Updated kernel-tmb packages fix security vulnerabilities
Publication date: 31 Aug 2016Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1237 , CVE-2016-1583 , CVE-2016-4470 , CVE-2016-4794 , CVE-2016-4951 , CVE-2016-4997 , CVE-2016-4998 , CVE-2016-5696 , CVE-2016-5829
Description
This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. (CVE-2016-1237). The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (CVE-2016-1583). The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (CVE-2016-4470). Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls (CVE-2016-4794). The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation (CVE-2016-4951). The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. (CVE-2016-4997). The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (CVE-2016-4998). A flaw was found in the implementation of the Linux kernel handling of networking challenge ack where an attacker is able to determine the shared counter. This may allow an attacker to inject or take over a TCP connection between a server and client without having to be a traditional Man In the Middle (MITM) style attack (CVE-2016-5696). Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (CVE-2016-5829). For other fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=19056
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.14
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.15
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.16
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1237
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1583
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4470
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4951
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5829
SRPMS
5/core
- kernel-tmb-4.4.16-1.mga5