Parent Directory | Revision Log
MGASA-2017-0088: kernel-4.4.55-1.mga5, kernel-userspace-headers-4.4.55-1.mga5, kmod-vboxadditions-5.1.18-2.mga5, kmod-virtualbox-5.1.18-2.mga5, kmod-xtables-addons-2.10-35.mga5
1 | type: security |
2 | subject: Updated kernel packages fixes security vulnerabilities |
3 | CVE: |
4 | - CVE-2017-2636 |
5 | - CVE-2017-6346 |
6 | - CVE-2017-6347 |
7 | - CVE-2017-6348 |
8 | src: |
9 | 5: |
10 | core: |
11 | - kernel-4.4.55-1.mga5 |
12 | - kernel-userspace-headers-4.4.55-1.mga5 |
13 | - kmod-vboxadditions-5.1.18-2.mga5 |
14 | - kmod-virtualbox-5.1.18-2.mga5 |
15 | - kmod-xtables-addons-2.10-35.mga5 |
16 | description: | |
17 | This kernel update is based on upstream 4.4.55 and fixes atleast |
18 | the following security issues: |
19 | |
20 | Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 |
21 | allows local users to gain privileges or cause a denial of service (double |
22 | free) by setting the HDLC line discipline (CVE-2017-2636). |
23 | |
24 | Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 |
25 | allows local users to cause a denial of service (use-after-free) or possibly |
26 | have unspecified other impact via a multithreaded application that makes |
27 | PACKET_FANOUT setsockopt system calls (CVE-2017-6346). |
28 | |
29 | The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux |
30 | kernel before 4.10.1 has incorrect expectations about skb data layout, |
31 | which allows local users to cause a denial of service (buffer over-read) |
32 | or possibly have unspecified other impact via crafted system calls, as |
33 | demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP |
34 | transmission (CVE-2017-6347). |
35 | |
36 | The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before |
37 | 4.9.13 improperly manages lock dropping, which allows local users to cause a |
38 | denial of service (deadlock) via crafted operations on IrDA devices |
39 | (CVE-2017-6348). |
40 | |
41 | For other upstream fixes in this update, see the referenced changelogs. |
42 | references: |
43 | - https://bugs.mageia.org/show_bug.cgi?id=20527 |
44 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.51 |
45 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52 |
46 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.53 |
47 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.54 |
48 | - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.55 |
49 | ID: MGASA-2017-0088 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |