Bug 23419 - Update request: kernel-linus-4.14.62-1.mga6
Summary: Update request: kernel-linus-4.14.62-1.mga6
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: High critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: mga6-64-ok, mga6-32-ok
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-08-09 21:56 CEST by Thomas Backlund
Modified: 2018-08-15 17:46 CEST (History)
2 users (show)

See Also:
Source RPM: kernel-linus
CVE:
Status comment:


Attachments

Description Thomas Backlund 2018-08-09 21:56:06 CEST
Various upstream fixes and a security fix high severity issue that allows remote DOS:
https://www.securityweek.com/segmentsmack-flaw-linux-kernel-allows-remote-dos-attacks

SRPMS:
kernel-linus-4.14.62-1.mga6.src.rpm


i586:
kernel-linus-4.14.62-1.mga6-1-1.mga6.i586.rpm
kernel-linus-devel-4.14.62-1.mga6-1-1.mga6.i586.rpm
kernel-linus-devel-latest-4.14.62-1.mga6.i586.rpm
kernel-linus-doc-4.14.62-1.mga6.noarch.rpm
kernel-linus-latest-4.14.62-1.mga6.i586.rpm
kernel-linus-source-4.14.62-1.mga6-1-1.mga6.noarch.rpm
kernel-linus-source-latest-4.14.62-1.mga6.noarch.rpm


x86_64:
kernel-linus-4.14.62-1.mga6-1-1.mga6.x86_64.rpm
kernel-linus-devel-4.14.62-1.mga6-1-1.mga6.x86_64.rpm
kernel-linus-devel-latest-4.14.62-1.mga6.x86_64.rpm
kernel-linus-doc-4.14.62-1.mga6.noarch.rpm
kernel-linus-latest-4.14.62-1.mga6.x86_64.rpm
kernel-linus-source-4.14.62-1.mga6-1-1.mga6.noarch.rpm
kernel-linus-source-latest-4.14.62-1.mga6.noarch.rpm
Thomas Backlund 2018-08-09 21:56:56 CEST

Priority: Normal => High

Comment 1 Len Lawrence 2018-08-11 17:31:20 CEST
Installed without issues.  Rebooted to working desktop, Mate.

System:    Host: vega Kernel: 4.14.62-1.mga6 x86_64
CPU:       Quad core Intel Core i7-4790K (-HT-MCP-) speed/max: 4398/4400 MHz
Machine:   Device: desktop Mobo: Gigabyte model: G1.Sniper Z97 v: x.x
Graphics:  Card-2: NVIDIA GK104 [GeForce GTX 770]
           GLX Version: 4.6.0 NVIDIA 390.77
Network:   Card-1: Qualcomm Atheros Killer E220x Gigabit Ethernet Controller
           driver: alx
           Card-2: Ralink RT3090 Wireless 802.11n 1T/1R PCIe driver: rt2800pci
RAM:       16 GB

Stress tests, fine.  Bluetooth connected to audio device instantly.  Video and sound OK.  No problems with any other applications.  Leaving this to run.

CC: (none) => tarazed25

Comment 2 Thomas Backlund 2018-08-15 17:00:32 CEST
Flushing this out as more is coming...

Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2018-1087
 - CVE-2018-1118
 - CVE-2018-5390
 - CVE-2018-6412
 - CVE-2018-8897
 - CVE-2018-10853
 - CVE-2018-10840
 - CVE-2018-10876
 - CVE-2018-10877
 - CVE-2018-10879
 - CVE-2018-10880
 - CVE-2018-10881
 - CVE-2018-10882
 - CVE-2018-10883
 - CVE-2018-11412
 - CVE-2018-12904
 - CVE-2018-13405
 - CVE-2018-14678
src:
  6:
   core:
     - kernel-linus-4.14.62-1.mga6
description: |
  This kernel-linus update is based on the upstream 4.14.62 and fixes atleast
  the following security issues:

  kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1,
  kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the
  Linux kernel's KVM hypervisor handled exceptions delivered after a stack
  switch operation via Mov SS or Pop SS instructions. During the stack switch
  operation, the processor did not deliver interrupts and exceptions, rather
  they are delivered once the first instruction after the stack switch is
  executed. An unprivileged KVM guest user could use this flaw to crash the
  guest or, potentially, escalate their privileges in the guest
  (CVE-2018-1087).

  Linux kernel vhost since version 4.8 does not properly initialize memory in
  messages passed between virtual guests and the host operating system in the
  vhost/vhost.c:vhost_new_msg() function. This can allow local privileged
  users to read some kernel memory contents when reading from the
  /dev/vhost-net device file (CVE-2018-1118).

