Advisories ยป MGASA-2018-0172

Updated kernel packages fix security vulnerabilities

Publication date: 19 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-5715 , CVE-2017-5754 , CVE-2018-1065


This kernel update is based on the upstream 4.14.25 and and updates the
KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86. It also adds
ome optimizations and improvements to mitigate some of the slowdons
caused by the Meltdown (CVE-2017-5754) and Spectre,  variant 2 

Other security fixes in this update:

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the
case of a rule blob that contains a jump but lacks a user-defined chain,
which allows local users to cause a denial of service (NULL pointer
dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability,
related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table
in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in
net/ipv6/netfilter/ip6_tables.c (CVE-2018-1065).

Other changes in this update:

WireGuard has been updated to 0.0.20180304.

A fix in the scsi subsystem that prevents the kernel to hang or oops,
triggered at least when trying to mount some raid6 setups (mga#22704).

input/goodix: add support for GDIX1002 (mga#22703)

For other upstream fixes in this update, read the referenced changelogs.