MGASA-2018-0418 - Updated kernel-tmb packages fix security vulnerabilities

Publication date: 27 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0418.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-5391,
     CVE-2018-7755,
     CVE-2018-14633,
     CVE-2018-14641,
     CVE-2018-15471,
     CVE-2018-17182,
     CVE-2018-18445

This kernel-tmb update is based on the upstream 4.14.78 and adds additional
fixes for the L1TF security issues. It also fixes atleast the following
security issues:

Linux kernel from versions 3.9 and up, is vulnerable to a denial of
service attack with low rates of specially modified packets targeting IP
fragment re-assembly. An attacker may cause a denial of service condition
by sending specially crafted IP fragments (CVE-2018-5391, FragmentSmack).

An issue was discovered in the fd_locked_ioctl function in
drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy
driver will copy a kernel pointer to user memory in response to the
FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the
obtained kernel pointer to discover the location of kernel code and data
and bypass kernel security protections such as KASLR (CVE-2018-7755).

A security flaw was found in the chap_server_compute_md5() function in the
ISCSI target code in the Linux kernel in a way an authentication request
from an ISCSI initiator is processed. An unauthenticated remote attacker
can cause a stack buffer overflow and smash up to 17 bytes of the stack.
The attack requires the iSCSI target to be enabled on the victim host.
Depending on how the target's code was built (i.e. depending on a compiler,
compile flags and hardware architecture) an attack may lead to a system
crash and thus to a denial-of-service or possibly to a non-authorized
access to data exported by an iSCSI target. Due to the nature of the flaw,
privilege escalation cannot be fully ruled out, although we believe it is
highly unlikely (CVE-2018-14633).

A security flaw was found in the ip_frag_reasm() function in
net/ipv4/ip_fragment.c in the Linux kernel caused by fixes for
CVE-2018-5391, which can cause a later system crash in ip_do_fragment().
With certain non-default, but non-rare, configuration of a victim host,
an attacker can trigger this crash remotely, thus leading to a remote
denial-of-service (CVE-2018-14641).

An issue was discovered in xenvif_set_hash_mapping in
drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used
in Xen through 4.11.x and other products. The Linux netback driver allows
frontends to control mapping of requests to request queues. When processing
a request to set or change this mapping, some input validation (e.g., for
an integer overflow) was missing or flawed, leading to OOB access in hash
handling. A malicious or buggy frontend may cause the (usually privileged)
backend to make out of bounds memory accesses, potentially resulting in
one or more of privilege escalation, Denial of Service (DoS), or
information leaks (CVE-2018-15471).

An issue was discovered in the Linux kernel through 4.18.8. The
vmacache_flush_all function in mm/vmacache.c mishandles sequence number
overflows. An attacker can trigger a use-after-free (and possibly gain
privileges) via certain thread creation, map, unmap, invalidation, and
dereference operations (CVE-2018-17182).

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before
4.18.13, faulty computation of numeric bounds in the BPF verifier permits
out-of-bounds memory accesses because adjust_scalar_min_max_vals in
kernel/bpf/verifier.c mishandles 32-bit right shifts (CVE-2018-18445).

Other fixes in this update:
* WireGuard has been updated 0.0.20181018

For other uptstream fixes in this update, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=23688
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.70
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.71
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.72
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.73
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.74
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.76
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.77
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14633
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14641
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15471
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18445

SRPMS:
- 6/core/kernel-tmb-4.14.78-1.mga6

Mageia 2018-0418: kernel-tmb security update

This kernel-tmb update is based on the upstream 4.14.78 and adds additional fixes for the L1TF security issues

Summary

This kernel-tmb update is based on the upstream 4.14.78 and adds additional fixes for the L1TF security issues. It also fixes atleast the following security issues:
Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments (CVE-2018-5391, FragmentSmack).
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (CVE-2018-7755).
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentica...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=23688

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.70

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.71

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.72

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.73

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.74

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.76

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.77

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14633

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14641

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15471

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18445

Resolution

MGASA-2018-0418 - Updated kernel-tmb packages fix security vulnerabilities

SRPMS

- 6/core/kernel-tmb-4.14.78-1.mga6

Severity
Publication date: 27 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0418.html
Type: security
CVE: CVE-2018-5391, CVE-2018-7755, CVE-2018-14633, CVE-2018-14641, CVE-2018-15471, CVE-2018-17182, CVE-2018-18445

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved