{"id":"MGASA-2017-0097","summary":"Updated kernel packages fixes security vulnerability","details":"This kernel update is based on upstream 4.4.59 and fixes at least\nthe following security issue:\n\nThe xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux\nkernel through 4.10.6 does not validate certain size data after an\nXFRM_MSG_NEWAE update, which allows local users to obtain root privileges\nor cause a denial of service (heap-based out-of-bounds access) by\nleveraging the CAP_NET_ADMIN capability (CVE-2017-7184).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T06:24:33.315705843Z","published":"2017-03-31T20:28:10Z","upstream":["CVE-2017-7184"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0097.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20607"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.56"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.57"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.58"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.59"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.59-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0097.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.59-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0097.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.18-3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0097.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.18-3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0097.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10-36.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0097.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}