Mageia alert MGASA-2014-0456 (kernel-linus)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2014-0456: Updated kernel-linus packages fix security vulnerabilities 
Date:
    	     
 
Sat, 15 Nov 2014 19:32:11 +0100
Message-ID:
    	     
 
<20141115183211.561CC5D70C@valstar.mageia.org>
MGASA-2014-0456 - Updated kernel-linus packages fix security vulnerabilities

Publication date: 15 Nov 2014
URL: http://advisories.mageia.org/MGASA-2014-0456.html
Type: security
Affected Mageia releases: 3
CVE: CVE-2014-3601,
     CVE-2014-3631,
     CVE-2014-7970,
     CVE-2014-7975

Description:
This kernel-linus update is based on upstream -longterm 3.10.58 and
fixes the following security issues:

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.16.1 miscalculates the number of pages during the
handling of a mapping failure, which allows guest OS users to (1)
cause a denial of service (host OS memory corruption) or possibly
have unspecified other impact by triggering a large gfn value or
(2) cause a denial of service (host OS memory consumption) by
triggering a small gfn value that leads to permanently pinned
pages (CVE-2014-3601).

The assoc_array_gc function in the associative-array implementation
in lib/assoc_array.c in the Linux kernel before 3.16.3 does not
properly implement garbage collection, which allows local users to
cause a denial of service (NULL pointer dereference and system
crash) or possibly have unspecified other impact via multiple
"keyctl newring" operations followed by a "keyctl timeout"
operation (CVE-2014-3631).

The pivot_root implementation in fs/namespace.c in the Linux kernel
through 3.17 does not properly interact with certain locations of
a chroot directory, which allows local users to cause a denial of
service (mount-tree loop) via . (dot) values in both arguments to
the pivot_root system call (CVE-2014-7970).

The do_umount function in fs/namespace.c in the Linux kernel 
through 3.17 does not require the CAP_SYS_ADMIN capability for
do_remount_sb calls that change the root filesystem to read-only,
which allows local users to cause a denial of service (loss of
writability) by making certain unshare system calls, clearing the
/ MNT_LOCKED flag, and making an MNT_FORCE umount system call
(CVE-2014-7975).

For other fixes included in this update, read the referenced 
changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=14307
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3....
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3....
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3....
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3....
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3....
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3....
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3....
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3631
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7975

SRPMS:
- 3/core/kernel-linus-3.10.58-1.mga3