lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VfVhF-00013t-3x@titan.mandriva.com>
Date: Sun, 10 Nov 2013 15:09:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:265 ] kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:265
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : November 10, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 The ipc_rcu_putref function in ipc/util.c in the Linux kernel before
 3.10 does not properly manage a reference count, which allows local
 users to cause a denial of service (memory consumption or system crash)
 via a crafted application (CVE-2013-4483).
 
 The skb_flow_dissect function in net/core/flow_dissector.c in the
 Linux kernel through 3.12 allows remote attackers to cause a denial
 of service (infinite loop) via a small value in the IHL field of a
 packet with IPIP encapsulation (CVE-2013-4348).
 
 The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is
 enabled, does not properly initialize certain data structures, which
 allows local users to cause a denial of service (memory corruption and
 system crash) or possibly gain privileges via a crafted application
 that uses the UDP_CORK option in a setsockopt system call and
 sends both short and long packets, related to the ip_ufo_append_data
 function in net/ipv4/ip_output.c and the ip6_ufo_append_data function
 in net/ipv6/ip6_output.c (CVE-2013-4470).
 
 The ext4_orphan_del function in fs/ext4/namei.c in the Linux
 kernel before 3.7.3 does not properly handle orphan-list entries
 for non-journal filesystems, which allows physically proximate
 attackers to cause a denial of service (system hang) via a crafted
 filesystem on removable media, as demonstrated by the e2fsprogs
 tests/f_orphan_extents_inode/image.gz test (CVE-2013-2015).
 
 net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not
 properly determine the need for UDP Fragmentation Offload (UFO)
 processing of small packets after the UFO queueing of a large packet,
 which allows remote attackers to cause a denial of service (memory
 corruption and system crash) or possibly have unspecified other
 impact via network traffic that triggers a large response packet
 (CVE-2013-4387).
 
 The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel
 through 3.11.1 uses data structures and function calls that do not
 trigger an intended configuration of IPsec encryption, which allows
 remote attackers to obtain sensitive information by sniffing the
 network (CVE-2013-4350).
 
 The updated packages provides a solution for these security issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4348
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2015
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4350
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 3e07dbbb16fbf8343e7886d39e59d560  mbs1/x86_64/cpupower-3.4.68-1.1.mbs1.x86_64.rpm
 a8d76e647c25732e008d5fe0cc901b74  mbs1/x86_64/kernel-firmware-3.4.68-1.1.mbs1.noarch.rpm
 df7a5f41d1a57b5330ef9670e3029b45  mbs1/x86_64/kernel-headers-3.4.68-1.1.mbs1.x86_64.rpm
 c5e3580627b85cd13fe34f01ecd281ff  mbs1/x86_64/kernel-server-3.4.68-1.1.mbs1.x86_64.rpm
 191a77d39e1608ba61bedad37934ee59  mbs1/x86_64/kernel-server-devel-3.4.68-1.1.mbs1.x86_64.rpm
 60757fbb2e02db7a65abb068d668bbeb  mbs1/x86_64/kernel-source-3.4.68-1.mbs1.noarch.rpm
 1d3d7fa9c0343a0f864888af7ae6adf2  mbs1/x86_64/lib64cpupower0-3.4.68-1.1.mbs1.x86_64.rpm
 9dcc6574393b87fb14cf61dae7d1bdb6  mbs1/x86_64/lib64cpupower-devel-3.4.68-1.1.mbs1.x86_64.rpm
 4e2890287eb20fe8c838201e01c2b630  mbs1/x86_64/perf-3.4.68-1.1.mbs1.src.rpm
 e457d243d932d91bfffc0526c61f3edd  mbs1/x86_64/perf-3.4.68-1.1.mbs1.x86_64.rpm 
 7b16a80336ac11a7b874e698bf95faf6  mbs1/SRPMS/cpupower-3.4.68-1.1.mbs1.src.rpm
 2613ea858b6691a30613bc1edc14e245  mbs1/SRPMS/kernel-firmware-3.4.68-1.1.mbs1.src.rpm
 9d28c4f34a316d012fc30a864dbb6b8e  mbs1/SRPMS/kernel-headers-3.4.68-1.1.mbs1.src.rpm
 574f76f01511c7c33606f60be964ea95  mbs1/SRPMS/kernel-server-3.4.68-1.1.mbs1.src.rpm
 3bb6f3c5e0efe45d41c169cb5a2269cf  mbs1/SRPMS/kernel-source-3.4.68-1.mbs1.src.rpm
 2c7c1b9db777af533334dfc3dcd43649  mbs1/SRPMS/perf-3.4.68-1.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSf2lTmqjQ0CJFipgRAuXPAJ9Ml0xBSFFklcKZHngYmb0ldOtU/QCeIQ2t
do+JndxB3ZBWZxk1wXBYUsE=
=kREG
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