Advisories ยป MGASA-2016-0014

Updated kernel-linus packages fix security vulnerabilities

Publication date: 14 Jan 2016
Modification date: 14 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5156 , CVE-2015-5307 , CVE-2015-6937 , CVE-2015-7872 , CVE-2015-7884 , CVE-2015-7885 , CVE-2015-8550 , CVE-2015-8551 , CVE-2015-8552 , CVE-2015-8660

Description

This kernel-linus update is based on upstream 4.1.15 longterm kernel and
fixes the following security issues:

The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel
before 4.2 attempts to support a FRAGLIST feature without proper memory
allocation, which allows guest OS users to cause a denial of service (buffer
overflow and memory corruption) via a crafted sequence of fragmented packets
(CVE-2015-5156).

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through
4.6.x, allows guest OS users to cause a denial of service (host OS panic
or hang) by triggering many #AC (aka Alignment Check) exceptions, related
to svm.c and vmx.c (CVE-2015-5307).

The __rds_conn_create function in net/rds/connection.c in the Linux kernel
through 4.2.3 allows local users to cause a denial of service (NULL pointer
dereference and system crash) or possibly have unspecified other impact by
using a socket that was not properly bound (CVE-2015-6937).

The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel
through 4.2.6 allows local users to cause a denial of service (OOPS) via
crafted keyctl commands (CVE-2015-7872).

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in
the Linux kernel through 4.3.3 does not initialize a certain structure
member, which allows local users to obtain sensitive information from
kernel memory via a crafted application (CVE-2015-7884).

The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the
Linux kernel through 4.3.3 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel memory
via a crafted application (CVE-2015-7885).

Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of service
(crash the host) or potentially execute arbitrary code on the host
(CVE-2015-8550 / XSA-155).

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device's state. An attacker could exploit
this flaw to cause a denial of service (NULL dereference) on the host
(CVE-2015-8551 / XSA-157).

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device's state. An attacker could exploit
this flaw to cause a denial of service by flooding the logging system
with WARN() messages causing the initial domain to exhaust disk space
(CVE-2015-8552 / XSA-157).

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel
through 4.3.3 attempts to merge distinct setattr operations, which allows
local users to bypass intended access restrictions and modify the
attributes of arbitrary overlay files via a crafted application
(CVE-2015-8660).

For other fixes in this update, see the referenced changelogs.

References

SRPMS

5/core