{"id":"MGASA-2018-0487","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on the upstream 4.14.89 and fixes at least the\nfollowing security issues:\n\nCross-hyperthread Spectre v2 mitigation is now provided by the Single\nThread Indirect Branch Predictors (STIBP) support. Note that STIBP also\nrequires the functionality be supported by the Intel microcode in use.\n\nIt was found that cephx authentication protocol did not verify ceph clients\ncorrectly and was vulnerable to replay attack. Any attacker having access\nto ceph cluster network who is able to sniff packets on network can use\nthis vulnerability to authenticate with ceph service and perform actions\nallowed by ceph service (CVE-2018-1128).\n\nA flaw was found in the way signature calculation was handled by cephx\nauthentication protocol. An attacker having access to ceph cluster network\nwho is able to alter the message payload was able to bypass signature\nchecks done by cephx protocol (CVE-2018-1129).\n\nA flaw was found in the Linux Kernel where an attacker may be able to have\nan uncontrolled read to kernel-memory from within a vm guest. A race\ncondition between connect() and close() function may allow an attacker\nusing the AF_VSOCK protocol to gather a 4 byte information leak or possibly\nintercept or corrupt AF_VSOCK messages destined to other clients\n(CVE-2018-14625).\n\nA security flaw was found in the Linux kernel in a way that the cleancache\nsubsystem clears an inode after the final file truncation (removal). The\nnew file created with the same inode may contain leftover pages from\ncleancache and the old file data instead of the new one (CVE-2018-16862).\n\nThe userfaultfd implementation in the Linux kernel before 4.19.7 mishandles\naccess control for certain UFFDIO_ ioctl calls, as demonstrated by allowing\nlocal users to write data into holes in a tmpfs file (if the user has\nread-only access to that file, and that file contains holes)\n(CVE-2018-18397).\n\nIn the Linux kernel through 4.19.6, a local user could exploit a\nuse-after-free in the ALSA driver by supplying a malicious USB Sound device\n(with zero interfaces) (CVE-2018-19824).\n\nFor other uptstream fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T01:47:56.646046219Z","published":"2018-12-21T21:28:39Z","upstream":["CVE-2018-1128","CVE-2018-1129","CVE-2018-14625","CVE-2018-16862","CVE-2018-18397","CVE-2018-19824"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0487.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24032"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.79"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.80"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.81"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.82"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.83"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.84"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.85"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.86"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.88"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.89"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.89-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0487.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.89-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0487.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.22-5.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0487.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.22-5.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0487.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13-75.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0487.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}