Advisories ยป MGASA-2018-0487

Updated kernel packages fix security vulnerabilities

Publication date: 21 Dec 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1128 , CVE-2018-1129 , CVE-2018-14625 , CVE-2018-16862 , CVE-2018-18397 , CVE-2018-19824

Description

This kernel update is based on the upstream 4.14.89 and fixes atleast the
following security issues:

Cross-hyperthread Spectre v2 mitigation is now provided by the Single
Thread Indirect Branch Predictors (STIBP) support. Note that STIBP also
requires the functionality be supported by the Intel microcode in use.

It was found that cephx authentication protocol did not verify ceph clients
correctly and was vulnerable to replay attack. Any attacker having access
to ceph cluster network who is able to sniff packets on network can use
this vulnerability to authenticate with ceph service and perform actions
allowed by ceph service (CVE-2018-1128).

A flaw was found in the way signature calculation was handled by cephx
authentication protocol. An attacker having access to ceph cluster network
who is able to alter the message payload was able to bypass signature
checks done by cephx protocol (CVE-2018-1129).

A flaw was found in the Linux Kernel where an attacker may be able to have
an uncontrolled read to kernel-memory from within a vm guest. A race
condition between connect() and close() function may allow an attacker
using the AF_VSOCK protocol to gather a 4 byte information leak or possibly
intercept or corrupt AF_VSOCK messages destined to other clients
(CVE-2018-14625).

A security flaw was found in the Linux kernel in a way that the cleancache
subsystem clears an inode after the final file truncation (removal). The
new file created with the same inode may contain leftover pages from
cleancache and the old file data instead of the new one (CVE-2018-16862).

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles
access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing
local users to write data into holes in a tmpfs file (if the user has
read-only access to that file, and that file contains holes)
(CVE-2018-18397).

In the Linux kernel through 4.19.6, a local user could exploit a
use-after-free in the ALSA driver by supplying a malicious USB Sound device
(with zero interfaces) (CVE-2018-19824).

For other uptstream fixes in this update, see the referenced changelogs.
                

References

SRPMS

6/core