Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2013:291 ] kernel
From: security () mandriva com
Date: Wed, 18 Dec 2013 09:31:16 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:291
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : December 17, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 The Linux kernel before 3.12.2 does not properly use the get_dumpable
 function, which allows local users to bypass intended ptrace
 restrictions or obtain sensitive information from IA64 scratch
 registers via a crafted application, related to kernel/ptrace.c and
 arch/ia64/include/asm/processor.h (CVE-2013-2929).
 
 The perf_trace_event_perm function in kernel/trace/trace_event_perf.c
 in the Linux kernel before 3.12.2 does not properly restrict access
 to the perf subsystem, which allows local users to enable function
 tracing via a crafted application (CVE-2013-2930).
 
 Multiple integer overflows in Alchemy LCD frame-buffer drivers in the
 Linux kernel before 3.12 allow local users to create a read-write
 memory mapping for the entirety of kernel memory, and consequently
 gain privileges, via crafted mmap operations, related to the (1)
 au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2)
 au1200fb_fb_mmap function in drivers/video/au1200fb.c (CVE-2013-4511).
 
 Buffer overflow in the exitcode_proc_write function in
 arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows
 local users to cause a denial of service or possibly have unspecified
 other impact by leveraging root privileges for a write operation
 (CVE-2013-4512).
 
 Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c
 in the Linux kernel before 3.12 allow local users to cause a
 denial of service or possibly have unspecified other impact
 by leveraging the CAP_NET_ADMIN capability and providing a long
 station-name string, related to the (1) wvlan_uil_put_info and (2)
 wvlan_set_station_nickname functions (CVE-2013-4514).
 
 The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in
 the Linux kernel before 3.12 does not initialize a certain data
 structure, which allows local users to obtain sensitive information
 from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call
 (CVE-2013-4515).
 
 Memory leak in the __kvm_set_memory_region function in
 virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users
 to cause a denial of service (memory consumption) by leveraging certain
 device access to trigger movement of memory slots (CVE-2013-4592).
 
 The lbs_debugfs_write function in
 drivers/net/wireless/libertas/debugfs.c in the Linux kernel through
 3.12.1 allows local users to cause a denial of service (OOPS)
 by leveraging root privileges for a zero-length write operation
 (CVE-2013-6378).
 
 The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in
 the Linux kernel through 3.12.1 does not properly validate a certain
 size value, which allows local users to cause a denial of service
 (invalid pointer dereference) or possibly have unspecified other
 impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted
 SRB command (CVE-2013-6380).
 
 Buffer overflow in the qeth_snmp_command function in
 drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1
 allows local users to cause a denial of service or possibly have
 unspecified other impact via an SNMP ioctl call with a length value
 that is incompatible with the command-buffer size (CVE-2013-6381).
 
 The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in
 the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO
 capability, which allows local users to bypass intended access
 restrictions via a crafted ioctl call (CVE-2013-6383).
 
 The uio_mmap_physical function in drivers/uio/uio.c in the Linux
 kernel before 3.12 does not validate the size of a memory block, which
 allows local users to cause a denial of service (memory corruption)
 or possibly gain privileges via crafted mmap operations, a different
 vulnerability than CVE-2013-4511 (CVE-2013-6763).
 
 The updated packages provides a solution for these security issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2930
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4511
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4512
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4514
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4515
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4592
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6378
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6380
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6381
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6763
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 b2ec18573cfce8e2c59f3837bee54986  mbs1/x86_64/cpupower-3.4.71-1.1.mbs1.x86_64.rpm
 4223a45307eed3f34f1c2fc91e47b2bc  mbs1/x86_64/kernel-firmware-3.4.71-1.1.mbs1.noarch.rpm
 12ade5821162c60735934c7d8074abbf  mbs1/x86_64/kernel-headers-3.4.71-1.1.mbs1.x86_64.rpm
 596969c53ae7ef58106d58c3ddcda017  mbs1/x86_64/kernel-server-3.4.71-1.1.mbs1.x86_64.rpm
 447b51d9b8056a545b56a7b2e4d10c00  mbs1/x86_64/kernel-server-devel-3.4.71-1.1.mbs1.x86_64.rpm
 ca6e8ac266deddfdb820498602d83562  mbs1/x86_64/kernel-source-3.4.71-1.mbs1.noarch.rpm
 636862bf8abc059c22bf0f80192682c1  mbs1/x86_64/lib64cpupower0-3.4.71-1.1.mbs1.x86_64.rpm
 68acfb49a9d72e5e64fe4a404b4de306  mbs1/x86_64/lib64cpupower-devel-3.4.71-1.1.mbs1.x86_64.rpm
 4794fa50688c49af900d4b215e0b1a3b  mbs1/x86_64/perf-3.4.71-1.1.mbs1.x86_64.rpm 
 08d165f0b55b13663fc83d23d9853c70  mbs1/SRPMS/cpupower-3.4.71-1.1.mbs1.src.rpm
 1d536b477305aeacc465861b6cf27d36  mbs1/SRPMS/kernel-firmware-3.4.71-1.1.mbs1.src.rpm
 7c454f625ecd42711dd7c1081db66adb  mbs1/SRPMS/kernel-headers-3.4.71-1.1.mbs1.src.rpm
 d6dbb3c4025edf28de366a595bb70017  mbs1/SRPMS/kernel-server-3.4.71-1.1.mbs1.src.rpm
 ae18c854eb9d554cb1dbc8783836546b  mbs1/SRPMS/kernel-source-3.4.71-1.mbs1.src.rpm
 5d73b86d8323d5c682d1e840c3f5a1ee  mbs1/SRPMS/perf-3.4.71-1.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSsHyomqjQ0CJFipgRAuHZAJ4iucAvE9Ujo1RPE3X19MQqW0bgMQCgyo1S
xosocZxNYfjd7/v82ZxQHyM=
=GSnA
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]