Bug 9212 - Update request: kernel-vserver-3.4.34-1.mga2
: Update request: kernel-vserver-3.4.34-1.mga2
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: High Severity: critical
: ---
Assigned To: QA Team
: Sec team
:
: MGA2-64-OK MGA2-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-03-01 00:48 CET by Thomas Backlund
Modified: 2013-03-02 15:26 CET (History)
2 users (show)

See Also:
Source RPM: kernel-vserver-3.4.34-1.mga2
CVE:
Status comment:


Attachments

Description Thomas Backlund 2013-03-01 00:48:36 CET
Advisory:
This updates kernel-vserver to upstream stable 3.4.34.

It also fixes the following security issues:

An unprivileged user can send a netlink message resulting in an
out-of-bounds access of the sock_diag_handlers[] array which, in turn,
allows userland to take over control while in kernel mode.
(CVE-2013-1763).

Linux kernel is prone to a local privilege-escalation vulnerability due
to a tmpfs use-after-free error. 
Local attackers can exploit the issue to execute arbitrary code with
kernel privileges or to crash the kernel, effectively denying service
to legitimate users (CVE-2013-1767).

Linux kernel built with Edgeport USB serial converter driver io_ti,
is vulnerable to a NULL pointer dereference flaw. It happens if the
device is disconnected while corresponding /dev/ttyUSB? file is in use.
An unprivileged user could use this flaw to crash the system, resulting
DoS (CVE-2013-1774).

References:
-----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.34
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33


i586:
-----
kernel-vserver-3.4.34-1.mga2-1-1.mga2.i586.rpm
kernel-vserver-devel-3.4.34-1.mga2-1-1.mga2.i586.rpm
kernel-vserver-devel-latest-3.4.34-1.mga2.i586.rpm
kernel-vserver-doc-3.4.34-1.mga2.noarch.rpm
kernel-vserver-latest-3.4.34-1.mga2.i586.rpm
kernel-vserver-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm
kernel-vserver-source-latest-3.4.34-1.mga2.noarch.rpm

x86_64:
-------
kernel-vserver-3.4.34-1.mga2-1-1.mga2.x86_64.rpm
kernel-vserver-devel-3.4.34-1.mga2-1-1.mga2.x86_64.rpm
kernel-vserver-devel-latest-3.4.34-1.mga2.x86_64.rpm
kernel-vserver-doc-3.4.34-1.mga2.noarch.rpm
kernel-vserver-latest-3.4.34-1.mga2.x86_64.rpm
kernel-vserver-source-3.4.34-1.mga2-1-1.mga2.noarch.rpm
kernel-vserver-source-latest-3.4.34-1.mga2.noarch.rpm

SRPMS:
------
kernel-vserver-3.4.34-1.mga2.src.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-03-01 09:44:46 CET
PoC: http://www.securityfocus.com/bid/58137/exploit
Comment 2 Dave Hodgins 2013-03-02 02:27:54 CET
Testing complete on Mageia 2 i586.  The poc doesn't work on i586, so
just testing that the updating works properly, etc.

As expected, dkms generated modules still fail to load with
errors such as ...
ERROR: could not insert 'fglrx': Exec format error
insmod /lib/modules/3.4.34-vserver-1.mga2/dkms/drivers/char/drm/fglrx.ko.xz

Other then that, it's working ok.

Claire, have you tested the vserver kernel on x86_64?
Comment 3 Dave Hodgins 2013-03-02 03:07:06 CET
Testing complete on Mageia 2 x86_64.

Could someone from the sysadmin team push the
kernel-vserver-3.4.34-1.mga2 srpms
from updates testing to updates.

See description for list of srpms and advisory.
Comment 4 Thomas Backlund 2013-03-02 15:26:57 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0082

Note You need to log in before you can comment on or make changes to this bug.