Updated kernel-tmb packages fixes security and other bugs
Publication date: 13 Aug 2017Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-10810
Description
This kernel-tmb update is based on upstream 4.9.40 and fixes at least the
following security issues:
Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support
is vulnerable to a memory leakage issue. It could occur while creating a
virtio gpu object in virtio_gpu_object_create(). A user/process could use
this flaw to leak host kernel memory potentially resulting in Dos
(CVE-2017-10810).
It also contains followup fixes to the Stack Clash (CVE-2017-1000370,
CVE-2017-1000371) security issues resolved in kernels released at end
of June, 2017.
Other Mageia kernel specific fixes in this updates:
- enable support for NFS4_1 and NFS4_2 (mga#21182)
- ALSA: hda/realtek - New codecs support for ALC215/ALC285/ALC289
- ALSA: hda/realtek - New codec device ID for ALC1220
- platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (mga#18756)
For other upstream fixes in this update, read the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=21389
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.37
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.38
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.39
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.40
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10810
SRPMS
6/core
- kernel-tmb-4.9.40-1.mga6