MGASA-2019-0107
Vulnerability Summary
Timeline
Description
Updated kernel packages fix security vulnerability This kernel update is based on the upstream 4.14.104 and fixes at least the following security issue: Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM (CVE-2018-1000026). It also fixes signal handling issues causing powertop to crash and some tracing tools to fail on execve tests. For other uptstream fixes in this update, see the referenced changelogs.
Affected Systems
- mageia•kernel
< 4.14.104-2.mga6
- mageia•kernel-userspace-headers
< 4.14.104-2.mga6
- mageia•kmod-vboxadditions
< 5.2.24-8.mga6
- mageia•kmod-virtualbox
< 5.2.24-8.mga6
- mageia•kmod-xtables-addons
< 2.13-82.mga6
References (6)
- https://advisories.mageia.org/MGASA-2019-0107.html
- https://bugs.mageia.org/show_bug.cgi?id=24440
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.101
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.102
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.103
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.104