kernel: multiple vulnerabilities [LWN.net]

Package(s):

kernel

CVE #(s):

CVE-2013-1059 CVE-2013-2234

Created:

July 8, 2013

Updated:

November 1, 2013

Description:

From the Red Hat bugzilla [1, 2]:

Linux kernel built with the IPSec key_socket support(CONFIG_NET_KEY=m) is vulnerable to an information leakage flaw. It occurs while using key_socket's notify interface.

A user/program able to access the PF_KEY key_sockets could use this flaw to leak kernel memory bytes. (CVE-2013-2234)

Linux kernel built with the Ceph core library(CONFIG_CEPH_LIB) support is vulnerable to a NULL pointer dereference flaw. It could occur while handling auth_reply messages from a CEPH client.

A remote user/program could use this flaw to crash the system, resulting in denial of service. (CVE-2013-1059)

Alerts:

SUSE	SUSE-SU-2014:0536-1	Linux kernel	2014-04-16
openSUSE	openSUSE-SU-2013:1971-1	kernel	2013-12-30
Mageia	MGASA-2013-0375	kernel-vserver	2013-12-18
Mageia	MGASA-2013-0373	kernel-tmb	2013-12-18
Mageia	MGASA-2013-0374	kernel-rt	2013-12-18
Mageia	MGASA-2013-0372	kernel-linus	2013-12-18
Mageia	MGASA-2013-0371	kernel	2013-12-17
Scientific Linux	SLSA-2013:1645-2	kernel	2013-12-16
Oracle	ELSA-2013-2585	kernel	2013-11-28
Oracle	ELSA-2013-2585	kernel	2013-11-28
openSUSE	openSUSE-SU-2013:1773-1	kernel	2013-11-26
Red Hat	RHSA-2013:1645-02	kernel	2013-11-21
Oracle	ELSA-2013-1645	kernel	2013-11-26
openSUSE	openSUSE-SU-2013:1619-1	kernel	2013-11-01
Debian	DSA-2766-1	linux-2.6	2013-09-27
SUSE	SUSE-SU-2013:1474-1	Linux kernel	2013-09-21
SUSE	SUSE-SU-2013:1473-1	Linux kernel	2013-09-21
Oracle	ELSA-2013-2543	kernel	2013-08-29
Debian	DSA-2745-1	kernel	2013-08-28
Oracle	ELSA-2013-1166	kernel	2013-08-22
CentOS	CESA-2013:X007	Xen4CentOS kernel	2013-08-22
Oracle	ELSA-2013-1166	kernel	2013-08-22
Scientific Linux	SLSA-2013:1166-1	kernel	2013-08-21
CentOS	CESA-2013:1166	kernel	2013-08-21
Red Hat	RHSA-2013:1166-01	kernel	2013-08-20
Ubuntu	USN-1934-1	linux-ti-omap4	2013-08-20
Ubuntu	USN-1933-1	linux-ti-omap4	2013-08-20
Ubuntu	USN-1936-1	linux-lts-raring	2013-08-20
Ubuntu	USN-1931-1	linux-lts-quantal	2013-08-20
Ubuntu	USN-1935-1	kernel	2013-08-20
Ubuntu	USN-1932-1	kernel	2013-08-20
Ubuntu	USN-1912-1	kernel	2013-07-29
Ubuntu	USN-1913-1	EC2 kernel	2013-07-29
Fedora	FEDORA-2013-12990	kernel	2013-07-18
CentOS	CESA-2013:X002	kernel	2013-07-17
Mandriva	MDVSA-2013:194	kernel	2013-07-11
Mageia	MGASA-2013-0213	kernel-tmb	2013-07-16
Mageia	MGASA-2013-0209	kernel-tmb	2013-07-16
Mageia	MGASA-2013-0215	kernel-rt	2013-07-16
Fedora	FEDORA-2013-12530	kernel	2013-07-12
Mageia	MGASA-2013-0204	kernel	2013-07-09
SUSE	SUSE-SU-2013:1161-1	ceph-kmp	2013-07-08
Mageia	MGASA-2013-0203	kernel	2013-07-06
Fedora	FEDORA-2013-12339	kernel	2013-07-06
Ubuntu	USN-1947-1	linux-lts-quantal	2013-09-06
Ubuntu	USN-1943-1	linux-lts-raring	2013-09-06
Oracle	ELSA-2013-2546	enterprise kernel	2013-09-17
Red Hat	RHSA-2013:1264-01	kernel-rt	2013-09-16
Ubuntu	USN-1946	linux-ti-omap4	2013-09-06
Ubuntu	USN-1945-1	linux-ti-omap4	2013-09-06
Ubuntu	USN-1941-1	kernel	2013-09-06
Oracle	ELSA-2013-2546	enterprise kernel	2013-09-17
Ubuntu	USN-1942-1	linux-ti-omap4	2013-09-06
Ubuntu	USN-1944-1	kernel	2013-09-06
Ubuntu	USN-1938-1	kernel	2013-09-05
Oracle	ELSA-2013-2543	kernel	2013-08-29