Updated kernel-tmb packages fix security vulnerabilities
Publication date: 16 Sep 2017Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-11600 , CVE-2017-12134 , CVE-2017-14340 , CVE-2017-1000251
Description
This kernel-tmb update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600). The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (CVE-2017-12134 / XSA-229). The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (CVE-2017-14340). The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (CVE-2017-1000251). For other upstream fixes in this update, read the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=21709
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.44
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.45
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.46
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.47
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.48
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.49
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.50
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11600
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12134
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14340
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251
SRPMS
6/core
- kernel-tmb-4.9.50-1.mga6