|
|
Subscribe / Log in / New account

Mageia alert MGASA-2017-0158 (libnl3)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0158: Updated libnl3 packages fix security vulnerability 


Date:
    	      Thu, 8 Jun 2017 23:40:24 +0200


Message-ID:
    	      <20170608214024.787799F856@duvel.mageia.org>


MGASA-2017-0158 - Updated libnl3 packages fix security vulnerability

Publication date: 08 Jun 2017
URL: http://advisories.mageia.org/MGASA-2017-0158.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2017-0386,
     CVE-2017-0553

Description:
An elevation of privilege vulnerability in the libnl library could enable
a local malicious application to execute arbitrary code within the context
of a privileged process (CVE-2017-0386).

An integer overflow vulnerability was found in nlmsg_reserve() triggered
by crafted @len argument resulting into reserving too few bytes
(CVE-2017-0553).

References:
- https://bugs.mageia.org/show_bug.cgi?id=20168
-
https://lists.fedoraproject.org/archives/list/package-ann...
-
https://lists.fedoraproject.org/archives/list/package-ann...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0386
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553

SRPMS:
- 5/core/libnl3-3.2.25-3.1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds