Security vulnerability : systemd-journal aka CVE-2018-16864, CVE-2018-16865 & CVE-2018-16866
This document (7023611) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 15
- CVE-2018-16864: Memory corruptions via attacker-controlled alloca()s
This is exploitable since v230 and does affect SUSE Linux Enterprise 15. SUSE Linux Enterprise 15 is compiled with -fstack-clash-protection which mitigates this issue. As such, this is not exploitable there, but fixes will be released with the next regular update anyway.
- CVE-2018-16865: Memory corruptions via attacker-controlled alloca()s
SUSE Linux Enterprise 12 and SUSE Linux Enterprise 15 are affected, but -fstack-clash-protection mitigates this issue on SLES 12 SP2, SP3, SP4 and SLE15.
For SLE12 GA LTSS and SLE12 SP1 LTSS, SUSE released updates to fix this issue.For the other products SUSE will release the fix with the next regular update.
- CVE-2018-16866: Information leak via an out-of-bounds read
SUSE Linux Enterprise 12 and SUSE Linux Enterprise 15 are affected. This is fixed for SLE12 GA LTSS and SLE12 SP1 LTSS in the current update round. For the other products we will release the fix with the next regular update since this is considered a minor issue.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7023611
- Creation Date: 03-Jan-2019
- Modified Date:03-Mar-2020
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com