Updated kernel-linus packages fix security vulnerabilities
Publication date: 31 Aug 2016Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1237 , CVE-2016-1583 , CVE-2016-4470 , CVE-2016-4794 , CVE-2016-4951 , CVE-2016-4997 , CVE-2016-4998 , CVE-2016-5829
Description
This update is based on the upstream 4.4.16 kernel and fixes at least theese
security issues:
nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended
file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c,
nfs3acl.c, and nfs4acl.c. (CVE-2016-1237).
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux
kernel before 4.6.3 allows local users to gain privileges or cause a denial
of service (stack memory consumption) via vectors involving crafted mmap
calls for /proc pathnames, leading to recursive pagefault handling
(CVE-2016-1583).
The key_reject_and_link function in security/keys/key.c in the Linux kernel
through 4.6.3 does not ensure that a certain data structure is initialized,
which allows local users to cause a denial of service (system crash) via
vectors involving a crafted keyctl request2 command (CVE-2016-4470).
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6
allows local users to cause a denial of service (BUG) or possibly have
unspecified other impact via crafted use of the mmap and bpf system calls
(CVE-2016-4794).
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel
through 4.6 does not verify socket existence, which allows local users to
cause a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via a dumpit operation
(CVE-2016-4951).
The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter
subsystem in the Linux kernel before 4.6.3 allows local users to gain
privileges or cause a denial of service (memory corruption) by leveraging
in-container root access to provide a crafted offset value that triggers
an unintended decrement. (CVE-2016-4997).
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem
in the Linux kernel before 4.6 allows local users to cause a denial of
service (out-of-bounds read) or possibly obtain sensitive information from
kernel heap memory by leveraging in-container root access to provide a
crafted offset value that leads to crossing a ruleset blob boundary
(CVE-2016-4998).
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in
drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local
users to cause a denial of service or possibly have unspecified other impact
via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call
(CVE-2016-5829).
For other fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=19057
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.14
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.15
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.16
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1237
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1583
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4470
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4951
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5829
SRPMS
5/core
- kernel-linus-4.4.16-1.mga5