MGASA-2018-0187

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0187.html

Import Source

https://advisories.mageia.org/MGASA-2018-0187.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0187

Related

Published

2018-03-30T14:21:59Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This kernel update is based on the upstream 4.14.30 and fixes at least the following security issues:

The KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86 has been updated to revision 4.

A flaw was found in the Linux kernel implementation of 32 bit syscall interface for bridging allowing a privileged user to arbitrarily write to a limited range of kernel memory. This flaw can be exploited not only by a system's privileged user (a real "root" user), but also by an attacker who is a privileged user (a "root" user) in a user+network namespace (CVE-2018-1068).

A race condition vulnerability exists in the sound system, that can lead to a deadlock and denial of service condition (CVE-2018-1000004).

Other changes in this update:

3rdparty rtl8812au driver has been updated to v5.2.20 (mga#22808) and adds fixes for KRACK security issue.

For other upstream fixes in this update, read the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.30-3.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.30-3.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.8-6.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.8-6.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-26.mga6

Ecosystem specific

{
    "section": "core"
}