/[advisories]/10651.adv
ViewVC logotype

Contents of /10651.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 153 - (show annotations) (download)
Sat Jul 6 14:24:59 2013 UTC (4 years, 3 months ago) by boklm
File size: 3470 byte(s)
MGASA-2013-0203
1 type: security
2 subject: Updated kernel packages fix multiple security vulnerabilities
3 CVE:
4 - CVE-2013-0231
5 - CVE-2013-2232
6 - CVE-2013-2234
7 - CVE-2013-2237
8 - CVE-2013-2850
9 - CVE-2013-2852
10 src:
11 2:
12 core:
13 - kernel-3.4.52-1.mga2
14 - kernel-userspace-headers-3.4.52-1.mga2
15 - kmod-vboxadditions-4.1.24-11.mga2
16 - kmod-virtualbox-4.1.24-11.mga2
17 - kmod-xtables-addons-1.41-28.mga2
18 nonfree:
19 - kmod-broadcom-wl-5.100.82.112-48.mga2.nonfree
20 - kmod-fglrx-8.961-24.mga2.nonfree
21 - kmod-nvidia173-173.14.36-14.mga2.nonfree
22 - kmod-nvidia96xx-96.43.23-15.mga2.nonfree
23 - kmod-nvidia-current-295.71-19.mga2.nonfree
24 description: |
25 This kernel update provides the upstream 3.4.52 kernel and fixes
26 the following security issues:
27
28 The pciback_enable_msi function in the PCI backend driver
29 (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
30 kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
31 cause a denial of service via a large number of kernel log messages.
32 (CVE-2013-0231 / XSA-43)
33
34 ipv6: ip6_sk_dst_check() must not assume ipv6 dst
35 It's possible to use AF_INET6 sockets and to connect to an IPv4
36 destination. After this, socket dst cache is a pointer to a rtable,
37 not rt6_info. This bug can be exploited by local non-root users
38 to trigger various corruptions/crashes (CVE-2013-2232)
39
40 af_key: fix info leaks in notify messages
41 key_notify_sa_flush() and key_notify_policy_flush() miss to
42 initialize the sadb_msg_reserved member of the broadcasted message
43 and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234)
44
45 af_key: initialize satype in key_notify_policy_flush()
46 key_notify_policy_flush() miss to nitialize the sadb_msg_satype member
47 of the broadcasted message and thereby leak heap memory to listeners
48 (CVE-2013-2237)
49
50 Heap-based buffer overflow in the iscsi_add_notunderstood_response function
51 in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
52 subsystem in the Linux kernel through 3.9.4 allows remote attackers to
53 cause a denial of service (memory corruption and OOPS) or possibly execute
54 arbitrary code via a long key that is not properly handled during
55 construction of an error-response packet.
56 A reproduction case requires patching open-iscsi to send overly large
57 keys. Performing discovery in a loop will Oops the remote server.
58 (CVE-2013-2850)
59
60 Format string vulnerability in the b43_request_firmware function in
61 drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
62 the Linux kernel through 3.9.4 allows local users to gain privileges by
63 leveraging root access and including format string specifiers in an
64 fwpostfix modprobe parameter, leading to improper construction of an
65 error message. (CVE-2013-2852)
66
67 Other fixes:
68 Fix up alx AR8161 breakage (mga #10079)
69
70 For other -stable fixes, read the referenced changelogs
71 references:
72 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
73 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
74 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
75 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
76 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
77 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
78 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52
79 - https://bugs.mageia.org/show_bug.cgi?id=10651
80 ID: MGASA-2013-0203

  ViewVC Help
Powered by ViewVC 1.1.26