Fixes: - fixes several CVEs, advisory will be written in a day or so... SRPMS: kernel-tmb-3.4.43-1.mga2.src.rpm i586: kernel-tmb-desktop-3.4.43-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-3.4.43-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-3.4.43-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-latest-3.4.43-1.mga2.i586.rpm kernel-tmb-desktop586-latest-3.4.43-1.mga2.i586.rpm kernel-tmb-desktop-devel-3.4.43-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop-devel-latest-3.4.43-1.mga2.i586.rpm kernel-tmb-desktop-latest-3.4.43-1.mga2.i586.rpm kernel-tmb-laptop-3.4.43-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-3.4.43-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-latest-3.4.43-1.mga2.i586.rpm kernel-tmb-laptop-latest-3.4.43-1.mga2.i586.rpm kernel-tmb-server-3.4.43-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-3.4.43-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-latest-3.4.43-1.mga2.i586.rpm kernel-tmb-server-latest-3.4.43-1.mga2.i586.rpm kernel-tmb-source-3.4.43-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.43-1.mga2.noarch.rpm x86_64: kernel-tmb-desktop-3.4.43-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-3.4.43-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-latest-3.4.43-1.mga2.x86_64.rpm kernel-tmb-desktop-latest-3.4.43-1.mga2.x86_64.rpm kernel-tmb-laptop-3.4.43-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-3.4.43-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-latest-3.4.43-1.mga2.x86_64.rpm kernel-tmb-laptop-latest-3.4.43-1.mga2.x86_64.rpm kernel-tmb-server-3.4.43-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-3.4.43-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-latest-3.4.43-1.mga2.x86_64.rpm kernel-tmb-server-latest-3.4.43-1.mga2.x86_64.rpm kernel-tmb-source-3.4.43-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.43-1.mga2.noarch.rpm Reproducible: Steps to Reproduce:
Taking it back, 3.4.44 will land tomorrow with more CVEs fixed.
Assignee: qa-bugs => tmb
Advisory: This updates kernel to upstream stable 3.4.44. It also fixes the following security issues: A security flaw was found in the way "/dev/ptmx", a character device used to create a pseudo-terminal master (PTM) and slave (PTS) pair, of the Linux kernel, used to transmit data through the PTM when a keystroke was pressed. An unprivileged, local user could use this flaw to determine inter-keystroke timing (measure latency between keystrokes), possibly allowing them to determine effective length of an password being typed in. (CVE-2013-0160) A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. (CVE-2013-0913) The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (CVE-2013-0914) A NULL pointer dereference was found in the Linux kernel's USB Inside Out Edgeport Serial Driver implementation. An attacker with physical access to a system could use this flaw to cause a denial of service. (CVE-2013-1774) A race condition in install_user_keyrings(), leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-1792) A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796) A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797) A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798) fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. (CVE-2013-1848) Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. (CVE-2013-1860) The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (CVE-2013-1928) Linux kernel built with the Broadcom tg3 ethernet driver is vulnerable to a buffer overflow. This could occur when the tg3 driver reads and copies firmware string from hardware's product data(VPD), if it exceeds 32 characters. A user with physical access to a machine could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-1929) The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. (CVE-2013-1979) The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2546) The crypto_report_one function in crypto/crypto_user.c in the reportAPI in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2547) The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, whichallows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548) net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2013-2634) The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2013-2635) net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (CVE-2013-2636) The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. (CVE-2013-3076) The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222) The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223) The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224) The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225) The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3227) The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3228) The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3229) The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231) The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232) The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3233) The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234) net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3235) Other changes: Atheros alx gigabit ethernet is to latest upstream to support more hw, including Atheros Killer e2200 ethernet (mga #9979) For other changes in the -stable kernels, see the referenced changelogs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0311 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1860 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2635 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.35 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.36 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.37 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.38 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.39 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.40 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.41 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.42 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.43 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.44 https://bugs.mageia.org/show_bug.cgi?id=9979 https://bugs.mageia.org/show_bug.cgi?id=9955
Assignee: tmb => qa-bugsSummary: Update request: kernel-tmb-3.4.43-1.mga2 => Update request: kernel-tmb-3.4.44-1.mga2Source RPM: kernel-tmb-3.4.43-1.mga2.src.rpm => kernel-tmb-3.4.44-1.mga2.src.rpm
SRPMS: kernel-tmb-3.4.44-1.mga2.src.rpm i586: kernel-tmb-desktop-3.4.44-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-3.4.44-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-3.4.44-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-latest-3.4.44-1.mga2.i586.rpm kernel-tmb-desktop586-latest-3.4.44-1.mga2.i586.rpm kernel-tmb-desktop-devel-3.4.44-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop-devel-latest-3.4.44-1.mga2.i586.rpm kernel-tmb-desktop-latest-3.4.44-1.mga2.i586.rpm kernel-tmb-laptop-3.4.44-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-3.4.44-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-latest-3.4.44-1.mga2.i586.rpm kernel-tmb-laptop-latest-3.4.44-1.mga2.i586.rpm kernel-tmb-server-3.4.44-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-3.4.44-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-latest-3.4.44-1.mga2.i586.rpm kernel-tmb-server-latest-3.4.44-1.mga2.i586.rpm kernel-tmb-source-3.4.44-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.44-1.mga2.noarch.rpm x86_64: kernel-tmb-desktop-3.4.44-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-3.4.44-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-latest-3.4.44-1.mga2.x86_64.rpm kernel-tmb-desktop-latest-3.4.44-1.mga2.x86_64.rpm kernel-tmb-laptop-3.4.44-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-3.4.44-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-latest-3.4.44-1.mga2.x86_64.rpm kernel-tmb-laptop-latest-3.4.44-1.mga2.x86_64.rpm kernel-tmb-server-3.4.44-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-3.4.44-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-latest-3.4.44-1.mga2.x86_64.rpm kernel-tmb-server-latest-3.4.44-1.mga2.x86_64.rpm kernel-tmb-source-3.4.44-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.44-1.mga2.noarch.rpm
and taking it back... 3.4.45 is being "rushed out" tomorrow for another security fix...
And 3.4.45 is ready for test: SRPMS: kernel-tmb-3.4.45-1.mga2.src.rpm i586: kernel-tmb-desktop-3.4.45-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-3.4.45-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-3.4.45-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop586-devel-latest-3.4.45-1.mga2.i586.rpm kernel-tmb-desktop586-latest-3.4.45-1.mga2.i586.rpm kernel-tmb-desktop-devel-3.4.45-1.mga2-1-1.mga2.i586.rpm kernel-tmb-desktop-devel-latest-3.4.45-1.mga2.i586.rpm kernel-tmb-desktop-latest-3.4.45-1.mga2.i586.rpm kernel-tmb-laptop-3.4.45-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-3.4.45-1.mga2-1-1.mga2.i586.rpm kernel-tmb-laptop-devel-latest-3.4.45-1.mga2.i586.rpm kernel-tmb-laptop-latest-3.4.45-1.mga2.i586.rpm kernel-tmb-server-3.4.45-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-3.4.45-1.mga2-1-1.mga2.i586.rpm kernel-tmb-server-devel-latest-3.4.45-1.mga2.i586.rpm kernel-tmb-server-latest-3.4.45-1.mga2.i586.rpm kernel-tmb-source-3.4.45-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.45-1.mga2.noarch.rpm x86_64: kernel-tmb-desktop-3.4.45-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-3.4.45-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-desktop-devel-latest-3.4.45-1.mga2.x86_64.rpm kernel-tmb-desktop-latest-3.4.45-1.mga2.x86_64.rpm kernel-tmb-laptop-3.4.45-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-3.4.45-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-laptop-devel-latest-3.4.45-1.mga2.x86_64.rpm kernel-tmb-laptop-latest-3.4.45-1.mga2.x86_64.rpm kernel-tmb-server-3.4.45-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-3.4.45-1.mga2-1-1.mga2.x86_64.rpm kernel-tmb-server-devel-latest-3.4.45-1.mga2.x86_64.rpm kernel-tmb-server-latest-3.4.45-1.mga2.x86_64.rpm kernel-tmb-source-3.4.45-1.mga2-1-1.mga2.noarch.rpm kernel-tmb-source-latest-3.4.45-1.mga2.noarch.rpm
Assignee: tmb => qa-bugsSummary: Update request: kernel-tmb-3.4.44-1.mga2 => Update request: kernel-tmb-3.4.45-1.mga2Source RPM: kernel-tmb-3.4.44-1.mga2.src.rpm => kernel-tmb-3.4.45-1.mga2.src.rpm
Testing complete on Mageia 2 i586 and x86_64. Could someone from the sysadmin push the kernel updates from Mageia 2 Core Updates Testing to Core Updates. See above for list of srpms and advisory.
Keywords: (none) => validated_updateWhiteboard: (none) => mga2-64-ok MGA2-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0149
Status: NEW => RESOLVEDResolution: (none) => FIXED