Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0036)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2020.0036

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2020-0036)

Zusammenfassung: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0036 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0036 advisory.

Vulnerability Insight:
This update is based on upstream 5.4.10 and fixes at least the following
security issues:

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows
a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE)
can be zero. (CVE-2019-19037)

It also fixes various potential security issues related to buffer overflows,
double frees, NUll pointer dereferences, improper / missing input
validations and so on.

Other fixes added in this update:
- Revert 'drm/amdgpu: Set no-retry as default.', fixing amdgpu hang
on Raven Ridge gpus (mga#25882)
- drm/i915/gt: Detect if we miss WaIdleLiteRestore, fixes or at least
works around gpu hang (mga#25930)
- 3rdparty/rtl8812au: update to v5.6.4.2 (mga#25982)
- add support for RTL8117 ethernet
- rtl8xxxu: Add support for Edimax EW-7611ULB
- mountpoint_last(): fix the treatment of LAST_BIND
- HID: intel-ish-hid: ipc: Add Comet Lake H PCI device ID
- HID: intel-ish-hid: ipc: Add Tiger Lake PCI device ID
- HID: wacom: Recognize new MobileStudio Pro PID
- updates to the arm64 defconfigs:
- Enable some EFI stuff on arm64 (mga#26003)
- Enable a lot of missing things on arm64 kernels (including ACPI
and Amazon network driver)
- Disable debug info on arm64 (mga#26015)
- reduce difference between arm64 and x86_64 defconfigs

WireGuard kernel module has been updated to 0.0.20200105 and the tools
has been updated to 1.0.20200102.

For other fixes in this update, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-19037
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0036
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0036)
Zusammenfassung:	The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0036 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0036 advisory. Vulnerability Insight: This update is based on upstream 5.4.10 and fixes at least the following security issues: ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. (CVE-2019-19037) It also fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. Other fixes added in this update: - Revert 'drm/amdgpu: Set no-retry as default.', fixing amdgpu hang on Raven Ridge gpus (mga#25882) - drm/i915/gt: Detect if we miss WaIdleLiteRestore, fixes or at least works around gpu hang (mga#25930) - 3rdparty/rtl8812au: update to v5.6.4.2 (mga#25982) - add support for RTL8117 ethernet - rtl8xxxu: Add support for Edimax EW-7611ULB - mountpoint_last(): fix the treatment of LAST_BIND - HID: intel-ish-hid: ipc: Add Comet Lake H PCI device ID - HID: intel-ish-hid: ipc: Add Tiger Lake PCI device ID - HID: wacom: Recognize new MobileStudio Pro PID - updates to the arm64 defconfigs: - Enable some EFI stuff on arm64 (mga#26003) - Enable a lot of missing things on arm64 kernels (including ACPI and Amazon network driver) - Disable debug info on arm64 (mga#26015) - reduce difference between arm64 and x86_64 defconfigs WireGuard kernel module has been updated to 0.0.20200105 and the tools has been updated to 1.0.20200102. For other fixes in this update, see the referenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-19037 https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Copyright	Copyright (C) 2022 Greenbone AG