Bug 9211 - Update request: kernel-linus-3.4.34-1.mga2
Summary: Update request: kernel-linus-3.4.34-1.mga2
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: All Linux
Priority: High enhancement
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: has_procedure mga2-32-ok MGA2-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2013-03-01 00:48 CET by Thomas Backlund
Modified: 2013-03-02 15:25 CET (History)
2 users (show)

See Also:
Source RPM: kernel-linus-3.4.34-1.mga2
CVE:
Status comment:


Attachments

Description Thomas Backlund 2013-03-01 00:48:00 CET
Advisory:
This updates kernel-linus to upstream stable 3.4.34.

It also fixes the following security issues:

An unprivileged user can send a netlink message resulting in an
out-of-bounds access of the sock_diag_handlers[] array which, in turn,
allows userland to take over control while in kernel mode.
(CVE-2013-1763).

Linux kernel is prone to a local privilege-escalation vulnerability due
to a tmpfs use-after-free error. 
Local attackers can exploit the issue to execute arbitrary code with
kernel privileges or to crash the kernel, effectively denying service
to legitimate users (CVE-2013-1767).

Linux kernel built with Edgeport USB serial converter driver io_ti,
is vulnerable to a NULL pointer dereference flaw. It happens if the
device is disconnected while corresponding /dev/ttyUSB? file is in use.
An unprivileged user could use this flaw to crash the system, resulting
DoS (CVE-2013-1774).

References:
-----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.34
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33


i586:
-----
kernel-linus-3.4.34-1.mga2-1-1.mga2.i586.rpm
kernel-linus-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm
kernel-linus-devel-latest-3.4.34-1.mga2.i586.rpm
kernel-linus-doc-3.4.34-1.mga2.noarch.rpm
kernel-linus-latest-3.4.34-1.mga2.i586.rpm
kernel-linus-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm

x86_64:
-------
kernel-linus-3.4.34-1.mga2-1-1.mga2.x86_64.rpm
kernel-linus-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm
kernel-linus-devel-latest-3.4.34-1.mga2.x86_64.rpm
kernel-linus-doc-3.4.34-1.mga2.noarch.rpm
kernel-linus-latest-3.4.34-1.mga2.x86_64.rpm
kernel-linus-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm
kernel-linus-source-latest-3.4.34-1.mga2.noarch.rpm

SRPMS:
------
kernel-linus-3.4.34-1.mga2.src.rpm


Reproducible: 

Steps to Reproduce:
Thomas Backlund 2013-03-01 00:48:19 CET

Priority: Normal => High

Comment 1 claire robinson 2013-03-01 09:44:26 CET
PoC: http://www.securityfocus.com/bid/58137/exploit
Comment 2 claire robinson 2013-03-01 17:16:56 CET
Testing complete i586

Confirmed virtualbox dkms module is built when updating.

Everything OK after reboot.

Confirmed PoC closed.

Whiteboard: (none) => has_procedure mga2-32-ok

Comment 3 Dave Hodgins 2013-03-02 03:10:57 CET
Testing complete on Mageia 2 x86-64.

Could someone from the sysadmin team push the
kernel-linus-3.4.34-1.mga2
from Mageia 2 updates testing to updates.

See description for list of srpms and advisory.

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok MGA2-64-OK

Comment 4 Thomas Backlund 2013-03-02 15:25:02 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0081

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.