MGASA-2018-0172

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0172.html

Import Source

https://advisories.mageia.org/MGASA-2018-0172.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0172

Related

Published

2018-03-19T12:13:14Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This kernel update is based on the upstream 4.14.25 and and updates the KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86. It also adds ome optimizations and improvements to mitigate some of the slowdons caused by the Meltdown (CVE-2017-5754) and Spectre, variant 2 (CVE-2017-5715).

Other security fixes in this update:

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAPNETRAW or CAPNETADMIN capability, related to arptdotable in net/ipv4/netfilter/arptables.c, iptdotable in net/ipv4/netfilter/iptables.c, and ip6tdotable in net/ipv6/netfilter/ip6_tables.c (CVE-2018-1065).

Other changes in this update:

WireGuard has been updated to 0.0.20180304.

A fix in the scsi subsystem that prevents the kernel to hang or oops, triggered at least when trying to mount some raid6 setups (mga#22704).

input/goodix: add support for GDIX1002 (mga#22703)

For other upstream fixes in this update, read the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.25-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.25-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.8-5.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.8-5.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-25.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / wireguard-tools

Package

Name: wireguard-tools
Purl: pkg:rpm/mageia/wireguard-tools?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.20180304-1.mga6

Ecosystem specific

{
    "section": "core"
}