{ "schema_version": "1.7.0", "id": "MGASA-2014-0038", "published": "2014-02-08T19:01:59Z", "modified": "2014-02-08T19:01:52Z", "summary": "Updated kernel package fixes one critical and a few other security issues", "details": "This kernel update provides an update to the 3.10 longterm branch,\ncurrently 3.10.28 and fixes the following security issues:\n\nThe ath9k_htc_set_bssid_mask function in \ndrivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through\n3.12 uses a BSSID masking approach to determine the set of MAC addresses\non which a Wi-Fi device is listening, which allows remote attackers to\ndiscover the original MAC address after spoofing by sending a series of\npackets to MAC addresses with certain bit manipulations. (CVE-2013-4579)\n\nPageexec reported a bug in the Linux kernel's recvmmsg syscall when called\nfrom code using the x32 ABI. An unprivileged local user could exploit this\nflaw to cause a denial of service (system crash) or gain administrator\nprivileges (CVE-2014-0038)\n\nFaults during task-switch due to unhandled FPU-exceptions allow to\nkill processes at random on all affected kernels, resulting in local\nDOS in the end. One some architectures, privilege escalation under\nnon-common circumstances is possible. (CVE-2014-1438)\n\nThe hamradio yam_ioctl() code fails to initialise the cmd field of the\nstruct yamdrv_ioctl_cfg leading to a 4-byte info leak. (CVE-2014-1446)\n\nLinux kernel built with the NetFilter Connection Tracking(NF_CONNTRACK)\nsupport for IRC protocol(NF_NAT_IRC), is vulnerable to an information\nleakage flaw. It could occur when communicating over direct\nclient-to-client IRC connection(/dcc) via a NAT-ed network. Kernel\nattempts to mangle IRC TCP packet's content, wherein an uninitialised\n'buffer' object is copied to a socket buffer and sent over to the other\nend of a connection. (CVE-2014-1690)\n\nIt also fixes an issue where some laptops are forced to use\nvesa driver & No ACPI (mga#6077)\n\nFor other upstream fixes, see the referenced changelogs.\n\nThe proprietary fglrx driver has also been updated from Catalyst\n13.11-beta6 to Catalyst 13.12 official driver.\n", "upstream": [ "CVE-2013-4579", "CVE-2014-0038", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1690" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0038.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=6077" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=12517" }, { "type": "WEB", "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25" }, { "type": "WEB", "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26" }, { "type": "WEB", "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.27" }, { "type": "WEB", "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.28" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "kernel", "purl": "pkg:rpm/mageia/kernel?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.10.28-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "kernel-userspace-headers", "purl": "pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.10.28-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-vboxadditions", "purl": "pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.2.16-7.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-virtualbox", "purl": "pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.2.16-7.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-xtables-addons", "purl": "pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.3-11.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "fglrx", "purl": "pkg:rpm/mageia/fglrx?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "13.251-1.mga3.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-broadcom-wl", "purl": "pkg:rpm/mageia/kmod-broadcom-wl?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "6.30.223.141-10.mga3.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-fglrx", "purl": "pkg:rpm/mageia/kmod-fglrx?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "13.251-3.mga3.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-nvidia173", "purl": "pkg:rpm/mageia/kmod-nvidia173?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "173.14.38-27.mga3.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-nvidia304", "purl": "pkg:rpm/mageia/kmod-nvidia304?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "304.108-12.mga3.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-nvidia-current", "purl": "pkg:rpm/mageia/kmod-nvidia-current?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "319.60-11.mga3.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }