Mageia 6: MGASA-2018-0374 Moderate: Kernel-tmb Memory Leak and DoS

mageia

September 14, 2018

This kernel-tmb update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues

Summary

This kernel-tmb update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. It also fixes atleast the following security issues:
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (CVE-2018-6554).
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (CVE-2018-6554).
Other fixes in this update: * WireGuard has been updated to 0.0.20180904 * all SPI_INTEL_SPI config options have been disable to prevent a potential bios corrupting bug (mga#23560)
For other changes in this update, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=23544

- https://bugs.mageia.org/show_bug.cgi?id=23560

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.66

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.67

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.68

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.69

- https://www.cve.org/CVERecord?id=CVE-2018-6554

- https://www.cve.org/CVERecord?id=CVE-2018-6555

Topics Covered

security advisory denial of service memory leak Mageia Spectre L1TF

Resolution

SRPMS

- 6/core/kernel-tmb-4.14.69-1.mga6

Publication date: 14 Sep 2018

URL: https://advisories.mageia.org/MGASA-2018-0374.html

Type: security

CVE: CVE-2018-6554, CVE-2018-6555

Topics Covered

security advisory denial of service memory leak Mageia Spectre L1TF

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 6: MGASA-2018-0374 Moderate: Kernel-tmb Memory Leak and DoS

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 6: MGASA-2018-0374 Moderate: Kernel-tmb Memory Leak and DoS

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!