Advisories ยป MGASA-2018-0373

Updated kernel packages fix security vulnerabilities

Publication date: 14 Sep 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6554 , CVE-2018-6555

Description

This kernel update is based on the upstream 4.14.69 and adds additional
fixes for the L1TF and Spectre security issues. It also fixes at least
the following security issues:

Memory leak in the irda_bind function in net/irda/af_irda.c and later in
drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows
local users to cause a denial of service (memory consumption) by repeatedly
binding an AF_IRDA socket (CVE-2018-6554).

The irda_setsockopt function in net/irda/af_irda.c and later in
drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows
local users to cause a denial of service (ias_object use-after-free and
system crash) or possibly have unspecified other impact via an AF_IRDA
socket (CVE-2018-6555).

Other fixes in this update:
* WireGuard has been updated to 0.0.20180904
* all SPI_INTEL_SPI config options have been disable to prevent a potential
  bios corrupting bug (mga#23560)

For other changes in this update, see the referenced changelogs.
                

References

SRPMS

6/core