Bug 10653 - Update request: kernel-linus-3.4.52-1.mga2
: Update request: kernel-linus-3.4.52-1.mga2
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: major
: ---
Assigned To: QA Team
: Sec team
:
: mga2-32-OK MGA2-64-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-06-29 16:11 CEST by Thomas Backlund
Modified: 2013-07-16 09:37 CEST (History)
3 users (show)

See Also:
Source RPM: kernel-linus-3.4.52-1.mga2
CVE:


Attachments

Description Thomas Backlund 2013-06-29 16:11:05 CEST
Advisory:
The pciback_enable_msi function in the PCI backend driver 
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
cause a denial of service via a large number of kernel log messages.
(CVE-2013-0231 / XSA-43)

Heap-based buffer overflow in the iscsi_add_notunderstood_response function
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
subsystem in the Linux kernel through 3.9.4 allows remote attackers to
cause a denial of service (memory corruption and OOPS) or possibly execute
arbitrary code via a long key that is not properly handled during
construction of an error-response packet.
A reproduction case requires patching open-iscsi to send overly large
keys. Performing discovery in a loop will Oops the remote server.
(CVE-2013-2850)

Format string vulnerability in the b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
the Linux kernel through 3.9.4 allows local users to gain privileges by
leveraging root access and including format string specifiers in an
fwpostfix modprobe parameter, leading to improper construction of an
error message. (CVE-2013-2852)

Other fixes:
For other -stable fixes, read the referenced changelogs

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51


SRPM:
kernel-linus-3.4.51-1.mga2.src.rpm

i586:
kernel-linus-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-linus-devel-3.4.51-1.mga2-1-1.mga2.i586.rpm
kernel-linus-devel-latest-3.4.51-1.mga2.i586.rpm
kernel-linus-doc-3.4.51-1.mga2.noarch.rpm
kernel-linus-latest-3.4.51-1.mga2.i586.rpm
kernel-linus-source-3.4.51-1.mga2-1-1.mga2.noarch.rpm
kernel-linus-source-latest-3.4.51-1.mga2.noarch.rpm

x86_64:
kernel-linus-3.4.51-1.mga2-1-1.mga2.x86_64.rpm
kernel-linus-devel-3.4.51-1.mga2-1-1.mga2.x86_64.rpm
kernel-linus-devel-latest-3.4.51-1.mga2.x86_64.rpm
kernel-linus-doc-3.4.51-1.mga2.noarch.rpm
kernel-linus-latest-3.4.51-1.mga2.x86_64.rpm
kernel-linus-source-3.4.51-1.mga2-1-1.mga2.noarch.rpm
kernel-linus-source-latest-3.4.51-1.mga2.noarch.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 Thomas Backlund 2013-07-02 09:25:34 CEST
Taking it back as there is a few more security fixes landing
Comment 2 Thomas Backlund 2013-07-04 20:41:28 CEST
New advisory:

This kernel update provides the upstream 3.4.52 kernel and fixes
the follwing security issues:

The pciback_enable_msi function in the PCI backend driver 
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
cause a denial of service via a large number of kernel log messages.
(CVE-2013-0231 / XSA-43)

Heap-based buffer overflow in the iscsi_add_notunderstood_response function
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
subsystem in the Linux kernel through 3.9.4 allows remote attackers to
cause a denial of service (memory corruption and OOPS) or possibly execute
arbitrary code via a long key that is not properly handled during
construction of an error-response packet.
A reproduction case requires patching open-iscsi to send overly large
keys. Performing discovery in a loop will Oops the remote server.
(CVE-2013-2850)

Format string vulnerability in the b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
the Linux kernel through 3.9.4 allows local users to gain privileges by
leveraging root access and including format string specifiers in an
fwpostfix modprobe parameter, leading to improper construction of an
error message. (CVE-2013-2852)

Other fixes:
For other -stable fixes, read the referenced changelogs

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52
Comment 3 Thomas Backlund 2013-07-04 20:44:48 CEST
SRPM:
kernel-linus-3.4.52-1.mga2.src.rpm

i586:
kernel-linus-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-linus-devel-3.4.52-1.mga2-1-1.mga2.i586.rpm
kernel-linus-devel-latest-3.4.52-1.mga2.i586.rpm
kernel-linus-doc-3.4.52-1.mga2.noarch.rpm
kernel-linus-latest-3.4.52-1.mga2.i586.rpm
kernel-linus-source-3.4.52-1.mga2-1-1.mga2.noarch.rpm
kernel-linus-source-latest-3.4.52-1.mga2.noarch.rpm

x86_64:
kernel-linus-3.4.52-1.mga2-1-1.mga2.x86_64.rpm
kernel-linus-devel-3.4.52-1.mga2-1-1.mga2.x86_64.rpm
kernel-linus-devel-latest-3.4.52-1.mga2.x86_64.rpm
kernel-linus-doc-3.4.52-1.mga2.noarch.rpm
kernel-linus-latest-3.4.52-1.mga2.x86_64.rpm
kernel-linus-source-3.4.52-1.mga2-1-1.mga2.noarch.rpm
kernel-linus-source-latest-3.4.52-1.mga2.noarch.rpm
Comment 4 Thomas Backlund 2013-07-04 20:53:36 CEST
First advisory line should be:

This kernel-linus update provides the upstream 3.4.52 kernel and fixes
the follwing security issues:
Comment 5 John Bowden 2013-07-07 14:05:16 CEST
Tested OK on my 32bit Mageia 2 box with out problems. This is a basic pc with no dkms modules needed.
Comment 6 claire robinson 2013-07-14 09:43:57 CEST
Confirmed ok mga2 32. I can't test other mga2 32 kernels on real HW due to bug 6077
Comment 7 Dave Hodgins 2013-07-15 21:12:58 CEST
Testing complete. Validating the update.

Could someone from the sysadmin team push 10653.adv
Comment 8 Thomas Backlund 2013-07-16 09:37:42 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0210.html

Note You need to log in before you can comment on or make changes to this bug.