17 matches found
Mageia: Security Advisory (MGASA-2019-0195)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2020-0156 Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.5.14 and fixes at least the following security vulnerabilities: In the Linux kernel 5.3.10, there is a use-after-free read in the perftracelockacquire function related to include/trace/events/lock.h CVE-2019-19769. Manfred Paul discovered that the bpf verifier i...
MGASA-2019-0388 Updated kernel packages fix security vulnerability
This update provides an update to 5.4 series kernels, currently based on upstream 5.4.2, adding support for new hardware and features, and fixing at least the following security issue: KVM: x86: fix out-of-bounds write in KVMGETEMULATEDCPUID CVE-2019-19332 WireGuard has been updated to...
MGASA-2019-0295 Updated kernel packages fix various issues
This kernel update is based on the upstream 5.3.6 and fixes several issues. a potential kernel crash by using suppress-prefix rule in ipv6 3rdparty rtl8723/rtl8821ce drivers have been fixed to work with kernel 5.3 series rtl8xxxu: Fix wifi low signal strength issue of RTL8723BU rtw88 and exfat...
MGASA-2019-0288 Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 5.2.16 and fixes at least the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code CVE-2019-14814,...
MGASA-2019-0287 Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.145 and fixes at least the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code CVE-2019-14814,...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 5.2.16 and fixes at least the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code CVE-2019-14814,...
MGASA-2019-0221 Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.137 and fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre lik...
MGASA-2019-0195 Updated kernel packages fix security vulnerability
This kernel update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map to...
MGASA-2019-0120 Updated kernel packages fix security vulnerability
This kernel update is based on the upstream 4.14.106 and fixes at least the following security issue: In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on...
MGASA-2018-0374 Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. It also fixes at least the following security issues: Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux...
MGASA-2018-0346 Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX m...
MGASA-2018-0345 Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX may...
MGASA-2018-0296 Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.50 and fixes at least the following security issues: In the function sbusfbioctlhelper in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAPSPARC and...
MGASA-2018-0263 Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.44 and fixes at least the following security issues: By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other...
MGASA-2018-0126 Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. The BPF interpreter has been...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.16 and fixes several security issues. The most important fixes in this update is for the security issue named "Spectre, variant 2 CVE-2017-5715" that is partly mitigated by enabling retpoline support. For full retpoline mitigation, kernel needs to ...