Advisory: This updates kernel to upstream stable 3.4.34. It also fixes the following security issues: An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode. (CVE-2013-1763). Linux kernel is prone to a local privilege-escalation vulnerability due to a tmpfs use-after-free error. Local attackers can exploit the issue to execute arbitrary code with kernel privileges or to crash the kernel, effectively denying service to legitimate users (CVE-2013-1767). Linux kernel built with Edgeport USB serial converter driver io_ti, is vulnerable to a NULL pointer dereference flaw. It happens if the device is disconnected while corresponding /dev/ttyUSB? file is in use. An unprivileged user could use this flaw to crash the system, resulting DoS (CVE-2013-1774). References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.34 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33 i586: ----- cpupower-3.4.34-1.mga2.i586.rpm cpupower-devel-3.4.34-1.mga2.i586.rpm kernel-desktop-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-desktop586-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-desktop586-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-desktop586-devel-latest-3.4.34-1.mga2.i586.rpm kernel-desktop586-latest-3.4.34-1.mga2.i586.rpm kernel-desktop-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-desktop-devel-latest-3.4.34-1.mga2.i586.rpm kernel-desktop-latest-3.4.34-1.mga2.i586.rpm kernel-doc-3.4.34-1.mga2.noarch.rpm kernel-linus-source-latest-3.4.34-1.mga2.noarch.rpm kernel-netbook-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-netbook-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-netbook-devel-latest-3.4.34-1.mga2.i586.rpm kernel-netbook-latest-3.4.34-1.mga2.i586.rpm kernel-server-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-server-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-server-devel-latest-3.4.34-1.mga2.i586.rpm kernel-server-latest-3.4.34-1.mga2.i586.rpm kernel-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm kernel-source-latest-3.4.34-1.mga2.noarch.rpm kernel-userspace-headers-3.4.34-1.mga2.i586.rpm perf-3.4.34-1.mga2.i586.rpm vboxadditions-kernel-3.4.34-desktop-1.mga2-4.1.24-5.mga2.i586.rpm vboxadditions-kernel-3.4.34-desktop586-1.mga2-4.1.24-5.mga2.i586.rpm vboxadditions-kernel-3.4.34-netbook-1.mga2-4.1.24-5.mga2.i586.rpm vboxadditions-kernel-3.4.34-server-1.mga2-4.1.24-5.mga2.i586.rpm vboxadditions-kernel-desktop586-latest-4.1.24-5.mga2.i586.rpm vboxadditions-kernel-desktop-latest-4.1.24-5.mga2.i586.rpm vboxadditions-kernel-netbook-latest-4.1.24-5.mga2.i586.rpm vboxadditions-kernel-server-latest-4.1.24-5.mga2.i586.rpm virtualbox-kernel-3.4.34-desktop-1.mga2-4.1.24-4.mga2.i586.rpm virtualbox-kernel-3.4.34-desktop586-1.mga2-4.1.24-4.mga2.i586.rpm virtualbox-kernel-3.4.34-netbook-1.mga2-4.1.24-4.mga2.i586.rpm virtualbox-kernel-3.4.34-server-1.mga2-4.1.24-4.mga2.i586.rpm virtualbox-kernel-desktop586-latest-4.1.24-4.mga2.i586.rpm virtualbox-kernel-desktop-latest-4.1.24-4.mga2.i586.rpm virtualbox-kernel-netbook-latest-4.1.24-4.mga2.i586.rpm virtualbox-kernel-server-latest-4.1.24-4.mga2.i586.rpm xtables-addons-kernel-3.4.34-desktop-1.mga2-1.41-22.mga2.i586.rpm xtables-addons-kernel-3.4.34-desktop586-1.mga2-1.41-22.mga2.i586.rpm