{
  "schema_version": "1.7.0",
  "id": "MGASA-2014-0265",
  "published": "2014-06-18T20:50:01Z",
  "modified": "2014-06-18T20:49:35Z",
  "summary": "Updated kernel packages fixes security vulnerabilities.",
  "details": "Updated kernel packages fixes security vulnerabilities.\n\nThe kernel has been updated to the upstream 3.12.21 longterm kernel,\nand fixes the following security issues:\n\nmedia-device: fix infoleak in ioctl media_enum_entities()\n(CVE-2014-1739)\n\nThe futex_requeue function in kernel/futex.c in the Linux kernel through\n3.14.5 does not ensure that calls have two different futex addresses,\nwhich allows local users to gain privileges via a crafted FUTEX_REQUEUE\ncommand that facilitates unsafe waiter modification. (CVE-2014-3153)\n\nkernel/auditsc.c in the Linux kernel through 3.14.5, when \nCONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local\nusers to obtain potentially sensitive single-bit values from kernel memory\nor cause a denial of service (OOPS) via a large value of a syscall number.\nTo avoid this and other issues CONFIG_AUDITSYSCALL has been disabled.\n(CVE-2014-3917)\n\nOther changes:\niwlwifi: mvm: disable beacon filtering\nALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets\n\nFor other upstream changes, see the referenced changelog.\n",
  "upstream": [
    "CVE-2014-1739",
    "CVE-2014-3153",
    "CVE-2014-3917"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2014-0265.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=13449"
    },
    {
      "type": "WEB",
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.21"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "kernel",
        "purl": "pkg:rpm/mageia/kernel?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.21-2.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "kernel-userspace-headers",
        "purl": "pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.21-2.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "kmod-vboxadditions",
        "purl": "pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.10-7.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "kmod-virtualbox",
        "purl": "pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.10-7.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "kmod-xtables-addons",
        "purl": "pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3-47.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "kmod-broadcom-wl",
        "purl": "pkg:rpm/mageia/kmod-broadcom-wl?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.30.223.141-32.mga4.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "kmod-nvidia173",
        "purl": "pkg:rpm/mageia/kmod-nvidia173?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "173.14.39-17.mga4.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "kmod-nvidia304",
        "purl": "pkg:rpm/mageia/kmod-nvidia304?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "304.119-12.mga4.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}