Bug 13397 - Update request: kernel-3.10.40-1.mga3
: Update request: kernel-3.10.40-1.mga3
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: All Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
: Sec team
:
: advisory mga3-32-ok mga3-64-ok
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2014-05-17 01:42 CEST by Thomas Backlund
Modified: 2014-05-19 21:04 CEST (History)
3 users (show)

See Also:
Source RPM: kernel-3.10.40-1.mga3.src.rpm
CVE:


Attachments

Description Thomas Backlund 2014-05-17 01:42:27 CEST
SRPMS:
kernel-3.10.40-1.mga3.src.rpm
kernel-userspace-headers-3.10.40-1.mga3.src.rpm
kmod-vboxadditions-4.3.10-5.mga3.src.rpm
kmod-virtualbox-4.3.10-5.mga3.src.rpm
kmod-xtables-addons-2.3-15.mga3.src.rpm

kmod-broadcom-wl-6.30.223.141-15.mga3.nonfree.src.rpm
kmod-fglrx-13.251-5.mga3.nonfree.src.rpm
kmod-nvidia173-173.14.38-30.mga3.nonfree.src.rpm
kmod-nvidia304-304.108-15.mga3.nonfree.src.rpm
kmod-nvidia-current-319.60-15.mga3.nonfree.src.rpm


i586:
cpupower-3.10.40-1.mga3.i586.rpm
cpupower-devel-3.10.40-1.mga3.i586.rpm
kernel-desktop-3.10.40-1.mga3-1-1.mga3.i586.rpm
kernel-desktop586-3.10.40-1.mga3-1-1.mga3.i586.rpm
kernel-desktop586-devel-3.10.40-1.mga3-1-1.mga3.i586.rpm
kernel-desktop586-devel-latest-3.10.40-1.mga3.i586.rpm
kernel-desktop586-latest-3.10.40-1.mga3.i586.rpm
kernel-desktop-devel-3.10.40-1.mga3-1-1.mga3.i586.rpm
kernel-desktop-devel-latest-3.10.40-1.mga3.i586.rpm
kernel-desktop-latest-3.10.40-1.mga3.i586.rpm
kernel-doc-3.10.40-1.mga3.noarch.rpm
kernel-server-3.10.40-1.mga3-1-1.mga3.i586.rpm
kernel-server-devel-3.10.40-1.mga3-1-1.mga3.i586.rpm
kernel-server-devel-latest-3.10.40-1.mga3.i586.rpm
kernel-server-latest-3.10.40-1.mga3.i586.rpm
kernel-source-3.10.40-1.mga3-1-1.mga3.noarch.rpm
kernel-source-latest-3.10.40-1.mga3.noarch.rpm
kernel-userspace-headers-3.10.40-1.mga3.i586.rpm
perf-3.10.40-1.mga3.i586.rpm

vboxadditions-kernel-3.10.40-desktop-1.mga3-4.3.10-5.mga3.i586.rpm
vboxadditions-kernel-3.10.40-desktop586-1.mga3-4.3.10-5.mga3.i586.rpm
vboxadditions-kernel-3.10.40-server-1.mga3-4.3.10-5.mga3.i586.rpm
vboxadditions-kernel-desktop586-latest-4.3.10-5.mga3.i586.rpm
vboxadditions-kernel-desktop-latest-4.3.10-5.mga3.i586.rpm
vboxadditions-kernel-server-latest-4.3.10-5.mga3.i586.rpm
virtualbox-kernel-3.10.40-desktop-1.mga3-4.3.10-5.mga3.i586.rpm
virtualbox-kernel-3.10.40-desktop586-1.mga3-4.3.10-5.mga3.i586.rpm
virtualbox-kernel-3.10.40-server-1.mga3-4.3.10-5.mga3.i586.rpm
virtualbox-kernel-desktop586-latest-4.3.10-5.mga3.i586.rpm
virtualbox-kernel-desktop-latest-4.3.10-5.mga3.i586.rpm
virtualbox-kernel-server-latest-4.3.10-5.mga3.i586.rpm
xtables-addons-kernel-3.10.40-desktop-1.mga3-2.3-15.mga3.i586.rpm
xtables-addons-kernel-3.10.40-desktop586-1.mga3-2.3-15.mga3.i586.rpm
xtables-addons-kernel-3.10.40-server-1.mga3-2.3-15.mga3.i586.rpm
xtables-addons-kernel-desktop586-latest-2.3-15.mga3.i586.rpm
xtables-addons-kernel-desktop-latest-2.3-15.mga3.i586.rpm
xtables-addons-kernel-server-latest-2.3-15.mga3.i586.rpm

