Advisories ยป MGASA-2019-0107

Updated kernel packages fix security vulnerability

Publication date: 13 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000026


This kernel update is based on the upstream 4.14.104 and fixes at least
the following security issue:

Linux Linux kernel version at least v4.8 onwards, probably well before
contains a Insufficient input validation vulnerability in bnx2x network
card driver that can result in DoS: Network card firmware assertion takes
card off-line. This attack appear to be exploitable via An attacker on a
must pass a very large, specially crafted packet to the bnx2x card.
This can be done from an untrusted guest VM (CVE-2018-1000026).

It also fixes signal handling issues causing powertop to crash and some
tracing tools to fail on execve tests.

For other uptstream fixes in this update, see the referenced changelogs.