Updated kernel packages fixes security vulnerabilities
Publication date: 26 May 2017Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7645 , CVE-2017-7875
Description
This kernel update is based on upstream 4.4.68 and fixes at least
the following security issues:
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through
4.10.11 allows remote attackers to cause a denial of service (system crash)
via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and
fs/nfsd/nfsxdr.c (CVE-2017-7645).
The NFSv2 and NFSv3 server implementations in the Linux kernel through
4.10.13 lack certain checks for the end of a buffer, which allows remote
attackers to trigger pointer-arithmetic errors or possibly have unspecified
other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and
fs/nfsd/nfsxdr.c (CVE-2017-7895).
For other upstream fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=20861
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.66
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.67
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.68
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7645
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7875
SRPMS
5/core
- kernel-4.4.68-1.mga5
- kernel-userspace-headers-4.4.68-1.mga5
- kmod-vboxadditions-5.1.22-3.mga5
- kmod-virtualbox-5.1.22-3.mga5
- kmod-xtables-addons-2.10-38.mga5