MGASA-2017-0098
- Source
- https://advisories.mageia.org/MGASA-2017-0098.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0098.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2017-0098
- Related
- Published
- 2017-03-31T20:28:10Z
- Modified
- 2022-02-17T18:21:47Z
- Summary
- Updated kernel-tmb packages fixes security vulnerability
- Details
-
This kernel-tmb update is based on upstream 4.4.59 and fixes at least the following security issue:
The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAPNETADMIN capability (CVE-2017-7184).
For other upstream fixes in this update, see the referenced changelogs.
- References
-
- https://advisories.mageia.org/MGASA-2017-0098.html
- https://bugs.mageia.org/show_bug.cgi?id=20608
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.56
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.57
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.58
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.59
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / kernel-tmb
Package
- Name
- kernel-tmb
- Purl
- pkg:rpm/mageia/kernel-tmb?distro=mageia-5