MGASA-2014-0273

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0273.html

Import Source

https://advisories.mageia.org/MGASA-2014-0273.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0273

Related

Published

2014-06-22T21:13:23Z

Modified

2014-06-22T21:13:10Z

Summary

Updated kernel packages fixes security vulnerabilities

Details

The kernel has been updated to the upstream 3.10.44 longterm kernel, and fixes the following security issues:

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. (CVE-2014-0181)

media-device: fix infoleak in ioctl mediaenumentities() (CVE-2014-1739)

The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification. (CVE-2014-3153)

kernel/auditsc.c in the Linux kernel through 3.14.5, when AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (CVE-2014-3917)

Andy Lutomirski has reported a vulnerability in Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error related to checking Inode capabilities, which can be exploited to conduct certain actions with escalated privileges. Successful exploitation requires a kernel built with user namespaces (USER_NS) enabled. (CVE-2014-4014)

For other changes, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.44-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.44-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.10-7.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.10-7.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3-17.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / kmod-broadcom-wl

Package

Name: kmod-broadcom-wl
Purl: pkg:rpm/mageia/kmod-broadcom-wl?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.30.223.141-17.mga3.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:3 / kmod-fglrx

Package

Name: kmod-fglrx
Purl: pkg:rpm/mageia/kmod-fglrx?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

13.251-7.mga3.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:3 / kmod-nvidia173

Package

Name: kmod-nvidia173
Purl: pkg:rpm/mageia/kmod-nvidia173?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

173.14.38-32.mga3.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:3 / kmod-nvidia304

Package

Name: kmod-nvidia304
Purl: pkg:rpm/mageia/kmod-nvidia304?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

304.108-17.mga3.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:3 / kmod-nvidia-current

Package

Name: kmod-nvidia-current
Purl: pkg:rpm/mageia/kmod-nvidia-current?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

319.60-17.mga3.nonfree

Ecosystem specific

{
    "section": "nonfree"
}