Advisory and CVE list comes later, but you can start testing: SRPM: kernel-linus-3.10.16-1.mga3.src.rpm i586: kernel-linus-3.10.16-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-3.10.16-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-latest-3.10.16-1.mga3.i586.rpm kernel-linus-doc-3.10.16-1.mga3.noarch.rpm kernel-linus-latest-3.10.16-1.mga3.i586.rpm kernel-linus-source-3.10.16-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.16-1.mga3.noarch.rpm x86_64: kernel-linus-3.10.16-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-3.10.16-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-latest-3.10.16-1.mga3.x86_64.rpm kernel-linus-doc-3.10.16-1.mga3.noarch.rpm kernel-linus-latest-3.10.16-1.mga3.x86_64.rpm kernel-linus-source-3.10.16-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.16-1.mga3.noarch.rpm Reproducible: Steps to Reproduce:
Am I correct in assuming that kernel-linus does not have the necessary supporting files in Mageia to work with nVidia drivers? Therefore it will always default to the nouveau driver? This would also be true for kernel-tmb, kernel-rt and kernel vserver? Thanks
CC: (none) => wilcal.int
Use the dkms packages with the alternate kernels.
Assigning Thomas for now. Please reassign to QA when when you've had a chance to take a look. Thanks.
CC: (none) => qa-bugsAssignee: qa-bugs => tmb
New rpms to validate: SRPM: kernel-linus-3.10.19-1.mga3.src.rpm i586: kernel-linus-3.10.19-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-3.10.19-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-latest-3.10.19-1.mga3.i586.rpm kernel-linus-doc-3.10.19-1.mga3.noarch.rpm kernel-linus-latest-3.10.19-1.mga3.i586.rpm kernel-linus-source-3.10.19-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.19-1.mga3.noarch.rpm x86_64: kernel-linus-3.10.19-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-3.10.19-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-latest-3.10.19-1.mga3.x86_64.rpm kernel-linus-doc-3.10.19-1.mga3.noarch.rpm kernel-linus-latest-3.10.19-1.mga3.x86_64.rpm kernel-linus-source-3.10.19-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.19-1.mga3.noarch.rpm
Assignee: tmb => qa-bugsSummary: Update request: kernel-linus-3.10.16-1.mga3 => Update request: kernel-linus-3.10.19-1.mga3Source RPM: kernel-linus-3.10.16-1.mga3 => kernel-linus-3.10.19-1.mga3
Advisory: This kernel-linus update provides an update to the 3.10 longterm branch, currently 3.10.19 and fixes the following security issues: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (CVE-2013-0343) net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. (CVE-2013-1059) The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature. (CVE-2013-2140) The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (CVE-2013-2147) Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851) Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID (CVE-2013-2888). drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2889). drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (CVE-2013-2891) drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2892). The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (CVE-2013-2893). drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (CVE-2013-2894) drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device (CVE-2013-2895). drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2896). Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897). drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device. (CVE-2013-2898) drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2899). The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4162). The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4163). The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event (CVE-2013-4254) Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (CVE-2013-4299) The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation (CVE-2013-4348). The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network (CVE-2013-4350). net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet (CVE-2013-4387). The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c (CVE-2013-4470). For other -stable fixes, read the referenced changelogs. References: http://kernelnewbies.org/Linux_3.9 http://kernelnewbies.org/Linux_3.10 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.1 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.2 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.3 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.4 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.6 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.7 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.9 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.10 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.11 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.12 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.13 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.14 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.15 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.16 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.17 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.18 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.19
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA3-64-OK MGA3-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
Depends on: (none) => 11463
All rolled up to 3.10.22, additional fixes: - squash additional cves: CVE-2013-2929, CVE-2013-2930, + yet another ipc fix - includes an acpi backlight fix that helps hw that sets it to off/0 SRPM: kernel-linus-3.10.22-1.mga3.src.rpm i586: kernel-linus-3.10.22-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-3.10.22-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-latest-3.10.22-1.mga3.i586.rpm kernel-linus-doc-3.10.22-1.mga3.noarch.rpm kernel-linus-latest-3.10.22-1.mga3.i586.rpm kernel-linus-source-3.10.22-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.22-1.mga3.noarch.rpm x86_64: kernel-linus-3.10.22-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-3.10.22-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-latest-3.10.22-1.mga3.x86_64.rpm kernel-linus-doc-3.10.22-1.mga3.noarch.rpm kernel-linus-latest-3.10.22-1.mga3.x86_64.rpm kernel-linus-source-3.10.22-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.22-1.mga3.noarch.rpm
