Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0036)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0036

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0036)

Resumen: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0036 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0036 advisory.

Vulnerability Insight:
This update is based on upstream 5.4.10 and fixes at least the following
security issues:

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows
a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE)
can be zero. (CVE-2019-19037)

It also fixes various potential security issues related to buffer overflows,
double frees, NUll pointer dereferences, improper / missing input
validations and so on.

Other fixes added in this update:
- Revert 'drm/amdgpu: Set no-retry as default.', fixing amdgpu hang
on Raven Ridge gpus (mga#25882)
- drm/i915/gt: Detect if we miss WaIdleLiteRestore, fixes or at least
works around gpu hang (mga#25930)
- 3rdparty/rtl8812au: update to v5.6.4.2 (mga#25982)
- add support for RTL8117 ethernet
- rtl8xxxu: Add support for Edimax EW-7611ULB
- mountpoint_last(): fix the treatment of LAST_BIND
- HID: intel-ish-hid: ipc: Add Comet Lake H PCI device ID
- HID: intel-ish-hid: ipc: Add Tiger Lake PCI device ID
- HID: wacom: Recognize new MobileStudio Pro PID
- updates to the arm64 defconfigs:
- Enable some EFI stuff on arm64 (mga#26003)
- Enable a lot of missing things on arm64 kernels (including ACPI
and Amazon network driver)
- Disable debug info on arm64 (mga#26015)
- reduce difference between arm64 and x86_64 defconfigs

WireGuard kernel module has been updated to 0.0.20200105 and the tools
has been updated to 1.0.20200102.

For other fixes in this update, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-19037
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0036
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0036)
Resumen:	The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0036 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0036 advisory. Vulnerability Insight: This update is based on upstream 5.4.10 and fixes at least the following security issues: ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. (CVE-2019-19037) It also fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. Other fixes added in this update: - Revert 'drm/amdgpu: Set no-retry as default.', fixing amdgpu hang on Raven Ridge gpus (mga#25882) - drm/i915/gt: Detect if we miss WaIdleLiteRestore, fixes or at least works around gpu hang (mga#25930) - 3rdparty/rtl8812au: update to v5.6.4.2 (mga#25982) - add support for RTL8117 ethernet - rtl8xxxu: Add support for Edimax EW-7611ULB - mountpoint_last(): fix the treatment of LAST_BIND - HID: intel-ish-hid: ipc: Add Comet Lake H PCI device ID - HID: intel-ish-hid: ipc: Add Tiger Lake PCI device ID - HID: wacom: Recognize new MobileStudio Pro PID - updates to the arm64 defconfigs: - Enable some EFI stuff on arm64 (mga#26003) - Enable a lot of missing things on arm64 kernels (including ACPI and Amazon network driver) - Disable debug info on arm64 (mga#26015) - reduce difference between arm64 and x86_64 defconfigs WireGuard kernel module has been updated to 0.0.20200105 and the tools has been updated to 1.0.20200102. For other fixes in this update, see the referenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-19037 https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Copyright	Copyright (C) 2022 Greenbone AG