Bug 13396 - Update request: kernel-vserver-3.10.40-0.vs2.3.6.8.1.mga4
: Update request: kernel-vserver-3.10.40-0.vs2.3.6.8.1.mga4
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 4
: All Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
: Sec team
:
: has_procedure advisory mga4-32-ok mga...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2014-05-17 01:42 CEST by Thomas Backlund
Modified: 2014-05-19 21:05 CEST (History)
3 users (show)

See Also:
Source RPM: kernel-vserver-3.10.40-0.vs2.3.6.8.1.mga4.src.rpm
CVE:
Status comment:


Attachments

Description Thomas Backlund 2014-05-17 01:42:18 CEST
SRPM:
kernel-vserver-3.10.40-0.vs2.3.6.8.1.mga4.src.rpm


i586:
kernel-vserver-3.10.40-0.vs2.3.6.8.1.mga4-1-1.mga4.i586.rpm
kernel-vserver-devel-3.10.40-0.vs2.3.6.8.1.mga4-1-1.mga4.i586.rpm
kernel-vserver-devel-latest-3.10.40-0.vs2.3.6.8.1.mga4.i586.rpm
kernel-vserver-doc-3.10.40-0.vs2.3.6.8.1.mga4.noarch.rpm
kernel-vserver-latest-3.10.40-0.vs2.3.6.8.1.mga4.i586.rpm
kernel-vserver-source-3.10.40-0.vs2.3.6.8.1.mga4-1-1.mga4.noarch.rpm
kernel-vserver-source-latest-3.10.40-0.vs2.3.6.8.1.mga4.noarch.rpm


x86_64:
kernel-vserver-3.10.40-0.vs2.3.6.8.1.mga4-1-1.mga4.x86_64.rpm
kernel-vserver-devel-3.10.40-0.vs2.3.6.8.1.mga4-1-1.mga4.x86_64.rpm
kernel-vserver-devel-latest-3.10.40-0.vs2.3.6.8.1.mga4.x86_64.rpm
kernel-vserver-doc-3.10.40-0.vs2.3.6.8.1.mga4.noarch.rpm
kernel-vserver-latest-3.10.40-0.vs2.3.6.8.1.mga4.x86_64.rpm
kernel-vserver-source-3.10.40-0.vs2.3.6.8.1.mga4-1-1.mga4.noarch.rpm
kernel-vserver-source-latest-3.10.40-0.vs2.3.6.8.1.mga4.noarch.rpm


Advisory:
Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the
following security issues:

The microcode on AMD 16h 00h through 0Fh processors does not properly
handle the interaction between locked instructions and write-combined
memory types, which allows local users to cause a denial of service
(system hang) via a crafted application, aka the errata 793 issue. 
(CVE-2013-6885)

Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/
x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute
arbitrary code on the host OS by leveraging a loop that triggers an
invalid memory copy affecting certain cancel_work_item data. 
(CVE-2014-0049)

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem
in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise
Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which
allows guest OS users to cause a denial of service (host OS crash) via
unspecified vectors. (CVE-2014-0055)

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through
3.13.5 does not properly handle uncached write operations that copy fewer
than the requested number of bytes, which allows local users to obtain
sensitive information from kernel memory, cause a denial of service
(memory corruption and system crash), or possibly gain privileges via a
writev system call with a crafted pointer. (CVE-2014-0069)

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable
buffers are disabled, does not properly validate packet lengths, which
allows guest OS users to cause a denial of service (memory corruption and
host OS crash) or possibly gain privileges on the host OS via crafted
packets, related to the handle_rx and get_rx_bufs functions. 
(CVE-2014-0077)

The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel
through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic
return value, which allows guest OS users to cause a denial of service
(host OS crash) via a crafted entry in the redirection table of an I/O
APIC. NOTE: the affected code was moved to the ioapic_service function
before the vulnerability was announced. (CVE-2014-0155)

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel
through 3.14.3 does not properly manage tty driver access in the
"LECHO & !OPOST" case, which allows local users to cause a denial of
service (memory corruption and system crash) or gain privileges by
triggering a race condition involving read and write operations with
long strings. (CVE-2014-0196)

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux
kernel through 3.14.3 does not properly handle error conditions during
processing of an FDRAWCMD ioctl call, which allows local users to trigger
kfree operations and gain privileges by leveraging write access to a
/dev/fd device.  (CVE-2014-1737)

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux
kernel through 3.14.3 does not properly restrict access to certain
pointers during processing of an FDRAWCMD ioctl call, which allows
local users to obtain sensitive information from kernel heap memory
by leveraging write access to a /dev/fd device. (CVE-2014-1738)

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the
Linux kernel through 3.14.1 allows local users to cause a denial of service
(use-after-free and system crash) or possibly gain privileges via a crafted
application that leverages an improperly managed reference counter.
(CVE-2014-2851)

For other fixes, see the referenced changelogs.

References:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.40
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.39
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.38
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.37
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.36
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.35
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.34
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.33
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.32
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.31
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.30
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.29



Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2014-05-17 17:57:39 CEST
PoC: https://bugzilla.novell.com/show_bug.cgi?id=875690#c14
Comment 2 William Kenney 2014-05-17 22:14:38 CEST
On real hardware, M4, KDE, 32-bit

Package(s) under test:
kernel-vserver

default install of kernel-vserver

[wilcal@localhost ~]$ uname -a
Linux localhost 3.10.28-vserver-0.vs2.3.6.8.1.mga4 #1 SMP Sat Feb 1 17:48:05 UTC 2014 i686 i686 i686 GNU/Linux

kernel-vserver boots to a working desktop and applications work fine

install kernel-vserver from updates_testing

[wilcal@localhost ~]$ uname -a
Linux localhost 3.10.40-vserver-0.vs2.3.6.8.1.mga4 #1 SMP Fri May 16 17:18:24 UTC 2014 i686 i686 i686 GNU/Linux

kernel-vserver boots to a working desktop and applications work fine

Test platform:
Intel, P4 530J 3.0 GHz, 800MHz FSB, 1MB L2, LGA 775
GigaByte  GA-81915G Pro F4  i915G  LGA 775  MoBo
 Marvel Yukon 88E8001 Gigabit LAN
 Intel High Def Audio, Azalia (C-Media 9880) (snd-hda-intel)
 Intel Graphics Media Accelerator 900 (Intel 82915G)
Kingston 4GB (2 x 2GB) DDR400 PC-3200
250GB Seagate
Kingwin KF-91-BK SATA Mobile Rack
Kingwin KF-91-T-BK SATA Mobile Rack Tray
Sony CD/DVD-RW DWQ120AB2
Comment 3 William Kenney 2014-05-18 17:50:19 CEST
On real hardware, M4, KDE, 64-bit

Package(s) under test:
kernel-vserver

default install of kernel-vserver

[wilcal@localhost ~]$ uname -a
Linux localhost 3.10.28-vserver-0.vs2.3.6.8.1.mga4 #1 SMP Sat Feb 1 17:55:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linuxx

kernel-vserver boots to a working desktop and applications work fine

install kernel-vserver from updates_testing

[wilcal@localhost ~]$ uname -a
Linux localhost 3.10.40-vserver-0.vs2.3.6.8.1.mga4 #1 SMP Fri May 16 17:34:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

kernel-vserver boots to a working desktop and applications work fine

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
virtualbox-4.3.10-1.1.mga4.x86_64
virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Comment 4 William Kenney 2014-05-18 23:39:12 CEST
In VirtualBox, M4, KDE, 32-bit

Package(s) under test:
kernel-vserver

default install of kernel-vserver

[wilcal@localhost ~]$ uname -a
Linux localhost 3.10.28-vserver-0.vs2.3.6.8.1.mga4 #1 SMP Sat Feb 1 17:48:05 UTC 2014 i686 i686 i686 GNU/Linux

kernel-vserver to a working desktop and applications work fine

install kernel-vserver from updates_testing

[wilcal@localhost ~]$ uname -a
Linux localhost 3.10.40-vserver-0.vs2.3.6.8.1.mga4 #1 SMP Fri May 16 17:18:24 UTC 2014 i686 i686 i686 GNU/Linux

kernel-vserver boots to a working desktop and applications work fine

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, nouveau driver
Comment 5 William Kenney 2014-05-18 23:39:25 CEST
In VirtualBox, M4, KDE, 64-bit

Package(s) under test:
kernel-vserver

default install of kernel-vserver

[wilcal@localhost ~]$ uname -a
Linux localhost 3.10.28-vserver-0.vs2.3.6.8.1.mga4 #1 SMP Sat Feb 1 17:55:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

kernel-vserver to a working desktop and applications work fine

install kernel-vserver from updates_testing

[wilcal@localhost ~]$ uname -a
Linux localhost 3.10.40-vserver-0.vs2.3.6.8.1.mga4 #1 SMP Fri May 16 17:34:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

kernel-vserver boots to a working desktop and applications work fine

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, nouveau driver
Comment 6 David Remy 2014-05-19 18:34:42 CEST
Test platform: Hyper-V, mga4, lxde, x64

davidremy@localhost (zsh) ~ % uname -a
Linux EAC-IT-RemyL 3.10.40-vserver-0.vs2.3.6.8.1.mga4 #1 SMP Fri May 16 17:34:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

root@localhost (bash) /home/davidremy
# lsmod | grep hv_
hv_netvsc              31253  0 
hv_balloon             21513  0 
hv_utils               14104  0 
cn                     13543  1 hv_utils
hv_storvsc             17568  3 
hv_vmbus               30775  6 hv_balloon,hv_netvsc,hid_hyperv,hv_utils,hyperv_fb,hv_storvsc

Kernel boots to desktop and random selection of apps are working.
Comment 7 claire robinson 2014-05-19 19:00:30 CEST
Thanks guys. Advisory uploaded.

Validating.

Could sysadmin please push to 4 updates

Thanks
Comment 8 Thomas Backlund 2014-05-19 21:05:18 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2014-0229.html

Note You need to log in before you can comment on or make changes to this bug.