MGASA-2014-0318
- Source
- https://advisories.mageia.org/MGASA-2014-0318.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0318.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2014-0318
- Related
- Published
- 2014-08-05T21:36:30Z
- Modified
- 2014-08-05T21:29:50Z
- Summary
- Updated kernel packages fix security vulnerabilities
- Details
-
This kernel update provides the upstream 3.10.50 longterm kernel and fixes the following security issues:
Array index error in the aioreadevents_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value (CVE-2014-0206).
mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (imutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADVREMOVE madvise call or (2) an FALLOCFLPUNCH_HOLE fallocate call (CVE-2014-4171).
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (CVE-2014-4508).
Linux kernel built with the support for Stream Control Transmission Protocol (CONFIGIPSCTP) is vulnerable to a NULL pointer dereference flaw. It could occur when simultaneous new connections are initiated between a same pair of hosts. A remote user/program could use this flaw to crash the system kernel resulting in DoS (CVE-2014-5077).
- References
-
- https://advisories.mageia.org/MGASA-2014-0318.html
- https://bugs.mageia.org/show_bug.cgi?id=13802
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.46
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.48
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.49
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.50
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/mageia/kernel?distro=mageia-3
Mageia:3 / kernel-userspace-headers
Package
- Name
- kernel-userspace-headers
- Purl
- pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-3
Mageia:3 / kmod-vboxadditions
Package
- Name
- kmod-vboxadditions
- Purl
- pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-3
Mageia:3 / kmod-virtualbox
Package
- Name
- kmod-virtualbox
- Purl
- pkg:rpm/mageia/kmod-virtualbox?distro=mageia-3
Mageia:3 / kmod-xtables-addons
Package
- Name
- kmod-xtables-addons
- Purl
- pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-3
Mageia:3 / kmod-broadcom-wl
Package
- Name
- kmod-broadcom-wl
- Purl
- pkg:rpm/mageia/kmod-broadcom-wl?distro=mageia-3
Mageia:3 / kmod-fglrx
Package
- Name
- kmod-fglrx
- Purl
- pkg:rpm/mageia/kmod-fglrx?distro=mageia-3
Mageia:3 / kmod-nvidia173
Package
- Name
- kmod-nvidia173
- Purl
- pkg:rpm/mageia/kmod-nvidia173?distro=mageia-3
Mageia:3 / kmod-nvidia304
Package
- Name
- kmod-nvidia304
- Purl
- pkg:rpm/mageia/kmod-nvidia304?distro=mageia-3
Mageia:3 / kmod-nvidia-current
Package
- Name
- kmod-nvidia-current
- Purl
- pkg:rpm/mageia/kmod-nvidia-current?distro=mageia-3