[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1XtuOm-000186-Po@titan.mandriva.com>
Date: Thu, 27 Nov 2014 09:26:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:230 ] kernel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:230
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : kernel
Date : November 27, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in the Linux
kernel:
The WRMSR processing functionality in the KVM subsystem in the
Linux kernel through 3.17.2 does not properly handle the writing of a
non-canonical address to a model-specific register, which allows guest
OS users to cause a denial of service (host OS crash) by leveraging
guest OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c
(CVE-2014-3610).
Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through
3.17.2 allows guest OS users to cause a denial of service (host OS
crash) by leveraging incorrect PIT emulation (CVE-2014-3611).
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.12 does not have an exit handler for the INVEPT instruction, which
allows guest OS users to cause a denial of service (guest OS crash)
via a crafted application (CVE-2014-3645).
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through
3.17.2 does not have an exit handler for the INVVPID instruction,
which allows guest OS users to cause a denial of service (guest OS
crash) via a crafted application (CVE-2014-3646).
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel
through 3.17.2 does not properly perform RIP changes, which allows
guest OS users to cause a denial of service (guest OS crash) via a
crafted application (CVE-2014-3647).
The SCTP implementation in the Linux kernel through 3.17.2 allows
remote attackers to cause a denial of service (system crash) via
a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and
net/sctp/sm_statefuns.c (CVE-2014-3673).
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c
in the SCTP implementation in the Linux kernel through 3.17.2 allows
remote attackers to cause a denial of service (panic) via duplicate
ASCONF chunks that trigger an incorrect uncork within the side-effect
interpreter (CVE-2014-3687).
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host
OS users to kill arbitrary processes or cause a denial of service
(system disruption) by leveraging /dev/kvm access, as demonstrated by
PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690).
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2
does not properly handle private syscall numbers during use of the
perf subsystem, which allows local users to cause a denial of service
(out-of-bounds read and OOPS) or bypass the ASLR protection mechanism
via a crafted application (CVE-2014-7825).
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2
does not properly handle private syscall numbers during use of the
ftrace subsystem, which allows local users to gain privileges or
cause a denial of service (invalid pointer dereference) via a crafted
application (CVE-2014-7826).
The pivot_root implementation in fs/namespace.c in the Linux kernel
through 3.17 does not properly interact with certain locations of
a chroot directory, which allows local users to cause a denial of
service (mount-tree loop) via . (dot) values in both arguments to
the pivot_root system call (CVE-2014-7970).
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.17.2 miscalculates the number of pages during
the handling of a mapping failure, which allows guest OS users to
cause a denial of service (host OS page unpinning) or possibly have
unspecified other impact by leveraging guest OS privileges. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2014-3601
(CVE-2014-8369).
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
844335653b0d9e326bd0a216f3ea302d mbs1/x86_64/cpupower-3.4.104-2.1.mbs1.x86_64.rpm
0944cdafdcb39a677b01248786a2a57b mbs1/x86_64/kernel-firmware-3.4.104-2.1.mbs1.noarch.rpm
ba7ff021bc473448d12f34507ed3c421 mbs1/x86_64/kernel-headers-3.4.104-2.1.mbs1.x86_64.rpm
c5da0b82ad77b075f6ce0390cafe4529 mbs1/x86_64/kernel-server-3.4.104-2.1.mbs1.x86_64.rpm
818764027cea7651b6eed4bdaefcb689 mbs1/x86_64/kernel-server-devel-3.4.104-2.1.mbs1.x86_64.rpm
fb73af4d10dbfb744772697aeded569d mbs1/x86_64/kernel-source-3.4.104-2.mbs1.noarch.rpm
cb9483eb41b264e9c0844098912dc303 mbs1/x86_64/lib64cpupower0-3.4.104-2.1.mbs1.x86_64.rpm
bca76ebdff84f3fcb662ed40f337dab2 mbs1/x86_64/lib64cpupower-devel-3.4.104-2.1.mbs1.x86_64.rpm
dd64b01e869b7cfb3c565310d4bcd445 mbs1/x86_64/perf-3.4.104-2.1.mbs1.x86_64.rpm
06db298a74aae5b928698a4ab1c5caf9 mbs1/SRPMS/cpupower-3.4.104-2.1.mbs1.src.rpm
096237c036ac96f145cce3045968ee53 mbs1/SRPMS/kernel-firmware-3.4.104-2.1.mbs1.src.rpm
b28b50590a939c293d1f5b47a210a4d3 mbs1/SRPMS/kernel-headers-3.4.104-2.1.mbs1.src.rpm
d6b2dd0334645247996a487d5b946fdc mbs1/SRPMS/kernel-server-3.4.104-2.1.mbs1.src.rpm
7457a1bb39e640bebe34b68857e04b54 mbs1/SRPMS/kernel-source-3.4.104-2.mbs1.src.rpm
45b43544167a6e121148276e9ddb6a49 mbs1/SRPMS/perf-3.4.104-2.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUdtH/mqjQ0CJFipgRAmCdAJ9EMBSGdIrGawNjl72V8cYCHhZhMgCg5g4t
uKrF0GIY2y6H1sJCQMF3rZU=
=MIBL
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists