MGASA-2016-0429

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0429.html

Import Source

https://advisories.mageia.org/MGASA-2016-0429.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0429

Related

Published

2016-12-29T10:29:11Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel and kmod packages fix security vulnerabilities

Details

This update is based on upstream 4.4.39 and fixes at least the following security issues:

Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack (CVE-2016-8399)

A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (CVE-2016-9576).

A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact (CVE-2016-9794).

Other fixes in this update: - fix for HID gamepad DragonRise (mga#19853) - fix for radeon driver crashing on Dell Precision M4800 (mga#19892)

For other upstream fixes in this update, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.39-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.39-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.10-3.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.10-3.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10-18.mga5

Ecosystem specific

{
    "section": "core"
}