| Beschreibung: | Summary:
The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2016-0015 advisory.
Vulnerability Insight:
This kernel-tmb update provides an upgrade to the upstream 4.1 longterm
kernel series, currently based on 4.1.15 and resolves at least the
following security issues:
It was found that the Linux kernel's keyring implementation would leak
memory when adding a key to a keyring via the add_key() function. A
local attacker could use this flaw to exhaust all available memory on
the system. (CVE-2015-1333)
A flaw was found in the Linux kernel where the deletion of a file or
directory could trigger an unmount and reveal data under a mount point.
This flaw was inadvertently introduced with the new feature of being able
to lazily unmount a mount tree when using file system user namespaces.
(CVE-2015-4176)
A flaw was discovered in the kernel's collect_mounts function. If the kernel
audit subsystem called collect_mounts to audit an unmounted path, it could
panic the system. With this flaw, an unprivileged user could call umount
(MNT_DETACH) to launch a denial-of-service attack. (CVE-2015-4177)
A flaw was found in the Linux kernel which is related to the user namespace
lazily unmounting file systems. The fs_pin struct has two members (m_list
and s_list) which are usually initialized on use in the pin_insert_group
function. However, these members might go unmodified, in this case, the
system panics when it attempts to destroy or free them. This flaw could be
used to launch a denial-of-service attack. (CVE-2015-4178)
A DoS flaw was found for a Linux kernel built for the x86 architecture which
had the KVM virtualization support(CONFIG_KVM) enabled. The kernel would be
vulnerable to a NULL pointer dereference flaw in Linux kernel's
kvm_apic_has_events() function while doing an ioctl. An unprivileged user
able to access the '/dev/kvm' device could use this flaw to crash the system
kernel. (CVE-2015-4692)
A flaw was found in the kernel's implementation of the Berkeley Packet
Filter (BPF). A local attacker could craft BPF code to crash the system
by creating a situation in which the JIT compiler would fail to correctly
optimize the JIT image on the last pass. This would lead to the CPU
executing instructions that were not part of the JIT code. (CVE-2015-4700)
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel
before 4.2 attempts to support a FRAGLIST feature without proper memory
allocation, which allows guest OS users to cause a denial of service (buffer
overflow and memory corruption) via a crafted sequence of fragmented packets.
(CVE-2015-5156)
Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash) (CVE-2015-5257).
A guest to host DoS issue was found affecting various hypervisors. In that,
a guest can DoS the host by triggering an infinite stream of 'alignment
check' (#AC) ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'kernel-tmb' package(s) on Mageia 5.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
