MGASA-2017-0242
Vulnerability Summary
Timeline
Description
Updated kernel packages fixes security and other bugs This kernel update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtio_gpu_object_create(). A user/process could use this flaw to leak host kernel memory potentially resulting in Dos (CVE-2017-10810). It also contains followup fixes to the Stack Clash (CVE-2017-1000370, CVE-2017-1000371) security issues resolved in kernels released at end of June, 2017. For other upstream fixes in this update, read the referenced changelogs.
Affected Systems
- mageia•kernel
< 4.4.79-1.mga5
- mageia•kernel-userspace-headers
< 4.4.79-1.mga5
- mageia•kmod-vboxadditions
< 5.1.22-8.mga5
- mageia•kmod-virtualbox
< 5.1.22-8.mga5
- mageia•kmod-xtables-addons
< 2.10-44.mga5
References (7)
- https://advisories.mageia.org/MGASA-2017-0242.html
- https://bugs.mageia.org/show_bug.cgi?id=21390
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.75
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.76
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.77
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.78
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.79