Mageia 2019-0107: kernel security update

    Date13 Mar 2019
    CategoryMageia
    305
    Posted ByLinuxSecurity Advisories
    This kernel update is based on the upstream 4.14.104 and fixes atleast the following security issue: Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network
    MGASA-2019-0107 - Updated kernel packages fix security vulnerability
    
    Publication date: 13 Mar 2019
    URL: https://advisories.mageia.org/MGASA-2019-0107.html
    Type: security
    Affected Mageia releases: 6
    CVE: CVE-2018-1000026
    
    This kernel update is based on the upstream 4.14.104 and fixes atleast
    the following security issue:
    
    Linux Linux kernel version at least v4.8 onwards, probably well before
    contains a Insufficient input validation vulnerability in bnx2x network
    card driver that can result in DoS: Network card firmware assertion takes
    card off-line. This attack appear to be exploitable via An attacker on a
    must pass a very large, specially crafted packet to the bnx2x card.
    This can be done from an untrusted guest VM (CVE-2018-1000026).
    
    It also fixes signal handling issues causing powertop to crash and some
    tracing tools to fail on execve tests.
    
    For other uptstream fixes in this update, see the referenced changelogs.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=24440
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.101
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.102
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.103
    - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.104
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000026
    
    SRPMS:
    - 6/core/kernel-4.14.104-2.mga6
    - 6/core/kernel-userspace-headers-4.14.104-2.mga6
    - 6/core/kmod-vboxadditions-5.2.24-8.mga6
    - 6/core/kmod-virtualbox-5.2.24-8.mga6
    - 6/core/kmod-xtables-addons-2.13-82.mga6
    

    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/products?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote
    8
    radio
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.