advisories/10698.adv

type: security
subject: Updated kernel-linus package fixes multiple security vulnerabilities
CVE:
 - CVE-2013-0231
 - CVE-2013-2850
 - CVE-2013-2852
src:
  3:
   core:
     - kernel-linus-3.8.13.4-2.mga3
description: |
  This kernel-linus update provides the extended stable 3.8.13.4 kernel and
  fixes the follwing security issues:

  The pciback_enable_msi function in the PCI backend driver 
  (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
  kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
  cause a denial of service via a large number of kernel log messages.
  (CVE-2013-0231 / XSA-43)

  Heap-based buffer overflow in the iscsi_add_notunderstood_response function
  in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
  subsystem in the Linux kernel through 3.9.4 allows remote attackers to
  cause a denial of service (memory corruption and OOPS) or possibly execute
  arbitrary code via a long key that is not properly handled during
  construction of an error-response packet.
  A reproduction case requires patching open-iscsi to send overly large
  keys. Performing discovery in a loop will Oops the remote server.
  (CVE-2013-2850)

  Format string vulnerability in the b43_request_firmware function in
  drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
  the Linux kernel through 3.9.4 allows local users to gain privileges by
  leveraging root access and including format string specifiers in an
  fwpostfix modprobe parameter, leading to improper construction of an
  error message. (CVE-2013-2852)

  Other fixes:
  - enable support for more touchscreens
  - enable X86_X2APIC, X86_REROUTE_FOR_BROKEN_BOOT_IRQS, FHANDLE
  - disable COMPAT_VDSO (not needed since glibc-2.3.3)

  For other fixes in the extended stable update, see the referenced shortlog
references:
 - http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=refs/heads/linux-3.8.y;a=shortlog
 - https://bugs.mageia.org/show_bug.cgi?id=10698
ID: MGASA-2013-0214
1	type: security
2	subject: Updated kernel-linus package fixes multiple security vulnerabilities
3	CVE:
4	- CVE-2013-0231
5	- CVE-2013-2850
6	- CVE-2013-2852
7	src:
8	3:
9	core:
10	- kernel-linus-3.8.13.4-2.mga3
11	description: \|
12	This kernel-linus update provides the extended stable 3.8.13.4 kernel and
13	fixes the follwing security issues:
14
15	The pciback_enable_msi function in the PCI backend driver
16	(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
17	kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
18	cause a denial of service via a large number of kernel log messages.
19	(CVE-2013-0231 / XSA-43)
20
21	Heap-based buffer overflow in the iscsi_add_notunderstood_response function
22	in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
23	subsystem in the Linux kernel through 3.9.4 allows remote attackers to
24	cause a denial of service (memory corruption and OOPS) or possibly execute
25	arbitrary code via a long key that is not properly handled during
26	construction of an error-response packet.
27	A reproduction case requires patching open-iscsi to send overly large
28	keys. Performing discovery in a loop will Oops the remote server.
29	(CVE-2013-2850)
30
31	Format string vulnerability in the b43_request_firmware function in
32	drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
33	the Linux kernel through 3.9.4 allows local users to gain privileges by
34	leveraging root access and including format string specifiers in an
35	fwpostfix modprobe parameter, leading to improper construction of an
36	error message. (CVE-2013-2852)
37
38	Other fixes:
39	- enable support for more touchscreens
40	- enable X86_X2APIC, X86_REROUTE_FOR_BROKEN_BOOT_IRQS, FHANDLE
41	- disable COMPAT_VDSO (not needed since glibc-2.3.3)
42
43	For other fixes in the extended stable update, see the referenced shortlog
44	references:
45	- http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=refs/heads/linux-3.8.y;a=shortlog
46	- https://bugs.mageia.org/show_bug.cgi?id=10698
47	ID: MGASA-2013-0214