Advisories ยป MGASA-2014-0045

Updated kernel-tmb packages fix multiple vulnerabilities

Publication date: 10 Feb 2014
Modification date: 10 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4579 , CVE-2014-0038 , CVE-2014-1438 , CVE-2014-1446 , CVE-2014-1690

Description

This kernel update provides an update to the 3.10 longterm branch,
currently 3.10.28 and fixes the following security issues:

The ath9k_htc_set_bssid_mask function in 
drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through
3.12 uses a BSSID masking approach to determine the set of MAC addresses
on which a Wi-Fi device is listening, which allows remote attackers to
discover the original MAC address after spoofing by sending a series of
packets to MAC addresses with certain bit manipulations. (CVE-2013-4579)

Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called
from code using the x32 ABI. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash) or gain administrator
privileges (CVE-2014-0038)

Faults during task-switch due to unhandled FPU-exceptions allow to
kill processes at random on all affected kernels, resulting in local
DOS in the end. One some architectures, privilege escalation under
non-common circumstances is possible. (CVE-2014-1438)

The hamradio yam_ioctl() code fails to initialise the cmd field of the
struct yamdrv_ioctl_cfg leading to a 4-byte info leak. (CVE-2014-1446)

Linux kernel built with the NetFilter Connection Tracking(NF_CONNTRACK)
support for IRC protocol(NF_NAT_IRC), is vulnerable to an information
leakage flaw. It could occur when communicating over direct
client-to-client IRC connection(/dcc) via a NAT-ed network. Kernel
attempts to mangle IRC TCP packet's content, wherein an uninitialised
'buffer' object is copied to a socket buffer and sent over to the other
end of a connection. (CVE-2014-1690)

For other changes, see the referenced changelogs:

References

SRPMS

3/core