| Description: | Summary:
The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2016-0284 advisory.
Vulnerability Insight:
This update is based on the upstream 4.4.16 kernel and fixes at least these
security issues:
nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended
file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c,
nfs3acl.c, and nfs4acl.c. (CVE-2016-1237).
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux
kernel before 4.6.3 allows local users to gain privileges or cause a denial
of service (stack memory consumption) via vectors involving crafted mmap
calls for /proc pathnames, leading to recursive pagefault handling
(CVE-2016-1583).
The key_reject_and_link function in security/keys/key.c in the Linux kernel
through 4.6.3 does not ensure that a certain data structure is initialized,
which allows local users to cause a denial of service (system crash) via
vectors involving a crafted keyctl request2 command (CVE-2016-4470).
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6
allows local users to cause a denial of service (BUG) or possibly have
unspecified other impact via crafted use of the mmap and bpf system calls
(CVE-2016-4794).
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel
through 4.6 does not verify socket existence, which allows local users to
cause a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via a dumpit operation
(CVE-2016-4951).
The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter
subsystem in the Linux kernel before 4.6.3 allows local users to gain
privileges or cause a denial of service (memory corruption) by leveraging
in-container root access to provide a crafted offset value that triggers
an unintended decrement. (CVE-2016-4997).
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem
in the Linux kernel before 4.6 allows local users to cause a denial of
service (out-of-bounds read) or possibly obtain sensitive information from
kernel heap memory by leveraging in-container root access to provide a
crafted offset value that leads to crossing a ruleset blob boundary
(CVE-2016-4998).
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in
drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local
users to cause a denial of service or possibly have unspecified other impact
via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call
(CVE-2016-5829).
For other fixes in this update, see the referenced changelogs.
Affected Software/OS:
'kernel-linus' package(s) on Mageia 5.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
