MGASA-2013-0203

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0203.html

Import Source

https://advisories.mageia.org/MGASA-2013-0203.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2013-0203

Related

Published

2013-07-06T14:25:03Z

Modified

2013-07-06T14:24:59Z

Summary

Updated kernel packages fix multiple security vulnerabilities

Details

This kernel update provides the upstream 3.4.52 kernel and fixes the following security issues:

The pcibackenablemsi function in the PCI backend driver (drivers/xen/pciback/confspacecapability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (CVE-2013-0231 / XSA-43)

ipv6: ip6skdstcheck() must not assume ipv6 dst It's possible to use AFINET6 sockets and to connect to an IPv4 destination. After this, socket dst cache is a pointer to a rtable, not rt6_info. This bug can be exploited by local non-root users to trigger various corruptions/crashes (CVE-2013-2232)

afkey: fix info leaks in notify messages keynotifysaflush() and keynotifypolicyflush() miss to initialize the sadbmsg_reserved member of the broadcasted message and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234)

afkey: initialize satype in keynotifypolicyflush() keynotifypolicyflush() miss to nitialize the sadbmsg_satype member of the broadcasted message and thereby leak heap memory to listeners (CVE-2013-2237)

Heap-based buffer overflow in the iscsiaddnotunderstoodresponse function in drivers/target/iscsi/iscsitarget_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. A reproduction case requires patching open-iscsi to send overly large keys. Performing discovery in a loop will Oops the remote server. (CVE-2013-2850)

Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (CVE-2013-2852)

Other fixes: Fix up alx AR8161 breakage (mga #10079)

For other -stable fixes, read the referenced changelogs

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / kmod-broadcom-wl

Package

Name: kmod-broadcom-wl
Purl: pkg:rpm/mageia/kmod-broadcom-wl?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.100.82.112-48.mga2.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:2 / kmod-fglrx

Package

Name: kmod-fglrx
Purl: pkg:rpm/mageia/kmod-fglrx?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.961-24.mga2.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:2 / kmod-nvidia173

Package

Name: kmod-nvidia173
Purl: pkg:rpm/mageia/kmod-nvidia173?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

173.14.36-14.mga2.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:2 / kmod-nvidia96xx

Package

Name: kmod-nvidia96xx
Purl: pkg:rpm/mageia/kmod-nvidia96xx?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

96.43.23-15.mga2.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:2 / kmod-nvidia-current

Package

Name: kmod-nvidia-current
Purl: pkg:rpm/mageia/kmod-nvidia-current?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

295.71-19.mga2.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.52-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.52-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.24-11.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.24-11.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.41-28.mga2

Ecosystem specific

{
    "section": "core"
}