MGASA-2017-0097
- Source
- https://advisories.mageia.org/MGASA-2017-0097.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0097.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2017-0097
- Related
- Published
- 2017-03-31T20:28:10Z
- Modified
- 2022-02-17T18:21:47Z
- Summary
- Updated kernel packages fixes security vulnerability
- Details
-
This kernel update is based on upstream 4.4.59 and fixes at least the following security issue:
The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAPNETADMIN capability (CVE-2017-7184).
For other upstream fixes in this update, see the referenced changelogs.
- References
-
- https://advisories.mageia.org/MGASA-2017-0097.html
- https://bugs.mageia.org/show_bug.cgi?id=20607
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.56
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.57
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.58
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.59
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/mageia/kernel?distro=mageia-5
Mageia:5 / kernel-userspace-headers
Package
- Name
- kernel-userspace-headers
- Purl
- pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-5
Mageia:5 / kmod-vboxadditions
Package
- Name
- kmod-vboxadditions
- Purl
- pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-5
Mageia:5 / kmod-virtualbox
Package
- Name
- kmod-virtualbox
- Purl
- pkg:rpm/mageia/kmod-virtualbox?distro=mageia-5
Mageia:5 / kmod-xtables-addons
Package
- Name
- kmod-xtables-addons
- Purl
- pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-5