LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2013-0067 (kernel-tmb)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0067: kernel-tmb-3.4.32-2.mga2
 (2/core) 


Date:
    	      Fri, 22 Feb 2013 00:48:19 +0100


Message-ID:
    	      <20130221234819.GA5447@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2013-0067
Date: 	February 22nd, 2013
Affected releases: 	2
Media: 	Core


Description:
This kernel-tmb update provides upstream 3.4.32 kernel and resolves the
following security issues:

The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and
other versions, when running a 32-bit PVOPS guest, allows local users to
cause a denial of service (guest crash) by triggering an iret fault,
leading to use of an incorrect stack pointer and stack corruption.
(CVE-2013-0190 / XSA-40)

Linux kernel when returning from an iret assumes that %ds segment is safe
and uses it to reference various per-cpu related fields. Unfortunately
the user can modify the LDT and provide a NULL one. Whenever an iret is
called we end up in xen_iret and try to use the %ds segment and cause an
general protection fault.
Malicious or buggy unprivileged user space can cause the guest kernel to
crash, or permit a privilege escalation within the guest, or operate
erroneously. (CVE-2013-0228 / XSA-42)

Access to /dev/cpu/*/msr was protected only using filesystem checks. A
local uid 0 (root) user with all capabilities dropped could use this
flaw to execute arbitrary code in kernel mode. (CVE-2013-0268)

Linux kernel built with Extended Verification Module(EVM) and configured
properly, is vulnerable to a NULL pointer de-reference flaw, caused by
accessing extended attribute routines of sockfs inode object.
An unprivileged user/program could use this to crash the kernel,
resulting in DoS. (CVE-2013-0313)

A flaw was found in the way __skb_recv_datagram() processed skbs with no
payload when MSG_PEEK was requested. An unprivileged local user could
use this flaw to cause local denial of service. (CVE-2013-0290)

A race conditon in ptrace can lead to kernel stack corruption and
arbitrary kernel-mode code execution. (CVE-2013-0871)

A flaw was found in how printk manages buffers when calling log_prefix
function from call_console_drivers creating a buffer overflow.
An unprivileged local user could use this flaw to cause local denial
of service. (CVE pending)


Other fixes in this release:
fixes HP Compaq 6715s freezing on 3.4 series kernels (mga #9079)

adds Intel Lynx Point-LP, Haswell and Wellsburg support to ata/ahci,
smbus, watchdog and sound.

adds sound support for Creative SoundCore3D


Updated Packages:
i586:
kernel-tmb-desktop-3.4.32-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-3.4.32-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-3.4.32-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop586-devel-latest-3.4.32-2.mga2.i586.rpm
kernel-tmb-desktop586-latest-3.4.32-2.mga2.i586.rpm
kernel-tmb-desktop-devel-3.4.32-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-desktop-devel-latest-3.4.32-2.mga2.i586.rpm
kernel-tmb-desktop-latest-3.4.32-2.mga2.i586.rpm
kernel-tmb-laptop-3.4.32-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-3.4.32-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-laptop-devel-latest-3.4.32-2.mga2.i586.rpm
kernel-tmb-laptop-latest-3.4.32-2.mga2.i586.rpm
kernel-tmb-server-3.4.32-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-3.4.32-2.mga2-1-1.mga2.i586.rpm
kernel-tmb-server-devel-latest-3.4.32-2.mga2.i586.rpm
kernel-tmb-server-latest-3.4.32-2.mga2.i586.rpm
kernel-tmb-source-3.4.32-2.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.32-2.mga2.noarch.rpm

x86_64:
kernel-tmb-desktop-3.4.32-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-3.4.32-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.4.32-2.mga2.x86_64.rpm
kernel-tmb-desktop-latest-3.4.32-2.mga2.x86_64.rpm
kernel-tmb-laptop-3.4.32-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-3.4.32-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.4.32-2.mga2.x86_64.rpm
kernel-tmb-laptop-latest-3.4.32-2.mga2.x86_64.rpm
kernel-tmb-server-3.4.32-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-3.4.32-2.mga2-1-1.mga2.x86_64.rpm
kernel-tmb-server-devel-latest-3.4.32-2.mga2.x86_64.rpm
kernel-tmb-server-latest-3.4.32-2.mga2.x86_64.rpm
kernel-tmb-source-3.4.32-2.mga2-1-1.mga2.noarch.rpm
kernel-tmb-source-latest-3.4.32-2.mga2.noarch.rpm

SRPMS:
kernel-tmb-3.4.32-2.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.25
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.26
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.27
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.28
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.29
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.30
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.31
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.32
https://bugs.mageia.org/show_bug.cgi?id=9079
https://bugs.mageia.org/show_bug.cgi?id=9119
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds