/[advisories]/10654.adv
ViewVC logotype

Annotation of /10654.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 194 - (hide annotations) (download)
Tue Jul 16 07:50:32 2013 UTC (10 years, 8 months ago) by tmb
File size: 3106 byte(s)
MGASA-2013-0211: kernel-rt-3.4.52-0.rt67.2.mga2: use correct advisory
1 davidwhodgins 186 type: security
2     subject: Updated kernel-rt package fixes security issues
3     CVE:
4     - CVE-2013-0231
5 tmb 194 - CVE-2013-2232
6     - CVE-2013-2234
7     - CVE-2013-2237
8 davidwhodgins 186 - CVE-2013-2850
9     - CVE-2013-2852
10     src:
11     2:
12     core:
13 tmb 194 - kernel-rt-3.4.52-0.rt67.2.mga2
14 davidwhodgins 186 description: |
15 tmb 194 This kernel-rt update provides the upstream 3.4.52 kernel and fixes
16     the follwing security issues:
17    
18 davidwhodgins 186 The pciback_enable_msi function in the PCI backend driver
19     (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
20     kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
21     cause a denial of service via a large number of kernel log messages.
22     (CVE-2013-0231 / XSA-43)
23    
24 tmb 194 ipv6: ip6_sk_dst_check() must not assume ipv6 dst
25     It's possible to use AF_INET6 sockets and to connect to an IPv4
26     destination. After this, socket dst cache is a pointer to a rtable,
27     not rt6_info. This bug can be exploited by local non-root users
28     to trigger various corruptions/crashes (CVE-2013-2232)
29    
30     af_key: fix info leaks in notify messages
31     key_notify_sa_flush() and key_notify_policy_flush() miss to
32     initialize the sadb_msg_reserved member of the broadcasted message
33     and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234)
34    
35     af_key: initialize satype in key_notify_policy_flush()
36     key_notify_policy_flush() miss to nitialize the sadb_msg_satype member
37     of the broadcasted message and thereby leak heap memory to listeners
38     (CVE-2013-2237)
39    
40 davidwhodgins 186 Heap-based buffer overflow in the iscsi_add_notunderstood_response function
41     in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
42     subsystem in the Linux kernel through 3.9.4 allows remote attackers to
43     cause a denial of service (memory corruption and OOPS) or possibly execute
44     arbitrary code via a long key that is not properly handled during
45     construction of an error-response packet.
46     A reproduction case requires patching open-iscsi to send overly large
47     keys. Performing discovery in a loop will Oops the remote server.
48     (CVE-2013-2850)
49    
50     Format string vulnerability in the b43_request_firmware function in
51     drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
52     the Linux kernel through 3.9.4 allows local users to gain privileges by
53     leveraging root access and including format string specifiers in an
54     fwpostfix modprobe parameter, leading to improper construction of an
55     error message. (CVE-2013-2852)
56    
57     Other fixes:
58     Fix up alx AR8161 breakage (mga #10079)
59 tmb 194 rt patch has been updated to -rt67
60 davidwhodgins 186
61     For other -stable fixes, read the referenced changelogs
62     references:
63     - https://bugs.mageia.org/show_bug.cgi?id=10654
64     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
65     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
66     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
67     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
68     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
69     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
70 tmb 194 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52
71 tmb 192 ID: MGASA-2013-0211

  ViewVC Help
Powered by ViewVC 1.1.30