advisories/10653.adv

type: security
subject: Updated kernel-linus package fixes security issues
CVE:
 - CVE-2013-0231
 - CVE-2013-2850
 - CVE-2013-2852
src:
  2:
   core:
     - kernel-linus-3.4.52-1.mga2
description: |
  This kernel update provides the upstream 3.4.52 kernel and fixes
  the follwing security issues:
  
  The pciback_enable_msi function in the PCI backend driver 
  (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
  kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
  cause a denial of service via a large number of kernel log messages.
  (CVE-2013-0231 / XSA-43)
  
  Heap-based buffer overflow in the iscsi_add_notunderstood_response function
  in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
  subsystem in the Linux kernel through 3.9.4 allows remote attackers to
  cause a denial of service (memory corruption and OOPS) or possibly execute
  arbitrary code via a long key that is not properly handled during
  construction of an error-response packet.
  A reproduction case requires patching open-iscsi to send overly large
  keys. Performing discovery in a loop will Oops the remote server.
  (CVE-2013-2850)
  
  Format string vulnerability in the b43_request_firmware function in
  drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
  the Linux kernel through 3.9.4 allows local users to gain privileges by
  leveraging root access and including format string specifiers in an
  fwpostfix modprobe parameter, leading to improper construction of an
  error message. (CVE-2013-2852)
  
  Other fixes:
  For other -stable fixes, read the referenced changelogs
references:
 - https://bugs.mageia.org/show_bug.cgi?id=10653
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52
ID: MGASA-2013-0210
1	davidwhodgins	186	type: security
2			subject: Updated kernel-linus package fixes security issues
3			CVE:
4			- CVE-2013-0231
5			- CVE-2013-2850
6			- CVE-2013-2852
7			src:
8			2:
9			core:
10			- kernel-linus-3.4.52-1.mga2
11			description: \|
12			This kernel update provides the upstream 3.4.52 kernel and fixes
13			the follwing security issues:
14
15			The pciback_enable_msi function in the PCI backend driver
16			(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
17			kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
18			cause a denial of service via a large number of kernel log messages.
19			(CVE-2013-0231 / XSA-43)
20
21			Heap-based buffer overflow in the iscsi_add_notunderstood_response function
22			in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
23			subsystem in the Linux kernel through 3.9.4 allows remote attackers to
24			cause a denial of service (memory corruption and OOPS) or possibly execute
25			arbitrary code via a long key that is not properly handled during
26			construction of an error-response packet.
27			A reproduction case requires patching open-iscsi to send overly large
28			keys. Performing discovery in a loop will Oops the remote server.
29			(CVE-2013-2850)
30
31			Format string vulnerability in the b43_request_firmware function in
32			drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
33			the Linux kernel through 3.9.4 allows local users to gain privileges by
34			leveraging root access and including format string specifiers in an
35			fwpostfix modprobe parameter, leading to improper construction of an
36			error message. (CVE-2013-2852)
37
38			Other fixes:
39			For other -stable fixes, read the referenced changelogs
40			references:
41			- https://bugs.mageia.org/show_bug.cgi?id=10653
42			- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
43			- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
44			- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
45			- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
46			- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
47			- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
48			- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52
49	tmb	191	ID: MGASA-2013-0210