MGASA-2020-0355

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0355.html

Import Source

https://advisories.mageia.org/MGASA-2020-0355.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0355

Related

Published

2020-08-30T18:45:14Z

Modified

2020-08-30T16:25:25Z

Summary

Updated kernel and kernel-linus packages fix security vulnerabilities

Details

This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue:

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in trymergefree_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure (CVE-2019-19448).

A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 filesystem, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability (CVE-2020-14314).

For other upstream fixes and changes in this update, see the referenced changelogs.

Also, the wireguard-tools package has been updated to version 1.0.20200827.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7.19-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kernel-linus

Package

Name: kernel-linus
Purl: pkg:rpm/mageia/kernel-linus?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7.19-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.24-5.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10-3.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / wireguard-tools

Package

Name: wireguard-tools
Purl: pkg:rpm/mageia/wireguard-tools?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.20200827-1.mga7

Ecosystem specific

{
    "section": "core"
}