xtables-addons-kernel-3.4.34-netbook-1.mga2-1.41-22.mga2.i586.rpm xtables-addons-kernel-3.4.34-server-1.mga2-1.41-22.mga2.i586.rpm xtables-addons-kernel-desktop586-latest-1.41-22.mga2.i586.rpm xtables-addons-kernel-desktop-latest-1.41-22.mga2.i586.rpm xtables-addons-kernel-netbook-latest-1.41-22.mga2.i586.rpm xtables-addons-kernel-server-latest-1.41-22.mga2.i586.rpm broadcom-wl-kernel-3.4.34-desktop-1.mga2-5.100.82.112-42.mga2.nonfree.i586.rpm broadcom-wl-kernel-3.4.34-desktop586-1.mga2-5.100.82.112-42.mga2.nonfree.i586.rpm broadcom-wl-kernel-3.4.34-netbook-1.mga2-5.100.82.112-42.mga2.nonfree.i586.rpm broadcom-wl-kernel-3.4.34-server-1.mga2-5.100.82.112-42.mga2.nonfree.i586.rpm broadcom-wl-kernel-desktop586-latest-5.100.82.112-42.mga2.nonfree.i586.rpm broadcom-wl-kernel-desktop-latest-5.100.82.112-42.mga2.nonfree.i586.rpm broadcom-wl-kernel-netbook-latest-5.100.82.112-42.mga2.nonfree.i586.rpm broadcom-wl-kernel-server-latest-5.100.82.112-42.mga2.nonfree.i586.rpm fglrx-kernel-3.4.34-desktop-1.mga2-8.961-18.mga2.nonfree.i586.rpm fglrx-kernel-3.4.34-desktop586-1.mga2-8.961-18.mga2.nonfree.i586.rpm fglrx-kernel-3.4.34-netbook-1.mga2-8.961-18.mga2.nonfree.i586.rpm fglrx-kernel-3.4.34-server-1.mga2-8.961-18.mga2.nonfree.i586.rpm fglrx-kernel-desktop586-latest-8.961-18.mga2.nonfree.i586.rpm fglrx-kernel-desktop-latest-8.961-18.mga2.nonfree.i586.rpm fglrx-kernel-netbook-latest-8.961-18.mga2.nonfree.i586.rpm fglrx-kernel-server-latest-8.961-18.mga2.nonfree.i586.rpm nvidia-current-kernel-3.4.34-desktop-1.mga2-295.71-13.mga2.nonfree.i586.rpm nvidia-current-kernel-3.4.34-desktop586-1.mga2-295.71-13.mga2.nonfree.i586.rpm nvidia-current-kernel-3.4.34-netbook-1.mga2-295.71-13.mga2.nonfree.i586.rpm nvidia-current-kernel-3.4.34-server-1.mga2-295.71-13.mga2.nonfree.i586.rpm nvidia-current-kernel-desktop586-latest-295.71-13.mga2.nonfree.i586.rpm nvidia-current-kernel-desktop-latest-295.71-13.mga2.nonfree.i586.rpm nvidia-current-kernel-netbook-latest-295.71-13.mga2.nonfree.i586.rpm nvidia-current-kernel-server-latest-295.71-13.mga2.nonfree.i586.rpm x86_64: ------- cpupower-3.4.34-1.mga2.x86_64.rpm cpupower-devel-3.4.34-1.mga2.x86_64.rpm kernel-desktop-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-desktop-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-desktop-devel-latest-3.4.34-1.mga2.x86_64.rpm kernel-desktop-latest-3.4.34-1.mga2.x86_64.rpm kernel-doc-3.4.34-1.mga2.noarch.rpm kernel-netbook-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-netbook-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-netbook-devel-latest-3.4.34-1.mga2.x86_64.rpm kernel-netbook-latest-3.4.34-1.mga2.x86_64.rpm kernel-server-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-server-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-server-devel-latest-3.4.34-1.mga2.x86_64.rpm kernel-server-latest-3.4.34-1.mga2.x86_64.rpm kernel-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm kernel-source-latest-3.4.34-1.mga2.noarch.rpm kernel-userspace-headers-3.4.34-1.mga2.x86_64.rpm perf-3.4.34-1.mga2.x86_64.rpm vboxadditions-kernel-3.4.34-desktop-1.mga2-4.1.24-5.mga2.x86_64.rpm vboxadditions-kernel-3.4.34-netbook-1.mga2-4.1.24-5.mga2.x86_64.rpm