Mageia Advisory: MGASA-2015-0435 - Updated kernel packages fixes security vulnerability

Updated kernel packages fixes security vulnerability

Publication date: 07 Nov 2015
Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5257

Description

This kernel update is based on the upstream 4.1.12 longterm kernel and
fixes at least the following security issue:

Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash) (CVE-2015-5257).

It also fixes various upstream bugs, for more info see the referenced
changelogs.

Other fixes in this update:
* improve ath10k (QCA99X0, QCA988X, QCA6174) support (mga#16915)
* silence a harmless warning on 32bit non-dt hardware (mga#17010)
* fix regression with AlpsPS/2 ALPS DualPoint TouchPad of a Dell
  Latitude D600 (mga#17034)
* kernel-firmware-nonfee:
  - Add firmware for mwlwifi
  - add firmware for QCA99X0 hw2.0, QCA988X hw2.0, QCA6174 hw2.1/3.0 (ath10k)
  - brcmfmac: firmware refresh for BCM43602 PCIE devices
* iwlwifi-agn-ucode:
  - Add firmware for Intel Bluetooth 7265 (D1)
  - Update firmware for Intel Bluetooth 7265 (C0/D0)
  - Update firmware for Intel Bluetooth 7260 (B3/B4/B5/B6)

References

SRPMS

5/core

kernel-4.1.12-1.mga5
kernel-userspace-headers-4.1.12-1.mga5
kmod-vboxadditions-5.0.8-2.mga5
kmod-virtualbox-5.0.8-2.mga5
kmod-xtables-addons-2.7-5.mga5

5/nonfree

kmod-broadcom-wl-6.30.223.271-2.mga5.nonfree
kmod-fglrx-15.200.1046-6.mga5.nonfree
kmod-nvidia304-304.128-2.mga5.nonfree
kmod-nvidia340-340.93-2.mga5.nonfree
kmod-nvidia-current-346.96-2.mga5.nonfree
kernel-firmware-nonfree-20151018-1.mga5.nonfree

Advisories » MGASA-2015-0435

Updated kernel packages fixes security vulnerability

Description

References

SRPMS

5/core

5/nonfree