Updated kernel packages fix security vulnerabilities

2019-10-2917:54:30

Gentoo Foundation

advisories.mageia.org

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

50.8%

JSON

This kernel update is based on the upstream 5.3.7 and fixes several issues: * various security issues in the usb subsystem * rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Other issues fixed by this update: * Xorg displays a black screen with kernel > 5.2.x on some Intel GPUs (mga#25546) * Firmware crash with Intel® Dual Band Wireless AC 3168 (mga#25609) * a fix for an MTRR bug for intel-lpss-pci causing at least some Ice Lake laptops to not boot For other upstream fixes in this update, see the referenced changelog.

OSVersionArchitecturePackageVersionFilename
Mageia7noarchkernel< 5.3.7-4kernel-5.3.7-4.mga7
Mageia7noarchkmod-virtualbox< 6.0.14-4kmod-virtualbox-6.0.14-4.mga7
Mageia7noarchkmod-xtables-addons< 3.5-6kmod-xtables-addons-3.5-6.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	kernel	< 5.3.7-4	kernel-5.3.7-4.mga7
Mageia	7	noarch	kmod-virtualbox	< 6.0.14-4	kmod-virtualbox-6.0.14-4.mga7
Mageia	7	noarch	kmod-xtables-addons	< 3.5-6	kmod-xtables-addons-3.5-6.mga7