vboxadditions-kernel-3.4.34-server-1.mga2-4.1.24-5.mga2.x86_64.rpm vboxadditions-kernel-desktop-latest-4.1.24-5.mga2.x86_64.rpm vboxadditions-kernel-netbook-latest-4.1.24-5.mga2.x86_64.rpm vboxadditions-kernel-server-latest-4.1.24-5.mga2.x86_64.rpm virtualbox-kernel-3.4.34-desktop-1.mga2-4.1.24-4.mga2.x86_64.rpm virtualbox-kernel-3.4.34-netbook-1.mga2-4.1.24-4.mga2.x86_64.rpm virtualbox-kernel-3.4.34-server-1.mga2-4.1.24-4.mga2.x86_64.rpm virtualbox-kernel-desktop-latest-4.1.24-4.mga2.x86_64.rpm virtualbox-kernel-netbook-latest-4.1.24-4.mga2.x86_64.rpm virtualbox-kernel-server-latest-4.1.24-4.mga2.x86_64.rpm xtables-addons-kernel-3.4.34-desktop-1.mga2-1.41-22.mga2.x86_64.rpm xtables-addons-kernel-3.4.34-netbook-1.mga2-1.41-22.mga2.x86_64.rpm xtables-addons-kernel-3.4.34-server-1.mga2-1.41-22.mga2.x86_64.rpm xtables-addons-kernel-desktop-latest-1.41-22.mga2.x86_64.rpm xtables-addons-kernel-netbook-latest-1.41-22.mga2.x86_64.rpm xtables-addons-kernel-server-latest-1.41-22.mga2.x86_64.rpm broadcom-wl-kernel-3.4.34-desktop-1.mga2-5.100.82.112-42.mga2.nonfree.x86_64.rpm broadcom-wl-kernel-3.4.34-netbook-1.mga2-5.100.82.112-42.mga2.nonfree.x86_64.rpm broadcom-wl-kernel-3.4.34-server-1.mga2-5.100.82.112-42.mga2.nonfree.x86_64.rpm broadcom-wl-kernel-desktop-latest-5.100.82.112-42.mga2.nonfree.x86_64.rpm broadcom-wl-kernel-netbook-latest-5.100.82.112-42.mga2.nonfree.x86_64.rpm broadcom-wl-kernel-server-latest-5.100.82.112-42.mga2.nonfree.x86_64.rpm fglrx-kernel-3.4.34-desktop-1.mga2-8.961-18.mga2.nonfree.x86_64.rpm fglrx-kernel-3.4.34-netbook-1.mga2-8.961-18.mga2.nonfree.x86_64.rpm fglrx-kernel-3.4.34-server-1.mga2-8.961-18.mga2.nonfree.x86_64.rpm fglrx-kernel-desktop-latest-8.961-18.mga2.nonfree.x86_64.rpm fglrx-kernel-netbook-latest-8.961-18.mga2.nonfree.x86_64.rpm fglrx-kernel-server-latest-8.961-18.mga2.nonfree.x86_64.rpm nvidia-current-kernel-3.4.34-desktop-1.mga2-295.71-13.mga2.nonfree.x86_64.rpm nvidia-current-kernel-3.4.34-netbook-1.mga2-295.71-13.mga2.nonfree.x86_64.rpm nvidia-current-kernel-3.4.34-server-1.mga2-295.71-13.mga2.nonfree.x86_64.rpm nvidia-current-kernel-desktop-latest-295.71-13.mga2.nonfree.x86_64.rpm nvidia-current-kernel-netbook-latest-295.71-13.mga2.nonfree.x86_64.rpm nvidia-current-kernel-server-latest-295.71-13.mga2.nonfree.x86_64.rpm SRPMS: ------ kernel-3.4.34-1.mga2.src.rpm kernel-userspace-headers-3.4.34-1.mga2.src.rpm kmod-vboxadditions-4.1.24-5.mga2.src.rpm kmod-virtualbox-4.1.24-4.mga2.src.rpm kmod-xtables-addons-1.41-22.mga2.src.rpm kmod-broadcom-wl-5.100.82.112-42.mga2.nonfree.src.rpm kmod-fglrx-8.961-18.mga2.nonfree.src.rpm kmod-nvidia-current-295.71-13.mga2.nonfree.src.rpm Reproducible: Steps to Reproduce:
Priority: Normal => High
PoC: http://www.securityfocus.com/bid/58137/exploit
Confirmed we're vulnerable using this one: http://downloads.securityfocus.com/vulnerabilities/exploits/58137_1.c Saved it as kbug.c $ gcc -o kbug kbug.c kbug.c: In function âmainâ: kbug.c:55:3: warning: incompatible implicit declaration of built-in function âmemcpyâ [enabled by default] kbug.c:55:3: warning: passing argument 1 of âmemcpyâ makes pointer from integer without a cast [enabled by default] kbug.c:55:3: note: expected âvoid *â but argument is of type âintâ kbug.c:59:10: warning: incompatible implicit declaration of built-in function âexeclâ [enabled by default] Shows warnings but does work. Escalates privileges to root. $ ./kbug -sh-4.2# cd /root -sh-4.2# ls drakx/ tmp/ -sh-4.2# touch test -sh-4.2# ls drakx/ test tmp/ -sh-4.2# ls -l test -rw-r--r-- 1 root root 0 Mar 1 09:19 test -sh-4.2# exit Testing x86_64