Keywords: validated_update => (none)Summary: Update request: kernel-linus-3.10.19-1.mga3 => Update request: kernel-linus-3.10.22-1.mga3Source RPM: kernel-linus-3.10.19-1.mga3 => kernel-linus-3.10.22-1.mga3Whiteboard: advisory MGA3-64-OK MGA3-32-OK => (none)
Requires updated packages from the main kernel update in bug 11463 so just reiterating this should not be pushed without it. To satisfy dependencies, the following package(s) also need to be installed: - btrfs-progs-0.20-0.rc1.20130705.1.mga3.i586 - kernel-firmware-20130624-1.mga3.noarch - kernel-firmware-nonfree-20130624-1.mga3.nonfree.noarch - kernel-linus-3.10.22-1.mga3-1-1.mga3.i586 - libbtrfs0-0.20-0.rc1.20130705.1.mga3.i586
All rolled up to 3.10.24, for more security fixes, no CVEs yet SRPM: kernel-linus-3.10.24-1.mga3.src.rpm i586: kernel-linus-3.10.24-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-3.10.24-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-latest-3.10.24-1.mga3.i586.rpm kernel-linus-doc-3.10.24-1.mga3.noarch.rpm kernel-linus-latest-3.10.24-1.mga3.i586.rpm kernel-linus-source-3.10.24-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.24-1.mga3.noarch.rpm x86_64: kernel-linus-3.10.24-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-3.10.24-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-latest-3.10.24-1.mga3.x86_64.rpm kernel-linus-doc-3.10.24-1.mga3.noarch.rpm kernel-linus-latest-3.10.24-1.mga3.x86_64.rpm kernel-linus-source-3.10.24-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.24-1.mga3.noarch.rpm
Summary: Update request: kernel-linus-3.10.22-1.mga3 => Update request: kernel-linus-3.10.24-1.mga3Source RPM: kernel-linus-3.10.22-1.mga3 => kernel-linus-3.10.24-1.mga3
upstream kernels also fixed: CVE-2013-6378 CVE-2013-6379 CVE-2013-6380 CVE-2013-6381 CVE-2013-6383
Been using this in active service i586 with no issues
Whiteboard: (none) => mga3-32-ok
Note that this advisory has less CVEs (the 4 kvm & 2 xfs fixes missing) fixed than the other kernels as we dont patch kernel-linus as it tracks upstream -stable releases... Updated advisory: This kernel-linus update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (CVE-2013-0343) net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. (CVE-2013-1059) The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature. (CVE-2013-2140) The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (CVE-2013-2147) Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851) Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID (CVE-2013-2888). drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2889). drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (CVE-2013-2891) drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2892). The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (CVE-2013-2893). drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (CVE-2013-2894) drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device (CVE-2013-2895). drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2896). Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897). drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device. (CVE-2013-2898) drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2899). The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (CVE-2013-2929) The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (CVE-2013-2930) The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4162). The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4163). The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event (CVE-2013-4254) Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (CVE-2013-4299) The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation (CVE-2013-4348). The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network (CVE-2013-4350). net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet (CVE-2013-4387). The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c (CVE-2013-4470). Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation. (CVE-2013-4513) The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (CVE-2013-6378) The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (CVE-2013-6380) Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size. (CVE-2013-6381) The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (CVE-2013-6383) For other -stable fixes, read the referenced changelogs. References: http://kernelnewbies.org/Linux_3.9 http://kernelnewbies.org/Linux_3.10 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.1 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.2 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.3 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.4 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.6 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.7 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.9 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.10 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.11 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.12 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.13 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.14 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.15 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.16 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.17 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.18 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.19 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.20 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.21 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.22 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.23 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24
Whiteboard: mga3-32-ok => mga3-32-ok advisory
Keywords: (none) => validated_updateWhiteboard: mga3-32-ok advisory => mga3-32-ok advisory MGA3-64-OK
Update pushed: http://advisories.mageia.org/MGASA-2013-0372.html
Status: NEW => RESOLVEDResolution: (none) => FIXED