{"id":"MGASA-2018-0374","summary":"Updated kernel-tmb packages fix security vulnerabilities","details":"This kernel-tmb update is based on the upstream 4.14.69 and adds additional\nfixes for the L1TF and Spectre security issues. It also fixes at least\nthe following security issues:\n\nMemory leak in the irda_bind function in net/irda/af_irda.c and later in\ndrivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows\nlocal users to cause a denial of service (memory consumption) by repeatedly\nbinding an AF_IRDA socket (CVE-2018-6554).\n\nThe irda_setsockopt function in net/irda/af_irda.c and later in\ndrivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows\nlocal users to cause a denial of service (ias_object use-after-free and\nsystem crash) or possibly have unspecified other impact via an AF_IRDA\nsocket (CVE-2018-6555).\n\nOther fixes in this update:\n* WireGuard has been updated to 0.0.20180904\n* all SPI_INTEL_SPI config options have been disable to prevent a potential\n  bios corrupting bug (mga#23560)\n\nFor other changes in this update, see the referenced changelogs.\n","modified":"2026-01-30T07:10:47.728334Z","published":"2018-09-14T20:41:44Z","related":["CVE-2018-6554","CVE-2018-6555"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0374.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23544"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23560"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.66"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.67"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.68"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.69"}],"affected":[{"package":{"name":"kernel-tmb","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-tmb?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.69-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0374.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}