Installed all the kernels and -latest from the list and started MageiaUpdate from terminal so I could watch the output. Ensured all dkms were installed on all kernels as the updates installed and none were missed: DKMS: install Completed. vboxadditions, 4.1.24-1.mga2, 3.4.32-netbook-2.mga2, x86_64: installed-binary from 3.4.32-netbook-2.mga2 vboxadditions, 4.1.24-1.mga2, 3.4.32-server-2.mga2, x86_64: installed-binary from 3.4.32-server-2.mga2 vboxadditions, 4.1.24-1.mga2, 3.4.34-server-1.mga2, x86_64: installed-binary from 3.4.34-server-1.mga2 vboxadditions, 4.1.24-1.mga2, 3.4.34-netbook-1.mga2, x86_64: installed-binary from 3.4.34-netbook-1.mga2 vboxadditions, 4.1.24-1.mga2, 3.4.32-desktop-2.mga2, x86_64: installed-binary from 3.4.32-desktop-2.mga2 vboxadditions, 4.1.24-1.mga2, 3.4.34-desktop-1.mga2, x86_64: installed-binary from 3.4.34-desktop-1.mga2 DKMS: install Completed. xtables-addons, 1.41-3.mga2, 3.4.32-netbook-2.mga2, x86_64: installed-binary from 3.4.32-netbook-2.mga2 xtables-addons, 1.41-3.mga2, 3.4.32-server-2.mga2, x86_64: installed-binary from 3.4.32-server-2.mga2 xtables-addons, 1.41-3.mga2, 3.4.34-server-1.mga2, x86_64: installed-binary from 3.4.34-server-1.mga2 xtables-addons, 1.41-3.mga2, 3.4.34-netbook-1.mga2, x86_64: installed-binary from 3.4.34-netbook-1.mga2 xtables-addons, 1.41-3.mga2, 3.4.32-desktop-2.mga2, x86_64: installed-binary from 3.4.32-desktop-2.mga2 xtables-addons, 1.41-3.mga2, 3.4.34-desktop-1.mga2, x86_64: installed-binary from 3.4.34-desktop-1.mga2 DKMS: install Completed. virtualbox, 4.1.24-1.mga2, 3.4.32-netbook-2.mga2, x86_64: installed-binary from 3.4.32-netbook-2.mga2 virtualbox, 4.1.24-1.mga2, 3.4.32-server-2.mga2, x86_64: installed-binary from 3.4.32-server-2.mga2 virtualbox, 4.1.24-1.mga2, 3.4.34-server-1.mga2, x86_64: installed-binary from 3.4.34-server-1.mga2 virtualbox, 4.1.24-1.mga2, 3.4.34-netbook-1.mga2, x86_64: installed-binary from 3.4.34-netbook-1.mga2 virtualbox, 4.1.24-1.mga2, 3.4.32-desktop-2.mga2, x86_64: installed-binary from 3.4.32-desktop-2.mga2 virtualbox, 4.1.24-1.mga2, 3.4.34-desktop-1.mga2, x86_64: installed-binary from 3.4.34-desktop-1.mga2 DKMS: install Completed. fglrx, 8.961-2.mga2.nonfree, 3.4.32-netbook-2.mga2, x86_64: installed-binary from 3.4.32-netbook-2.mga2 fglrx, 8.961-2.mga2.nonfree, 3.4.32-server-2.mga2, x86_64: installed-binary from 3.4.32-server-2.mga2 fglrx, 8.961-2.mga2.nonfree, 3.4.34-server-1.mga2, x86_64: installed-binary from 3.4.34-server-1.mga2 fglrx, 8.961-2.mga2.nonfree, 3.4.34-netbook-1.mga2, x86_64: installed-binary from 3.4.34-netbook-1.mga2 fglrx, 8.961-2.mga2.nonfree, 3.4.32-desktop-2.mga2, x86_64: installed-binary from 3.4.32-desktop-2.mga2 fglrx, 8.961-2.mga2.nonfree, 3.4.34-desktop-1.mga2, x86_64: installed-binary from 3.4.34-desktop-1.mga2 DKMS: install Completed. broadcom-wl, 5.100.82.112-7.mga2.nonfree, 3.4.32-netbook-2.mga2, x86_64: