MGASA-2014-0038
- Source
- https://advisories.mageia.org/MGASA-2014-0038.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0038.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2014-0038
- Related
- Published
- 2014-02-08T19:01:59Z
- Modified
- 2014-02-08T19:01:52Z
- Summary
- Updated kernel package fixes one critical and a few other security issues
- Details
-
This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues:
The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (CVE-2013-4579)
Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges (CVE-2014-0038)
Faults during task-switch due to unhandled FPU-exceptions allow to kill processes at random on all affected kernels, resulting in local DOS in the end. One some architectures, privilege escalation under non-common circumstances is possible. (CVE-2014-1438)
The hamradio yamioctl() code fails to initialise the cmd field of the struct yamdrvioctl_cfg leading to a 4-byte info leak. (CVE-2014-1446)
Linux kernel built with the NetFilter Connection Tracking(NFCONNTRACK) support for IRC protocol(NFNAT_IRC), is vulnerable to an information leakage flaw. It could occur when communicating over direct client-to-client IRC connection(/dcc) via a NAT-ed network. Kernel attempts to mangle IRC TCP packet's content, wherein an uninitialised 'buffer' object is copied to a socket buffer and sent over to the other end of a connection. (CVE-2014-1690)
It also fixes an issue where some laptops are forced to use vesa driver & No ACPI (mga#6077)
For other upstream fixes, see the referenced changelogs.
The proprietary fglrx driver has also been updated from Catalyst 13.11-beta6 to Catalyst 13.12 official driver.
- References
-
- https://advisories.mageia.org/MGASA-2014-0038.html
- https://bugs.mageia.org/show_bug.cgi?id=6077
- https://bugs.mageia.org/show_bug.cgi?id=12517
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.27
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.28
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / fglrx
Package
- Name
- fglrx
- Purl
- pkg:rpm/mageia/fglrx?distro=mageia-3
Mageia:3 / kmod-broadcom-wl
Package
- Name
- kmod-broadcom-wl
- Purl
- pkg:rpm/mageia/kmod-broadcom-wl?distro=mageia-3
Mageia:3 / kmod-fglrx
Package
- Name
- kmod-fglrx
- Purl
- pkg:rpm/mageia/kmod-fglrx?distro=mageia-3
Mageia:3 / kmod-nvidia173
Package
- Name
- kmod-nvidia173
- Purl
- pkg:rpm/mageia/kmod-nvidia173?distro=mageia-3
Mageia:3 / kmod-nvidia304
Package
- Name
- kmod-nvidia304
- Purl
- pkg:rpm/mageia/kmod-nvidia304?distro=mageia-3
Mageia:3 / kmod-nvidia-current
Package
- Name
- kmod-nvidia-current
- Purl
- pkg:rpm/mageia/kmod-nvidia-current?distro=mageia-3
Mageia:3 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/mageia/kernel?distro=mageia-3
Mageia:3 / kernel-userspace-headers
Package
- Name
- kernel-userspace-headers
- Purl
- pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-3
Mageia:3 / kmod-vboxadditions
Package
- Name
- kmod-vboxadditions
- Purl
- pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-3
Mageia:3 / kmod-virtualbox
Package
- Name
- kmod-virtualbox
- Purl
- pkg:rpm/mageia/kmod-virtualbox?distro=mageia-3
Mageia:3 / kmod-xtables-addons
Package
- Name
- kmod-xtables-addons
- Purl
- pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-3