| 1 |
type: security |
| 2 |
subject: Updated kernel-vserver package fixes security issues |
| 3 |
CVE: |
| 4 |
- CVE-2013-0231 |
| 5 |
- CVE-2013-2232 |
| 6 |
- CVE-2013-2234 |
| 7 |
- CVE-2013-2237 |
| 8 |
- CVE-2013-2850 |
| 9 |
- CVE-2013-2852 |
| 10 |
src: |
| 11 |
2: |
| 12 |
core: |
| 13 |
- kernel-vserver-3.4.52-1.mga2 |
| 14 |
description: | |
| 15 |
This kernel-vserver update provides the upstream 3.4.52 kernel and fixes |
| 16 |
the follwing security issues: |
| 17 |
|
| 18 |
The pciback_enable_msi function in the PCI backend driver |
| 19 |
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux |
| 20 |
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to |
| 21 |
cause a denial of service via a large number of kernel log messages. |
| 22 |
(CVE-2013-0231 / XSA-43) |
| 23 |
|
| 24 |
ipv6: ip6_sk_dst_check() must not assume ipv6 dst |
| 25 |
It's possible to use AF_INET6 sockets and to connect to an IPv4 |
| 26 |
destination. After this, socket dst cache is a pointer to a rtable, |
| 27 |
not rt6_info. This bug can be exploited by local non-root users |
| 28 |
to trigger various corruptions/crashes (CVE-2013-2232) |
| 29 |
|
| 30 |
af_key: fix info leaks in notify messages |
| 31 |
key_notify_sa_flush() and key_notify_policy_flush() miss to |
| 32 |
initialize the sadb_msg_reserved member of the broadcasted message |
| 33 |
and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234) |
| 34 |
|
| 35 |
af_key: initialize satype in key_notify_policy_flush() |
| 36 |
key_notify_policy_flush() miss to nitialize the sadb_msg_satype member |
| 37 |
of the broadcasted message and thereby leak heap memory to listeners |
| 38 |
(CVE-2013-2237) |
| 39 |
|
| 40 |
Heap-based buffer overflow in the iscsi_add_notunderstood_response function |
| 41 |
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target |
| 42 |
subsystem in the Linux kernel through 3.9.4 allows remote attackers to |
| 43 |
cause a denial of service (memory corruption and OOPS) or possibly execute |
| 44 |
arbitrary code via a long key that is not properly handled during |
| 45 |
construction of an error-response packet. |
| 46 |
A reproduction case requires patching open-iscsi to send overly large |
| 47 |
keys. Performing discovery in a loop will Oops the remote server. |
| 48 |
(CVE-2013-2850) |
| 49 |
|
| 50 |
Format string vulnerability in the b43_request_firmware function in |
| 51 |
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in |
| 52 |
the Linux kernel through 3.9.4 allows local users to gain privileges by |
| 53 |
leveraging root access and including format string specifiers in an |
| 54 |
fwpostfix modprobe parameter, leading to improper construction of an |
| 55 |
error message. (CVE-2013-2852) |
| 56 |
|
| 57 |
Other fixes: |
| 58 |
Fix up alx AR8161 breakage (mga #10079) |
| 59 |
|
| 60 |
For other -stable fixes, read the referenced changelogs |
| 61 |
references: |
| 62 |
- https://bugs.mageia.org/show_bug.cgi?id=10655 |
| 63 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46 |
| 64 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47 |
| 65 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48 |
| 66 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49 |
| 67 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50 |
| 68 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51 |
| 69 |
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52 |
| 70 |
ID: MGASA-2013-0212 |
Parent Directory
| 
Revision Log