MGASA-2020-0036

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0036.html

Import Source

https://advisories.mageia.org/MGASA-2020-0036.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0036

Related

CVE-2019-19037

Published

2020-01-13T16:51:20Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerability

Details

This update is based on upstream 5.4.10 and fixes at least the following security issues:

ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblock(inode,0,DIRENT_HTREE) can be zero. (CVE-2019-19037)

It also fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on.

Other fixes added in this update: - Revert 'drm/amdgpu: Set no-retry as default.', fixing amdgpu hang on Raven Ridge gpus (mga#25882) - drm/i915/gt: Detect if we miss WaIdleLiteRestore, fixes or at least works around gpu hang (mga#25930) - 3rdparty/rtl8812au: update to v5.6.4.2 (mga#25982) - add support for RTL8117 ethernet - rtl8xxxu: Add support for Edimax EW-7611ULB - mountpointlast(): fix the treatment of LASTBIND - HID: intel-ish-hid: ipc: Add Comet Lake H PCI device ID - HID: intel-ish-hid: ipc: Add Tiger Lake PCI device ID - HID: wacom: Recognize new MobileStudio Pro PID - updates to the arm64 defconfigs: - Enable some EFI stuff on arm64 (mga#26003) - Enable a lot of missing things on arm64 kernels (including ACPI and Amazon network driver) - Disable debug info on arm64 (mga#26015) - reduce difference between arm64 and x86_64 defconfigs

WireGuard kernel module has been updated to 0.0.20200105 and the tools has been updated to 1.0.20200102.

For other fixes in this update, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.10-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.14-18.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7-8.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / wireguard-tools

Package

Name: wireguard-tools
Purl: pkg:rpm/mageia/wireguard-tools?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.20200102-1.mga7

Ecosystem specific

{
    "section": "core"
}