MGASA-2017-0345

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0345.html

Import Source

https://advisories.mageia.org/MGASA-2017-0345.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0345

Related

Published

2017-09-16T08:24:57Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This kernel update is based on upstream 4.4.88 and fixes at least the following security issues:

net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRMMSG_MIGRATE xfrm Netlink message (CVE-2017-11600).

The xenbiovecphys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (CVE-2017-12134 / XSA-229).

The XFSISREALTIMEINODE macro in fs/xfs/xfslinux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (CVE-2017-14340).

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (CVE-2017-1000251).

For other upstream fixes in this update, read the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.88-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.88-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.26-3.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.26-3.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10-46.mga5

Ecosystem specific

{
    "section": "core"
}