Advisories ยป MGASA-2015-0435

Updated kernel packages fixes security vulnerability

Publication date: 07 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5257


This kernel update is based on the upstream 4.1.12 longterm kernel and
fixes at least the following security issue:

Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash) (CVE-2015-5257).

It also fixes various upstream bugs, for more info see the referenced

Other fixes in this update:
* improve ath10k (QCA99X0, QCA988X, QCA6174) support (mga#16915)
* silence a harmless warning on 32bit non-dt hardware (mga#17010)
* fix regression with AlpsPS/2 ALPS DualPoint TouchPad of a Dell
  Latitude D600 (mga#17034)
* kernel-firmware-nonfee:
  - Add firmware for mwlwifi
  - add firmware for QCA99X0 hw2.0, QCA988X hw2.0, QCA6174 hw2.1/3.0 (ath10k)
  - brcmfmac: firmware refresh for BCM43602 PCIE devices
* iwlwifi-agn-ucode:
  - Add firmware for Intel Bluetooth 7265 (D1)
  - Update firmware for Intel Bluetooth 7265 (C0/D0)
  - Update firmware for Intel Bluetooth 7260 (B3/B4/B5/B6)