Advisories ยป MGASA-2015-0221

Updated kernel-linus packages fix security vulnerabilities

Publication date: 13 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8160 , CVE-2015-0239 , CVE-2015-3636

Description

This kernel update is based on upstream -longterm 3.14.41 and fixes
the following security issues:

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before
3.18 generates incorrect conntrack entries during handling of certain
iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
which allows remote attackers to bypass intended access restrictions
via packets with disallowed port numbers (CVE-2014-8160).

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel
before 3.18.5, when the guest OS lacks SYSENTER MSR initialization,
allows guest OS users to gain guest OS privileges or cause a denial of
service (guest OS crash) by triggering use of a 16-bit code segment for
emulation of a SYSENTER instruction (CVE-2015-0239).

It was found that the Linux kernel's ping socket implementation didn't
properly handle socket unhashing during spurious disconnects which could
lead to use-after-free flaw. On x86-64 architecture systems, a local user
able to create ping sockets could use this flaw to crash the system. On
non-x86-64 architecture systems, a local user able to create ping sockets
could use this flaw to increase their privileges on the system.
Note: By default ping sockets are disabled on the system 
(net.ipv4.ping_group_range = 1  0) and have to be explicitly enabled by the
system administrator for specific user groups in order to exploit this issue
(CVE-2015-3636).

For other fixes in this update, see the referenced changelogs.

References

SRPMS

4/core