Fedora 31: FEDORA-2019-91f6e7bb71 Critical: Heap Overflow and DoS

The kernel meta package

The 5.3.13 update contains a number of important fixes across the tree

* Mon Nov 25 2019 Justin M. Forbes - 5.3.13-300

- Fix CVE-2019-14895 (rhbz 1774870 1776139)

- Fix CVE-2019-14896 (rhbz 1774875 1776143)

- Fix CVE-2019-14897 (rhbz 1774879 1776146)

- Fix CVE-2019-14901 (rhbz 1773519 1776184)

- Fix CVE-2019-19078 (rhbz 1776354 1776353)

* Mon Nov 25 2019 Laura Abbott

- Linux v5.3.13

* Fri Nov 22 2019 Justin M. Forbes

- Fix CVE-2019-19077 rhbz 1775724 1775725

* Thu Nov 21 2019 Justin M. Forbes - 5.3.12-300

- Fix CVE-2019-19074 (rhbz 1774933 1774934)

- Fix CVE-2019-19073 (rhbz 1774937 1774939)

- Fix CVE-2019-19072 (rhbz 1774946 1774947)

- Fix CVE-2019-19071 (rhbz 1774949 1774950)

- Fix CVE-2019-19070 (rhbz 1774957 1774958)

- Fix CVE-2019-19068 (rhbz 1774963 1774965)

- Fix CVE-2019-19043 (rhbz 1774972 1774973)

- Fix CVE-2019-19066 (rhbz 1774976 1774978)

- Fix CVE-2019-19046 (rhbz 1774988 1774989)

- Fix CVE-2019-19050 (rhbz 1774998 1775002)

- Fix CVE-2019-19062 (rhbz 1775021 1775023)

- Fix CVE-2019-19064 (rhbz 1775010 1775011)

- Fix CVE-2019-19063 (rhbz 1775015 1775016)

- Fix CVE-2019-19059 (rhbz 1775042 1775043)

- Fix CVE-2019-19058 (rhbz 1775047 1775048)

- Fix CVE-2019-19057 (rhbz 1775050 1775051)

- Fix CVE-2019-19053 (rhbz 1775956 1775110)

- Fix CVE-2019-19056 (rhbz 1775097 1775115)

- Fix CVE-2019-19055 (rhbz 1775074 1775116)

- Fix CVE-2019-19054 (rhbz 1775063 1775117)

* Thu Nov 21 2019 Laura Abbott

- Linux v5.3.12

* Tue Nov 12 2019 Justin M. Forbes - 5.3.11-300

- Linux v5.3.11

- Fixes CVE-2019-11135 (rhbz 1753062 1771649)

- Fixes CVE-2018-12207 (rhbz 1646768 1771645)

- Fixes CVE-2019-0154 (rhbz 1724393 1771642)

- Fixes CVE-2019-0155 (rhbz 1724398 1771644)

* Mon Nov 11 2019 Laura Abbott - 5.3.10-300

- Linux v5.3.10

* Thu Nov 7 2019 Jeremy Cline

- Add support for a number of Macbook keyboards and touchpads (rhbz 1769465)

* Wed Nov 6 2019 Laura Abbott - 5.3.9-300

- Linux v5.3.9

* Tue Oct 29 2019 Laura Abbott - 5.3.8-300

- Linux v5.3.8

[ 1 ] Bug #1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c

https://bugzilla.redhat.com/show_bug.cgi?id=1774870

[ 2 ] Bug #1774875 - CVE-2019-14896 kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c

https://bugzilla.redhat.com/show_bug.cgi?id=1774875

[ 3 ] Bug #1774879 - CVE-2019-14897 kernel: stack-based buffer overflow in add_ie_rates function in drivers/net/wireless/marvell/libertas/cfg.c

https://bugzilla.redhat.com/show_bug.cgi?id=1774879

[ 4 ] Bug #1773519 - CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c

https://bugzilla.redhat.com/show_bug.cgi?id=1773519

[ 5 ] Bug #1776353 - CVE-2019-19078 kernel: memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c leads to DoS

https://bugzilla.redhat.com/show_bug.cgi?id=1776353

su -c 'dnf upgrade --advisory FEDORA-2019-91f6e7bb71' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/