MGASA-2020-0183

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0183.html

Import Source

https://advisories.mageia.org/MGASA-2020-0183.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0183

Related

Published

2020-04-25T20:55:48Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues:

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfsqueuework in fs/btrfs/async-thread.c (CVE-2019-19377).

An issue was discovered in slcbump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized canframe data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIGINITSTACK_ALL (CVE-2020-11494).

An issue was discovered in the Linux kernel through 5.6.2. mpolparsestr in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing (CVE-2020-11565).

An issue was discovered in the Linux kernel before 5.6.1. drivers/media/ usb/gspca/ov519.c allows NULL pointer dereferences in ov511modeinitregs and ov518modeinitregs when there are zero endpoints (CVE-2020-11608).

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/ usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference (CVE-2020-11609).

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors (CVE-2020-11668).

xtables-addons has been updated to 4.9 for kernel 5.6 series support.

For other fixes and changes in this update, see the refenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.20-2.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / xtables-addons

Package

Name: xtables-addons
Purl: pkg:rpm/mageia/xtables-addons?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / ldetect-lst

Package

Name: ldetect-lst
Purl: pkg:rpm/mageia/ldetect-lst?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.9-1.mga7

Ecosystem specific

{
    "section": "core"
}