Advisory: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (CVE-2013-0231 / XSA-43) Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. A reproduction case requires patching open-iscsi to send overly large keys. Performing discovery in a loop will Oops the remote server. (CVE-2013-2850) Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (CVE-2013-2852) Other fixes: Fix up alx AR8161 breakage (mga #10079) For other -stable fixes, read the referenced changelogs References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51 SRPM: kernel-rt-3.4.51-0.rt62.1.mga2.src.rpm i586: kernel-rt-3.4.51-0.rt62.1.mga2-1-1.mga2.i586.rpm kernel-rt-devel-3.4.51-0.rt62.1.mga2-1-1.mga2.i586.rpm kernel-rt-devel-latest-3.4.51-0.rt62.1.mga2.i586.rpm kernel-rt-doc-3.4.51-0.rt62.1.mga2.noarch.rpm kernel-rt-latest-3.4.51-0.rt62.1.mga2.i586.rpm kernel-rt-source-3.4.51-0.rt62.1.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.51-0.rt62.1.mga2.noarch.rpm x86_64: kernel-rt-3.4.51-0.rt62.1.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-3.4.51-0.rt62.1.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-latest-3.4.51-0.rt62.1.mga2.x86_64.rpm kernel-rt-doc-3.4.51-0.rt62.1.mga2.noarch.rpm kernel-rt-latest-3.4.51-0.rt62.1.mga2.x86_64.rpm kernel-rt-source-3.4.51-0.rt62.1.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.51-0.rt62.1.mga2.noarch.rpm Reproducible: Steps to Reproduce:
Taking it back as there is a few more security fixes landing
Assignee: qa-bugs => tmb
New advisory: This kernel-rt update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (CVE-2013-0231 / XSA-43) ipv6: ip6_sk_dst_check() must not assume ipv6 dst It's possible to use AF_INET6 sockets and to connect to an IPv4 destination. After this, socket dst cache is a pointer to a rtable, not rt6_info. This bug can be exploited by local non-root users to trigger various corruptions/crashes (CVE-2013-2232) af_key: fix info leaks in notify messages key_notify_sa_flush() and key_notify_policy_flush() miss to initialize the sadb_msg_reserved member of the broadcasted message and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234) af_key: initialize satype in key_notify_policy_flush() key_notify_policy_flush() miss to nitialize the sadb_msg_satype member of the broadcasted message and thereby leak heap memory to listeners (CVE-2013-2237) Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. A reproduction case requires patching open-iscsi to send overly large keys. Performing discovery in a loop will Oops the remote server. (CVE-2013-2850) Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (CVE-2013-2852) Other fixes: Fix up alx AR8161 breakage (mga #10079) The -rt patch has been updated to -rt65 For other -stable fixes, read the referenced changelogs References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.46 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.51 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.52
Assignee: tmb => qa-bugsSummary: Update request: kernel-rt-3.4.51-0.rt62.1.mga2 => Update request: kernel-rt-3.4.52-0.rt65.1.mga2Source RPM: kernel-rt-3.4.51-0.rt62.1.mga2 => kernel-rt-3.4.52-0.rt65.1.mga2
SRPM: kernel-rt-3.4.52-0.rt65.1.mga2.src.rpm i586: kernel-rt-3.4.52-0.rt65.1.mga2-1-1.mga2.i586.rpm kernel-rt-devel-3.4.52-0.rt65.1.mga2-1-1.mga2.i586.rpm kernel-rt-devel-latest-3.4.52-0.rt65.1.mga2.i586.rpm kernel-rt-doc-3.4.52-0.rt65.1.mga2.noarch.rpm kernel-rt-latest-3.4.52-0.rt65.1.mga2.i586.rpm kernel-rt-source-3.4.52-0.rt65.1.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.52-0.rt65.1.mga2.noarch.rpm x86_64: kernel-rt-3.4.52-0.rt65.1.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-3.4.52-0.rt65.1.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-latest-3.4.52-0.rt65.1.mga2.x86_64.rpm kernel-rt-doc-3.4.52-0.rt65.1.mga2.noarch.rpm kernel-rt-latest-3.4.52-0.rt65.1.mga2.x86_64.rpm kernel-rt-source-3.4.52-0.rt65.1.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.52-0.rt65.1.mga2.noarch.rpm
MGA2 32bits kernel-rt-3.4.52-0.rt65.1.mga2-1-1.mga2.i586.rpm kernel-rt-devel-3.4.52-0.rt65.1.mga2-1-1.mga2.i586.rpm ASUS M2N SLI mainboard Nvidia Geforce 210 graphic card two internal SATA harddisks (using sata_nv module) one internal IDE harddisk (using pata_amd module) one external usb harddisk one external firewire harddisk one internal IDE DVD writer (using pata_amd module) one internal IDE DVD reader (using pata_amd module) during installation dkms built the nvidia module Boot begins well (same as kernel-server-3.4.52-1.mga2-1-1.mga2.i586.rpm) But it freezes half the way when starting X : black screen no possibility to use Alt+Ctl+Del need to Alt+sysRq+r Alt+sysRq+s Alt+sysRq+e Alt+sysRq+i Alt+sysRq+u Alt+sysRq+b It's not a regression : same problem as previous kernel-rt : they can only work with nouveau ... not with the nvidia built module (need to modify xorg.conf to use the kernel-rt)
CC: (none) => philippedidier
Additional fixes: - fixes links in /boot - updates to -rt67 SRPM: kernel-rt-3.4.52-0.rt67.2.mga2.src.rpm i586: kernel-rt-3.4.52-0.rt67.2.mga2-1-1.mga2.i586.rpm kernel-rt-devel-3.4.52-0.rt67.2.mga2-1-1.mga2.i586.rpm kernel-rt-devel-latest-3.4.52-0.rt67.2.mga2.i586.rpm kernel-rt-doc-3.4.52-0.rt67.2.mga2.noarch.rpm kernel-rt-latest-3.4.52-0.rt67.2.mga2.i586.rpm kernel-rt-source-3.4.52-0.rt67.2.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.52-0.rt67.2.mga2.noarch.rpm x86_64: kernel-rt-3.4.52-0.rt67.2.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-3.4.52-0.rt67.2.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-latest-3.4.52-0.rt67.2.mga2.x86_64.rpm kernel-rt-doc-3.4.52-0.rt67.2.mga2.noarch.rpm kernel-rt-latest-3.4.52-0.rt67.2.mga2.x86_64.rpm kernel-rt-source-3.4.52-0.rt67.2.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.52-0.rt67.2.mga2.noarch.rpm
Summary: Update request: kernel-rt-3.4.52-0.rt65.1.mga2 => Update request: kernel-rt-3.4.52-0.rt67.2.mga2Source RPM: kernel-rt-3.4.52-0.rt65.1.mga2 => kernel-rt-3.4.52-0.rt67.2.mga2
Testing complete. Validating the update. Could someone from the sysadmin team push 10654.adv
Keywords: (none) => validated_updateWhiteboard: (none) => MGA2-64-OK MGA2-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0211.html
Status: NEW => RESOLVEDResolution: (none) => FIXED