broadcom-wl-kernel-3.10.40-desktop-1.mga3-6.30.223.141-15.mga3.nonfree.i586.rpm
broadcom-wl-kernel-3.10.40-desktop586-1.mga3-6.30.223.141-15.mga3.nonfree.i586.rpm
broadcom-wl-kernel-3.10.40-server-1.mga3-6.30.223.141-15.mga3.nonfree.i586.rpm
broadcom-wl-kernel-desktop586-latest-6.30.223.141-15.mga3.nonfree.i586.rpm
broadcom-wl-kernel-desktop-latest-6.30.223.141-15.mga3.nonfree.i586.rpm
broadcom-wl-kernel-server-latest-6.30.223.141-15.mga3.nonfree.i586.rpm
fglrx-kernel-3.10.40-desktop-1.mga3-13.251-5.mga3.nonfree.i586.rpm
fglrx-kernel-3.10.40-desktop586-1.mga3-13.251-5.mga3.nonfree.i586.rpm
fglrx-kernel-3.10.40-server-1.mga3-13.251-5.mga3.nonfree.i586.rpm
fglrx-kernel-desktop586-latest-13.251-5.mga3.nonfree.i586.rpm
fglrx-kernel-desktop-latest-13.251-5.mga3.nonfree.i586.rpm
fglrx-kernel-server-latest-13.251-5.mga3.nonfree.i586.rpm
nvidia173-kernel-3.10.40-desktop-1.mga3-173.14.38-30.mga3.nonfree.i586.rpm
nvidia173-kernel-3.10.40-desktop586-1.mga3-173.14.38-30.mga3.nonfree.i586.rpm
nvidia173-kernel-3.10.40-server-1.mga3-173.14.38-30.mga3.nonfree.i586.rpm
nvidia173-kernel-desktop586-latest-173.14.38-30.mga3.nonfree.i586.rpm
nvidia173-kernel-desktop-latest-173.14.38-30.mga3.nonfree.i586.rpm
nvidia173-kernel-server-latest-173.14.38-30.mga3.nonfree.i586.rpm
nvidia304-kernel-3.10.40-desktop-1.mga3-304.108-15.mga3.nonfree.i586.rpm
nvidia304-kernel-3.10.40-desktop586-1.mga3-304.108-15.mga3.nonfree.i586.rpm
nvidia304-kernel-3.10.40-server-1.mga3-304.108-15.mga3.nonfree.i586.rpm
nvidia304-kernel-desktop586-latest-304.108-15.mga3.nonfree.i586.rpm
nvidia304-kernel-desktop-latest-304.108-15.mga3.nonfree.i586.rpm
nvidia304-kernel-server-latest-304.108-15.mga3.nonfree.i586.rpm
nvidia-current-kernel-3.10.40-desktop-1.mga3-319.60-15.mga3.nonfree.i586.rpm
nvidia-current-kernel-3.10.40-desktop586-1.mga3-319.60-15.mga3.nonfree.i586.rpm
nvidia-current-kernel-3.10.40-server-1.mga3-319.60-15.mga3.nonfree.i586.rpm
nvidia-current-kernel-desktop586-latest-319.60-15.mga3.nonfree.i586.rpm
nvidia-current-kernel-desktop-latest-319.60-15.mga3.nonfree.i586.rpm
nvidia-current-kernel-server-latest-319.60-15.mga3.nonfree.i586.rpm


x85_64:
cpupower-3.10.40-1.mga3.x86_64.rpm
cpupower-devel-3.10.40-1.mga3.x86_64.rpm
kernel-desktop-3.10.40-1.mga3-1-1.mga3.x86_64.rpm
kernel-desktop-devel-3.10.40-1.mga3-1-1.mga3.x86_64.rpm
kernel-desktop-devel-latest-3.10.40-1.mga3.x86_64.rpm
kernel-desktop-latest-3.10.40-1.mga3.x86_64.rpm
kernel-doc-3.10.40-1.mga3.noarch.rpm
kernel-server-3.10.40-1.mga3-1-1.mga3.x86_64.rpm
kernel-server-devel-3.10.40-1.mga3-1-1.mga3.x86_64.rpm
kernel-server-devel-latest-3.10.40-1.mga3.x86_64.rpm
kernel-server-latest-3.10.40-1.mga3.x86_64.rpm
kernel-source-3.10.40-1.mga3-1-1.mga3.noarch.rpm
kernel-source-latest-3.10.40-1.mga3.noarch.rpm
kernel-userspace-headers-3.10.40-1.mga3.x86_64.rpm
perf-3.10.40-1.mga3.x86_64.rpm

