Bug 10652 - Update request: kernel-tmb-3.4.52-1.mga2
Summary: Update request: kernel-tmb-3.4.52-1.mga2
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA2-32-OK MGA2-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2013-06-29 16:10 CEST by Thomas Backlund
Modified: 2013-07-16 09:37 CEST (History)
5 users (show)

See Also:
Source RPM: kernel-tmb-3.4.52-1.mga2
CVE:
Status comment:


Attachments

Description Thomas Backlund 2013-06-29 16:10:54 CEST
Advisory:
The pciback_enable_msi function in the PCI backend driver 
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
cause a denial of service via a large number of kernel log messages.
(CVE-2013-0231 / XSA-43)

Heap-based buffer overflow in the iscsi_add_notunderstood_response function
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
subsystem in the Linux kernel through 3.9.4 allows remote attackers to
cause a denial of service (memory corruption and OOPS) or possibly execute
arbitrary code via a long key that is not properly handled during
construction of an error-response packet.
A reproduction case requires patching open-iscsi to send overly large
keys. Performing discovery in a loop will Oops the remote server.
(CVE-2013-2850)

Format string vulnerability in the b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
the Linux kernel through 3.9.4 allows local users to gain privileges by
leveraging root access and including format string specifiers in an
fwpostfix modprobe parameter, leading to improper construction of an
error message. (CVE-2013-2852)

Other fixes:
Fix up alx AR8161 breakage (mga #10079)

For other -stable fixes, read the referenced changelogs

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51


SRPM:
kernel-tmb-3.4.51-1.mga2.src.rpm

i586:
kernel-tmb-desktop-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-latest-3.4.51-1.mga2.i586.rpm
kernel-tmb-desktop586-latest-3.4.51-1.mga2.i586.rpm
kernel-tmb-desktop-devel-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop-devel-latest-3.4.51-1.mga2.i586.rpm
kernel-tmb-desktop-latest-3.4.51-1.mga2.i586.rpm
kernel-tmb-laptop-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-latest-3.4.51-1.mga2.i586.rpm
kernel-tmb-laptop-latest-3.4.51-1.mga2.i586.rpm
kernel-tmb-server-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-latest-3.4.51-1.mga2.i586.rpm
kernel-tmb-server-latest-3.4.51-1.mga2.i586.rpm
kernel-tmb-source-3.4.51-1.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.51-1.mga2.noarch.rpm

x86_64:
kernel-tmb-desktop-3.4.51-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-3.4.51-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.4.51-1.mga2.x86_64.rpm
kernel-tmb-desktop-latest-3.4.51-1.mga2.x86_64.rpm
kernel-tmb-laptop-3.4.51-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-3.4.51-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.4.51-1.mga2.x86_64.rpm
kernel-tmb-laptop-latest-3.4.51-1.mga2.x86_64.rpm
kernel-tmb-server-3.4.51-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-3.4.51-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-latest-3.4.51-1.mga2.x86_64.rpm
kernel-tmb-server-latest-3.4.51-1.mga2.x86_64.rpm
kernel-tmb-source-3.4.51-1.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.51-1.mga2.noarch.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 Thomas Backlund 2013-07-02 09:25:31 CEST
Taking it back as there is a few more security fixes landing

Assignee: qa-bugs => tmb

Comment 2 Thomas Backlund 2013-07-04 20:41:30 CEST
New advisory:

This kernel-tmb update provides the upstream 3.4.52 kernel and fixes
the follwing security issues:

The pciback_enable_msi function in the PCI backend driver 
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
cause a denial of service via a large number of kernel log messages.
(CVE-2013-0231 / XSA-43)

ipv6: ip6_sk_dst_check() must not assume ipv6 dst
It's possible to use AF_INET6 sockets and to connect to an IPv4
destination. After this, socket dst cache is a pointer to a rtable,
not rt6_info. This bug can be exploited by local non-root users
to trigger various corruptions/crashes (CVE-2013-2232)

af_key: fix info leaks in notify messages
key_notify_sa_flush() and key_notify_policy_flush() miss to
initialize the sadb_msg_reserved member of the broadcasted message
and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234)

af_key: initialize satype in key_notify_policy_flush()
key_notify_policy_flush() miss to nitialize the sadb_msg_satype member
of the broadcasted message and thereby leak heap memory to listeners
(CVE-2013-2237)

Heap-based buffer overflow in the iscsi_add_notunderstood_response function
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
subsystem in the Linux kernel through 3.9.4 allows remote attackers to
cause a denial of service (memory corruption and OOPS) or possibly execute
arbitrary code via a long key that is not properly handled during
construction of an error-response packet.
A reproduction case requires patching open-iscsi to send overly large
keys. Performing discovery in a loop will Oops the remote server.
(CVE-2013-2850)

Format string vulnerability in the b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
the Linux kernel through 3.9.4 allows local users to gain privileges by
leveraging root access and including format string specifiers in an
fwpostfix modprobe parameter, leading to improper construction of an
error message. (CVE-2013-2852)

