Bug 9211 - Update request: kernel-linus-3.4.34-1.mga2
: Update request: kernel-linus-3.4.34-1.mga2
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: High Severity: enhancement
: ---
Assigned To: QA Team
: Sec team
:
: has_procedure mga2-32-ok MGA2-64-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-03-01 00:48 CET by Thomas Backlund
Modified: 2013-03-02 15:25 CET (History)
2 users (show)

See Also:
Source RPM: kernel-linus-3.4.34-1.mga2
CVE:


Attachments

Description Thomas Backlund 2013-03-01 00:48:00 CET
Advisory:
This updates kernel-linus to upstream stable 3.4.34.

It also fixes the following security issues:

An unprivileged user can send a netlink message resulting in an
out-of-bounds access of the sock_diag_handlers[] array which, in turn,
allows userland to take over control while in kernel mode.
(CVE-2013-1763).

Linux kernel is prone to a local privilege-escalation vulnerability due
to a tmpfs use-after-free error. 
Local attackers can exploit the issue to execute arbitrary code with
kernel privileges or to crash the kernel, effectively denying service
to legitimate users (CVE-2013-1767).

Linux kernel built with Edgeport USB serial converter driver io_ti,
is vulnerable to a NULL pointer dereference flaw. It happens if the
device is disconnected while corresponding /dev/ttyUSB? file is in use.
An unprivileged user could use this flaw to crash the system, resulting
DoS (CVE-2013-1774).

References:
-----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.34
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33


i586:
-----
kernel-linus-3.4.34-1.mga2-1-1.mga2.i586.rpm
kernel-linus-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm
kernel-linus-devel-latest-3.4.34-1.mga2.i586.rpm
kernel-linus-doc-3.4.34-1.mga2.noarch.rpm
kernel-linus-latest-3.4.34-1.mga2.i586.rpm
kernel-linus-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm

x86_64:
-------
kernel-linus-3.4.34-1.mga2-1-1.mga2.x86_64.rpm
kernel-linus-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm
kernel-linus-devel-latest-3.4.34-1.mga2.x86_64.rpm
kernel-linus-doc-3.4.34-1.mga2.noarch.rpm
kernel-linus-latest-3.4.34-1.mga2.x86_64.rpm
kernel-linus-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm
kernel-linus-source-latest-3.4.34-1.mga2.noarch.rpm

SRPMS:
------
kernel-linus-3.4.34-1.mga2.src.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-03-01 09:44:26 CET
PoC: http://www.securityfocus.com/bid/58137/exploit
Comment 2 claire robinson 2013-03-01 17:16:56 CET
Testing complete i586

Confirmed virtualbox dkms module is built when updating.

Everything OK after reboot.

Confirmed PoC closed.
Comment 3 Dave Hodgins 2013-03-02 03:10:57 CET
Testing complete on Mageia 2 x86-64.

Could someone from the sysadmin team push the
kernel-linus-3.4.34-1.mga2
from Mageia 2 updates testing to updates.

See description for list of srpms and advisory.
Comment 4 Thomas Backlund 2013-03-02 15:25:02 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0081

Note You need to log in before you can comment on or make changes to this bug.