Advisories ยป MGASA-2019-0107

Updated kernel packages fix security vulnerability

Publication date: 13 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000026

Description

This kernel update is based on the upstream 4.14.104 and fixes atleast
the following security issue:

Linux Linux kernel version at least v4.8 onwards, probably well before
contains a Insufficient input validation vulnerability in bnx2x network
card driver that can result in DoS: Network card firmware assertion takes
card off-line. This attack appear to be exploitable via An attacker on a
must pass a very large, specially crafted packet to the bnx2x card.
This can be done from an untrusted guest VM (CVE-2018-1000026).

It also fixes signal handling issues causing powertop to crash and some
tracing tools to fail on execve tests.

For other uptstream fixes in this update, see the referenced changelogs.
                

References

SRPMS

6/core