Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Mageia: 2018-0418 Severe: Resolution for Kernel Data Access Vulnerabilities

mageia
Calendar Grey October 27, 2018
Dist Mageia Esm H88
The recent kernel upgrade resolves various security flaws in Mageia, enhancing both protection and reliability, crucial for safeguarding the system.
This kernel update is based on the upstream 4.14.78 and fixes atleast the following security issues: An issue was discovered in the fd_locked_ioctl function in drivers/block/flopp...

Summary

This kernel update is based on the upstream 4.14.78 and fixes atleast the following security issues:
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (CVE-2018-7755).
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an att...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=23687

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.71

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.72

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.73

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.74

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.76

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.77

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78

- https://www.cve.org/CVERecord?id=CVE-2018-7755

- https://www.cve.org/CVERecord?id=CVE-2018-14633

- https://www.cve.org/CVERecord?id=CVE-2018-15471

- https://www.cve.org/CVERecord?id=CVE-2018-18445

Topics%20covered

Topics Covered

security advisory denial of service update critical memory access flaw mageia

Resolution

SRPMS

- 6/core/kernel-4.14.78-1.mga6

- 6/core/kernel-userspace-headers-4.14.78-1.mga6

- 6/core/kmod-vboxadditions-5.2.18-10.mga6

- 6/core/kmod-virtualbox-5.2.18-10.mga6

- 6/core/kmod-xtables-addons-2.13-70.mga6

- 6/core/wireguard-tools-0.0.20181018-1.mga6

Publication date: 27 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0417.html
Type: security
CVE: CVE-2018-7755, CVE-2018-14633, CVE-2018-15471, CVE-2018-18445

Topics%20covered

Topics Covered

security advisory denial of service update critical memory access flaw mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here