/[advisories]/26331.adv
ViewVC logotype

Contents of /26331.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 10019 - (show annotations) (download)
Fri Mar 13 22:54:54 2020 UTC (4 years ago) by tmb
File size: 2608 byte(s)
MGASA-2020-0140: kernel-5.5.9-1.mga7, kmod-virtualbox-6.0.18-5.mga7, kmod-xtables-addons-3.8-5.mga7
1 type: security
2 subject: Updated kernel packages fix security vulnerabilities
3 CVE:
4 - CVE-2019-19768
5 - CVE-2020-8647
6 - CVE-2020-8648
7 - CVE-2020-8649
8 - CVE-2020-9383
9 - CVE-2020-9391
10 src:
11 7:
12 core:
13 - kernel-5.5.9-1.mga7
14 - kmod-virtualbox-6.0.18-5.mga7
15 - kmod-xtables-addons-3.8-5.mga7
16 description: |
17 This update is based on upstream 5.5.9 and fixes atleast the following
18 security vulnerabilities:
19
20 In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the
21 __blk_add_trace function in kernel/trace/blktrace.c (which is used to
22 fill out a blk_io_trace structure and place it in a per-cpu sub-buffer)
23 (CVE-2019-19768).
24
25 There is a use-after-free vulnerability in the Linux kernel through 5.5.2
26 in the vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647).
27
28 There is a use-after-free vulnerability in the Linux kernel through 5.5.2
29 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c
30 (CVE-2020-8648).
31
32 There is a use-after-free vulnerability in the Linux kernel through 5.5.2
33 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
34 (CVE-2020-8649).
35
36 An issue was discovered in the Linux kernel through 5.5.6. set_fdc in
37 drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read
38 because the FDC index is not checked for errors before assigning it,
39 aka CID-2e90ca68b0d2 (CVE-2020-9383).
40
41 An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6
42 on the AArch64 architecture. It ignores the top byte in the address
43 passed to the brk system call, potentially moving the memory break
44 downwards when the application expects it to move upwards, aka CID-
45 dcde237319e6. This has been observed to cause heap corruption with
46 the GNU C Library malloc implementation (CVE-2020-9391).
47
48 Other notable changes in this update:
49 - kernel is built with the updated gcc-8.4.0, thus fixing the issue
50 with nvidia drivers complaining about gcc mismatch and failing the
51 dkms-nvidia* builds.
52 - ahci: Add Intel Comet Lake H RAID PCI ID
53 - update Amd Sensor Fusion Hub driver to v4
54 - replace staging exfat driver with new upstream exfat driver
55 - update rtl8812au driver for more hw support (mga#26178)
56 - fscrypt: don't evict dirty inodes after removing key
57 references:
58 - https://bugs.mageia.org/show_bug.cgi?id=26331
59 - https://bugs.mageia.org/show_bug.cgi?id=26178
60 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7
61 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8
62 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9
63 ID: MGASA-2020-0140

  ViewVC Help
Powered by ViewVC 1.1.30