| Beschreibung: | Summary:
The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2018-0172 advisory.
Vulnerability Insight:
This kernel update is based on the upstream 4.14.25 and updates the
KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86. It also adds
ome optimizations and improvements to mitigate some of the slowdons
caused by the Meltdown (CVE-2017-5754) and Spectre, variant 2
(CVE-2017-5715).
Other security fixes in this update:
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the
case of a rule blob that contains a jump but lacks a user-defined chain,
which allows local users to cause a denial of service (NULL pointer
dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability,
related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table
in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in
net/ipv6/netfilter/ip6_tables.c (CVE-2018-1065).
Other changes in this update:
WireGuard has been updated to 0.0.20180304.
A fix in the scsi subsystem that prevents the kernel to hang or oops,
triggered at least when trying to mount some raid6 setups (mga#22704).
input/goodix: add support for GDIX1002 (mga#22703)
For other upstream fixes in this update, read the referenced changelogs.
Affected Software/OS:
'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 6.
Solution:
Please install the updated package(s).
CVSS Score:
4.7
CVSS Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
|
