lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UxHD3-0000yM-Ds@titan.mandriva.com>
Date: Thu, 11 Jul 2013 15:47:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:194 ] kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:194
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : July 11, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote
 attackers to cause a denial of service (NULL pointer dereference
 and system crash) or possibly have unspecified other impact via
 an auth_reply message that triggers an attempted build_request
 operation. (CVE-2013-1059)
 
 The HP Smart Array controller disk-array driver and Compaq SMART2
 controller disk-array driver in the Linux kernel through 3.9.4
 do not initialize certain data structures, which allows local
 users to obtain sensitive information from kernel memory via (1)
 a crafted IDAGETPCIINFO command for a /dev/ida device, related
 to the ida_locked_ioctl function in drivers/block/cpqarray.c
 or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss
 device, related to the cciss_ioctl32_passthru function in
 drivers/block/cciss.c. (CVE-2013-2147)
 
 The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c
 in the Linux kernel through 3.9.4 does not initialize a certain
 structure member, which allows local users to obtain sensitive
 information from kernel memory via a read operation on the fanotify
 descriptor. (CVE-2013-2148)
 
 Format string vulnerability in the register_disk function in
 block/genhd.c in the Linux kernel through 3.9.4 allows local users to
 gain privileges by leveraging root access and writing format string
 specifiers to /sys/module/md_mod/parameters/new_array in order to
 create a crafted /dev/md device name. (CVE-2013-2851)
 
 The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in
 the Linux kernel through 3.10 allows local users to obtain sensitive
 information from kernel memory via a read operation on a malfunctioning
 CD-ROM drive. (CVE-2013-2164)
 
 The key_notify_policy_flush function in net/key/af_key.c in the Linux
 kernel before 3.9 does not initialize a certain structure member,
 which allows local users to obtain sensitive information from kernel
 heap memory by reading a broadcast message from the notify_policy
 interface of an IPSec key_socket. (CVE-2013-2237)
 
 The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions
 in net/key/af_key.c in the Linux kernel before 3.10 do not initialize
 certain structure members, which allows local users to obtain sensitive
 information from kernel heap memory by reading a broadcast message
 from the notify interface of an IPSec key_socket. (CVE-2013-2234)
 
 The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux
 kernel before 3.10 allows local users to cause a denial of service
 (system crash) by using an AF_INET6 socket for a connection to an
 IPv4 interface. (CVE-2013-2232)
 
 The online_pages function in mm/memory_hotplug.c in the Linux kernel
 before 3.6 allows local users to cause a denial of service (NULL
 pointer dereference and system crash) or possibly have unspecified
 other impact in opportunistic circumstances by using memory that was
 hot-added by an administrator. (CVE-2012-5517)
 
 Format string vulnerability in the b43_request_firmware function in
 drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
 the Linux kernel through 3.9.4 allows local users to gain privileges
 by leveraging root access and including format string specifiers in
 an fwpostfix modprobe parameter, leading to improper construction of
 an error message. (CVE-2013-2852)
 
 The ftrace implementation in the Linux kernel before 3.8.8 allows
 local users to cause a denial of service (NULL pointer dereference
 and system crash) or possibly have unspecified other impact by
 leveraging the CAP_SYS_ADMIN capability for write access to the (1)
 set_ftrace_pid or (2) set_graph_function file, and then making an
 lseek system call. (CVE-2013-3301)
 
 The pciback_enable_msi function in the PCI backend driver
 (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the
 Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device
 access to cause a denial of service via a large number of kernel log
 messages. NOTE: some of these details are obtained from third party
 information. (CVE-2013-0231)
 
 The chase_port function in drivers/usb/serial/io_ti.c in the
 Linux kernel before 3.7.4 allows local users to cause a denial of
 service (NULL pointer dereference and system crash) via an attempted
 /dev/ttyUSB read or write operation on a disconnected Edgeport USB
 serial converter. (CVE-2013-1774)
 
 Heap-based buffer overflow in the iscsi_add_notunderstood_response
 function in drivers/target/iscsi/iscsi_target_parameters.c in the
 iSCSI target subsystem in the Linux kernel through 3.9.4 allows
 remote attackers to cause a denial of service (memory corruption
 and OOPS) or possibly execute arbitrary code via a long key that
 is not properly handled during construction of an error-response
 packet. (CVE-2013-2850)
 
 The updated packages provides a solution for these security issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5517
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2148
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3301
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 435865a49ae270fc37e81d1a03a7b574  mbs1/x86_64/cpupower-3.4.52-1.1.mbs1.x86_64.rpm
 ff1f8cf01c899a47b02f8257aa531026  mbs1/x86_64/kernel-firmware-3.4.52-1.1.mbs1.noarch.rpm
 88f35a2dd3da9fa54c80689e9867edc7  mbs1/x86_64/kernel-headers-3.4.52-1.1.mbs1.x86_64.rpm
 1d49db696ff5b5c75c8dc63f87bc02bc  mbs1/x86_64/kernel-server-3.4.52-1.1.mbs1.x86_64.rpm
 d718fabb7c5503d536aa815535f44294  mbs1/x86_64/kernel-server-devel-3.4.52-1.1.mbs1.x86_64.rpm
 7aa979aa1c26d51a8e1c3fdf22a6f076  mbs1/x86_64/kernel-source-3.4.52-1.mbs1.noarch.rpm
 871b5453e7e2f65330c9748c4368886b  mbs1/x86_64/lib64cpupower0-3.4.52-1.1.mbs1.x86_64.rpm
 0826823b3c0ca675b5762df19171fd05  mbs1/x86_64/lib64cpupower-devel-3.4.52-1.1.mbs1.x86_64.rpm
 8b859bb8ef426ab1d810bf238e3695df  mbs1/x86_64/perf-3.4.52-1.1.mbs1.x86_64.rpm 
 f89854b0909910f6d6e1c7a7153bec08  mbs1/SRPMS/cpupower-3.4.52-1.1.mbs1.src.rpm
 a4f26a06789df750207a45b9750978e5  mbs1/SRPMS/kernel-firmware-3.4.52-1.1.mbs1.src.rpm
 761cd4ef33ea2e9de5c06812720c9ea1  mbs1/SRPMS/kernel-headers-3.4.52-1.1.mbs1.src.rpm
 59cacb9eb2a781df3e7785078d6fd129  mbs1/SRPMS/kernel-server-3.4.52-1.1.mbs1.src.rpm
 f170b5ef3f2afe9ef213c981f82a47cd  mbs1/SRPMS/kernel-source-3.4.52-1.mbs1.src.rpm
 8058f28e41b2e7c05c5719853463cf34  mbs1/SRPMS/perf-3.4.52-1.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFR3o0wmqjQ0CJFipgRAo6CAKCWv16hAfjsyxOxBaLJrtDqI0YIawCdEFxp
DKoOAlhqIBT4C0AuyxWYlIw=
=beBr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