{"id":"MGASA-2018-0263","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on the upstream 4.14.44 and fixes at least\nthe following security issues:\n\nBy mmap()ing a FUSE-backed file onto a process's memory containing command\nline arguments (or environment strings), an attacker can cause utilities\nfrom psutils or procps (such as ps, w) or any other program which makes a\nread() call to the /proc/\u003cpid\u003e/cmdline (or /proc/\u003cpid\u003e/environ) files to\nblock indefinitely (denial of service) or for some controlled time (as a\nsynchronization primitive for other attacks) (CVE-2018-1120).\n\nSpeculative Store Bypass (SSB) – also known as Spectre Variant 4.\nSystems with microprocessors utilizing speculative execution and speculative\nexecution of memory reads before the addresses of all prior memory writes\nare known may allow unauthorized disclosure of information to an attacker\nwith local user access via a side-channel analysis (CVE-2018-3639).\nNOTE! This fix only apply to Amd hardware so far as Intel CPUs need a\nfixed microcode update in order for the fix to get activated. At the time\nof this release we dont yet know when Intel will release new microcode.\n\nA flaw was found in the Linux kernel where an out of memory (oom) killing\nof a process that has large spans of mlocked memory can result in\ndeferencing a NULL pointer, leading to denial of service (CVE-2018-1000200).\n\nNote! In this kernel update we have for now reverted the security fix:\n'Predictable Random Number Generator Weakness (CVE-2018-1108)' that was\npart of the MGASA-2018-0249 security update as it caused several systems\nto stop booting properly (mga#23060).\n\nWireGuard has been updated to 0.0.20180519.\n\nFor other fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T06:24:52.188379870Z","published":"2018-05-31T20:34:08Z","upstream":["CVE-2018-1000200","CVE-2018-1120","CVE-2018-3639"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0263.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23075"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23060"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.41"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.42"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.44"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.44-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0263.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.44-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0263.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.12-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0263.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.12-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0263.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13-38.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0263.json"}},{"package":{"name":"wireguard-tools","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/wireguard-tools?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.0.20180519-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0263.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}