SRPM: kernel-linus-3.10.40-1.mga3.src.rpm i586: kernel-linus-3.10.40-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-3.10.40-1.mga3-1-1.mga3.i586.rpm kernel-linus-devel-latest-3.10.40-1.mga3.i586.rpm kernel-linus-doc-3.10.40-1.mga3.noarch.rpm kernel-linus-latest-3.10.40-1.mga3.i586.rpm kernel-linus-source-3.10.40-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.40-1.mga3.noarch.rpm x86_64: kernel-linus-3.10.40-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-3.10.40-1.mga3-1-1.mga3.x86_64.rpm kernel-linus-devel-latest-3.10.40-1.mga3.x86_64.rpm kernel-linus-doc-3.10.40-1.mga3.noarch.rpm kernel-linus-latest-3.10.40-1.mga3.x86_64.rpm kernel-linus-source-3.10.40-1.mga3-1-1.mga3.noarch.rpm kernel-linus-source-latest-3.10.40-1.mga3.noarch.rpm Advisory: Updated kernel-linus provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (CVE-2013-6885) Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data. (CVE-2014-0049) The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (CVE-2014-0055) The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (CVE-2014-0069) drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (CVE-2014-0077) The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (CVE-2014-0155) The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (CVE-2014-0196) The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737) The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (CVE-2014-1738) Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (CVE-2014-2851) For other fixes, see the referenced changelogs. References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.40 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.39 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.38 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.37 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.36 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.35 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.34 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.33 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.32 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.31 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.30 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.29 Reproducible: Steps to Reproduce:
Tested OK mga3 64 Installed just to test these. dkms modules all build ok and no issues in use.
Whiteboard: (none) => mga3-64-ok
Tested OK mga3 32 Installed mga3 32 for testing purposes. dkms modules build ok and no issues noticed in use.
Whiteboard: mga3-64-ok => mga3-64-ok mga3-32-ok
In Vbox Tested OK mga3 32-bit Installed update_testing and rebooted back to a working desktop just fine. No issues noticed.
CC: (none) => wilcal.int
In Vbox Tested OK mga3 64-bit Installed update_testing and rebooted back to a working desktop just fine. No issues noticed.
Advisory uploaded. Validating. Could sysadmin please push to 3 updates Thanks
Keywords: (none) => validated_updateWhiteboard: mga3-64-ok mga3-32-ok => advisory mga3-64-ok mga3-32-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0235.html
Status: NEW => RESOLVEDResolution: (none) => FIXED