Title
MGASA-2018-0172 -- security update for kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools
Description
This kernel update is based on the upstream 4.14.25 and and updates the
KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86. It also adds
ome optimizations and improvements to mitigate some of the slowdons
caused by the Meltdown (CVE-2017-5754) and Spectre, variant 2
(CVE-2017-5715).
Other security fixes in this update:
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the
case of a rule blob that contains a jump but lacks a user-defined chain,
which allows local users to cause a denial of service (NULL pointer
dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability,
related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table
in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in
net/ipv6/netfilter/ip6_tables.c (CVE-2018-1065).
Other changes in this update:
WireGuard has been updated to 0.0.20180304.
A fix in the scsi subsystem that prevents the kernel to hang or oops,
triggered atleast when trying to mount some raid6 setups (mga#22704).
input/goodix: add support for GDIX1002 (mga#22703)
For other upstream fixes in this update, read the referenced changelogs.