{"id":"MGASA-2018-0373","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on the upstream 4.14.69 and adds additional\nfixes for the L1TF and Spectre security issues. It also fixes at least\nthe following security issues:\n\nMemory leak in the irda_bind function in net/irda/af_irda.c and later in\ndrivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows\nlocal users to cause a denial of service (memory consumption) by repeatedly\nbinding an AF_IRDA socket (CVE-2018-6554).\n\nThe irda_setsockopt function in net/irda/af_irda.c and later in\ndrivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows\nlocal users to cause a denial of service (ias_object use-after-free and\nsystem crash) or possibly have unspecified other impact via an AF_IRDA\nsocket (CVE-2018-6555).\n\nOther fixes in this update:\n* WireGuard has been updated to 0.0.20180904\n* all SPI_INTEL_SPI config options have been disable to prevent a potential\n  bios corrupting bug (mga#23560)\n\nFor other changes in this update, see the referenced changelogs.\n","modified":"2026-04-16T01:47:21.301889523Z","published":"2018-09-14T20:41:44Z","upstream":["CVE-2018-6554","CVE-2018-6555"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0373.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23543"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23560"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.66"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.67"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.68"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.69"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.69-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0373.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.69-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0373.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.18-3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0373.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.18-3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0373.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13-63.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0373.json"}},{"package":{"name":"wireguard-tools","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/wireguard-tools?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.0.20180904-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0373.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}