MGASA-2019-0220

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0220.html

Import Source

https://advisories.mageia.org/MGASA-2019-0220.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0220

Related

Published

2019-08-12T21:08:18Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes at least the following security issues:

A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel (CVE-2019-1125).

A flaw was found in the Linux kernelâs Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash (CVE-2019-10207).

It also fixes an issue with newer Intel Wireless cards having firmware crashes with newer iwlwifi firmwares (mga#25143)

For other uptstream features, changes and fixes in this update, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.7-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.7-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.10-3.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3-57.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / xtables-addons

Package

Name: xtables-addons
Purl: pkg:rpm/mageia/xtables-addons?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3-2.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / ldetect-lst

Package

Name: ldetect-lst
Purl: pkg:rpm/mageia/ldetect-lst?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.3-1.mga7

Ecosystem specific

{
    "section": "core"
}