[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VtCXI-0000Pv-J5@titan.mandriva.com>
Date: Wed, 18 Dec 2013 09:31:16 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:291 ] kernel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:291
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : kernel
Date : December 17, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in the Linux
kernel:
The Linux kernel before 3.12.2 does not properly use the get_dumpable
function, which allows local users to bypass intended ptrace
restrictions or obtain sensitive information from IA64 scratch
registers via a crafted application, related to kernel/ptrace.c and
arch/ia64/include/asm/processor.h (CVE-2013-2929).
The perf_trace_event_perm function in kernel/trace/trace_event_perf.c
in the Linux kernel before 3.12.2 does not properly restrict access
to the perf subsystem, which allows local users to enable function
tracing via a crafted application (CVE-2013-2930).
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the
Linux kernel before 3.12 allow local users to create a read-write
memory mapping for the entirety of kernel memory, and consequently
gain privileges, via crafted mmap operations, related to the (1)
au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2)
au1200fb_fb_mmap function in drivers/video/au1200fb.c (CVE-2013-4511).
Buffer overflow in the exitcode_proc_write function in
arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows
local users to cause a denial of service or possibly have unspecified
other impact by leveraging root privileges for a write operation
(CVE-2013-4512).
Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c
in the Linux kernel before 3.12 allow local users to cause a
denial of service or possibly have unspecified other impact
by leveraging the CAP_NET_ADMIN capability and providing a long
station-name string, related to the (1) wvlan_uil_put_info and (2)
wvlan_set_station_nickname functions (CVE-2013-4514).
The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in
the Linux kernel before 3.12 does not initialize a certain data
structure, which allows local users to obtain sensitive information
from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call
(CVE-2013-4515).
Memory leak in the __kvm_set_memory_region function in
virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users
to cause a denial of service (memory consumption) by leveraging certain
device access to trigger movement of memory slots (CVE-2013-4592).
The lbs_debugfs_write function in
drivers/net/wireless/libertas/debugfs.c in the Linux kernel through
3.12.1 allows local users to cause a denial of service (OOPS)
by leveraging root privileges for a zero-length write operation
(CVE-2013-6378).
The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in
the Linux kernel through 3.12.1 does not properly validate a certain
size value, which allows local users to cause a denial of service
(invalid pointer dereference) or possibly have unspecified other
impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted
SRB command (CVE-2013-6380).
Buffer overflow in the qeth_snmp_command function in
drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1
allows local users to cause a denial of service or possibly have
unspecified other impact via an SNMP ioctl call with a length value
that is incompatible with the command-buffer size (CVE-2013-6381).
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in
the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO
capability, which allows local users to bypass intended access
restrictions via a crafted ioctl call (CVE-2013-6383).
The uio_mmap_physical function in drivers/uio/uio.c in the Linux
kernel before 3.12 does not validate the size of a memory block, which
allows local users to cause a denial of service (memory corruption)
or possibly gain privileges via crafted mmap operations, a different
vulnerability than CVE-2013-4511 (CVE-2013-6763).
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6763
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
b2ec18573cfce8e2c59f3837bee54986 mbs1/x86_64/cpupower-3.4.71-1.1.mbs1.x86_64.rpm
4223a45307eed3f34f1c2fc91e47b2bc mbs1/x86_64/kernel-firmware-3.4.71-1.1.mbs1.noarch.rpm
12ade5821162c60735934c7d8074abbf mbs1/x86_64/kernel-headers-3.4.71-1.1.mbs1.x86_64.rpm
596969c53ae7ef58106d58c3ddcda017 mbs1/x86_64/kernel-server-3.4.71-1.1.mbs1.x86_64.rpm
447b51d9b8056a545b56a7b2e4d10c00 mbs1/x86_64/kernel-server-devel-3.4.71-1.1.mbs1.x86_64.rpm
ca6e8ac266deddfdb820498602d83562 mbs1/x86_64/kernel-source-3.4.71-1.mbs1.noarch.rpm
636862bf8abc059c22bf0f80192682c1 mbs1/x86_64/lib64cpupower0-3.4.71-1.1.mbs1.x86_64.rpm
68acfb49a9d72e5e64fe4a404b4de306 mbs1/x86_64/lib64cpupower-devel-3.4.71-1.1.mbs1.x86_64.rpm
4794fa50688c49af900d4b215e0b1a3b mbs1/x86_64/perf-3.4.71-1.1.mbs1.x86_64.rpm
08d165f0b55b13663fc83d23d9853c70 mbs1/SRPMS/cpupower-3.4.71-1.1.mbs1.src.rpm
1d536b477305aeacc465861b6cf27d36 mbs1/SRPMS/kernel-firmware-3.4.71-1.1.mbs1.src.rpm
7c454f625ecd42711dd7c1081db66adb mbs1/SRPMS/kernel-headers-3.4.71-1.1.mbs1.src.rpm
d6dbb3c4025edf28de366a595bb70017 mbs1/SRPMS/kernel-server-3.4.71-1.1.mbs1.src.rpm
ae18c854eb9d554cb1dbc8783836546b mbs1/SRPMS/kernel-source-3.4.71-1.mbs1.src.rpm
5d73b86d8323d5c682d1e840c3f5a1ee mbs1/SRPMS/perf-3.4.71-1.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSsHyomqjQ0CJFipgRAuHZAJ4iucAvE9Ujo1RPE3X19MQqW0bgMQCgyo1S
xosocZxNYfjd7/v82ZxQHyM=
=GSnA
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists