Advisories ยป MGASA-2016-0429

Updated kernel and kmod packages fix security vulnerabilities

Publication date: 29 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8399 , CVE-2016-9576 , CVE-2016-9794


This update is based on upstream 4.4.39 and fixes at least the following
security issues:

Due to lack of size checking on ICMP header length, it is possible to
cause out-of-bounds read on stack (CVE-2016-8399)

A use-after-free vulnerability in the SCSI generic driver allows users
with write access to /dev/sg* or /dev/bsg* to elevate their privileges

A use-after-free vulnerability was found in ALSA pcm layer, which allows
local users to cause a denial of service, memory corruption, or possibly
other unspecified impact (CVE-2016-9794).

Other fixes in this update:
- fix for HID gamepad DragonRise (mga#19853)
- fix for radeon driver crashing on Dell Precision M4800 (mga#19892)

For other upstream fixes in this update, see the referenced changelogs.