Advisory: This updates kernel-tmb to upstream stable 3.4.34. It also fixes the following security issues: An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode. (CVE-2013-1763). Linux kernel is prone to a local privilege-escalation vulnerability due to a tmpfs use-after-free error. Local attackers can exploit the issue to execute arbitrary code with kernel privileges or to crash the kernel, effectively denying service to legitimate users (CVE-2013-1767). Linux kernel built with Edgeport USB serial converter driver io_ti, is vulnerable to a NULL pointer dereference flaw. It happens if the device is disconnected while corresponding /dev/ttyUSB? file is in use. An unprivileged user could use this flaw to crash the system, resulting DoS (CVE-2013-1774). References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.34 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33 i586: ----- kernel-tmb-desktop-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-latest-3.4.34-1.mga2.i586.rpm kernel-tmb-desktop586-latest-3.4.34-1.mga2.i586.rpm kernel-tmb-desktop-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop-devel-latest-3.4.34-1.mga2.i586.rpm kernel-tmb-desktop-latest-3.4.34-1.mga2.i586.rpm kernel-tmb-laptop-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-latest-3.4.34-1.mga2.i586.rpm kernel-tmb-laptop-latest-3.4.34-1.mga2.i586.rpm kernel-tmb-server-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-latest-3.4.34-1.mga2.i586.rpm kernel-tmb-server-latest-3.4.34-1.mga2.i586.rpm kernel-tmb-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.34-1.mga2.noarch.rpm x86_64: ------- kernel-tmb-desktop-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-latest-3.4.34-1.mga2.x86_64.rpm kernel-tmb-desktop-latest-3.4.34-1.mga2.x86_64.rpm kernel-tmb-laptop-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-latest-3.4.34-1.mga2.x86_64.rpm kernel-tmb-laptop-latest-3.4.34-1.mga2.x86_64.rpm kernel-tmb-server-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-latest-3.4.34-1.mga2.x86_64.rpm kernel-tmb-server-latest-3.4.34-1.mga2.x86_64.rpm kernel-tmb-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.34-1.mga2.noarch.rpm SRPMS: ------ kernel-tmb-3.4.34-1.mga2.src.rpm Reproducible: Steps to Reproduce:
Priority: Normal => High
PoC: http://www.securityfocus.com/bid/58137/exploit
Testing x86_64
The dkms modules for the kernel in use are not built at the time the updates are applied. They are built for the other kernels. # dkms status -m vboxadditions -v 4.1.24-1.mga2 vboxadditions, 4.1.24-1.mga2, 3.4.32-tmb-laptop-2.mga2, x86_64: installed vboxadditions, 4.1.24-1.mga2, 3.4.34-tmb-desktop-1.mga2, x86_64: installed vboxadditions, 4.1.24-1.mga2, 3.4.32-tmb-desktop-2.mga2, x86_64: installed vboxadditions, 4.1.24-1.mga2, 3.4.34-tmb-server-1.mga2, x86_64: installed vboxadditions, 4.1.24-1.mga2, 3.4.32-tmb-server-2.mga2, x86_64: installed # uname -a Linux localhost 3.4.32-tmb-laptop-2.mga2 #1 SMP Mon Feb 18 21:36:53 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux They are built on reboot though so not sure if this is expected. # dkms status -m vboxadditions -v 4.1.24-1.mga2 vboxadditions, 4.1.24-1.mga2, 3.4.32-tmb-laptop-2.mga2, x86_64: installed vboxadditions, 4.1.24-1.mga2, 3.4.34-tmb-desktop-1.mga2, x86_64: installed vboxadditions, 4.1.24-1.mga2, 3.4.34-tmb-laptop-1.mga2, x86_64: installed vboxadditions, 4.1.24-1.mga2, 3.4.32-tmb-desktop-2.mga2, x86_64: installed vboxadditions, 4.1.24-1.mga2, 3.4.34-tmb-server-1.mga2, x86_64: installed vboxadditions, 4.1.24-1.mga2, 3.4.32-tmb-server-2.mga2, x86_64: installed # uname -a Linux localhost 3.4.34-tmb-laptop-1.mga2 #1 SMP Thu Feb 28 22:05:06 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux It doesn't appear to make it into the initrd though. It's not until it loads the module during boot that the mouse is freed for instance. Apart from this all boot ok and the PoC is closed so if that is 'normal' then mga2-64-ok
Testing complete on Mageia 2 i586. The poc doesn't work on i586, so just testing that the updating works properly, etc. Validating the update. Could someone from the sysadmin team push the kernel-tmb-3.4.34-1.mga2 srpms from Mageia 2 updates testing to updates. See Description for list of srpms and advisory.
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0080
Status: NEW => RESOLVEDResolution: (none) => FIXED