User: Password:
Subscribe / Log in / New account

Mageia alert MGASA-2014-0045 (kernel-tmb)

From:  Mageia Updates <>
Subject:  [updates-announce] MGASA-2014-0045: Updated kernel-tmb packages fix multiple vulnerabilities
Date:  Mon, 10 Feb 2014 21:09:10 +0100
Message-ID:  <>

MGASA-2014-0045 - Updated kernel-tmb packages fix multiple vulnerabilities Publication date: 10 Feb 2014 URL: Type: security Affected Mageia releases: 3 CVE: CVE-2013-4579, CVE-2014-0038, CVE-2014-1438, CVE-2014-1446, CVE-2014-1690 Description: This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (CVE-2013-4579) Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges (CVE-2014-0038) Faults during task-switch due to unhandled FPU-exceptions allow to kill processes at random on all affected kernels, resulting in local DOS in the end. One some architectures, privilege escalation under non-common circumstances is possible. (CVE-2014-1438) The hamradio yam_ioctl() code fails to initialise the cmd field of the struct yamdrv_ioctl_cfg leading to a 4-byte info leak. (CVE-2014-1446) Linux kernel built with the NetFilter Connection Tracking(NF_CONNTRACK) support for IRC protocol(NF_NAT_IRC), is vulnerable to an information leakage flaw. It could occur when communicating over direct client-to-client IRC connection(/dcc) via a NAT-ed network. Kernel attempts to mangle IRC TCP packet's content, wherein an uninitialised 'buffer' object is copied to a socket buffer and sent over to the other end of a connection. (CVE-2014-1690) For other changes, see the referenced changelogs: References: - - - - - - - - - - SRPMS: - 3/core/kernel-tmb-3.10.28-1.mga3

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds