Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: Linux Kernel, two security issues
From: Agostino Sarubbo <ago () gentoo org>
Date: Sun, 30 Mar 2014 14:03:36 +0200

I don't see a cve assigned for the following:

1) https://secunia.com/advisories/57468/ :

A vulnerability has been reported in Linux Kernel, which can be exploited by 
malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition error in the 
"ath_tx_aggr_sleep()" function (drivers/net/wireless/ath/ath9k/xmit.c), which 
can be exploited to cause a crash.

The vulnerability is reported in versions prior to 3.12.15 and prior to 
3.13.7.


Solution:
Update to version 3.12.15 or 3.13.7.

Provided and/or discovered by:
Max Sydorenko within a bug report.

Original Advisory:
Kernel:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7

Max Sydorenko:
https://bugzilla.kernel.org/show_bug.cgi?id=70551




2) https://secunia.com/advisories/57436/ :

Description

A vulnerability has been reported in Linux Kernel, which can be exploited by 
malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "arch_dup_task_struct()" 
function (arch/powerpc/kernel/process.c) and can be exploited to cause a crash 
via a specially crafted instruction sequence.

Note: This only affects systems running on PowerPC.

The vulnerability is reported in versions prior to 3.12.15 and 3.13.7.


Solution:
Update to version 3.12.15 or 3.13.7.

Provided and/or discovered by:
The vendor credits Adhemerval Zanella Neto.

Original Advisory:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7

-- 
Agostino Sarubbo
Gentoo Linux Developer


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault