{"id":"MGASA-2017-0149","summary":"Updated kernel packages fixes security vulnerabilities","details":"This kernel update is based on upstream 4.4.68 and fixes at least\nthe following security issues:\n\nThe NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through\n4.10.11 allows remote attackers to cause a denial of service (system crash)\nvia a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and\nfs/nfsd/nfsxdr.c (CVE-2017-7645).\n\nThe NFSv2 and NFSv3 server implementations in the Linux kernel through\n4.10.13 lack certain checks for the end of a buffer, which allows remote\nattackers to trigger pointer-arithmetic errors or possibly have unspecified\nother impact via crafted requests, related to fs/nfsd/nfs3xdr.c and\nfs/nfsd/nfsxdr.c (CVE-2017-7895).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-02-04T04:07:58.436721Z","published":"2017-05-26T06:54:58Z","related":["CVE-2017-7645","CVE-2017-7875"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0149.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20861"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.66"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.67"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.68"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.68-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0149.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.68-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0149.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.22-3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0149.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.22-3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0149.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10-38.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0149.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}