CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
72.1%
This kernel update is based on upstream -longterm 3.14.41 and fixes the following security issues: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers (CVE-2014-8160). The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction (CVE-2015-0239). It was found that the Linux kernel’s ping socket implementation didn’t properly handle socket unhashing during spurious disconnects which could lead to use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to increase their privileges on the system. Note: By default ping sockets are disabled on the system (net.ipv4.ping_group_range = 1 0) and have to be explicitly enabled by the system administrator for specific user groups in order to exploit this issue (CVE-2015-3636). For other fixes in this update, see the referenced changelogs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | kernel | < 3.14.41-1 | kernel-3.14.41-1.mga4 |
Mageia | 4 | noarch | kernel-userspace-headers | < 3.14.41-1 | kernel-userspace-headers-3.14.41-1.mga4 |
Mageia | 4 | noarch | kmod-vboxadditions | < 4.3.26-7 | kmod-vboxadditions-4.3.26-7.mga4 |
Mageia | 4 | noarch | kmod-virtualbox | < 4.3.26-7 | kmod-virtualbox-4.3.26-7.mga4 |
Mageia | 4 | noarch | kmod-xtables-addons | < 2.5-17 | kmod-xtables-addons-2.5-17.mga4 |
Mageia | 4 | noarch | kmod-broadcom-wl | < 6.30.223.141-52 | kmod-broadcom-wl-6.30.223.141-52.mga4.nonfree |
Mageia | 4 | noarch | kmod-fglrx | < 14.010.1006-22 | kmod-fglrx-14.010.1006-22.mga4.nonfree |
Mageia | 4 | noarch | kmod-nvidia173 | < 173.14.39-37 | kmod-nvidia173-173.14.39-37.mga4.nonfree |
Mageia | 4 | noarch | kmod-nvidia304 | < 304.125-7 | kmod-nvidia304-304.125-7.mga4.nonfree |
Mageia | 4 | noarch | kmod-nvidia-current | < 331.113-7 | kmod-nvidia-current-331.113-7.mga4.nonfree |