MGASA-2019-0170

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0170.html

Import Source

https://advisories.mageia.org/MGASA-2019-0170.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0170

Related

Published

2019-05-12T20:58:05Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fixes security vulnerabilities

Details

This kernel update is based on the upstream 4.14.116 and fixes at least the following security issues:

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (CVE-2019-3882).

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (CVE-2019-7308).

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions (CVE-2019-11486).

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmgetnotzero or gettaskmm calls (CVE-2019-11599).

WireGuard has been updated to 0.0.20190406.

For other uptstream fixes in this update, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.116-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.116-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.6-2.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.6-2.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-84.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / wireguard-tools

Package

Name: wireguard-tools
Purl: pkg:rpm/mageia/wireguard-tools?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.20190406-1.mga6

Ecosystem specific

{
    "section": "core"
}