MGASA-2016-0429
Vulnerability Summary
Timeline
Description
Updated kernel and kmod packages fix security vulnerabilities This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack (CVE-2016-8399) A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (CVE-2016-9576). A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact (CVE-2016-9794). Other fixes in this update: - fix for HID gamepad DragonRise (mga#19853) - fix for radeon driver crashing on Dell Precision M4800 (mga#19892) For other upstream fixes in this update, see the referenced changelogs.
Affected Systems
- mageia•kernel
< 4.4.39-1.mga5
- mageia•kernel-userspace-headers
< 4.4.39-1.mga5
- mageia•kmod-vboxadditions
< 5.1.10-3.1.mga5
- mageia•kmod-virtualbox
< 5.1.10-3.1.mga5
- mageia•kmod-xtables-addons
< 2.10-18.mga5
References (7)
- https://advisories.mageia.org/MGASA-2016-0429.html
- https://bugs.mageia.org/show_bug.cgi?id=19990
- https://bugs.mageia.org/show_bug.cgi?id=19892
- https://bugs.mageia.org/show_bug.cgi?id=19853
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.37
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.38
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.39