Synopsis: Moderate: kernel security, bug fix, and enhancement update
Advisory ID:       SLSA-2018:3651-1
Issue Date:        2018-11-27
CVE Numbers:       CVE-2018-14633
                   CVE-2018-14646
--

Security Fix(es):

* kernel: stack-based buffer overflow in chap_server_compute_md5() in
iscsi target (CVE-2018-14633)

* kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable()
allows for denial of service (CVE-2018-14646)

Bug Fix(es):

See the descriptions in the related Knowledge Article:
--

SL7
  x86_64
    bpftool-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-debug-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-devel-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-headers-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-tools-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-957.1.3.el7.x86_64.rpm
    perf-3.10.0-957.1.3.el7.x86_64.rpm
    perf-debuginfo-3.10.0-957.1.3.el7.x86_64.rpm
    python-perf-3.10.0-957.1.3.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-957.1.3.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-957.1.3.el7.x86_64.rpm
  noarch
    kernel-abi-whitelists-3.10.0-957.1.3.el7.noarch.rpm
    kernel-doc-3.10.0-957.1.3.el7.noarch.rpm

- Scientific Linux Development Team