Mageia alert MGASA-2018-0172 (kernel)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2018-0172: Updated kernel packages fix security vulnerabilities | |
| Date: | Mon, 19 Mar 2018 13:13:56 +0100 | |
| Message-ID: | <20180319121356.B08769FB11@duvel.mageia.org> |
MGASA-2018-0172 - Updated kernel packages fix security vulnerabilities Publication date: 19 Mar 2018 URL: https://advisories.mageia.org/MGASA-2018-0172.html Type: security Affected Mageia releases: 6 CVE: CVE-2017-5715, CVE-2017-5754, CVE-2018-1065 Description: This kernel update is based on the upstream 4.14.25 and and updates the KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86. It also adds ome optimizations and improvements to mitigate some of the slowdons caused by the Meltdown (CVE-2017-5754) and Spectre, variant 2 (CVE-2017-5715). Other security fixes in this update: The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c (CVE-2018-1065). Other changes in this update: WireGuard has been updated to 0.0.20180304. A fix in the scsi subsystem that prevents the kernel to hang or oops, triggered atleast when trying to mount some raid6 setups (mga#22704). input/goodix: add support for GDIX1002 (mga#22703) For other upstream fixes in this update, read the referenced changelogs. References: - https://bugs.mageia.org/show_bug.cgi?id=22731 - https://bugs.mageia.org/show_bug.cgi?id=22704 - https://bugs.mageia.org/show_bug.cgi?id=22703 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.... - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.... - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.... - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.... - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1065 SRPMS: - 6/core/kernel-4.14.25-1.mga6 - 6/core/kernel-userspace-headers-4.14.25-1.mga6 - 6/core/kmod-vboxadditions-5.2.8-5.mga6 - 6/core/kmod-virtualbox-5.2.8-5.mga6 - 6/core/kmod-xtables-addons-2.13-25.mga6 - 6/core/wireguard-tools-0.0.20180304-1.mga6