/[advisories]/10653.adv
ViewVC logotype

Annotation of /10653.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 191 - (hide annotations) (download)
Tue Jul 16 07:32:02 2013 UTC (7 years, 7 months ago) by tmb
File size: 2184 byte(s)
MGASA-2013-0210: kernel-linus-3.4.52-1.mga2
1 davidwhodgins 186 type: security
2     subject: Updated kernel-linus package fixes security issues
3     CVE:
4     - CVE-2013-0231
5     - CVE-2013-2850
6     - CVE-2013-2852
7     src:
8     2:
9     core:
10     - kernel-linus-3.4.52-1.mga2
11     description: |
12     This kernel update provides the upstream 3.4.52 kernel and fixes
13     the follwing security issues:
14    
15     The pciback_enable_msi function in the PCI backend driver
16     (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
17     kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
18     cause a denial of service via a large number of kernel log messages.
19     (CVE-2013-0231 / XSA-43)
20    
21     Heap-based buffer overflow in the iscsi_add_notunderstood_response function
22     in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
23     subsystem in the Linux kernel through 3.9.4 allows remote attackers to
24     cause a denial of service (memory corruption and OOPS) or possibly execute
25     arbitrary code via a long key that is not properly handled during
26     construction of an error-response packet.
27     A reproduction case requires patching open-iscsi to send overly large
28     keys. Performing discovery in a loop will Oops the remote server.
29     (CVE-2013-2850)
30    
31     Format string vulnerability in the b43_request_firmware function in
32     drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
33     the Linux kernel through 3.9.4 allows local users to gain privileges by
34     leveraging root access and including format string specifiers in an
35     fwpostfix modprobe parameter, leading to improper construction of an
36     error message. (CVE-2013-2852)
37    
38     Other fixes:
39     For other -stable fixes, read the referenced changelogs
40     references:
41     - https://bugs.mageia.org/show_bug.cgi?id=10653
42     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
43     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
44     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
45     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
46     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
47     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
48     - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52
49 tmb 191 ID: MGASA-2013-0210

  ViewVC Help
Powered by ViewVC 1.1.28