k/kernel-source-4.4.14_smp-noarch-1.txz
This kernel release fixes two security issues:
Corrupted offset allows for arbitrary decrements in compat
IPT_SO_SET_REPLACE setsockopt. Risk: High. Impact: Kernel memory
corruption, leading to elevation of privileges or kernel code execution.
This occurs in a compat_setsockopt() call that is normally restricted to
root, however, Linux 3/4 kernels that support user and network namespaces
can allow an unprivileged user to trigger this functionality. This is
exploitable from inside a container.
Out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt.
Risk: Medium. Impact: Out of bounds heap memory access, leading to a
Denial of Service (or possibly heap disclosure or further impact).
This occurs in a setsockopt() call that is normally restricted to root,
however, Linux 3/4 kernels that support user and network namespaces can
allow an unprivileged user to trigger this functionality. This is
exploitable from inside a container.
For more information, see:
http://www.openwall.com/lists/oss-security/2016/06/24/5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
(* Security fix *)