vboxadditions-kernel-3.10.40-desktop-1.mga3-4.3.10-5.mga3.x86_64.rpm
vboxadditions-kernel-3.10.40-server-1.mga3-4.3.10-5.mga3.x86_64.rpm
vboxadditions-kernel-desktop-latest-4.3.10-5.mga3.x86_64.rpm
vboxadditions-kernel-server-latest-4.3.10-5.mga3.x86_64.rpm
virtualbox-kernel-3.10.40-desktop-1.mga3-4.3.10-5.mga3.x86_64.rpm
virtualbox-kernel-3.10.40-server-1.mga3-4.3.10-5.mga3.x86_64.rpm
virtualbox-kernel-desktop-latest-4.3.10-5.mga3.x86_64.rpm
virtualbox-kernel-server-latest-4.3.10-5.mga3.x86_64.rpm
xtables-addons-kernel-3.10.40-desktop-1.mga3-2.3-15.mga3.x86_64.rpm
xtables-addons-kernel-3.10.40-server-1.mga3-2.3-15.mga3.x86_64.rpm
xtables-addons-kernel-desktop-latest-2.3-15.mga3.x86_64.rpm
xtables-addons-kernel-server-latest-2.3-15.mga3.x86_64.rpm

broadcom-wl-kernel-3.10.40-desktop-1.mga3-6.30.223.141-15.mga3.nonfree.x86_64.rpm
broadcom-wl-kernel-3.10.40-server-1.mga3-6.30.223.141-15.mga3.nonfree.x86_64.rpm
broadcom-wl-kernel-desktop-latest-6.30.223.141-15.mga3.nonfree.x86_64.rpm
broadcom-wl-kernel-server-latest-6.30.223.141-15.mga3.nonfree.x86_64.rpm
fglrx-kernel-3.10.40-desktop-1.mga3-13.251-5.mga3.nonfree.x86_64.rpm
fglrx-kernel-3.10.40-server-1.mga3-13.251-5.mga3.nonfree.x86_64.rpm
fglrx-kernel-desktop-latest-13.251-5.mga3.nonfree.x86_64.rpm
fglrx-kernel-server-latest-13.251-5.mga3.nonfree.x86_64.rpm
nvidia173-kernel-3.10.40-desktop-1.mga3-173.14.38-30.mga3.nonfree.x86_64.rpm
nvidia173-kernel-3.10.40-server-1.mga3-173.14.38-30.mga3.nonfree.x86_64.rpm
nvidia173-kernel-desktop-latest-173.14.38-30.mga3.nonfree.x86_64.rpm
nvidia173-kernel-server-latest-173.14.38-30.mga3.nonfree.x86_64.rpm
nvidia304-kernel-3.10.40-desktop-1.mga3-304.108-15.mga3.nonfree.x86_64.rpm
nvidia304-kernel-3.10.40-server-1.mga3-304.108-15.mga3.nonfree.x86_64.rpm
nvidia304-kernel-desktop-latest-304.108-15.mga3.nonfree.x86_64.rpm
nvidia304-kernel-server-latest-304.108-15.mga3.nonfree.x86_64.rpm
nvidia-current-kernel-3.10.40-desktop-1.mga3-319.60-15.mga3.nonfree.x86_64.rpm
nvidia-current-kernel-3.10.40-server-1.mga3-319.60-15.mga3.nonfree.x86_64.rpm
nvidia-current-kernel-desktop-latest-319.60-15.mga3.nonfree.x86_64.rpm
nvidia-current-kernel-server-latest-319.60-15.mga3.nonfree.x86_64.rpm



Advisory:
Updated kernel provides upstream 3.10.40 kernel and fixes the
following security issues:

The microcode on AMD 16h 00h through 0Fh processors does not properly
handle the interaction between locked instructions and write-combined
memory types, which allows local users to cause a denial of service
(system hang) via a crafted application, aka the errata 793 issue. 
(CVE-2013-6885)

Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/
x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute
arbitrary code on the host OS by leveraging a loop that triggers an
invalid memory copy affecting certain cancel_work_item data. 
(CVE-2014-0049)

