advisories/10653.adv

type: security
subject: Updated kernel-linus package fixes security issues
CVE:
 - CVE-2013-0231
 - CVE-2013-2850
 - CVE-2013-2852
src:
  2:
   core:
     - kernel-linus-3.4.52-1.mga2
description: |
  This kernel update provides the upstream 3.4.52 kernel and fixes
  the follwing security issues:
  
  The pciback_enable_msi function in the PCI backend driver 
  (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
  kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
  cause a denial of service via a large number of kernel log messages.
  (CVE-2013-0231 / XSA-43)
  
  Heap-based buffer overflow in the iscsi_add_notunderstood_response function
  in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
  subsystem in the Linux kernel through 3.9.4 allows remote attackers to
  cause a denial of service (memory corruption and OOPS) or possibly execute
  arbitrary code via a long key that is not properly handled during
  construction of an error-response packet.
  A reproduction case requires patching open-iscsi to send overly large
  keys. Performing discovery in a loop will Oops the remote server.
  (CVE-2013-2850)
  
  Format string vulnerability in the b43_request_firmware function in
  drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
  the Linux kernel through 3.9.4 allows local users to gain privileges by
  leveraging root access and including format string specifiers in an
  fwpostfix modprobe parameter, leading to improper construction of an
  error message. (CVE-2013-2852)
  
  Other fixes:
  For other -stable fixes, read the referenced changelogs
references:
 - https://bugs.mageia.org/show_bug.cgi?id=10653
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52
1	type: security
2	subject: Updated kernel-linus package fixes security issues
3	CVE:
4	- CVE-2013-0231
5	- CVE-2013-2850
6	- CVE-2013-2852
7	src:
8	2:
9	core:
10	- kernel-linus-3.4.52-1.mga2
11	description: \|
12	This kernel update provides the upstream 3.4.52 kernel and fixes
13	the follwing security issues:
14
15	The pciback_enable_msi function in the PCI backend driver
16	(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
17	kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
18	cause a denial of service via a large number of kernel log messages.
19	(CVE-2013-0231 / XSA-43)
20
21	Heap-based buffer overflow in the iscsi_add_notunderstood_response function
22	in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
23	subsystem in the Linux kernel through 3.9.4 allows remote attackers to
24	cause a denial of service (memory corruption and OOPS) or possibly execute
25	arbitrary code via a long key that is not properly handled during
26	construction of an error-response packet.
27	A reproduction case requires patching open-iscsi to send overly large
28	keys. Performing discovery in a loop will Oops the remote server.
29	(CVE-2013-2850)
30
31	Format string vulnerability in the b43_request_firmware function in
32	drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
33	the Linux kernel through 3.9.4 allows local users to gain privileges by
34	leveraging root access and including format string specifiers in an
35	fwpostfix modprobe parameter, leading to improper construction of an
36	error message. (CVE-2013-2852)
37
38	Other fixes:
39	For other -stable fixes, read the referenced changelogs
40	references:
41	- https://bugs.mageia.org/show_bug.cgi?id=10653
42	- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
43	- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
44	- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
45	- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
46	- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
47	- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
48	- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52