SB2018112914 - Red Hat update for kernel
Published: November 29, 2018 Updated: November 29, 2018
Security Bulletin ID
SB2018112914
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2018-14633)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing client digest packets in chap_server_compute_md5() function when processing authentication request from an ISCSI initiator. A remote attacker can send an overly long value (longer than 32 bytes), trigger stack-based buffer overflow and execute arbitrary code on the target system.
2) NULL pointer dereference (CVE-ID: CVE-2018-14646)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker can trigger NULL pointer dereference when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
Remediation
Install update from vendor's website.