1 |
type: security |
2 |
subject: Updated kernel packages fix multiple security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2013-0231 |
5 |
- CVE-2013-2232 |
6 |
- CVE-2013-2234 |
7 |
- CVE-2013-2237 |
8 |
- CVE-2013-2850 |
9 |
- CVE-2013-2852 |
10 |
src: |
11 |
3: |
12 |
core: |
13 |
- kernel-3.8.13.4-1.mga3 |
14 |
- kernel-userspace-headers-3.8.13.4-1.mga3 |
15 |
- kmod-vboxadditions-4.2.12-14.mga3 |
16 |
- kmod-virtualbox-4.2.12-14.mga3 |
17 |
- kmod-xtables-addons-2.1-31.mga3 |
18 |
nonfree: |
19 |
- fglrx-12.104-3.mga3.nonfree |
20 |
- kmod-broadcom-wl-5.100.82.112-83.mga3.nonfree |
21 |
- kmod-fglrx-12.104-10.mga3.nonfree |
22 |
- kmod-nvidia173-173.14.37-16.mga3.nonfree |
23 |
- kmod-nvidia304-304.88-15.mga3.nonfree |
24 |
- kmod-nvidia-current-319.17-7.mga3.nonfree |
25 |
description: | |
26 |
This kernel update provides the extended stable 3.8.13.4 kernel and fixes |
27 |
the follwing security issues: |
28 |
|
29 |
The pciback_enable_msi function in the PCI backend driver |
30 |
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux |
31 |
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to |
32 |
cause a denial of service via a large number of kernel log messages. |
33 |
(CVE-2013-0231 / XSA-43) |
34 |
|
35 |
ipv6: ip6_sk_dst_check() must not assume ipv6 dst |
36 |
It's possible to use AF_INET6 sockets and to connect to an IPv4 |
37 |
destination. After this, socket dst cache is a pointer to a rtable, |
38 |
not rt6_info. This bug can be exploited by local non-root users |
39 |
to trigger various corruptions/crashes (CVE-2013-2232) |
40 |
|
41 |
af_key: fix info leaks in notify messages |
42 |
key_notify_sa_flush() and key_notify_policy_flush() miss to |
43 |
initialize the sadb_msg_reserved member of the broadcasted message |
44 |
and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234) |
45 |
|
46 |
af_key: initialize satype in key_notify_policy_flush() |
47 |
key_notify_policy_flush() miss to nitialize the sadb_msg_satype member |
48 |
of the broadcasted message and thereby leak heap memory to listeners |
49 |
(CVE-2013-2237) |
50 |
|
51 |
Heap-based buffer overflow in the iscsi_add_notunderstood_response function |
52 |
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target |
53 |
subsystem in the Linux kernel through 3.9.4 allows remote attackers to |
54 |
cause a denial of service (memory corruption and OOPS) or possibly execute |
55 |
arbitrary code via a long key that is not properly handled during |
56 |
construction of an error-response packet. |
57 |
A reproduction case requires patching open-iscsi to send overly large |
58 |
keys. Performing discovery in a loop will Oops the remote server. |
59 |
(CVE-2013-2850) |
60 |
|
61 |
Format string vulnerability in the b43_request_firmware function in |
62 |
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in |
63 |
the Linux kernel through 3.9.4 allows local users to gain privileges by |
64 |
leveraging root access and including format string specifiers in an |
65 |
fwpostfix modprobe parameter, leading to improper construction of an |
66 |
error message. (CVE-2013-2852) |
67 |
|
68 |
Other fixes: |
69 |
- Fix up alx AR8161 breakage (mga #10079) |
70 |
- bcma: add support for BCM43142 (mga#9378, mga#10611) |
71 |
- net/tg3: Avoid delay during MMIO access |
72 |
- re-add aufs support (mga#8314) |
73 |
- enable support for more touchscreens |
74 |
- iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets |
75 |
- rtlwifi: rtl8723ae: Fix typo in firmware names |
76 |
- rtlwifi: rtl8192cu: Fix problem in connecting to WEP or WPA(1) networks |
77 |
- md/raid10: fix two bugs affecting RAID10 reshape |
78 |
- crypto: algboss - Hold ref count on larval |
79 |
- perf: Disable monitoring on setuid processes for regular users |
80 |
- netfilter: nf_conntrack_ipv6: Plug sk_buff leak in fragment handling |
81 |
- enable X86_X2APIC, X86_REROUTE_FOR_BROKEN_BOOT_IRQS, FHANDLE |
82 |
- disable COMPAT_VDSO (not needed since glibc-2.3.3) |
83 |
- conflict too old plymouth to make cleaner upgrades (mga #10128) |
84 |
(fixes the errata for online upgraders) |
85 |
|
86 |
For other fixes in the extended stable update, see the referenced shortlog |
87 |
references: |
88 |
- https://bugs.mageia.org/show_bug.cgi?id=10697 |
89 |
- http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=refs/heads/linux-3.8.y;a=shortlog |
90 |
|
91 |
ID: MGASA-2013-0204 |