advisories/20529.adv

type: security
subject: Updated kernel-linus packages fixes security vulnerabilities
CVE:
 - CVE-2017-2636
 - CVE-2017-6346
 - CVE-2017-6347
 - CVE-2017-6348
src:
  5:
   core:
     - kernel-linus-4.4.55-1.mga5
description: |
  This kernel-linus update is based on upstream 4.4.55 and fixes atleast
  the following security issues:

  Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1
  allows local users to gain privileges or cause a denial of service (double
  free) by setting the HDLC line discipline (CVE-2017-2636).

  Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13
  allows local users to cause a denial of service (use-after-free) or possibly
  have unspecified other impact via a multithreaded application that makes
  PACKET_FANOUT setsockopt system calls (CVE-2017-6346).

  The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux
  kernel before 4.10.1 has incorrect expectations about skb data layout,
  which allows local users to cause a denial of service (buffer over-read)
  or possibly have unspecified other impact via crafted system calls, as
  demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP
  transmission (CVE-2017-6347).

  The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before
  4.9.13 improperly manages lock dropping, which allows local users to cause a
  denial of service (deadlock) via crafted operations on IrDA devices
  (CVE-2017-6348).

  For other upstream fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20529
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.51
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.53
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.54
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.55
ID: MGASA-2017-0090
1	type: security
2	subject: Updated kernel-linus packages fixes security vulnerabilities
3	CVE:
4	- CVE-2017-2636
5	- CVE-2017-6346
6	- CVE-2017-6347
7	- CVE-2017-6348
8	src:
9	5:
10	core:
11	- kernel-linus-4.4.55-1.mga5
12	description: \|
13	This kernel-linus update is based on upstream 4.4.55 and fixes atleast
14	the following security issues:
15
16	Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1
17	allows local users to gain privileges or cause a denial of service (double
18	free) by setting the HDLC line discipline (CVE-2017-2636).
19
20	Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13
21	allows local users to cause a denial of service (use-after-free) or possibly
22	have unspecified other impact via a multithreaded application that makes
23	PACKET_FANOUT setsockopt system calls (CVE-2017-6346).
24
25	The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux
26	kernel before 4.10.1 has incorrect expectations about skb data layout,
27	which allows local users to cause a denial of service (buffer over-read)
28	or possibly have unspecified other impact via crafted system calls, as
29	demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP
30	transmission (CVE-2017-6347).
31
32	The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before
33	4.9.13 improperly manages lock dropping, which allows local users to cause a
34	denial of service (deadlock) via crafted operations on IrDA devices
35	(CVE-2017-6348).
36
37	For other upstream fixes in this update, see the referenced changelogs.
38	references:
39	- https://bugs.mageia.org/show_bug.cgi?id=20529
40	- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.51
41	- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52
42	- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.53
43	- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.54
44	- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.55
45	ID: MGASA-2017-0090