Mageia 2019-0220: kernel security update

    Date 12 Aug 2019
    805
    Posted By LinuxSecurity Advisories
    This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes atleast the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of
    MGASA-2019-0220 - Updated kernel packages fix security vulnerabilities
    
    Publication date: 12 Aug 2019
    URL: https://advisories.mageia.org/MGASA-2019-0220.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-1125,
         CVE-2019-10207
    
    This kernel update provides an update to the kernel 5.2 series, currently
    based on 5.2.7 adding support for newer hardware and other new features.
    It also fixes atleast the following security issues:
    
    A Spectre SWAPGS gadget was found in the Linux kernel's implementation of
    system interrupts. An attacker with local access could use this information
    to reveal private data through a Spectre like side channel (CVE-2019-1125).
    
    A flaw was found in the Linux kernel’s Bluetooth implementation of UART.
    An attacker with local access and write permissions to the Bluetooth
    hardware could use this flaw to issue a specially crafted ioctl function
    call and cause the system to crash (CVE-2019-10207).
    
    It also fixes an issue with newer Intel Wireless cards having firmware
    crashes with newer iwlwifi firmwares (mga#25143)
    
    For other uptstream features, changes and fixes in this update, see the
    referenced changelogs.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=25240
    - https://bugs.mageia.org/show_bug.cgi?id=25143
    - https://kernelnewbies.org/Linux_5.2
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.1
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.2
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.3
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.4
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.5
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.6
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.7
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10207
    
    SRPMS:
    - 7/core/kernel-5.2.7-1.mga7
    - 7/core/kernel-userspace-headers-5.2.7-1.mga7
    - 7/core/kmod-virtualbox-6.0.10-3.mga7
    - 7/core/kmod-xtables-addons-3.3-57.mga7
    - 7/core/xtables-addons-3.3-2.mga7
    - 7/core/ldetect-lst-0.6.3-1.mga7
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":59.09,"resources":[]},{"id":"121","title":"No ","votes":"9","type":"x","order":"2","pct":40.91,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.