{ "schema_version": "1.6.2", "id": "MGASA-2014-0206", "published": "2014-05-08T21:48:19Z", "modified": "2014-05-08T21:48:09Z", "summary": "Updated kernel packages fixes multiple bugs and vulnerabilities", "details": "Updated kernel provides upstream 3.12.18 kernel and fixes the following\nsecurity issues:\n\nBuffer overflow in the complete_emulated_mmio function in arch/x86/kvm/\nx86.c in the Linux kernel before 3.13.6 allows guest OS users to execute\narbitrary code on the host OS by leveraging a loop that triggers an\ninvalid memory copy affecting certain cancel_work_item data. \n(CVE-2014-0049)\n\nThe get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem\nin the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise\nLinux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which\nallows guest OS users to cause a denial of service (host OS crash) via\nunspecified vectors. (CVE-2014-0055)\n\nThe cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through\n3.13.5 does not properly handle uncached write operations that copy fewer\nthan the requested number of bytes, which allows local users to obtain\nsensitive information from kernel memory, cause a denial of service\n(memory corruption and system crash), or possibly gain privileges via a\nwritev system call with a crafted pointer. (CVE-2014-0069)\n\ndrivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable\nbuffers are disabled, does not properly validate packet lengths, which\nallows guest OS users to cause a denial of service (memory corruption and\nhost OS crash) or possibly gain privileges on the host OS via crafted\npackets, related to the handle_rx and get_rx_bufs functions. \n(CVE-2014-0077)\n\nInteger overflow in the ping_init_sock function in net/ipv4/ping.c in the\nLinux kernel through 3.14.1 allows local users to cause a denial of service\n(use-after-free and system crash) or possibly gain privileges via a crafted\napplication that leverages an improperly managed reference counter.\n(CVE-2014-2851)\n\nOter fixes in this update:\n- switch hugepages back to madvise to fix performance regression (mga#12994)\n- enable Intel P-state driver (mga#13080)\n- fix r8169 suspend/resume issue (mga#13255)\n\nFor upstream merged fixes, read the referenced changelogs:\n", "related": [ "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-2851" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0206.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=12994" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=13080" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=13255" }, { "type": "REPORT", "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.18" }, { "type": "REPORT", "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.17" }, { "type": "REPORT", "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.16" }, { "type": "REPORT", "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15" }, { "type": "REPORT", "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.14" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=13264" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "kernel", "purl": "pkg:rpm/mageia/kernel?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.12.18-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "kernel-userspace-headers", "purl": "pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.12.18-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "kmod-vboxadditions", "purl": "pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.3.10-2.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "kmod-virtualbox", "purl": "pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.3.10-2.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "kmod-xtables-addons", "purl": "pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.3-44.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "kmod-broadcom-wl", "purl": "pkg:rpm/mageia/kmod-broadcom-wl?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "6.30.223.141-28.mga4.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:4", "name": "kmod-fglrx", "purl": "pkg:rpm/mageia/kmod-fglrx?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "13.251-13.mga4.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:4", "name": "kmod-nvidia173", "purl": "pkg:rpm/mageia/kmod-nvidia173?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "173.14.39-14.mga4.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:4", "name": "kmod-nvidia304", "purl": "pkg:rpm/mageia/kmod-nvidia304?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "304.119-6.mga4.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } }, { "package": { "ecosystem": "Mageia:4", "name": "kmod-nvidia-current", "purl": "pkg:rpm/mageia/kmod-nvidia-current?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "331.49-3.mga4.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }