Advisories » MGASA-2016-0033

Updated kernel packages fix security vulnerability

Publication date: 21 Jan 2016
Modification date: 21 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0728

Description

Perception Point Research Team found a reference leak in keyring in
join_session_keyring() that can be exploited to successfully escalate
privileges from a local user to root (CVE-2016-0728).

Other fixes in this kernel update:
- netfilter: nf_nat_redirect: add missing NULL pointer check
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17557
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728

SRPMS

5/core

• kernel-4.1.15-2.mga5
• kernel-userspace-headers-4.1.15-2.mga5
• kmod-vboxadditions-5.0.12-2.mga5
• kmod-virtualbox-5.0.12-2.mga5
• kmod-xtables-addons-2.7-8.mga5

5/nonfree

• kmod-broadcom-wl-6.30.223.271-5.mga5.nonfree
• kmod-fglrx-15.200.1046-9.mga5.nonfree
• kmod-nvidia304-304.128-5.mga5.nonfree
• kmod-nvidia340-340.93-5.mga5.nonfree
• kmod-nvidia-current-346.96-5.mga5.nonfree