{"id":"MGASA-2017-0342","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on upstream 4.9.50 and fixes at least the\nfollowing security issues:\n\nnet/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when \nCONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of\nxfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users\nto cause a denial of service (out-of-bounds access) or possibly have\nunspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message\n(CVE-2017-11600).\n\nThe xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen\nmight allow local OS guest users to corrupt block device data streams\nand consequently obtain sensitive memory information, cause a denial of\nservice, or gain host OS privileges by leveraging incorrect block IO\nmerge-ability calculation (CVE-2017-12134 / XSA-229).\n\nThe XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel\nbefore 4.13.2 does not verify that a filesystem has a realtime device,\nwhich allows local users to cause a denial of service (NULL pointer\ndereference and OOPS) via vectors related to setting an RHINHERIT flag\non a directory (CVE-2017-14340).\n\nThe native Bluetooth stack in the Linux Kernel (BlueZ), starting at the\nLinux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable\nto a stack overflow vulnerability in the processing of L2CAP configuration\nresponses resulting in Remote code execution in kernel space\n(CVE-2017-1000251).\n\nFor other upstream fixes in this update, read the referenced changelogs.\n","modified":"2026-02-04T04:25:48.187686Z","published":"2017-09-16T08:24:57Z","related":["CVE-2017-1000251","CVE-2017-11600","CVE-2017-12134","CVE-2017-14340"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0342.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21708"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.44"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.45"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.46"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.47"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.48"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.49"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.50"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.50-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0342.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.50-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0342.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.26-4.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0342.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.26-4.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0342.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.12-43.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0342.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}