I'm breaking kernel-linus "no patching" policy because of the severity of this exploit. This update only contains this one fix compared to the 4.1.15-1 released in MGASA-2016-0014 so testing is fast...just ensure it installs and boots Advisory (also added to svn) Perception Point Research Team found a reference leak in keyring in join_session_keyring() that can be exploited to successfully escalate privileges from a local user to root (CVE-2016-0728). SRPMS: kernel-linus-4.1.15-2.mga5.src.rpm i586: kernel-linus-4.1.15-2.mga5-1-1.mga5.i586.rpm kernel-linus-devel-4.1.15-2.mga5-1-1.mga5.i586.rpm kernel-linus-devel-latest-4.1.15-2.mga5.i586.rpm kernel-linus-doc-4.1.15-2.mga5.noarch.rpm kernel-linus-latest-4.1.15-2.mga5.i586.rpm kernel-linus-source-4.1.15-2.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.1.15-2.mga5.noarch.rpm x86_64: kernel-linus-4.1.15-2.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-4.1.15-2.mga5-1-1.mga5.x86_64.rpm kernel-linus-devel-latest-4.1.15-2.mga5.x86_64.rpm kernel-linus-doc-4.1.15-2.mga5.noarch.rpm kernel-linus-latest-4.1.15-2.mga5.x86_64.rpm kernel-linus-source-4.1.15-2.mga5-1-1.mga5.noarch.rpm kernel-linus-source-latest-4.1.15-2.mga5.noarch.rpm Reproducible: Steps to Reproduce:
Priority: Normal => HighWhiteboard: (none) => advisory
Testing complete on i586/x86_64, real and vb.
Keywords: (none) => validated_updateWhiteboard: advisory => advisory MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0031.html
Status: NEW => RESOLVEDResolution: (none) => FIXED