Bug 9221 - Update request: kernel-rt-3.4.34-0.rt47.1.mga2
: Update request: kernel-rt-3.4.34-0.rt47.1.mga2
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: High Severity: critical
: ---
Assigned To: QA Team
: Sec team
:
: MGA2-64-OK MGA2-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-03-01 14:01 CET by Thomas Backlund
Modified: 2013-03-02 15:29 CET (History)
3 users (show)

See Also:
Source RPM: kernel-rt-3.4.34-0.rt47.1.mga2
CVE:
Status comment:


Attachments

Description Thomas Backlund 2013-03-01 14:01:22 CET
Advisory:
This updates kernel to upstream stable 3.4.34.

It also fixes the following security issues:

An unprivileged user can send a netlink message resulting in an
out-of-bounds access of the sock_diag_handlers[] array which, in turn,
allows userland to take over control while in kernel mode.
(CVE-2013-1763).

Linux kernel is prone to a local privilege-escalation vulnerability due
to a tmpfs use-after-free error. 
Local attackers can exploit the issue to execute arbitrary code with
kernel privileges or to crash the kernel, effectively denying service
to legitimate users (CVE-2013-1767).

Linux kernel built with Edgeport USB serial converter driver io_ti,
is vulnerable to a NULL pointer dereference flaw. It happens if the
device is disconnected while corresponding /dev/ttyUSB? file is in use.
An unprivileged user could use this flaw to crash the system, resulting
DoS (CVE-2013-1774).

The -rt patch has also ben updated to rt47.

References:
-----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.34
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33


i586:
-----
kernel-rt-3.4.34-0.rt47.1.mga2-1-1.mga2.i586.rpm
kernel-rt-devel-3.4.34-0.rt47.1.mga2-1-1.mga2.i586.rpm
kernel-rt-devel-latest-3.4.34-0.rt47.1.mga2.i586.rpm
kernel-rt-doc-3.4.34-0.rt47.1.mga2.noarch.rpm
kernel-rt-latest-3.4.34-0.rt47.1.mga2.i586.rpm
kernel-rt-source-3.4.34-0.rt47.1.mga2-1-1.mga2.noarch.rpm
kernel-rt-source-latest-3.4.34-0.rt47.1.mga2.noarch.rpm

x86_64:
-------
kernel-rt-3.4.34-0.rt47.1.mga2-1-1.mga2.x86_64.rpm
kernel-rt-devel-3.4.34-0.rt47.1.mga2-1-1.mga2.x86_64.rpm
kernel-rt-devel-latest-3.4.34-0.rt47.1.mga2.x86_64.rpm
kernel-rt-doc-3.4.34-0.rt47.1.mga2.noarch.rpm
kernel-rt-latest-3.4.34-0.rt47.1.mga2.x86_64.rpm
kernel-rt-source-3.4.34-0.rt47.1.mga2-1-1.mga2.noarch.rpm
kernel-rt-source-latest-3.4.34-0.rt47.1.mga2.noarch.rpm

SRPMS:
------
kernel-rt-3.4.34-0.rt47.1.mga2.src.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 Philippe Didier 2013-03-02 01:05:06 CET
kernel-rt-3.4.34-0.rt47.1.mga2-1-1.mga2.i586.rpm
kernel-rt-devel-3.4.34-0.rt47.1.mga2-1-1.mga2.i586.rpm

tested on MGA2 32 bits

Same problems as with previous versions of Kernel-rt : system freezes with the nvidia module that have been built by dkms during the installation (bug 8515, bug 9120)

Modifying the xorg.conf file (replacing nvidia with nouveau) it can work ...

So it's not a regression ...

But that leads to bug 9156 too :(
Comment 2 Dave Hodgins 2013-03-02 03:09:16 CET
Testing complete on Mageia 2 x86-64.

Could someone from the sysadmin team push the
kernel-rt-3.4.34-0.rt47.1.mga2
from Mageia 2 updates testing to updates.

See description for list of srpms and advisory.
Comment 3 Thomas Backlund 2013-03-02 15:29:01 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0083

Note You need to log in before you can comment on or make changes to this bug.