Other fixes:
Fix up alx AR8161 breakage (mga #10079)

For other -stable fixes, read the referenced changelogs

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52

Assignee: tmb => qa-bugs
Summary: Update request: kernel-tmb-3.4.51-1.mga2 => Update request: kernel-tmb-3.4.52-1.mga2
Source RPM: kernel-tmb-3.4.51-1.mga2 => kernel-tmb-3.4.52-1.mga2

Comment 3 Thomas Backlund 2013-07-04 20:45:23 CEST

SRPM:
kernel-tmb-3.4.52-1.mga2.src.rpm

i586:
kernel-tmb-desktop-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-latest-3.4.52-1.mga2.i586.rpm
kernel-tmb-desktop586-latest-3.4.52-1.mga2.i586.rpm
kernel-tmb-desktop-devel-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop-devel-latest-3.4.52-1.mga2.i586.rpm
kernel-tmb-desktop-latest-3.4.52-1.mga2.i586.rpm
kernel-tmb-laptop-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-latest-3.4.52-1.mga2.i586.rpm
kernel-tmb-laptop-latest-3.4.52-1.mga2.i586.rpm
kernel-tmb-server-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-latest-3.4.52-1.mga2.i586.rpm
kernel-tmb-server-latest-3.4.52-1.mga2.i586.rpm
kernel-tmb-source-3.4.52-1.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.52-1.mga2.noarch.rpm

x86_64:
kernel-tmb-desktop-3.4.52-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-3.4.52-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.4.52-1.mga2.x86_64.rpm
kernel-tmb-desktop-latest-3.4.52-1.mga2.x86_64.rpm
kernel-tmb-laptop-3.4.52-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-3.4.52-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.4.52-1.mga2.x86_64.rpm
kernel-tmb-laptop-latest-3.4.52-1.mga2.x86_64.rpm
kernel-tmb-server-3.4.52-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-3.4.52-1.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-latest-3.4.52-1.mga2.x86_64.rpm
kernel-tmb-server-latest-3.4.52-1.mga2.x86_64.rpm
kernel-tmb-source-3.4.52-1.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.52-1.mga2.noarch.rpm
Comment 4 Bill Wilkinson 2013-07-06 05:31:23 CEST
Tested mga3-32

All 3 kernels installed and booted normally on Sempron 3000+ system with nvidia nforce2 chipset and geforce graphics.

Not sure if this is relevant, but dkms modules did not build until boot.  During install, the following error was seen with each kernel: 

cannot get info for device (0:0:3:0) at /usr/lib/libDrakX/detect_devices.pm line 222.

I did install all 3 kernels (desktop, laptop, server) at the same time, and kernel postconfig ran before kernel-devel packages installed.

CC: (none) => wrw105

Comment 5 David GEIGER 2013-07-06 20:42:30 CEST
Testing complete mga2 32

kernel-tmb-laptop-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-latest-3.4.52-1.mga2.i586.rpm
kernel-tmb-laptop-latest-3.4.52-1.mga2.i586.rpm

CC: (none) => geiger.david68210

David GEIGER 2013-07-06 20:43:27 CEST

Whiteboard: (none) => MGA2-32-OK

Comment 6 John Bowden 2013-07-07 14:20:05 CEST
kernel-tmb-desktop-devel-3.4.52-1.mga2 tested, MCC can't find the others @ 12:19 07-07-13.

CC: (none) => led43john

Comment 7 John Bowden 2013-07-07 15:31:27 CEST
Ignore last post, I should open my eyes! Tested 
kernel-tmb-desktop-3.4.52-1.mga2 on my 32bit Mag 2 box OK.

kernel-tmb-desktop586-3.4.52-1.mga2 - Linux kernel for desktop use with i586 and up to 4GB RAM on my 32bit Mag2 box OK

kernel-tmb-laptop-3.4.52-1.mga2 - Linux kernel for laptop use with i686 and up to 4GB On my 32bit Mag2 box OK

kernel-tmb-laptop-devel-3.4.45-1.mga2 - The kernel-devel files for kernel-tmb-laptop-3.4.45-1.mga2

kernel-tmb-server-3.4.52-1.mga2 - Linux Kernel for server use with i686 & 64GB RAMâ on my 32bit Mag2 box with boot errors:

ondemand governor failed, too long transition latency of HW, fallback to perform
dmesg: klogctl failed: Operation not permitted
This is on an old 32bit mag2 box with 1gb of ram!
But otherwise all hardware seems to be working.
The verious "devel" packages were not tested as there is no dkms and extra modules to be compiled at 1st boot.
Comment 8 Dave Hodgins 2013-07-15 21:12:55 CEST
Testing complete. Validating the update.

Could someone from the sysadmin team push 10652.adv

Keywords: (none) => validated_update
Whiteboard: MGA2-32-OK => MGA2-32-OK MGA2-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 9 Thomas Backlund 2013-07-16 09:37:00 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0209.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.