Updated libnl3 packages fix security vulnerability
Publication date: 08 Jun 2017Modification date: 08 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-0386 , CVE-2017-0553
Description
An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process (CVE-2017-0386). An integer overflow vulnerability was found in nlmsg_reserve() triggered by crafted @len argument resulting into reserving too few bytes (CVE-2017-0553).
References
- https://bugs.mageia.org/show_bug.cgi?id=20168
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JR5R2FSPYCLDAHTXQC2LKY74N5YW2PQQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0386
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553
SRPMS
5/core
- libnl3-3.2.25-3.1.mga5