Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Mageia 6: MGASA-2019-0185 Critical: Kernel MDS Attack Fix

mageia
Calendar Grey May 30, 2019
Dist Mageia Esm H88
Mageia 2019-0185 kernel enhancement resolves multiple security vulnerabilities and implements MDS attack countermeasures aimed at potential system instability.
This kernel update provides the upstream 4.14.121

Summary

This kernel update provides the upstream 4.14.121. It adds additional fixes to the the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities.
It also fixes the following security issues:
A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects (CVE-2019-10142).
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (CVE-2019-11833).
It also fixes an upstream regression that caused older 'legacy' bluetooth adapters to stop working (mga #24840).
For other uptstream fixes in this update...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24853

- https://bugs.mageia.org/show_bug.cgi?id=24840

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.120

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.121

- https://www.cve.org/CVERecord?id=CVE-2019-10142

- https://www.cve.org/CVERecord?id=CVE-2019-11833

Topics%20covered

Topics Covered

security advisory security issue kernel update system crash data exposure Mageia MDS attack

Resolution

SRPMS

- 6/core/kernel-4.14.121-1.mga6

- 6/core/kernel-userspace-headers-4.14.121-1.mga6

- 6/core/kmod-vboxadditions-6.0.8-2.mga6

- 6/core/kmod-virtualbox-6.0.8-2.mga6

- 6/core/kmod-xtables-addons-2.13-86.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 30 May 2019
URL: https://advisories.mageia.org/MGASA-2019-0185.html
Type: security
CVE: CVE-2019-10142, CVE-2019-11833

Topics%20covered

Topics Covered

security advisory security issue kernel update system crash data exposure Mageia MDS attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here