1 |
type: security |
2 |
subject: Updated kernel packages fix multiple security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2013-0231 |
5 |
- CVE-2013-2232 |
6 |
- CVE-2013-2234 |
7 |
- CVE-2013-2237 |
8 |
- CVE-2013-2850 |
9 |
- CVE-2013-2852 |
10 |
src: |
11 |
2: |
12 |
core: |
13 |
- kernel-3.4.52-1.mga2 |
14 |
- kernel-userspace-headers-3.4.52-1.mga2 |
15 |
- kmod-vboxadditions-4.1.24-11.mga2 |
16 |
- kmod-virtualbox-4.1.24-11.mga2 |
17 |
- kmod-xtables-addons-1.41-28.mga2 |
18 |
nonfree: |
19 |
- kmod-broadcom-wl-5.100.82.112-48.mga2.nonfree |
20 |
- kmod-fglrx-8.961-24.mga2.nonfree |
21 |
- kmod-nvidia173-173.14.36-14.mga2.nonfree |
22 |
- kmod-nvidia96xx-96.43.23-15.mga2.nonfree |
23 |
- kmod-nvidia-current-295.71-19.mga2.nonfree |
24 |
description: | |
25 |
This kernel update provides the upstream 3.4.52 kernel and fixes |
26 |
the following security issues: |
27 |
|
28 |
The pciback_enable_msi function in the PCI backend driver |
29 |
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux |
30 |
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to |
31 |
cause a denial of service via a large number of kernel log messages. |
32 |
(CVE-2013-0231 / XSA-43) |
33 |
|
34 |
ipv6: ip6_sk_dst_check() must not assume ipv6 dst |
35 |
It's possible to use AF_INET6 sockets and to connect to an IPv4 |
36 |
destination. After this, socket dst cache is a pointer to a rtable, |
37 |
not rt6_info. This bug can be exploited by local non-root users |
38 |
to trigger various corruptions/crashes (CVE-2013-2232) |
39 |
|
40 |
af_key: fix info leaks in notify messages |
41 |
key_notify_sa_flush() and key_notify_policy_flush() miss to |
42 |
initialize the sadb_msg_reserved member of the broadcasted message |
43 |
and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234) |
44 |
|
45 |
af_key: initialize satype in key_notify_policy_flush() |
46 |
key_notify_policy_flush() miss to nitialize the sadb_msg_satype member |
47 |
of the broadcasted message and thereby leak heap memory to listeners |
48 |
(CVE-2013-2237) |
49 |
|
50 |
Heap-based buffer overflow in the iscsi_add_notunderstood_response function |
51 |
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target |
52 |
subsystem in the Linux kernel through 3.9.4 allows remote attackers to |
53 |
cause a denial of service (memory corruption and OOPS) or possibly execute |
54 |
arbitrary code via a long key that is not properly handled during |
55 |
construction of an error-response packet. |
56 |
A reproduction case requires patching open-iscsi to send overly large |
57 |
keys. Performing discovery in a loop will Oops the remote server. |
58 |
(CVE-2013-2850) |
59 |
|
60 |
Format string vulnerability in the b43_request_firmware function in |
61 |
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in |
62 |
the Linux kernel through 3.9.4 allows local users to gain privileges by |
63 |
leveraging root access and including format string specifiers in an |
64 |
fwpostfix modprobe parameter, leading to improper construction of an |
65 |
error message. (CVE-2013-2852) |
66 |
|
67 |
Other fixes: |
68 |
Fix up alx AR8161 breakage (mga #10079) |
69 |
|
70 |
For other -stable fixes, read the referenced changelogs |
71 |
references: |
72 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46 |
73 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47 |
74 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48 |
75 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49 |
76 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50 |
77 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51 |
78 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52 |
79 |
- https://bugs.mageia.org/show_bug.cgi?id=10651 |
80 |
ID: MGASA-2013-0203 |