lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1XtuOm-000186-Po@titan.mandriva.com>
Date: Thu, 27 Nov 2014 09:26:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:230 ] kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:230
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : November 27, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 The WRMSR processing functionality in the KVM subsystem in the
 Linux kernel through 3.17.2 does not properly handle the writing of a
 non-canonical address to a model-specific register, which allows guest
 OS users to cause a denial of service (host OS crash) by leveraging
 guest OS privileges, related to the wrmsr_interception function in
 arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c
 (CVE-2014-3610).
 
 Race condition in the __kvm_migrate_pit_timer function in
 arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through
 3.17.2 allows guest OS users to cause a denial of service (host OS
 crash) by leveraging incorrect PIT emulation (CVE-2014-3611).
 
 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
 3.12 does not have an exit handler for the INVEPT instruction, which
 allows guest OS users to cause a denial of service (guest OS crash)
 via a crafted application (CVE-2014-3645).
 
 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through
 3.17.2 does not have an exit handler for the INVVPID instruction,
 which allows guest OS users to cause a denial of service (guest OS
 crash) via a crafted application (CVE-2014-3646).
 
 arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel
 through 3.17.2 does not properly perform RIP changes, which allows
 guest OS users to cause a denial of service (guest OS crash) via a
 crafted application (CVE-2014-3647).
 
 The SCTP implementation in the Linux kernel through 3.17.2 allows
 remote attackers to cause a denial of service (system crash) via
 a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and
 net/sctp/sm_statefuns.c (CVE-2014-3673).
 
 The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c
 in the SCTP implementation in the Linux kernel through 3.17.2 allows
 remote attackers to cause a denial of service (panic) via duplicate
 ASCONF chunks that trigger an incorrect uncork within the side-effect
 interpreter (CVE-2014-3687).
 
 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
 3.17.2 on Intel processors does not ensure that the value in the CR4
 control register remains the same after a VM entry, which allows host
 OS users to kill arbitrary processes or cause a denial of service
 (system disruption) by leveraging /dev/kvm access, as demonstrated by
 PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690).
 
 kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2
 does not properly handle private syscall numbers during use of the
 perf subsystem, which allows local users to cause a denial of service
 (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism
 via a crafted application (CVE-2014-7825).
 
 kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2
 does not properly handle private syscall numbers during use of the
 ftrace subsystem, which allows local users to gain privileges or
 cause a denial of service (invalid pointer dereference) via a crafted
 application (CVE-2014-7826).
 
 The pivot_root implementation in fs/namespace.c in the Linux kernel
 through 3.17 does not properly interact with certain locations of
 a chroot directory, which allows local users to cause a denial of
 service (mount-tree loop) via . (dot) values in both arguments to
 the pivot_root system call (CVE-2014-7970).
 
 The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
 kernel through 3.17.2 miscalculates the number of pages during
 the handling of a mapping failure, which allows guest OS users to
 cause a denial of service (host OS page unpinning) or possibly have
 unspecified other impact by leveraging guest OS privileges. NOTE: this
 vulnerability exists because of an incorrect fix for CVE-2014-3601
 (CVE-2014-8369).
 
 The updated packages provides a solution for these security issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3611
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3645
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7825
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 844335653b0d9e326bd0a216f3ea302d  mbs1/x86_64/cpupower-3.4.104-2.1.mbs1.x86_64.rpm
 0944cdafdcb39a677b01248786a2a57b  mbs1/x86_64/kernel-firmware-3.4.104-2.1.mbs1.noarch.rpm
 ba7ff021bc473448d12f34507ed3c421  mbs1/x86_64/kernel-headers-3.4.104-2.1.mbs1.x86_64.rpm
 c5da0b82ad77b075f6ce0390cafe4529  mbs1/x86_64/kernel-server-3.4.104-2.1.mbs1.x86_64.rpm
 818764027cea7651b6eed4bdaefcb689  mbs1/x86_64/kernel-server-devel-3.4.104-2.1.mbs1.x86_64.rpm
 fb73af4d10dbfb744772697aeded569d  mbs1/x86_64/kernel-source-3.4.104-2.mbs1.noarch.rpm
 cb9483eb41b264e9c0844098912dc303  mbs1/x86_64/lib64cpupower0-3.4.104-2.1.mbs1.x86_64.rpm
 bca76ebdff84f3fcb662ed40f337dab2  mbs1/x86_64/lib64cpupower-devel-3.4.104-2.1.mbs1.x86_64.rpm
 dd64b01e869b7cfb3c565310d4bcd445  mbs1/x86_64/perf-3.4.104-2.1.mbs1.x86_64.rpm 
 06db298a74aae5b928698a4ab1c5caf9  mbs1/SRPMS/cpupower-3.4.104-2.1.mbs1.src.rpm
 096237c036ac96f145cce3045968ee53  mbs1/SRPMS/kernel-firmware-3.4.104-2.1.mbs1.src.rpm
 b28b50590a939c293d1f5b47a210a4d3  mbs1/SRPMS/kernel-headers-3.4.104-2.1.mbs1.src.rpm
 d6b2dd0334645247996a487d5b946fdc  mbs1/SRPMS/kernel-server-3.4.104-2.1.mbs1.src.rpm
 7457a1bb39e640bebe34b68857e04b54  mbs1/SRPMS/kernel-source-3.4.104-2.mbs1.src.rpm
 45b43544167a6e121148276e9ddb6a49  mbs1/SRPMS/perf-3.4.104-2.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUdtH/mqjQ0CJFipgRAmCdAJ9EMBSGdIrGawNjl72V8cYCHhZhMgCg5g4t
uKrF0GIY2y6H1sJCQMF3rZU=
=MIBL
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