Mageia 2018-0487: kernel security update
Summary
This kernel update is based on the upstream 4.14.89 and fixes atleast the
following security issues:
Cross-hyperthread Spectre v2 mitigation is now provided by the Single
Thread Indirect Branch Predictors (STIBP) support. Note that STIBP also
requires the functionality be supported by the Intel microcode in use.
It was found that cephx authentication protocol did not verify ceph clients
correctly and was vulnerable to replay attack. Any attacker having access
to ceph cluster network who is able to sniff packets on network can use
this vulnerability to authenticate with ceph service and perform actions
allowed by ceph service (CVE-2018-1128).
A flaw was found in the way signature calculation was handled by cephx
authentication protocol. An attacker having access to ceph cluster network
who is able to alter the message payload was able to bypass signature
checks done by cephx protocol (CVE-2018-1129).
A flaw was found in the Linux Kernel where an attacker may be able to have
an uncont...
References
- https://bugs.mageia.org/show_bug.cgi?id=24032
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.79
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.80
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.81
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.82
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.83
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.84
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.85
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.86
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.88
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.89
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1129
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14625
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16862
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18397
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19824
Resolution
MGASA-2018-0487 - Updated kernel packages fix security vulnerabilities
SRPMS
- 6/core/kernel-4.14.89-1.mga6
- 6/core/kernel-userspace-headers-4.14.89-1.mga6
- 6/core/kmod-vboxadditions-5.2.22-5.mga6
- 6/core/kmod-virtualbox-5.2.22-5.mga6
- 6/core/kmod-xtables-addons-2.13-75.mga6