Advisories » MGASA-2014-0265

Updated kernel packages fixes security vulnerabilities.

Publication date: 18 Jun 2014
Modification date: 18 Jun 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-1739 , CVE-2014-3153 , CVE-2014-3917

Description

Updated kernel packages fixes security vulnerabilities.

The kernel has been updated to the upstream 3.12.21 longterm kernel,
and fixes the following security issues:

media-device: fix infoleak in ioctl media_enum_entities()
(CVE-2014-1739)

The futex_requeue function in kernel/futex.c in the Linux kernel through
3.14.5 does not ensure that calls have two different futex addresses,
which allows local users to gain privileges via a crafted FUTEX_REQUEUE
command that facilitates unsafe waiter modification. (CVE-2014-3153)

kernel/auditsc.c in the Linux kernel through 3.14.5, when 
CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local
users to obtain potentially sensitive single-bit values from kernel memory
or cause a denial of service (OOPS) via a large value of a syscall number.
To avoid this and other issues CONFIG_AUDITSYSCALL has been disabled.
(CVE-2014-3917)

Other changes:
iwlwifi: mvm: disable beacon filtering
ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets

For other upstream changes, see the referenced changelog.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13449
• https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.21
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917

SRPMS

4/nonfree

• kmod-broadcom-wl-6.30.223.141-32.mga4.nonfree
• kmod-nvidia173-173.14.39-17.mga4.nonfree
• kmod-nvidia304-304.119-12.mga4.nonfree

4/core

• kernel-3.12.21-2.mga4
• kernel-userspace-headers-3.12.21-2.mga4
• kmod-vboxadditions-4.3.10-7.mga4
• kmod-virtualbox-4.3.10-7.mga4
• kmod-xtables-addons-2.3-47.mga4