Bug 20860 - Update request: kernel-linus-4.4.68-1.mga5
Summary: Update request: kernel-linus-4.4.68-1.mga5
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-15 20:26 CEST by Thomas Backlund
Modified: 2017-05-20 22:45 CEST (History)
0 users

See Also:
Source RPM: kernel-linus
CVE:
Status comment:


Attachments

Description Thomas Backlund 2017-05-15 20:26:41 CEST
All critical CVE fixes in as in core kernel in MGASA-2017-0136 + More CVE fixes, including remote NFSD exploits, advisory will follow...


SRPMS:
kernel-linus-4.4.68-1.mga5.src.rpm


i586:
kernel-linus-4.4.68-1.mga5-1-1.mga5.i586.rpm
kernel-linus-devel-4.4.68-1.mga5-1-1.mga5.i586.rpm
kernel-linus-devel-latest-4.4.68-1.mga5.i586.rpm
kernel-linus-doc-4.4.68-1.mga5.noarch.rpm
kernel-linus-latest-4.4.68-1.mga5.i586.rpm
kernel-linus-source-4.4.68-1.mga5-1-1.mga5.noarch.rpm
kernel-linus-source-latest-4.4.68-1.mga5.noarch.rpm


x86_64:
kernel-linus-4.4.68-1.mga5-1-1.mga5.x86_64.rpm
kernel-linus-devel-4.4.68-1.mga5-1-1.mga5.x86_64.rpm
kernel-linus-devel-latest-4.4.68-1.mga5.x86_64.rpm
kernel-linus-doc-4.4.68-1.mga5.noarch.rpm
kernel-linus-latest-4.4.68-1.mga5.x86_64.rpm
kernel-linus-source-4.4.68-1.mga5-1-1.mga5.noarch.rpm
kernel-linus-source-latest-4.4.68-1.mga5.noarch.rpm
Comment 1 Thomas Backlund 2017-05-20 22:45:37 CEST
Advisory (also added to svn):
  This kernel-linus update is based on upstream 4.4.68 and fixes atleast
  the following security issues:

  fs/namespace.c in the Linux kernel before 4.9 does not restrict how many
  mounts may exist in a mount namespace, which allows local users to cause
  a denial of service (memory consumption and deadlock) via MS_BIND mount
  system calls, as demonstrated by a loop that triggers exponential growth
  in the number of mounts (CVE-2016-6213).

  The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in
  the Linux kernel before 4.6 allows local users to gain privileges or cause
  a denial of service (use-after-free) via vectors involving omission of the
  firmware name from a certain data structure (CVE-2016-7913).

  The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux
  kernel before 4.5 does not check whether a batch message's length field is
  large enough, which allows local users to obtain sensitive information from
  kernel memory or cause a denial of service (infinite loop or out-of-bounds
  read) by leveraging the CAP_NET_ADMIN capability (CVE-2016-7917).

  The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through
  4.8.11 does not validate the relationship between the minimum fragment
  length and the maximum packet size, which allows local users to gain
  privileges or cause a denial of service (heap-based buffer overflow) by
  leveraging the CAP_NET_ADMIN capability (CVE-2016-8632).

  drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local
  users to bypass integer overflow checks, and cause a denial of service
  (memory corruption) or have unspecified other impact, by leveraging access
  to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a
  "state machine confusion bug" (CVE-2016-9083).

  drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11
  misuses the kzalloc function, which allows local users to cause a denial
  of service (integer overflow) or have unspecified other impact by
  leveraging access to a vfio PCI device file (CVE-2016-9084).

  It was discovered that root can gain direct access to an internal keyring,
  such as '.builtin_trusted_keys' upstream, by joining it as its session
  keyring. This allows root to bypass module signature verification by adding
  a new public key of its own devising to the keyring (CVE-2016-9604).

  The ping_unhash function in net/ipv4/ping.c in the Linux kernel through
  4.10.8 is too late in obtaining a certain lock and consequently cannot
  ensure that disconnect function calls are safe, which allows local users
  to cause a denial of service (panic) by leveraging access to the protocol
  value of IPPROTO_ICMP in a socket system call (CVE-2017-2671).

  Race condition in kernel/events/core.c in the Linux kernel before 4.9.7
  allows local users to gain privileges via a crafted application that makes
  concurrent perf_event_open system calls for moving a software group into a
  hardware context. NOTE: this vulnerability exists because of an incomplete
  fix for CVE-2016-6786 (CVE-2017-6001).

  The keyring_search_aux function in security/keys/keyring.c in the Linux
  kernel through 3.14.79 allows local users to cause a denial of service
  (NULL pointer dereference and OOPS) via a request_key system call for the
  "dead" type (CVE-2017-6951).

  The packet_set_ring function in net/packet/af_packet.c in the Linux kernel
  through 4.10.6 does not properly validate certain block-size data, which
  allows local users to cause a denial of service (overflow) or possibly have
  unspecified other impact via crafted system calls (CVE-2017-7308).

  A vulnerability was found in the Linux kernel. It was found that
  keyctl_set_reqkey_keyring() function leaks thread keyring which allows
  unprivileged local user to exhaust kernel memory (CVE-2017-7472).

  The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through
  4.10.11 allows remote attackers to cause a denial of service (system crash)
  via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and
  fs/nfsd/nfsxdr.c (CVE-2017-7645).

  The NFSv2 and NFSv3 server implementations in the Linux kernel through
  4.10.13 lack certain checks for the end of a buffer, which allows remote
  attackers to trigger pointer-arithmetic errors or possibly have unspecified
  other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and
  fs/nfsd/nfsxdr.c (CVE-2017-7895).

  For other upstream fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20860
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.60
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.61
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.62
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.63
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.64
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.65
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.66
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.67
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.68

Note You need to log in before you can comment on or make changes to this bug.