Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Mageia 6: MGASA-2018-0419 High: Kernel Denial of Service and More

mageia
Calendar Grey October 27, 2018
Dist Mageia Esm H88
Kernel-linus version 4.14.78 for Mageia resolves urgent security vulnerabilities. Prompt measures are required for impacted releases.
This kernel-linus update is based on the upstream 4.14.78 and adds additional fixes for the L1TF security issues

Summary

This kernel-linus update is based on the upstream 4.14.78 and adds additional fixes for the L1TF security issues. It also fixes atleast the following security issues:
Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments (CVE-2018-5391, FragmentSmack).
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (CVE-2018-6554).
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=23689

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.70

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.71

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.72

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.73

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.74

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.76

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.77

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78

- https://www.cve.org/CVERecord?id=CVE-2018-5391

- https://www.cve.org/CVERecord?id=CVE-2018-6554

- https://www.cve.org/CVERecord?id=CVE-2018-6555

- https://www.cve.org/CVERecord?id=CVE-2018-7755

- https://www.cve.org/CVERecord?id=CVE-2018-14633

- https://www.cve.org/CVERecord?id=CVE-2018-14641

- https://www.cve.org/CVERecord?id=CVE-2018-15471

- https://www.cve.org/CVERecord?id=CVE-2018-17182

- https://www.cve.org/CVERecord?id=CVE-2018-18445

Topics%20covered

Topics Covered

security advisory denial of service high severity buffer overflow memory leak Mageia

Resolution

SRPMS

- 6/core/kernel-linus-4.14.78-1.mga6

Publication date: 27 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0419.html
Type: security
CVE: CVE-2018-5391, CVE-2018-6554, CVE-2018-6555, CVE-2018-7755, CVE-2018-14633, CVE-2018-14641, CVE-2018-15471, CVE-2018-17182, CVE-2018-18445

Topics%20covered

Topics Covered

security advisory denial of service high severity buffer overflow memory leak Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here