Mageia 2020-0227: kernel security update

    Date 24 May 2020
    198
    Posted By LinuxSecurity Advisories
    This update is based on the upstream 5.6.14 kernel and fixes atleast the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the
    MGASA-2020-0227 - Updated kernel packages fix security vulnerability
    
    Publication date: 24 May 2020
    URL: https://advisories.mageia.org/MGASA-2020-0227.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-10711,
         CVE-2020-12770,
         CVE-2020-13143
    
    This update is based on the upstream 5.6.14 kernel and fixes atleast
    the following security issues:
    
    A NULL pointer dereference flaw was found in the Linux kernel's SELinux
    subsystem in versions before 5.7. This flaw occurs while importing the
    Commercial IP Security Option (CIPSO) protocol's category bitmap into
    the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine.
    While processing the CIPSO restricted bitmap tag in the
    'cipso_v4_parsetag_rbm' routine, it sets the security attribute to
    indicate that the category bitmap is present, even if it has not been
    allocated. This issue leads to a NULL pointer dereference issue while
    importing the same category bitmap into SELinux. This flaw allows a
    remote network user to crash the system kernel, resulting in a denial
    of service (CVE-2020-10711).
    
    An issue was discovered in the Linux kernel through 5.6.11. sg_write
    lacks an sg_remove_request call in a certain failure case
    (CVE-2020-12770).
    
    gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux
    kernel through 5.6.13 relies on kstrdup without considering the
    possibility of an internal '\0' value, which allows attackers to trigger
    an out-of-bounds read (CVE-2020-13143).
    
    Other fixes in this update:
    - KVM: x86: only do L1TF workaround on affected processors (this now
      correctly excludes non-affected AMD Ryzen and EPYC processors)
    - add Amd Renoir detection to amd_nb, hwmon (k10temp) and EDAC
    - additional fixes to the integrated virtualbox support for better
      interaction with virtualbox.org releases
    - ndiswrapper has been updated to 1.63
    - wireguard-tools have been updated to 1.0.20200513
    
    For other upstream fixes and changes in this update, see the refenced
    changelogs.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=26660
    - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.9
    - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.10
    - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.11
    - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.12
    - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.13
    - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.14
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10711
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12770
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13143
    
    SRPMS:
    - 7/core/kernel-5.6.14-2.mga7
    - 7/core/kmod-virtualbox-6.0.20-6.mga7
    - 7/core/kmod-xtables-addons-3.9-4.mga7
    - 7/core/ndiswrapper-1.63-1.mga7
    - 7/core/wireguard-tools-1.0.20200513-1.mga7
    

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/32-how-do-you-feel-about-the-elimination-of-the-terms-blacklist-and-slave-from-the-linux-kernel?task=poll.vote&format=json
    32
    radio
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"7","type":"x","order":"1","pct":18.42,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"4","type":"x","order":"2","pct":10.53,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"27","type":"x","order":"3","pct":71.05,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.