  Security researchers from FICORA have identified a remote denial of
  service attack against the Linux kernel caused by inefficient
  implementation of TCP segment reassembly, named "SegmentSmack".
  A remote attacker could consume a lot of CPU resources in the kernel
  networking stack with just a low bandwidth or single host attack by
  using lots of small TCP segments packets. Usually large botnets are
  needed for similar effect. The rate needed for this denial of service
  attack to be effective is several magnitudes lower than the usual
  packet processing capability of the machine, as the attack exploits
  worst case behaviour of existing algorithms (CVE-2018-5390).
  In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c
  in the Linux kernel through 4.15, an integer signedness error allows
  arbitrary information leakage for the FBIOPUTCMAP_SPARC and
  FBIOGETCMAP_SPARC commands (CVE-2018-6412).

  In some circumstances, some operating systems or hypervisors may not expect
  or properly handle an Intel architecture hardware debug exception. The error
  appears to be due to developer interpretation of existing documentation for
  certain Intel architecture interrupt/exception instructions, namely MOV SS
  and POP SS. An authenticated attacker may be able to read sensitive data in
  memory or control low-level operating system functions (CVE-2018-8897).

  Linux kernel is vulnerable to a heap-based buffer overflow in the 
  fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit
  this by operating on a mounted crafted ext4 image (CVE-2018-10840).

  The kvm functions that were used in the emulation of fxrstor, fxsave,
  sgdt and sidt were originally meant for task switching, and as such they
  did not check privilege levels. This allowed guest userspace to guest
  kernel write (CVE-2018-10853).

  A flaw was found in Linux kernel ext4 File System. A use-after-free in
  ext4_ext_remove_space() when mounting and operating a crafted ext4 image
  (CVE-2018-10876).

  Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the
  ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem
  image (CVE-2018-10877).

  A flaw was found in Linux kernel ext4 filesystem. A local user can cause a
  use-after-free in ext4_xattr_set_entry function and so a denial of service
  or possibly unspecified other impact by when renaming a file in a crafted
  ext4 filesystem image (CVE-2018-10879).

  A flaw was found in Linux kernel ext4 filesystem code. A stack-out-of-bounds
  write in ext4_update_inline_data() is possible when mounting and writing to
  a crafted ext4 image. An attacker could use this to cause  a system crash
  and a denial of service (CVE-2018-10880).

  A flaw was found in Linux kernel ext4 filesystem. A local user can cause an
  out-of-bound access in ext4_get_group_info function and so a denial of
  service and a system crash by mounting and operating on a crafted ext4
  filesystem image (CVE-2018-10881).

  A flaw was found in Linux kernel ext4 File System. An out-of-bound write
  when unmounting a crafted ext4 image in fs/jbd2/transaction.c. An attacker
  could use this to cause a denial of service (system crash) (CVE-2018-10882).

  A flaw was found in Linux kernel ext4 File System. An out-of-bound write in
  jbd2_journal_dirty_metadata() that kernel cannot handle when mounting and
  operating a crafted ext4 image. An attacker could use this to cause a
  denial of service (system crash) (CVE-2018-10883).

  In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in
  fs/ext4/inline.c performs a memcpy with an untrusted length value in certain
  circumstances involving a crafted filesystem that stores the system.data
  extended attribute value in a dedicated inode (CVE-2018-11412).

  In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested
  virtualization is used, local attackers could cause L1 KVM guests to
  VMEXIT, potentially allowing privilege escalations and denial of service
  attacks due to lack of checking of CPL (CVE-2018-12904).

  The inode_init_owner function in fs/inode.c in the Linux kernel through
  4.17.4 allows local users to create files with an unintended group
  ownership, in a scenario where a directory is SGID to a certain group and
  is writable by a user who is not a member of that group. Here, the
  non-member can trigger creation of a plain file whose group ownership is
  that group. The intended behavior was that the non-member can trigger
  creation of a directory (but not a plain file) whose group ownership is
  that group. The non-member can escalate privileges by making the plain
  file executable and SGID (CVE-2018-13405).

  An issue was discovered in the Linux kernel through 4.17.11, as used
  in Xen through 4.11.x. The xen_failsafe_callback entry point in 
  arch/x86/entry/entry_64.S does not properly maintain RBX, which allows
  local users to cause a denial of service (uninitialized memory usage
  and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can
  trigger a guest OS crash or possibly gain privileges (CVE-2018-14678).

  Other changes in this update:
  * enable Mellanox5 support (mga#23263)
  * enable SMARTPQI support (mga#23305)

  For other upstream fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23419
 - https://www.securityweek.com/segmentsmack-flaw-linux-kernel-allows-remote-dos-attacks
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.45
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.46
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.47
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.48
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.49
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.50
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.51
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.52
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.53
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.54
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.55
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.56
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.57
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.58
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.59
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.60
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.61
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.62

Whiteboard: (none) => mga6-64-ok, mga6-32-ok
Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2018-08-15 17:46:48 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0341.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.