[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VPAPN-0001Lo-RP@titan.mandriva.com>
Date: Thu, 26 Sep 2013 14:11:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:242 ] kernel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:242
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : kernel
Date : September 26, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in the Linux
kernel:
Multiple array index errors in drivers/hid/hid-core.c in the Human
Interface Device (HID) subsystem in the Linux kernel through 3.11
allow physically proximate attackers to execute arbitrary code or
cause a denial of service (heap memory corruption) via a crafted
device that provides an invalid Report ID (CVE-2013-2888).
drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem
in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled,
allows physically proximate attackers to cause a denial of service
(heap-based out-of-bounds write) via a crafted device (CVE-2013-2889).
drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in
the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled,
allows physically proximate attackers to cause a denial of service
(heap-based out-of-bounds write) via a crafted device (CVE-2013-2892).
The Human Interface Device (HID) subsystem in the Linux kernel
through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or
CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate
attackers to cause a denial of service (heap-based out-of-bounds
write) via a crafted device, related to (1) drivers/hid/hid-lgff.c,
(2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c
(CVE-2013-2893).
drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ
is enabled, allows physically proximate attackers to cause a denial
of service (NULL pointer dereference and OOPS) or obtain sensitive
information from kernel memory via a crafted device (CVE-2013-2895).
drivers/hid/hid-ntrig.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG
is enabled, allows physically proximate attackers to cause a denial
of service (NULL pointer dereference and OOPS) via a crafted device
(CVE-2013-2896).
Multiple array index errors in drivers/hid/hid-multitouch.c in the
Human Interface Device (HID) subsystem in the Linux kernel through
3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate
attackers to cause a denial of service (heap memory corruption, or NULL
pointer dereference and OOPS) via a crafted device (CVE-2013-2897).
drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD
is enabled, allows physically proximate attackers to cause a denial
of service (NULL pointer dereference and OOPS) via a crafted device
(CVE-2013-2899).
The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6
implementation in the Linux kernel through 3.10.3 makes an incorrect
function call for pending data, which allows local users to cause a
denial of service (BUG and system crash) via a crafted application that
uses the UDP_CORK option in a setsockopt system call (CVE-2013-4162).
The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6
implementation in the Linux kernel through 3.10.3 does not properly
maintain information about whether the IPV6_MTU setsockopt option
had been specified, which allows local users to cause a denial of
service (BUG and system crash) via a crafted application that uses
the UDP_CORK option in a setsockopt system call (CVE-2013-4163).
The validate_event function in arch/arm/kernel/perf_event.c in the
Linux kernel before 3.10.8 on the ARM platform allows local users to
gain privileges or cause a denial of service (NULL pointer dereference
and system crash) by adding a hardware event to an event group led
by a software event (CVE-2013-4254
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4254
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
8d1134181d478c0a1c6dbf1449991b6b mbs1/x86_64/cpupower-3.4.62-1.1.mbs1.x86_64.rpm
37937e41c97631fd97ff33d9b9ba5814 mbs1/x86_64/kernel-firmware-3.4.62-1.1.mbs1.noarch.rpm
96e1efeb3d657e3c3e59abadca7a415d mbs1/x86_64/kernel-headers-3.4.62-1.1.mbs1.x86_64.rpm
47b765b1d8710bfb333a613b03a56161 mbs1/x86_64/kernel-server-3.4.62-1.1.mbs1.x86_64.rpm
9af9dd38b2a551cc63c029384d0a0e72 mbs1/x86_64/kernel-server-devel-3.4.62-1.1.mbs1.x86_64.rpm
14be9b94085e9a01dd9cca95e38a2818 mbs1/x86_64/kernel-source-3.4.62-1.mbs1.noarch.rpm
7e72ba0f7bce7ccbdb1470d3426ed019 mbs1/x86_64/lib64cpupower0-3.4.62-1.1.mbs1.x86_64.rpm
296ebc6c41bfde917caea75bf3c0ba68 mbs1/x86_64/lib64cpupower-devel-3.4.62-1.1.mbs1.x86_64.rpm
5cba7555d3490eee675d47e719cfa37e mbs1/x86_64/perf-3.4.62-1.1.mbs1.x86_64.rpm
f9854e12b7264dfeb6751a92b22ee4ff mbs1/SRPMS/cpupower-3.4.62-1.1.mbs1.src.rpm
d3574b371323d22eca16bf6cb2d73334 mbs1/SRPMS/kernel-firmware-3.4.62-1.1.mbs1.src.rpm
6310fd3a2872494bdbbd0c69960dc8b1 mbs1/SRPMS/kernel-headers-3.4.62-1.1.mbs1.src.rpm
c2b2de6ae43dc8cba2678adc445deabd mbs1/SRPMS/kernel-server-3.4.62-1.1.mbs1.src.rpm
861c839b28c73378727f35801629489d mbs1/SRPMS/kernel-source-3.4.62-1.mbs1.src.rpm
6859e841effe9ae2528f9a65dd57dd41 mbs1/SRPMS/perf-3.4.62-1.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSQ/oSmqjQ0CJFipgRAhgmAKDb8jFGiWgtokzIyLZDCTjPdqtQpgCg3cNj
ofWbH+ulXdyYbr/wkrRj5uI=
=sNPZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists