{ "schema_version": "1.6.2", "id": "MGASA-2016-0014", "published": "2016-01-14T01:44:39Z", "modified": "2016-01-14T01:35:05Z", "summary": "Updated kernel-linus packages fix security vulnerabilities", "details": "This kernel-linus update is based on upstream 4.1.15 longterm kernel and\nfixes the following security issues:\n\nThe virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel\nbefore 4.2 attempts to support a FRAGLIST feature without proper memory\nallocation, which allows guest OS users to cause a denial of service (buffer\noverflow and memory corruption) via a crafted sequence of fragmented packets\n(CVE-2015-5156).\n\nThe KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through\n4.6.x, allows guest OS users to cause a denial of service (host OS panic\nor hang) by triggering many #AC (aka Alignment Check) exceptions, related\nto svm.c and vmx.c (CVE-2015-5307).\n\nThe __rds_conn_create function in net/rds/connection.c in the Linux kernel\nthrough 4.2.3 allows local users to cause a denial of service (NULL pointer\ndereference and system crash) or possibly have unspecified other impact by\nusing a socket that was not properly bound (CVE-2015-6937).\n\nThe key_gc_unused_keys function in security/keys/gc.c in the Linux kernel\nthrough 4.2.6 allows local users to cause a denial of service (OOPS) via\ncrafted keyctl commands (CVE-2015-7872).\n\nThe vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in\nthe Linux kernel through 4.3.3 does not initialize a certain structure\nmember, which allows local users to obtain sensitive information from\nkernel memory via a crafted application (CVE-2015-7884).\n\nThe dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the\nLinux kernel through 4.3.3 does not initialize a certain structure member,\nwhich allows local users to obtain sensitive information from kernel memory\nvia a crafted application (CVE-2015-7885).\n\nFelix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in the\nparavirtualized guest could exploit this flaw to cause a denial of service\n(crash the host) or potentially execute arbitrary code on the host\n(CVE-2015-8550 / XSA-155).\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host\n(CVE-2015-8551 / XSA-157).\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space\n(CVE-2015-8552 / XSA-157).\n\nThe ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel\nthrough 4.3.3 attempts to merge distinct setattr operations, which allows\nlocal users to bypass intended access restrictions and modify the\nattributes of arbitrary overlay files via a crafted application\n(CVE-2015-8660).\n\nFor other fixes in this update, see the referenced changelogs.\n", "related": [ "CVE-2015-5156", "CVE-2015-5307", "CVE-2015-6937", "CVE-2015-7872", "CVE-2015-7884", "CVE-2015-7885", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8660" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2016-0014.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=17396" }, { "type": "REPORT", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.13" }, { "type": "REPORT", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.14" }, { "type": "REPORT", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.15" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "kernel-linus", "purl": "pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.1.15-1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }