Bug 17553 - Update request: kernel-tmb-4.1.15-2.mga5
Summary: Update request: kernel-tmb-4.1.15-2.mga5
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: High critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA5-64-OK MGA5-32-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-01-20 19:29 CET by Thomas Backlund
Modified: 2016-01-21 07:10 CET (History)
2 users (show)

See Also:
Source RPM: kernel-tmb
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2016-01-20 19:29:59 CET 
This update only contains this 2 fixes compared to the 4.1.15-1 released in MGASA-2016-0015 so testing is fast...just ensure it installs and boots

Advisory (also added to svn)

Perception Point Research Team found a reference leak in keyring in
join_session_keyring() that can be exploited to successfully escalate
privileges from a local user to root (CVE-2016-0728).

Other fixes in this kernel update:
- netfilter: nf_nat_redirect: add missing NULL pointer check


SRPM:
kernel-tmb-4.1.15-2.mga5.src.rpm


i586:
kernel-tmb-desktop-4.1.15-2.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-4.1.15-2.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-latest-4.1.15-2.mga5.i586.rpm
kernel-tmb-desktop-latest-4.1.15-2.mga5.i586.rpm
kernel-tmb-source-4.1.15-2.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.1.15-2.mga5.noarch.rpm


x86_64:
kernel-tmb-desktop-4.1.15-2.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-4.1.15-2.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-latest-4.1.15-2.mga5.x86_64.rpm
kernel-tmb-desktop-latest-4.1.15-2.mga5.x86_64.rpm
kernel-tmb-source-4.1.15-2.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.1.15-2.mga5.noarch.rpm

Reproducible: 

Steps to Reproduce:
Thomas Backlund 2016-01-20 19:32:43 CET

Priority: Normal => High
Whiteboard: (none) => advisory

Dave Hodgins 2016-01-21 05:25:07 CET

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA5-64-OK MGA5-32-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 1 Dave Hodgins 2016-01-21 05:25:38 CET 
Testing complete on i586/x86_64, real and vb.
Comment 2 Mageia Robot 2016-01-21 07:10:30 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0032.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.