User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0273 (kernel)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0273: Updated kernel packages fixes security vulnerabilities
Date:  Sun, 22 Jun 2014 23:13:34 +0200
Message-ID:  <20140622211335.1C07841D2E@valstar.mageia.org>

MGASA-2014-0273 - Updated kernel packages fixes security vulnerabilities Publication date: 22 Jun 2014 URL: http://advisories.mageia.org/MGASA-2014-0273.html Type: security Affected Mageia releases: 3 CVE: CVE-2014-0181, CVE-2014-1739, CVE-2014-3153, CVE-2014-3917, CVE-2014-4014 Description: The kernel has been updated to the upstream 3.10.44 longterm kernel, and fixes the following security issues: The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. (CVE-2014-0181) media-device: fix infoleak in ioctl media_enum_entities() (CVE-2014-1739) The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (CVE-2014-3153) kernel/auditsc.c in the Linux kernel through 3.14.5, when AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (CVE-2014-3917) Andy Lutomirski has reported a vulnerability in Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error related to checking Inode capabilities, which can be exploited to conduct certain actions with escalated privileges. Successful exploitation requires a kernel built with user namespaces (USER_NS) enabled. (CVE-2014-4014) For other changes, see the referenced changelogs. References: - https://bugs.mageia.org/show_bug.cgi?id=13487 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.... - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.... - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.... - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014 SRPMS: - 3/core/kernel-3.10.44-1.mga3 - 3/core/kernel-userspace-headers-3.10.44-1.mga3 - 3/core/kmod-vboxadditions-4.3.10-7.mga3 - 3/core/kmod-virtualbox-4.3.10-7.mga3 - 3/core/kmod-xtables-addons-2.3-17.mga3 - 3/nonfree/kmod-broadcom-wl-6.30.223.141-17.mga3.nonfree - 3/nonfree/kmod-fglrx-13.251-7.mga3.nonfree - 3/nonfree/kmod-nvidia173-173.14.38-32.mga3.nonfree - 3/nonfree/kmod-nvidia304-304.108-17.mga3.nonfree - 3/nonfree/kmod-nvidia-current-319.60-17.mga3.nonfree


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds