Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Mageia: 2020-0183 Critical: Kernel 5.6 Series Security Update

mageia
Calendar Grey April 25, 2020
Dist Mageia Esm H88
The Kernel 5.6 update for Mageia resolves numerous vulnerabilities that pose risks to both system integrity and overall security.
This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes atleast the following security issues: In t...

Summary

This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes atleast the following security issues:
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c (CVE-2019-19377).
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (CVE-2020-11494).
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing (CVE-2020-11565).
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/ usb/gspca/ov519.c allows NULL p...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26525

- https://kernelnewbies.org/Linux_5.6

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.2

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.3

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.4

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.6

- https://www.cve.org/CVERecord?id=CVE-2019-19377

- https://www.cve.org/CVERecord?id=CVE-2020-11494

- https://www.cve.org/CVERecord?id=CVE-2020-11565

- https://www.cve.org/CVERecord?id=CVE-2020-11608

- https://www.cve.org/CVERecord?id=CVE-2020-11609

- https://www.cve.org/CVERecord?id=CVE-2020-11668

Topics%20covered

Topics Covered

security advisory kernel update DoS stack overflow use-after-free Mageia btrfs issue

Resolution

SRPMS

- 7/core/kernel-5.6.6-1.mga7

- 7/core/kmod-virtualbox-6.0.20-2.mga7

- 7/core/kmod-xtables-addons-3.9-1.mga7

- 7/core/xtables-addons-3.9-1.mga7

- 7/core/ldetect-lst-0.6.9-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 25 Apr 2020
URL: https://advisories.mageia.org/MGASA-2020-0183.html
Type: security
CVE: CVE-2019-19377, CVE-2020-11494, CVE-2020-11565, CVE-2020-11608, CVE-2020-11609, CVE-2020-11668

Topics%20covered

Topics Covered

security advisory kernel update DoS stack overflow use-after-free Mageia btrfs issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here