Bug 20860 - Update request: kernel-linus-4.4.68-1.mga5
Summary: Update request: kernel-linus-4.4.68-1.mga5
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA5-64-OK MGA5-32-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-05-15 20:26 CEST by Thomas Backlund
Modified: 2017-05-26 08:55 CEST (History)
3 users (show)

See Also:
Source RPM: kernel-linus
CVE:
Status comment:


Attachments

Description Thomas Backlund 2017-05-15 20:26:41 CEST
All critical CVE fixes in as in core kernel in MGASA-2017-0136 + More CVE fixes, including remote NFSD exploits, advisory will follow...


SRPMS:
kernel-linus-4.4.68-1.mga5.src.rpm


i586:
kernel-linus-4.4.68-1.mga5-1-1.mga5.i586.rpm
kernel-linus-devel-4.4.68-1.mga5-1-1.mga5.i586.rpm
kernel-linus-devel-latest-4.4.68-1.mga5.i586.rpm
kernel-linus-doc-4.4.68-1.mga5.noarch.rpm
kernel-linus-latest-4.4.68-1.mga5.i586.rpm
kernel-linus-source-4.4.68-1.mga5-1-1.mga5.noarch.rpm
kernel-linus-source-latest-4.4.68-1.mga5.noarch.rpm


x86_64:
kernel-linus-4.4.68-1.mga5-1-1.mga5.x86_64.rpm
kernel-linus-devel-4.4.68-1.mga5-1-1.mga5.x86_64.rpm
kernel-linus-devel-latest-4.4.68-1.mga5.x86_64.rpm
kernel-linus-doc-4.4.68-1.mga5.noarch.rpm
kernel-linus-latest-4.4.68-1.mga5.x86_64.rpm
kernel-linus-source-4.4.68-1.mga5-1-1.mga5.noarch.rpm
kernel-linus-source-latest-4.4.68-1.mga5.noarch.rpm
Comment 1 Thomas Backlund 2017-05-20 22:45:37 CEST
Advisory (also added to svn):
  This kernel-linus update is based on upstream 4.4.68 and fixes atleast
  the following security issues:

  fs/namespace.c in the Linux kernel before 4.9 does not restrict how many
  mounts may exist in a mount namespace, which allows local users to cause
  a denial of service (memory consumption and deadlock) via MS_BIND mount
  system calls, as demonstrated by a loop that triggers exponential growth
  in the number of mounts (CVE-2016-6213).

  The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in
  the Linux kernel before 4.6 allows local users to gain privileges or cause
  a denial of service (use-after-free) via vectors involving omission of the
  firmware name from a certain data structure (CVE-2016-7913).

  The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux
  kernel before 4.5 does not check whether a batch message's length field is
  large enough, which allows local users to obtain sensitive information from
  kernel memory or cause a denial of service (infinite loop or out-of-bounds
  read) by leveraging the CAP_NET_ADMIN capability (CVE-2016-7917).

  The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through
  4.8.11 does not validate the relationship between the minimum fragment
  length and the maximum packet size, which allows local users to gain
  privileges or cause a denial of service (heap-based buffer overflow) by
  leveraging the CAP_NET_ADMIN capability (CVE-2016-8632).

  drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local
  users to bypass integer overflow checks, and cause a denial of service
  (memory corruption) or have unspecified other impact, by leveraging access
  to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a
  "state machine confusion bug" (CVE-2016-9083).

  drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11
  misuses the kzalloc function, which allows local users to cause a denial
  of service (integer overflow) or have unspecified other impact by
  leveraging access to a vfio PCI device file (CVE-2016-9084).

  It was discovered that root can gain direct access to an internal keyring,
  such as '.builtin_trusted_keys' upstream, by joining it as its session
  keyring. This allows root to bypass module signature verification by adding
  a new public key of its own devising to the keyring (CVE-2016-9604).

  The ping_unhash function in net/ipv4/ping.c in the Linux kernel through
  4.10.8 is too late in obtaining a certain lock and consequently cannot
  ensure that disconnect function calls are safe, which allows local users
  to cause a denial of service (panic) by leveraging access to the protocol
  value of IPPROTO_ICMP in a socket system call (CVE-2017-2671).

  Race condition in kernel/events/core.c in the Linux kernel before 4.9.7
  allows local users to gain privileges via a crafted application that makes
  concurrent perf_event_open system calls for moving a software group into a
  hardware context. NOTE: this vulnerability exists because of an incomplete
  fix for CVE-2016-6786 (CVE-2017-6001).

  The keyring_search_aux function in security/keys/keyring.c in the Linux
  kernel through 3.14.79 allows local users to cause a denial of service
  (NULL pointer dereference and OOPS) via a request_key system call for the
  "dead" type (CVE-2017-6951).

  The packet_set_ring function in net/packet/af_packet.c in the Linux kernel
  through 4.10.6 does not properly validate certain block-size data, which
  allows local users to cause a denial of service (overflow) or possibly have
  unspecified other impact via crafted system calls (CVE-2017-7308).

  A vulnerability was found in the Linux kernel. It was found that
  keyctl_set_reqkey_keyring() function leaks thread keyring which allows
  unprivileged local user to exhaust kernel memory (CVE-2017-7472).

  The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through
  4.10.11 allows remote attackers to cause a denial of service (system crash)
  via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and
  fs/nfsd/nfsxdr.c (CVE-2017-7645).

  The NFSv2 and NFSv3 server implementations in the Linux kernel through
  4.10.13 lack certain checks for the end of a buffer, which allows remote
  attackers to trigger pointer-arithmetic errors or possibly have unspecified
  other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and
  fs/nfsd/nfsxdr.c (CVE-2017-7895).

  For other upstream fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20860
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.60
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.61
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.62
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.63
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.64
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.65
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.66
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.67
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.68

Whiteboard: (none) => advisory

Comment 2 Lewis Smith 2017-05-24 14:44:48 CEST
Testing M5_64, real EFI hardware, Radeon video.
 kernel-linus-latest-4.4.68-1.mga5
 kernel-linus-4.4.68-1.mga5-1-1.mga5
It is too easy to overlook this in the Grub boot menu, since after its installation  it is not the default top entry, but nested in the 'advanced options' sub-menu.
BTAIM I have not encountered any troubles using this.

CC: (none) => lewyssmith

Comment 3 Dave Hodgins 2017-05-26 08:37:21 CEST
Testing of all kernels complete on real hardware and under vb.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA5-64-OK MGA5-32-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 4 Mageia Robot 2017-05-26 08:55:39 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0148.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.