Parent Directory
| 
Revision Log
MGASA-2017-0088: kernel-4.4.55-1.mga5, kernel-userspace-headers-4.4.55-1.mga5, kmod-vboxadditions-5.1.18-2.mga5, kmod-virtualbox-5.1.18-2.mga5, kmod-xtables-addons-2.10-35.mga5
| 1 | type: security |
| 2 | subject: Updated kernel packages fixes security vulnerabilities |
| 3 | CVE: |
| 4 | - CVE-2017-2636 |
| 5 | - CVE-2017-6346 |
| 6 | - CVE-2017-6347 |
| 7 | - CVE-2017-6348 |
| 8 | src: |
| 9 | 5: |
| 10 | core: |
| 11 | - kernel-4.4.55-1.mga5 |
| 12 | - kernel-userspace-headers-4.4.55-1.mga5 |
| 13 | - kmod-vboxadditions-5.1.18-2.mga5 |
| 14 | - kmod-virtualbox-5.1.18-2.mga5 |
| 15 | - kmod-xtables-addons-2.10-35.mga5 |
| 16 | description: | |
| 17 | This kernel update is based on upstream 4.4.55 and fixes atleast |
| 18 | the following security issues: |
| 19 | |
| 20 | Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 |
| 21 | allows local users to gain privileges or cause a denial of service (double |
| 22 | free) by setting the HDLC line discipline (CVE-2017-2636). |
| 23 | |
| 24 | Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 |
| 25 | allows local users to cause a denial of service (use-after-free) or possibly |
| 26 | have unspecified other impact via a multithreaded application that makes |
| 27 | PACKET_FANOUT setsockopt system calls (CVE-2017-6346). |
| 28 | |
| 29 | The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux |
| 30 | kernel before 4.10.1 has incorrect expectations about skb data layout, |
| 31 | which allows local users to cause a denial of service (buffer over-read) |
| 32 | or possibly have unspecified other impact via crafted system calls, as |
| 33 | demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP |
| 34 | transmission (CVE-2017-6347). |
| 35 | |
| 36 | The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before |
| 37 | 4.9.13 improperly manages lock dropping, which allows local users to cause a |
| 38 | denial of service (deadlock) via crafted operations on IrDA devices |
| 39 | (CVE-2017-6348). |
| 40 | |
| 41 | For other upstream fixes in this update, see the referenced changelogs. |
| 42 | references: |
| 43 | - https://bugs.mageia.org/show_bug.cgi?id=20527 |
| 44 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.51 |
| 45 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52 |
| 46 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.53 |
| 47 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.54 |
| 48 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.55 |
| 49 | ID: MGASA-2017-0088 |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |