Mageia 6 MGASA-2018-0418 High: Kernel-TMB DoS and Buffer Overflow Fixes
mageia
October 27, 2018
This kernel-tmb update is based on the upstream 4.14.78 and adds additional fixes for the L1TF security issues
Summary
This kernel-tmb update is based on the upstream 4.14.78 and adds additional
fixes for the L1TF security issues. It also fixes atleast the following
security issues:
Linux kernel from versions 3.9 and up, is vulnerable to a denial of
service attack with low rates of specially modified packets targeting IP
fragment re-assembly. An attacker may cause a denial of service condition
by sending specially crafted IP fragments (CVE-2018-5391, FragmentSmack).
An issue was discovered in the fd_locked_ioctl function in
drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy
driver will copy a kernel pointer to user memory in response to the
FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the
obtained kernel pointer to discover the location of kernel code and data
and bypass kernel security protections such as KASLR (CVE-2018-7755).
A security flaw was found in the chap_server_compute_md5() function in the
ISCSI target code in the Linux kernel in a way an authentica...
References
- https://bugs.mageia.org/show_bug.cgi?id=23688
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.70
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.71
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.72
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.73
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.74
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.76
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.77
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78
- https://www.cve.org/CVERecord?id=CVE-2018-5391
- https://www.cve.org/CVERecord?id=CVE-2018-7755
- https://www.cve.org/CVERecord?id=CVE-2018-14633
- https://www.cve.org/CVERecord?id=CVE-2018-14641
- https://www.cve.org/CVERecord?id=CVE-2018-15471
- https://www.cve.org/CVERecord?id=CVE-2018-17182
- https://www.cve.org/CVERecord?id=CVE-2018-18445
Topics Covered
Resolution
SRPMS
- 6/core/kernel-tmb-4.14.78-1.mga6
PREVIOUS
NEXT
Publication date: 27 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0418.html
Type: security
CVE: CVE-2018-5391,
CVE-2018-7755,
CVE-2018-14633,
CVE-2018-14641,
CVE-2018-15471,
CVE-2018-17182,
CVE-2018-18445
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!