Mageia alert MGASA-2016-0005 (kernel)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2016-0005: Updated kernel packages fix security vulnerabilities | |
| Date: | Mon, 11 Jan 2016 11:45:11 +0100 | |
| Message-ID: | <20160111104511.E1AD021C036@valstar.mageia.org> |
MGASA-2016-0005 - Updated kernel packages fix security vulnerabilities Publication date: 11 Jan 2016 URL: http://advisories.mageia.org/MGASA-2016-0005.html Type: security Affected Mageia releases: 5 CVE: CVE-2015-6937, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885, CVE-2015-8550, CVE-2015-8551, CVE-2015-8552, CVE-2015-8660 Description: This kernel update is based on upstream 4.1.15 longterm kernel and fixes the following security issues: The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (CVE-2015-6937). The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands (CVE-2015-7872). The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application (CVE-2015-7884). The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application (CVE-2015-7885). Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host (CVE-2015-8550 / XSA-155). Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host (CVE-2015-8551 / XSA-157). Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space (CVE-2015-8552 / XSA-157). The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application (CVE-2015-8660). For other fixes in this update, see the referenced changelogs. References: - https://bugs.mageia.org/show_bug.cgi?id=17397 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.... - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6937 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7872 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7884 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7885 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8660 SRPMS: - 5/core/kernel-4.1.15-1.mga5 - 5/core/kernel-userspace-headers-4.1.15-1.mga5 - 5/core/kmod-xtables-addons-2.7-7.mga5 - 5/nonfree/kmod-broadcom-wl-6.30.223.271-4.mga5.nonfree - 5/nonfree/kmod-fglrx-15.200.1046-8.mga5.nonfree - 5/nonfree/kmod-nvidia304-304.128-4.mga5.nonfree - 5/nonfree/kmod-nvidia340-340.93-4.mga5.nonfree - 5/nonfree/kmod-nvidia-current-346.96-4.mga5.nonfree