/[advisories]/10653.adv
ViewVC logotype

Contents of /10653.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 191 - (show annotations) (download)
Tue Jul 16 07:32:02 2013 UTC (4 years, 5 months ago) by tmb
File size: 2184 byte(s)
MGASA-2013-0210: kernel-linus-3.4.52-1.mga2
1 type: security
2 subject: Updated kernel-linus package fixes security issues
3 CVE:
4 - CVE-2013-0231
5 - CVE-2013-2850
6 - CVE-2013-2852
7 src:
8 2:
9 core:
10 - kernel-linus-3.4.52-1.mga2
11 description: |
12 This kernel update provides the upstream 3.4.52 kernel and fixes
13 the follwing security issues:
14
15 The pciback_enable_msi function in the PCI backend driver
16 (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
17 kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
18 cause a denial of service via a large number of kernel log messages.
19 (CVE-2013-0231 / XSA-43)
20
21 Heap-based buffer overflow in the iscsi_add_notunderstood_response function
22 in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
23 subsystem in the Linux kernel through 3.9.4 allows remote attackers to
24 cause a denial of service (memory corruption and OOPS) or possibly execute
25 arbitrary code via a long key that is not properly handled during
26 construction of an error-response packet.
27 A reproduction case requires patching open-iscsi to send overly large
28 keys. Performing discovery in a loop will Oops the remote server.
29 (CVE-2013-2850)
30
31 Format string vulnerability in the b43_request_firmware function in
32 drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
33 the Linux kernel through 3.9.4 allows local users to gain privileges by
34 leveraging root access and including format string specifiers in an
35 fwpostfix modprobe parameter, leading to improper construction of an
36 error message. (CVE-2013-2852)
37
38 Other fixes:
39 For other -stable fixes, read the referenced changelogs
40 references:
41 - https://bugs.mageia.org/show_bug.cgi?id=10653
42 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
43 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
44 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
45 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
46 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
47 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
48 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52
49 ID: MGASA-2013-0210

  ViewVC Help
Powered by ViewVC 1.1.26