Advisories ยป MGASA-2017-0258

Updated kernel-linus packages fixes security and other bugs

Publication date: 13 Aug 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-10810


This kernel-linus update is based on upstream 4.9.40 and fixes atleast the
following security issues:

Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support
is vulnerable to a memory leakage issue. It could occur while creating a
virtio gpu object in virtio_gpu_object_create(). A user/process could use
this flaw to leak host kernel memory potentially resulting in Dos

It also contains followup fixes to the Stack Clash (CVE-2017-1000370,
CVE-2017-1000371) security issues resolved in kernels released at end
of June, 2017.

Other Mageia kernel specific fixes in this updates:
- enable support for NFS4_1 and NFS4_2 (mga#21182)

For other upstream fixes in this update, read the referenced changelogs.