Only two security flaws are patched, the first being a user-after-free vulnerability (CVE-2017-7374) discovered in Linux kernel’s filesystem encryption subsystem, which could have allowed a local attacker to crash the affected, unpatched machine by causing a denial of service (DoS attack). The second security flaw (CVE-2016-7097) was discovered by Jan Kara and Andreas Gruenbacher in Linux kernel’s filesystem implementation, which failed to clear the setgid bit during a setxattr call, thus allowing a local attacker to elevate group privileges.