1 |
davidwhodgins |
186 |
type: security |
2 |
|
|
subject: Updated kernel-rt package fixes security issues |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2013-0231 |
5 |
tmb |
194 |
- CVE-2013-2232 |
6 |
|
|
- CVE-2013-2234 |
7 |
|
|
- CVE-2013-2237 |
8 |
davidwhodgins |
186 |
- CVE-2013-2850 |
9 |
|
|
- CVE-2013-2852 |
10 |
|
|
src: |
11 |
|
|
2: |
12 |
|
|
core: |
13 |
tmb |
194 |
- kernel-rt-3.4.52-0.rt67.2.mga2 |
14 |
davidwhodgins |
186 |
description: | |
15 |
tmb |
194 |
This kernel-rt update provides the upstream 3.4.52 kernel and fixes |
16 |
|
|
the follwing security issues: |
17 |
|
|
|
18 |
davidwhodgins |
186 |
The pciback_enable_msi function in the PCI backend driver |
19 |
|
|
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux |
20 |
|
|
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to |
21 |
|
|
cause a denial of service via a large number of kernel log messages. |
22 |
|
|
(CVE-2013-0231 / XSA-43) |
23 |
|
|
|
24 |
tmb |
194 |
ipv6: ip6_sk_dst_check() must not assume ipv6 dst |
25 |
|
|
It's possible to use AF_INET6 sockets and to connect to an IPv4 |
26 |
|
|
destination. After this, socket dst cache is a pointer to a rtable, |
27 |
|
|
not rt6_info. This bug can be exploited by local non-root users |
28 |
|
|
to trigger various corruptions/crashes (CVE-2013-2232) |
29 |
|
|
|
30 |
|
|
af_key: fix info leaks in notify messages |
31 |
|
|
key_notify_sa_flush() and key_notify_policy_flush() miss to |
32 |
|
|
initialize the sadb_msg_reserved member of the broadcasted message |
33 |
|
|
and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234) |
34 |
|
|
|
35 |
|
|
af_key: initialize satype in key_notify_policy_flush() |
36 |
|
|
key_notify_policy_flush() miss to nitialize the sadb_msg_satype member |
37 |
|
|
of the broadcasted message and thereby leak heap memory to listeners |
38 |
|
|
(CVE-2013-2237) |
39 |
|
|
|
40 |
davidwhodgins |
186 |
Heap-based buffer overflow in the iscsi_add_notunderstood_response function |
41 |
|
|
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target |
42 |
|
|
subsystem in the Linux kernel through 3.9.4 allows remote attackers to |
43 |
|
|
cause a denial of service (memory corruption and OOPS) or possibly execute |
44 |
|
|
arbitrary code via a long key that is not properly handled during |
45 |
|
|
construction of an error-response packet. |
46 |
|
|
A reproduction case requires patching open-iscsi to send overly large |
47 |
|
|
keys. Performing discovery in a loop will Oops the remote server. |
48 |
|
|
(CVE-2013-2850) |
49 |
|
|
|
50 |
|
|
Format string vulnerability in the b43_request_firmware function in |
51 |
|
|
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in |
52 |
|
|
the Linux kernel through 3.9.4 allows local users to gain privileges by |
53 |
|
|
leveraging root access and including format string specifiers in an |
54 |
|
|
fwpostfix modprobe parameter, leading to improper construction of an |
55 |
|
|
error message. (CVE-2013-2852) |
56 |
|
|
|
57 |
|
|
Other fixes: |
58 |
|
|
Fix up alx AR8161 breakage (mga #10079) |
59 |
tmb |
194 |
rt patch has been updated to -rt67 |
60 |
davidwhodgins |
186 |
|
61 |
|
|
For other -stable fixes, read the referenced changelogs |
62 |
|
|
references: |
63 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=10654 |
64 |
|
|
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46 |
65 |
|
|
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47 |
66 |
|
|
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48 |
67 |
|
|
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49 |
68 |
|
|
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50 |
69 |
|
|
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51 |
70 |
tmb |
194 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52 |
71 |
tmb |
192 |
ID: MGASA-2013-0211 |