MGASA-2019-0107

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0107.html

Import Source

https://advisories.mageia.org/MGASA-2019-0107.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0107

Related

CVE-2018-1000026

Published

2019-03-13T20:41:16Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerability

Details

This kernel update is based on the upstream 4.14.104 and fixes at least the following security issue:

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM (CVE-2018-1000026).

It also fixes signal handling issues causing powertop to crash and some tracing tools to fail on execve tests.

For other uptstream fixes in this update, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.104-2.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.104-2.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.24-8.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.24-8.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-82.mga6

Ecosystem specific

{
    "section": "core"
}