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem
in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise
Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which
allows guest OS users to cause a denial of service (host OS crash) via
unspecified vectors. (CVE-2014-0055)

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through
3.13.5 does not properly handle uncached write operations that copy fewer
than the requested number of bytes, which allows local users to obtain
sensitive information from kernel memory, cause a denial of service
(memory corruption and system crash), or possibly gain privileges via a
writev system call with a crafted pointer. (CVE-2014-0069)

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable
buffers are disabled, does not properly validate packet lengths, which
allows guest OS users to cause a denial of service (memory corruption and
host OS crash) or possibly gain privileges on the host OS via crafted
packets, related to the handle_rx and get_rx_bufs functions. 
(CVE-2014-0077)

The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel
through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic
return value, which allows guest OS users to cause a denial of service
(host OS crash) via a crafted entry in the redirection table of an I/O
APIC. NOTE: the affected code was moved to the ioapic_service function
before the vulnerability was announced. (CVE-2014-0155)

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel
through 3.14.3 does not properly manage tty driver access in the
"LECHO & !OPOST" case, which allows local users to cause a denial of
service (memory corruption and system crash) or gain privileges by
triggering a race condition involving read and write operations with
long strings. (CVE-2014-0196)

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux
kernel through 3.14.3 does not properly handle error conditions during
processing of an FDRAWCMD ioctl call, which allows local users to trigger
kfree operations and gain privileges by leveraging write access to a
/dev/fd device.  (CVE-2014-1737)

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux
kernel through 3.14.3 does not properly restrict access to certain
pointers during processing of an FDRAWCMD ioctl call, which allows
local users to obtain sensitive information from kernel heap memory
by leveraging write access to a /dev/fd device. (CVE-2014-1738)

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the
Linux kernel through 3.14.1 allows local users to cause a denial of service
(use-after-free and system crash) or possibly gain privileges via a crafted
application that leverages an improperly managed reference counter.
(CVE-2014-2851)

For other fixes, see the referenced changelogs.

References:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.40
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.39
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.38
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.37
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.36
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.35
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.34
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.33
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.32
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.31
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.30
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.29


Reproducible: 

Steps to Reproduce:
Comment 1 Bill Wilkinson 2014-05-17 20:44:14 CEST
tested mga3-64, server and desktop.

Both kernels booted normally and the PoC did crash the prior kernel version, ran through on update.

Tested on real hardware with dkms for nvidia 304 driver.
Comment 2 Paul Blackburn 2014-05-17 22:38:23 CEST
testing kernel-desktop-3.10.40-1.mga3-1-1.mga3.x86_64 on HP z600
Comment 3 Paul Blackburn 2014-05-17 22:52:14 CEST
tested kernel-desktop-3.10.40-1.mga3-1-1.mga3.x86_64 on HP z600

ran PoC from https://bugzilla.novell.com/show_bug.cgi?id=875690#c14
and encountered no problem

[mpb@z600-mageia3 2014_05_15]$ ./cve-2014-0196_local_dos
CVE-2014-0196 DOS PoC by DigitalCold
[+] New PTY - Master PID 5640, Slave PID 5641
[+] Starting bombing run...
........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
[-] No crash? Maybe you're not vulnerable...

Continuing to run kernel overnight testing other things
Comment 4 Paul Blackburn 2014-05-18 12:34:08 CEST
tested kernel-desktop-3.10.40-1.mga3-1-1.mga3.x86_64 on HP z600 overnight
stable with normal day-to-day activities (web browsing, IRC, gnome terminal, etc)
Comment 5 claire robinson 2014-05-19 17:03:55 CEST
No issues mga3 32 on vintage centrino laptop
Comment 6 claire robinson 2014-05-19 18:06:37 CEST
Advisory uploaded.

Any objections to validating?
Comment 7 David Walser 2014-05-19 18:09:56 CEST
No objections here.  I have the i586 desktop kernel running just fine on 3 completely different machines.  Going to install the server one on yet another machine today, but I don't anticipate any problems.
Comment 8 claire robinson 2014-05-19 18:43:29 CEST
Validating this one then, thanks everybody. The other kernels still need testing completed too.

Could sysadmin please push to 3 updates

Thanks
Comment 9 Thomas Backlund 2014-05-19 21:04:28 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2014-0228.html

Note You need to log in before you can comment on or make changes to this bug.