Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia 6: MGASA-2019-0098 Critical: Kernel DoS And Auth Flaws

mageia
Calendar Grey February 21, 2019
Dist Mageia Esm H88
MGASA-2019-0098 - Updated kernel-linus packages fix security vulnerabilities Publication date: 20 Fe
This kernel-linus update is based on the upstream 4.14.100 and fixes atleast the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single T...

Summary

This kernel-linus update is based on the upstream 4.14.100 and fixes atleast the following security issues:
Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors (STIBP) support. Note that STIBP also requires the functionality be supported by the Intel microcode in use.
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (CVE-2018-1128).
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (CVE-2018-1129).
A flaw was found in the Linux Kernel where an attacker may be able to have an...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24332

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.79

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.80

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.81

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.82

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.83

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.84

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.85

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.86

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.88

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.89

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.90

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.91

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.92

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.93

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.94

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.95

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.96

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.97

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.98

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.100

- https://www.cve.org/CVERecord?id=CVE-2018-1128

- https://www.cve.org/CVERecord?id=CVE-2018-1129

- https://www.cve.org/CVERecord?id=CVE-2018-14625

- https://www.cve.org/CVERecord?id=CVE-2018-16862

- https://www.cve.org/CVERecord?id=CVE-2018-16882

- https://www.cve.org/CVERecord?id=CVE-2018-16884

- https://www.cve.org/CVERecord?id=CVE-2018-18397

- https://www.cve.org/CVERecord?id=CVE-2018-19824

- https://www.cve.org/CVERecord?id=CVE-2018-19985

- https://www.cve.org/CVERecord?id=CVE-2019-3701

- https://www.cve.org/CVERecord?id=CVE-2019-3819

- https://www.cve.org/CVERecord?id=CVE-2019-6974

- https://www.cve.org/CVERecord?id=CVE-2019-7221

- https://www.cve.org/CVERecord?id=CVE-2019-7222

Topics%20covered

Topics Covered

security advisory kernel update DoS attack memory leak system crash authentication flaw Mageia

Resolution

SRPMS

- 6/core/kernel-linus-4.14.100-1.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 20 Feb 2019
URL: https://advisories.mageia.org/MGASA-2019-0098.html
Type: security
CVE: CVE-2018-1128, CVE-2018-1129, CVE-2018-14625, CVE-2018-16862, CVE-2018-16882, CVE-2018-16884, CVE-2018-18397, CVE-2018-19824, CVE-2018-19985, CVE-2019-3701, CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222

Topics%20covered

Topics Covered

security advisory kernel update DoS attack memory leak system crash authentication flaw Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here