| Description: | Summary:
The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2017-0187 advisory.
Vulnerability Insight:
This kernel-tmb update is based on upstream 4.4.74 and fixes at least
the following security issues:
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through
4.11.1 mishandles reference counts, which allows local users to cause a
denial of service (use-after-free) or possibly have unspecified other
impact via a failed SIOCGIFADDR ioctl call for an IPX interface
(CVE-2017-7487).
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call (CVE-2017-8890).
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls (CVE-2017-9074).
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890 (CVE-2017-9075).
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890 (CVE-2017-9076).
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890 (CVE-2017-9077).
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls (CVE-2017-9242).
The vmw_gb_surface_define_ioctl function (accessible via
DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
in the Linux kernel through 4.11.4 defines a backup_handle variable but
does not give it an initial value. If one attempts to create a GB surface,
with a previously allocated DMA buffer to be used as a backup buffer, the
backup_handle variable does not get written to and is then later returned
to user space, allowing local users to obtain sensitive information from
uninitialized kernel memory via a crafted ioctl call (CVE-2017-9605).
A vulnerability was found in the Linux kernel's lp_setup() function where it
doesn't apply any bounds checking when passing 'lp=none'. This can result
into overflow of the parport_nr[] array. ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'kernel-tmb' package(s) on Mageia 5.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
