There is now a new kernel-vserver to validate... Advisory: --------- This kernel-vserver update provides upstream 3.4.32 kernel and resolves the following security issues: The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. (CVE-2013-0190 / XSA-40) Linux kernel when returning from an iret assumes that %ds segment is safe and uses it to reference various per-cpu related fields. Unfortunately the user can modify the LDT and provide a NULL one. Whenever an iret is called we end up in xen_iret and try to use the %ds segment and cause an general protection fault. Malicious or buggy unprivileged user space can cause the guest kernel to crash, or permit a privilege escalation within the guest, or operate erroneously. (CVE-2013-0228 / XSA-42) A flaw was found in the way __skb_recv_datagram() processed skbs with no payload when MSG_PEEK was requested. An unprivileged local user could use this flaw to cause local denial of service. (CVE-2013-0290) A race conditon in ptrace can lead to kernel stack corruption and arbitrary kernel-mode code execution. (CVE-2013-0871) A flaw was found in how printk manages buffers when calling log_prefix function from call_console_drivers creating a buffer overflow. An unprivileged local user could use this flaw to cause local denial of service. (CVE pending) Other fixes in this release: - adds Intel Lynx Point-LP, Haswell and Wellsburg support to ata/ahci, smbus, watchdog. References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0290 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.25 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.26 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.27 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.28 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.29 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.30 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.31 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.32 SRPMS: ------ kernel-vserver-3.4.32-2.mga2.src.rpm i586: ----- kernel-vserver-3.4.32-2.mga2-1-1.mga2.i586.rpm kernel-vserver-devel-3.4.32-2.mga2-1-1.mga2.i586.rpm kernel-vserver-devel-latest-3.4.32-2.mga2.i586.rpm kernel-vserver-doc-3.4.32-2.mga2.noarch.rpm kernel-vserver-latest-3.4.32-2.mga2.i586.rpm kernel-vserver-source-3.4.32-2.mga2-1-1.mga2.noarch.rpm kernel-vserver-source-latest-3.4.32-2.mga2.noarch.rpm x86_64: ------- kernel-vserver-3.4.32-2.mga2-1-1.mga2.x86_64.rpm kernel-vserver-devel-3.4.32-2.mga2-1-1.mga2.x86_64.rpm kernel-vserver-devel-latest-3.4.32-2.mga2.x86_64.rpm kernel-vserver-doc-3.4.32-2.mga2.noarch.rpm kernel-vserver-latest-3.4.32-2.mga2.x86_64.rpm kernel-vserver-source-3.4.32-2.mga2-1-1.mga2.noarch.rpm kernel-vserver-source-latest-3.4.32-2.mga2.noarch.rpm
Priority: Normal => HighCC: (none) => tmb
Validating the update. Please push to updates.
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0069
Status: NEW => RESOLVEDResolution: (none) => FIXED