Updated kernel-linus packages fixes security vulnerability
Publication date: 31 Mar 2017Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7184
Description
This kernel-linus update is based on upstream 4.4.59 and fixes at least the following security issue: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (CVE-2017-7184). For other upstream fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=20609
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.56
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.57
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.58
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.59
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7184
SRPMS
5/core
- kernel-linus-4.4.59-1.mga5