{"id":"MGASA-2017-0279","summary":"Updated kernel packages fixes security and other bugs","details":"This kernel update is based on upstream 4.4.82 and fixes at least the\nfollowing security issues:\n\nThe curseg-\u003esegno call in f2fs driver can be malformed so that it will have\na value that triggers an out of boundary write that could cause memory\ncorruption on the affected devices, leading to code execution in the kernel\ncontext. This would allow for more data to be accessed and controlled by\nthe malware (CVE-2017-10663).\n\nThe UDP Fragmentation Offload (UFO) feature is vulnerable to out-of-bounds\nwrites causing exploitable memory corruption. If unprivileged user\nnamespaces are available, this bug can be exploited to gain root privileges\n(CVE-2017-1000112).\n\nFor other upstream fixes in this update, read the referenced changelogs.\n","modified":"2026-02-02T13:36:33.245353Z","published":"2017-08-18T17:06:49Z","related":["CVE-2017-1000112","CVE-2017-10663"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0279.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21521"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.80"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.81"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.82"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.82-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0279.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.82-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0279.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.26-2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0279.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.26-2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0279.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10-45.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0279.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}