Updated kernel packages fix security vulnerabilities
Publication date: 11 May 2015Modification date: 11 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8160 , CVE-2015-0239 , CVE-2015-3636
Description
This kernel update is based on upstream -longterm 3.14.41 and fixes the following security issues: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers (CVE-2014-8160). The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction (CVE-2015-0239). It was found that the Linux kernel's ping socket implementation didn't properly handle socket unhashing during spurious disconnects which could lead to use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to increase their privileges on the system. Note: By default ping sockets are disabled on the system (net.ipv4.ping_group_range = 1 0) and have to be explicitly enabled by the system administrator for specific user groups in order to exploit this issue (CVE-2015-3636). For other fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=15872
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.40
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.41
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0239
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636
SRPMS
4/core
- kernel-3.14.41-1.mga4
- kernel-userspace-headers-3.14.41-1.mga4
- kmod-vboxadditions-4.3.26-7.mga4
- kmod-virtualbox-4.3.26-7.mga4
- kmod-xtables-addons-2.5-17.mga4
4/nonfree
- kmod-broadcom-wl-6.30.223.141-52.mga4.nonfree
- kmod-fglrx-14.010.1006-22.mga4.nonfree
- kmod-nvidia173-173.14.39-37.mga4.nonfree
- kmod-nvidia304-304.125-7.mga4.nonfree
- kmod-nvidia-current-331.113-7.mga4.nonfree