MGASA-2019-0185

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0185.html

Import Source

https://advisories.mageia.org/MGASA-2019-0185.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0185

Related

Published

2019-05-30T09:01:50Z

Modified

2019-05-30T08:24:52Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This kernel update provides the upstream 4.14.121. It adds additional fixes to the the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities.

It also fixes the following security issues:

A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects (CVE-2019-10142).

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (CVE-2019-11833).

It also fixes an upstream regression that caused older 'legacy' bluetooth adapters to stop working (mga #24840).

For other uptstream fixes in this update, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.121-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.121-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.8-2.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.8-2.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-86.mga6

Ecosystem specific

{
    "section": "core"
}