Updated kernel-vserver package fixes security vulnerabilites.
Publication date: 22 Nov 2013Modification date: 22 Nov 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2013-2015 , CVE-2013-2888 , CVE-2013-2889 , CVE-2013-2892 , CVE-2013-2893 , CVE-2013-2895 , CVE-2013-2896 , CVE-2013-2897 , CVE-2013-2899 , CVE-2013-4162 , CVE-2013-4163 , CVE-2013-4254 , CVE-2013-4348 , CVE-2013-4350 , CVE-2013-4387 , CVE-2013-4470 , CVE-2013-4483
Description
This kernel-vserver update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test (CVE-2013-2015). Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID (CVE-2013-2888). drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2889). drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2892). The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (CVE-2013-2893). drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device (CVE-2013-2895). drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2896). Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897). drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2899). The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4162). The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4163). The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event (CVE-2013-4254) The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation (CVE-2013-4348). The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network (CVE-2013-4350). net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet (CVE-2013-4387). The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c (CVE-2013-4470). The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application (CVE-2013-4483). For other -stable fixes, read the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=11468
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.53
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.54
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.55
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.56
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.57
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.58
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.59
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.60
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.61
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.62
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.63
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.64
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.65
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.66
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.67
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.68
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.69
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2888
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2892
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2895
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2896
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4163
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4254
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4348
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4350
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483
SRPMS
2/core
- kernel-vserver-3.4.69-1.mga2