug 1075419 https://bugzilla.suse.com/1076115 SUSE Bug 1076115 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 https://bugzilla.suse.com/1076606 SUSE Bug 1076606 https://bugzilla.suse.com/1078353 SUSE Bug 1078353 https://bugzilla.suse.com/1080039 SUSE Bug 1080039 https://bugzilla.suse.com/1087887 SUSE Bug 1087887 https://bugzilla.suse.com/1087939 SUSE Bug 1087939 https://bugzilla.suse.com/1088147 SUSE Bug 1088147 https://bugzilla.suse.com/1089055 SUSE Bug 1089055 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1095735 SUSE Bug 1095735 https://bugzilla.suse.com/1102517 SUSE Bug 1102517 https://bugzilla.suse.com/1105108 SUSE Bug 1105108 https://bugzilla.suse.com/1126516 SUSE Bug 1126516 https://bugzilla.suse.com/1173489 SUSE Bug 1173489 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201457 SUSE Bug 1201457 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 https://bugzilla.suse.com/1203236 SUSE Bug 1203236 In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. CVE-2018-1000004 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-man-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-devel-3.0.101-0.47.106.19.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/ https://www.suse.com/security/cve/CVE-2018-1000004.html CVE-2018-1000004 https://bugzilla.suse.com/1076017 SUSE Bug 1076017 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). CVE-2018-5332 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-man-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-devel-3.0.101-0.47.106.19.1 low 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/ https://www.suse.com/security/cve/CVE-2018-5332.html CVE-2018-5332 https://bugzilla.suse.com/1075621 SUSE Bug 1075621 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. CVE-2018-5333 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Point of Sale 11 SP3:kernel-xen-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-bigsmp-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-default-man-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-ec2-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-pae-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-source-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-syms-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-trace-devel-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-base-3.0.101-0.47.106.19.1 SUSE Linux Enterprise Server 11 SP3-LTSS:kernel-xen-devel-3.0.101-0.47.106.19.1 low 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/ https://www.suse.com/security/cve/CVE-2018-5333.html CVE-2018-5333 https://bugzilla.suse.com/1075617 SUSE Bug 1075617 https://bugzilla.suse.com/1091815 SUSE Bug 1091815