/[advisories]/24773.adv
ViewVC logotype

Contents of /24773.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8539 - (show annotations) (download)
Sun May 12 20:21:57 2019 UTC (3 months, 1 week ago) by tmb
File size: 2590 byte(s)
MGASA-2019-0170: kernel-4.14.116-1.mga6, kernel-userspace-headers-4.14.116-1.mga6, kmod-vboxadditions-6.0.6-2.mga6, kmod-virtualbox-6.0.6-2.mga6, kmod-xtables-addons-2.13-84.mga6, wireguard-tools-0.0.20190406-1.mga6
1 type: security
2 subject: Updated kernel packages fixes security vulnerabilities
3 CVE:
4 - CVE-2019-3882
5 - CVE-2019-7308
6 - CVE-2019-11486
7 - CVE-2019-11599
8 src:
9 6:
10 core:
11 - kernel-4.14.116-1.mga6
12 - kernel-userspace-headers-4.14.116-1.mga6
13 - kmod-vboxadditions-6.0.6-2.mga6
14 - kmod-virtualbox-6.0.6-2.mga6
15 - kmod-xtables-addons-2.13-84.mga6
16 - wireguard-tools-0.0.20190406-1.mga6
17 description: |
18 This kernel update is based on the upstream 4.14.116 and fixes atleast
19 the following security issues:
20
21 A flaw was found in the Linux kernel's vfio interface implementation that
22 permits violation of the user's locked memory limit. If a device is bound
23 to a vfio driver, such as vfio-pci, and the local attacker is
24 administratively granted ownership of the device, it may cause a system
25 memory exhaustion and thus a denial of service (DoS) (CVE-2019-3882).
26
27 kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable
28 out-of-bounds speculation on pointer arithmetic in various cases, including
29 cases of different branches with different state or limits to sanitize,
30 leading to side-channel attacks (CVE-2019-7308).
31
32 The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the
33 Linux kernel before 5.0.8 has multiple race conditions (CVE-2019-11486).
34
35 The coredump implementation in the Linux kernel before 5.0.10 does not use
36 locking or other mechanisms to prevent vma layout or vma flags changes while
37 it runs, which allows local users to obtain sensitive information, cause a
38 denial of service, or possibly have unspecified other impact by triggering
39 a race condition with mmget_not_zero or get_task_mm calls (CVE-2019-11599).
40
41 WireGuard has been updated to 0.0.20190406.
42
43 For other uptstream fixes in this update, see the referenced changelogs.
44 references:
45 - https://bugs.mageia.org/show_bug.cgi?id=24773
46 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.107
47 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.108
48 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.109
49 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.110
50 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.111
51 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
52 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.113
53 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
54 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.115
55 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.116
56 ID: MGASA-2019-0170

  ViewVC Help
Powered by ViewVC 1.1.26