| Summary: | Update request: kernel-tmb-4.4.55-1.mga5 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | High | CC: | davidwhodgins, sysadmin-bugs, tarazed25 |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory MGA5-64-OK MGA5-32-OK | ||
| Source RPM: | kernel-tmb | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 20553 | ||
|
Description
Thomas Backlund
2017-03-19 18:24:33 CET
Raising priority as atleast one CVE is classed as a local privilegie escalation Priority:
Normal =>
High
Marja Van Waes
2017-03-22 19:14:49 CET
Blocks:
(none) =>
20553 x86_64 : Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz : nvidia GeForce GTX 970 MSI motherboard : 32GB RAM = 4xChannelA-DIMM0 + L1/L2/L3 cache Installed the six packages from Core Updates Testing. Rebooted nvidia, vbox-additions and virtualbox modules rebuilt. $ uname -r 4.4.55-tmb-desktop-1.mga5 firefox et alii all working. 32bit vbox launched successfully with kernel 4.4.54-desktop-1.mga5 CC:
(none) =>
tarazed25
Advisory (already added to svn)
subject: Updated kernel-tmb packages fixes security vulnerabilities
CVE:
- CVE-2017-2636
- CVE-2017-6346
- CVE-2017-6347
- CVE-2017-6348
src:
5:
core:
- kernel-tmb-4.4.55-1.mga5
description: |
This kernel-tmb update is based on upstream 4.4.55 and fixes atleast
the following security issues:
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1
allows local users to gain privileges or cause a denial of service (double
free) by setting the HDLC line discipline (CVE-2017-2636).
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13
allows local users to cause a denial of service (use-after-free) or possibly
have unspecified other impact via a multithreaded application that makes
PACKET_FANOUT setsockopt system calls (CVE-2017-6346).
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux
kernel before 4.10.1 has incorrect expectations about skb data layout,
which allows local users to cause a denial of service (buffer over-read)
or possibly have unspecified other impact via crafted system calls, as
demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP
transmission (CVE-2017-6347).
The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before
4.9.13 improperly manages lock dropping, which allows local users to cause a
denial of service (deadlock) via crafted operations on IrDA devices
(CVE-2017-6348).
For other upstream fixes in this update, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=20528
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.51
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.53
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.54
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.55Whiteboard:
(none) =>
advisory Testing complete on both i586 and x86_64, both on real hardware and under vb. Validating the update. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0089.html Status:
NEW =>
RESOLVED |