Advisories ยป MGASA-2016-0284

Updated kernel-linus packages fix security vulnerabilities

Publication date: 31 Aug 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1237 , CVE-2016-1583 , CVE-2016-4470 , CVE-2016-4794 , CVE-2016-4951 , CVE-2016-4997 , CVE-2016-4998 , CVE-2016-5829

Description

This update is based on the upstream 4.4.16 kernel and fixes atleast theese
security issues:

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended
file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c,
nfs3acl.c, and nfs4acl.c. (CVE-2016-1237).

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux
kernel before 4.6.3 allows  local users to gain privileges or cause a denial
of service (stack memory consumption) via vectors involving crafted mmap
calls for /proc pathnames, leading to recursive pagefault handling
(CVE-2016-1583). 

The key_reject_and_link function in security/keys/key.c in the Linux kernel
through 4.6.3 does not ensure that a certain data structure is initialized,
which allows local users to cause a denial of service (system crash) via
vectors involving a crafted keyctl request2 command (CVE-2016-4470).

Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6
allows local users to cause a denial of service (BUG) or possibly have
unspecified other impact via crafted use of the mmap and bpf system calls
(CVE-2016-4794).

The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel
through 4.6 does not verify socket existence, which allows local users to
cause a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via a dumpit operation
(CVE-2016-4951).

The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter
subsystem in the Linux kernel before 4.6.3 allows local users to gain
privileges or cause a denial of service (memory corruption) by leveraging
in-container root access to provide a crafted offset value that triggers
an unintended decrement. (CVE-2016-4997).

The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem
in the Linux kernel before 4.6 allows local users to cause a denial of
service (out-of-bounds read) or possibly obtain sensitive information from
kernel heap memory by leveraging in-container root access to provide a
crafted offset value that leads to crossing a ruleset blob boundary
(CVE-2016-4998).

Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in
drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local
users to cause a denial of service or possibly have unspecified other impact
via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call
(CVE-2016-5829).

For other fixes in this update, see the referenced changelogs.
                

References

SRPMS

5/core