installed-binary from 3.4.32-netbook-2.mga2 broadcom-wl, 5.100.82.112-7.mga2.nonfree, 3.4.32-server-2.mga2, x86_64: installed-binary from 3.4.32-server-2.mga2 broadcom-wl, 5.100.82.112-7.mga2.nonfree, 3.4.34-server-1.mga2, x86_64: installed-binary from 3.4.34-server-1.mga2 broadcom-wl, 5.100.82.112-7.mga2.nonfree, 3.4.34-netbook-1.mga2, x86_64: installed-binary from 3.4.34-netbook-1.mga2 broadcom-wl, 5.100.82.112-7.mga2.nonfree, 3.4.32-desktop-2.mga2, x86_64: installed-binary from 3.4.32-desktop-2.mga2 broadcom-wl, 5.100.82.112-7.mga2.nonfree, 3.4.34-desktop-1.mga2, x86_64: installed-binary from 3.4.34-desktop-1.mga2 DKMS: install Completed. nvidia-current, 295.71-1.mga2.nonfree, 3.4.32-netbook-2.mga2, x86_64: installed-binary from 3.4.32-netbook-2.mga2 nvidia-current, 295.71-1.mga2.nonfree, 3.4.32-server-2.mga2, x86_64: installed-binary from 3.4.32-server-2.mga2 nvidia-current, 295.71-1.mga2.nonfree, 3.4.34-server-1.mga2, x86_64: installed-binary from 3.4.34-server-1.mga2 nvidia-current, 295.71-1.mga2.nonfree, 3.4.34-netbook-1.mga2, x86_64: installed-binary from 3.4.34-netbook-1.mga2 nvidia-current, 295.71-1.mga2.nonfree, 3.4.32-desktop-2.mga2, x86_64: installed-binary from 3.4.32-desktop-2.mga2 nvidia-current, 295.71-1.mga2.nonfree, 3.4.34-desktop-1.mga2, x86_64: installed-binary from 3.4.34-desktop-1.mga2 Rebooted into each kernel checked with uname -a, recompiled the PoC for each one (not sure this is necessary) and checked to ensure it failed. $ ./kbug -sh-4.2$ whoami claire -sh-4.2$ cd /root -sh: cd: /root: Permission denied Also checked with dkms after the reboot, eg: # dkms status -m virtualbox -v 4.1.24-1.mga2 virtualbox, 4.1.24-1.mga2, 3.4.32-netbook-2.mga2, x86_64: installed-binary from 3.4.32-netbook-2.mga2 virtualbox, 4.1.24-1.mga2, 3.4.32-server-2.mga2, x86_64: installed-binary from 3.4.32-server-2.mga2 virtualbox, 4.1.24-1.mga2, 3.4.34-server-1.mga2, x86_64: installed-binary from 3.4.34-server-1.mga2 virtualbox, 4.1.24-1.mga2, 3.4.34-netbook-1.mga2, x86_64: installed-binary from 3.4.34-netbook-1.mga2 virtualbox, 4.1.24-1.mga2, 3.4.32-desktop-2.mga2, x86_64: installed-binary from 3.4.32-desktop-2.mga2 virtualbox, 4.1.24-1.mga2, 3.4.34-desktop-1.mga2, x86_64: installed-binary from 3.4.34-desktop-1.mga2 It takes a long time to respond but shows all updates applied ok.
Whiteboard: (none) => has_procedure mga2-64-ok
kernel-server-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-server-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm installed on MGA2 32 bits the nvidia module is built by dkms during the installation Booting on it is OK (the nvidia module is used) No regression found I didn't test the vulnerability Philippe
CC: (none) => philippedidier
Also tested Mageia 2 i586. The poc doesn't work on i586, so just testing that the updating works properly, etc. Validating the update. Could someone from the sysadmin team push the kernel-3.4.34-1.mga2 srpms from Mageia 2 updates testing to updates. See Description for list of srpms and advisory.
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: has_procedure mga2-64-ok => has_procedure mga2-64-ok MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0079
Status: NEW => RESOLVEDResolution: (none) => FIXED