Bug 18734

Summary: kernel: multiple vulnerabilities (CVE-2016-4578, CVE-2016-5243, CVE-2016-5244)
Product: Mageia Reporter: Alejandro Lopez <listas.apl>
Component: SecurityAssignee: Kernel and Drivers maintainers <kernel>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11, tmb
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/691832/
Whiteboard:
Source RPM: kernel CVE:
Status comment:

Description Alejandro Lopez 2016-06-18 11:29:18 CEST 
Description of problem:
From the Debian advisory:

CVE-2016-4578, CVE-2016-4580, CVE-2016-5243, CVE-2016-5244 - Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA timer, x25, tipc, and rds facilities leaked information from the kernel stack.

Version-Release number of selected component (if applicable):
4.6
Marja Van Waes 2016-06-18 12:15:21 CEST

CC: (none) => marja11
Assignee: bugsquad => tmb

Comment 1 David Walser 2016-08-11 23:13:21 CEST 
These would be fixed in the Cauldron kernel by now, but I just checked mga5 and only CVE-2016-4580's patch is in there.

Version: Cauldron => 5
Summary: kernel: multiple vulnerabilities (CVE-2016-4578, CVE-2016-4580, CVE-2016-5243, CVE-2016-5244) => kernel: multiple vulnerabilities (CVE-2016-4578, CVE-2016-5243, CVE-2016-5244)
Source RPM: (none) => kernel

Comment 2 Marja Van Waes 2016-08-26 11:43:01 CEST 
Mass-reassigning all bugs with "kernel" in the Source RPM field that are assigned to tmb, to the kernel packagers group, because tmb is currently MIA.

Assignee: tmb => kernel

Comment 3 Thomas Backlund 2016-09-27 20:46:49 CEST 
Will all be fixed as soon as 4.4.22 update in bug 19387 goes out

*** This bug has been marked as a duplicate of bug 19387 ***

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => DUPLICATE

Comment 4 Thomas Backlund 2016-09-27 20:47:51 CEST 
I meant 19397

*** This bug has been marked as a duplicate of bug 19397 ***