Advisory: This updates kernel-linus to upstream stable 3.4.34. It also fixes the following security issues: An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode. (CVE-2013-1763). Linux kernel is prone to a local privilege-escalation vulnerability due to a tmpfs use-after-free error. Local attackers can exploit the issue to execute arbitrary code with kernel privileges or to crash the kernel, effectively denying service to legitimate users (CVE-2013-1767). Linux kernel built with Edgeport USB serial converter driver io_ti, is vulnerable to a NULL pointer dereference flaw. It happens if the device is disconnected while corresponding /dev/ttyUSB? file is in use. An unprivileged user could use this flaw to crash the system, resulting DoS (CVE-2013-1774). References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.34 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33 i586: ----- kernel-linus-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-linus-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm kernel-linus-devel-latest-3.4.34-1.mga2.i586.rpm kernel-linus-doc-3.4.34-1.mga2.noarch.rpm kernel-linus-latest-3.4.34-1.mga2.i586.rpm kernel-linus-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm x86_64: ------- kernel-linus-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-linus-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm kernel-linus-devel-latest-3.4.34-1.mga2.x86_64.rpm kernel-linus-doc-3.4.34-1.mga2.noarch.rpm kernel-linus-latest-3.4.34-1.mga2.x86_64.rpm kernel-linus-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm kernel-linus-source-latest-3.4.34-1.mga2.noarch.rpm SRPMS: ------ kernel-linus-3.4.34-1.mga2.src.rpm Reproducible: Steps to Reproduce:
Priority: Normal => High
PoC: http://www.securityfocus.com/bid/58137/exploit
Testing complete i586 Confirmed virtualbox dkms module is built when updating. Everything OK after reboot. Confirmed PoC closed.
Whiteboard: (none) => has_procedure mga2-32-ok
Testing complete on Mageia 2 x86-64. Could someone from the sysadmin team push the kernel-linus-3.4.34-1.mga2 from Mageia 2 updates testing to updates. See description for list of srpms and advisory.
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok MGA2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0081
Status: NEW => RESOLVEDResolution: (none) => FIXED