Bug 17551

Summary: Update request: kernel-linus-4.1.15-2.mga5
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: High CC: davidwhodgins, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: advisory MGA5-64-OK MGA5-32-OK
Source RPM: kernel-linus CVE:
Status comment:

Description Thomas Backlund 2016-01-20 19:19:28 CET
I'm breaking kernel-linus "no patching" policy because of the severity of this exploit.

This update only contains this one fix compared to the 4.1.15-1 released in MGASA-2016-0014 so testing is fast...just ensure it installs and boots

Advisory (also added to svn)

Perception Point Research Team found a reference leak in keyring in
join_session_keyring() that can be exploited to successfully escalate
privileges from a local user to root (CVE-2016-0728).

SRPMS:
kernel-linus-4.1.15-2.mga5.src.rpm


i586:
kernel-linus-4.1.15-2.mga5-1-1.mga5.i586.rpm
kernel-linus-devel-4.1.15-2.mga5-1-1.mga5.i586.rpm
kernel-linus-devel-latest-4.1.15-2.mga5.i586.rpm
kernel-linus-doc-4.1.15-2.mga5.noarch.rpm
kernel-linus-latest-4.1.15-2.mga5.i586.rpm
kernel-linus-source-4.1.15-2.mga5-1-1.mga5.noarch.rpm
kernel-linus-source-latest-4.1.15-2.mga5.noarch.rpm


x86_64:
kernel-linus-4.1.15-2.mga5-1-1.mga5.x86_64.rpm
kernel-linus-devel-4.1.15-2.mga5-1-1.mga5.x86_64.rpm
kernel-linus-devel-latest-4.1.15-2.mga5.x86_64.rpm
kernel-linus-doc-4.1.15-2.mga5.noarch.rpm
kernel-linus-latest-4.1.15-2.mga5.x86_64.rpm
kernel-linus-source-4.1.15-2.mga5-1-1.mga5.noarch.rpm
kernel-linus-source-latest-4.1.15-2.mga5.noarch.rpm


Reproducible: 

Steps to Reproduce:
Thomas Backlund 2016-01-20 19:24:09 CET

Priority: Normal => High
Whiteboard: (none) => advisory

Comment 1 Dave Hodgins 2016-01-21 05:26:24 CET
Testing complete on i586/x86_64, real and vb.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA5-64-OK MGA5-32-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 2 Mageia Robot 2016-01-21 07:10:28 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0031.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED