|
|
Log in / Subscribe / Register

Mageia alert MGASA-2019-0185 (kernel)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2019-0185: Updated kernel packages fix security vulnerabilities 


Date:
              Thu, 30 May 2019 11:02:41 +0200


Message-ID:
              <20190530090241.2B6EEA000E@duvel.mageia.org>


MGASA-2019-0185 - Updated kernel packages fix security vulnerabilities

Publication date: 30 May 2019
URL: https://advisories.mageia.org/MGASA-2019-0185.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2019-10142,
     CVE-2019-11833

Description:
This kernel update provides the upstream 4.14.121. It adds additional
fixes to the the kernel side mitigations for the Microarchitectural
Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities.

It also fixes the following security issues:

A flaw was found in the Linux kernel's freescale hypervisor manager
implementation. A parameter passed via to an ioctl was incorrectly
validated and used in size calculations for the page size calculation.
An attacker can use this flaw to crash the system or corrupt memory
or, possibly, create other adverse security affects (CVE-2019-10142).

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out
the unused memory region in the extent tree block, which might allow
local users to obtain sensitive information by reading uninitialized
data in the filesystem (CVE-2019-11833).

It also fixes an upstream regression that caused older 'legacy'
bluetooth adapters to stop working (mga #24840).

For other uptstream fixes in this update, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=24853
- https://bugs.mageia.org/show_bug.cgi?id=24840
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4....
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4....
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...

SRPMS:
- 6/core/kernel-4.14.121-1.mga6
- 6/core/kernel-userspace-headers-4.14.121-1.mga6
- 6/core/kmod-vboxadditions-6.0.8-2.mga6
- 6/core/kmod-virtualbox-6.0.8-2.mga6
- 6/core/kmod-xtables-addons-2.13-86.mga6
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds