{ "schema_version": "1.6.2", "id": "MGASA-2016-0005", "published": "2016-01-11T10:44:41Z", "modified": "2016-01-11T10:38:43Z", "summary": "Updated kernel packages fix security vulnerabilities", "details": "This kernel update is based on upstream 4.1.15 longterm kernel and fixes\nthe following security issues:\n\nThe __rds_conn_create function in net/rds/connection.c in the Linux kernel\nthrough 4.2.3 allows local users to cause a denial of service (NULL pointer\ndereference and system crash) or possibly have unspecified other impact by\nusing a socket that was not properly bound (CVE-2015-6937).\n\nThe key_gc_unused_keys function in security/keys/gc.c in the Linux kernel\nthrough 4.2.6 allows local users to cause a denial of service (OOPS) via\ncrafted keyctl commands (CVE-2015-7872).\n\nThe vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in\nthe Linux kernel through 4.3.3 does not initialize a certain structure\nmember, which allows local users to obtain sensitive information from\nkernel memory via a crafted application (CVE-2015-7884).\n\nThe dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the\nLinux kernel through 4.3.3 does not initialize a certain structure member,\nwhich allows local users to obtain sensitive information from kernel memory\nvia a crafted application (CVE-2015-7885).\n\nFelix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in the\nparavirtualized guest could exploit this flaw to cause a denial of service\n(crash the host) or potentially execute arbitrary code on the host\n(CVE-2015-8550 / XSA-155).\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host\n(CVE-2015-8551 / XSA-157).\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space\n(CVE-2015-8552 / XSA-157).\n\nThe ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel\nthrough 4.3.3 attempts to merge distinct setattr operations, which allows\nlocal users to bypass intended access restrictions and modify the\nattributes of arbitrary overlay files via a crafted application\n(CVE-2015-8660).\n\nFor other fixes in this update, see the referenced changelogs.\n", "related": [ "CVE-2015-6937", "CVE-2015-7872", "CVE-2015-7884", "CVE-2015-7885", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8660" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2016-0005.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=17397" }, { "type": "REPORT", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.14" }, { "type": "REPORT", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.15" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "kernel", "purl": "pkg:rpm/mageia/kernel?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.1.15-1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:5", "name": "kernel-userspace-headers", "purl": "pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.1.15-1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:5", "name": "kmod-xtables-addons", "purl": "pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.7-7.mga5" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:5", "name": "kmod-broadcom-wl", "purl": "pkg:rpm/mageia/kmod-broadcom-wl?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "6.30.223.271-4.mga5.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:5", "name": "kmod-fglrx", "purl": "pkg:rpm/mageia/kmod-fglrx?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "15.200.1046-8.mga5.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:5", "name": "kmod-nvidia304", "purl": "pkg:rpm/mageia/kmod-nvidia304?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "304.128-4.mga5.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:5", "name": "kmod-nvidia340", "purl": "pkg:rpm/mageia/kmod-nvidia340?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "340.93-4.mga5.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:5", "name": "kmod-nvidia-current", "purl": "pkg:rpm/mageia/kmod-nvidia-current?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "346.96-4.mga5.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }