Mageia alert MGASA-2017-0242 (kernel)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2017-0242: Updated kernel packages fixes security and other bugs 
Date:
    	     
 
Thu, 3 Aug 2017 21:06:27 +0200
Message-ID:
    	     
 
<20170803190627.F171B9F875@duvel.mageia.org>
MGASA-2017-0242 - Updated kernel packages fixes security and other bugs

Publication date: 03 Aug 2017
URL: http://advisories.mageia.org/MGASA-2017-0242.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2017-10810

Description:
This kernel update is based on upstream 4.4.79 and fixes atleast the
following security issues:

Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support
is vulnerable to a memory leakage issue. It could occur while creating a
virtio gpu object in virtio_gpu_object_create(). A user/process could use
this flaw to leak host kernel memory potentially resulting in Dos
(CVE-2017-10810).

It also contains followup fixes to the Stack Clash (CVE-2017-1000370,
CVE-2017-1000371) security issues resolved in kernels released at end
of June, 2017.

For other upstream fixes in this update, read the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=21390
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4....
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4....
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4....
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4....
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4....
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10810

SRPMS:
- 5/core/kernel-4.4.79-1.mga5
- 5/core/kernel-userspace-headers-4.4.79-1.mga5
- 5/core/kmod-vboxadditions-5.1.22-8.mga5
- 5/core/kmod-virtualbox-5.1.22-8.mga5
- 5/core/kmod-xtables-addons-2.10-44.mga5