| Summary: | Update request: kernel-tmb-4.4.39-1.mga5 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | lewyssmith, sysadmin-bugs, tarazed25, wilcal.int |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5-32-OK MGA5-64-OK advisory | ||
| Source RPM: | kernel-tmb | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2016-12-19 21:55:58 CET
Advisory:
This update is based on upstream 4.4.39 and fixes atleast the following
security issues:
Due to lack of size checking on ICMP header length, it is possible to
cause out-of-bounds read on stack (CVE-2016-8399)
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation,
which allows local users to cause a denial of service (system crash) via
a crafted application that makes sendto system calls, related to
net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (CVE-2016-8645).
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through
4.8.11 does not ensure that memory is allocated for limb data, which allows
local users to cause a denial of service (stack memory corruption and panic)
via an add_key system call for an RSA key with a zero exponent
(CVE-2016-8650).
A race condition issue leading to a use-after-free flaw was found in the
way the raw packet sockets implementation in the Linux kernel networking
subsystem handled synchronization while creating the TPACKET_V3 ring
buffer. A local user able to open a raw packet socket (requires the
CAP_NET_RAW capability) could use this flaw to elevate their privileges
on the system (CVE-2016-8655).
A use-after-free vulnerability in the SCSI generic driver allows users
with write access to /dev/sg* or /dev/bsg* to elevate their privileges
(CVE-2016-9576).
Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM)
support is vulnerable to an information leakage issue. It could occur
on x86 platform, while emulating instructions in 32bit mode. A
user/process could use this flaw to leak host kernel memory bytes
(CVE-2016-9756).
A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation allows
CAP_NET_ADMIN users to set negative sk_sndbuf or sk_rcvbuf values.
A user could use this flaw to cause various memory corruptions,
crashes and OOM (CVE-2016-9793).
A use-after-free vulnerability was found in ALSA pcm layer, which allows
local users to cause a denial of service, memory corruption, or possibly
other unspecified impact (CVE-2016-9794).
Other fixes in this update:
- fix for HID gamepad DragonRise (mga#19853)
- fix for radeon driver crashing on Dell Precision M4800 (mga#19892)
For other upstream fixes in this update, see the referenced changelogs.
Refrences:
https://bugs.mageia.org/show_bug.cgi?id=19992
https://bugs.mageia.org/show_bug.cgi?id=19892
https://bugs.mageia.org/show_bug.cgi?id=19853
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.33
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.34
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.35
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.36
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.37
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.38
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.39
Installing this on x86_64 UEFI hardware - kernel-source-4.4.39-1.mga5-1-1.mga5.noarch - kernel-source-latest-4.4.39-1.mga5.noarch - kernel-tmb-desktop-4.4.39-1.mga5-1-1.mga5.x86_64 - kernel-tmb-desktop-devel-4.4.39-1.mga5-1-1.mga5.x86_64 - kernel-tmb-desktop-devel-latest-4.4.39-1.mga5.x86_64 - kernel-tmb-desktop-latest-4.4.39-1.mga5.x86_64 - kernel-userspace-headers-4.4.39-1.mga5.x86_64 libafs (1.6.20-1.mga5) built and installed nvidia-current (367.57-1.mga5.nonfree) module installed vboxadditions (5.1.10-1.1.mga5) module installed virtualbox (5.1.10-1.1.mga5) module installed xtables-addons (2.10-1.mga5): module installed Rebooted under the new kernel: $ uname -r 4.4.39-tmb-desktop-1.mga5 Firefox up and running. Remote login to another local machine. Image display over the network. There was a problem with logout - it hung - needed Ctrl-C. Launched a couple of vbox clients, 32bit and 64bit. Both running smoothly. OK so far. CC:
(none) =>
tarazed25 In VirtualBox, M5, KDE, 64-bit Package(s) under test: kernel-tmb-latest default install of kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.39-desktop-1.mga5 #1 SMP Fri Dec 16 18:43:46 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.39-1.mga5.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing Select kernel under test in GRUB2 menu. [root@localhost wilcal]# uname -a Linux localhost 4.4.39-tmb-desktop-1.mga5 #1 SMP PREEMPT Fri Dec 16 18:14:21 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-4.4.39-1.mga5.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) CC:
(none) =>
wilcal.int In VirtualBox, M5, KDE, 32-bit Package(s) under test: kernel-tmb-latest default install of kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost.localdomain 4.4.39-desktop586-1.mga5 #1 SMP Fri Dec 16 18:34:16 UTC 2016 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.39-1.mga5.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-tmb-desktop-latest from updates_testing Select kernel under test in GRUB2 menu. [root@localhost wilcal]# uname -a Linux localhost.localdomain 4.4.39-tmb-desktop-1.mga5 #1 SMP PREEMPT Fri Dec 16 18:22:16 UTC 2016 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-tmb-desktop-latest Package kernel-tmb-desktop-latest-4.4.39-1.mga5.i586 is already installed M5 x86 real hardware with AMD/ATI/Radeon graphics No problems with this. OK for me. CC:
(none) =>
lewyssmith Advisory made from comments 0 & 1; validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0004.html Status:
NEW =>
RESOLVED |