Updated kernel packages fix security vulnerabilities
Publication date: 30 Mar 2018Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-5754 , CVE-2018-1068 , CVE-2018-1000004
Description
This kernel update is based on the upstream 4.14.30 and fixes at least
the following security issues:
The KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86 has been
updated to revision 4.
A flaw was found in the Linux kernel implementation of 32 bit syscall
interface for bridging allowing a privileged user to arbitrarily write
to a limited range of kernel memory. This flaw can be exploited not only
by a system's privileged user (a real "root" user), but also by an
attacker who is a privileged user (a "root" user) in a user+network
namespace (CVE-2018-1068).
A race condition vulnerability exists in the sound system, that can
lead to a deadlock and denial of service condition (CVE-2018-1000004).
Other changes in this update:
3rdparty rtl8812au driver has been updated to v5.2.20 (mga#22808) and
adds fixes for KRACK security issue.
For other upstream fixes in this update, read the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=22832
- https://bugs.mageia.org/show_bug.cgi?id=22808
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.26
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.27
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.28
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.29
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.30
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1068
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000004
SRPMS
6/core
- kernel-4.14.30-3.mga6
- kernel-userspace-headers-4.14.30-3.mga6
- kmod-vboxadditions-5.2.8-6.mga6
- kmod-virtualbox-5.2.8-6.mga6
- kmod-xtables-addons-2.13-26.mga6