LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2014:124: kernel Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been found and corrected in the Linux kernel: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:124
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : June 13, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 kernel/auditsc.c in the Linux kernel through 3.14.5, when
 CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows
 local users to obtain potentially sensitive single-bit values from
 kernel memory or cause a denial of service (OOPS) via a large value
 of a syscall number (CVE-2014-3917).
 
 The futex_requeue function in kernel/futex.c in the Linux kernel
 through 3.14.5 does not ensure that calls have two different futex
 addresses, which allows local users to gain privileges via a crafted
 FUTEX_REQUEUE command that facilitates unsafe waiter modification
 (CVE-2014-3153).
 
 Race condition in the ath_tx_aggr_sleep function in
 drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before
 3.13.7 allows remote attackers to cause a denial of service (system
 crash) via a large amount of network traffic that triggers certain
 list deletions (CVE-2014-2672).
 
 The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension
 implementations in the sk_run_filter function in net/core/filter.c
 in the Linux kernel through 3.14.3 do not check whether a certain
 length value is sufficiently large, which allows local users to
 cause a denial of service (integer underflow and system crash)
 via crafted BPF instructions. NOTE: the affected code was moved to
 the __skb_get_nlattr and __skb_get_nlattr_nest functions before the
 vulnerability was announced (CVE-2014-3144).
 
 The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter
 function in net/core/filter.c in the Linux kernel through 3.14.3
 uses the reverse order in a certain subtraction, which allows local
 users to cause a denial of service (over-read and system crash) via
 crafted BPF instructions. NOTE: the affected code was moved to the
 __skb_get_nlattr_nest function before the vulnerability was announced
 (CVE-2014-3145).
 
 Integer overflow in the ping_init_sock function in net/ipv4/ping.c
 in the Linux kernel through 3.14.1 allows local users to cause a
 denial of service (use-after-free and system crash) or possibly gain
 privileges via a crafted application that leverages an improperly
 managed reference counter (CVE-2014-2851).
 
 The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel
 through 3.14.3 does not properly manage tty driver access in the LECHO
 & !OPOST case, which allows local users to cause a denial of service
 (memory corruption and system crash) or gain privileges by triggering
 a race condition involving read and write operations with long strings
 (CVE-2014-0196).
 
 The raw_cmd_copyout function in drivers/block/floppy.c in the Linux
 kernel through 3.14.3 does not properly restrict access to certain
 pointers during processing of an FDRAWCMD ioctl call, which allows
 local users to obtain sensitive information from kernel heap memory
 by leveraging write access to a /dev/fd device (CVE-2014-1738).
 
 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux
 kernel through 3.14.3 does not properly handle error conditions during
 processing of an FDRAWCMD ioctl call, which allows local users to
 trigger kfree operations and gain privileges by leveraging write
 access to a /dev/fd device (CVE-2014-1737).
 
 The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel
 through 3.14 allows local users to cause a denial of service (NULL
 pointer dereference and system crash) or possibly have unspecified
 other impact via a bind system call for an RDS socket on a system
 that lacks RDS transports (CVE-2014-2678).
 
 drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable
 buffers are disabled, does not properly validate packet lengths, which
 allows guest OS users to cause a denial of service (memory corruption
 and host OS crash) or possibly gain privileges on the host OS via
 crafted packets, related to the handle_rx and get_rx_bufs functions
 (CVE-2014-0077).
 
 The ip6_route_add function in net/ipv6/route.c in the Linux kernel
 through 3.13.6 does not properly count the addition of routes,
 which allows remote attackers to cause a denial of service (memory
 consumption) via a flood of ICMPv6 Router Advertisement packets
 (CVE-2014-2309).
 
 Multiple array index errors in drivers/hid/hid-multitouch.c in the
 Human Interface Device (HID) subsystem in the Linux kernel through
 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate
 attackers to cause a denial of service (heap memory corruption, or NULL
 pointer dereference and OOPS) via a crafted device (CVE-2013-2897).
 
 net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through
 3.13.6 uses a DCCP header pointer incorrectly, which allows remote
 attackers to cause a denial of service (system crash) or possibly
 execute arbitrary code via a DCCP packet that triggers a call
 to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function
 (CVE-2014-2523).
 
 Race condition in the mac80211 subsystem in the Linux kernel
 before 3.13.7 allows remote attackers to cause a denial of service
 (system crash) via network traffic that improperly interacts with the
 WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c
 and tx.c (CVE-2014-2706).
 
 The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the
 Linux kernel through 3.13.6 does not validate certain auth_enable
 and auth_capable fields before making an sctp_sf_authenticate call,
 which allows remote attackers to cause a denial of service (NULL
 pointer dereference and system crash) via an SCTP handshake with
 a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO
 chunk (CVE-2014-0101).
 
 The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel
 through 3.13.5 does not properly handle uncached write operations
 that copy fewer than the requested number of bytes, which allows
 local users to obtain sensitive information from kernel memory,
 cause a denial of service (memory corruption and system crash),
 or possibly gain privileges via a writev system call with a crafted
 pointer (CVE-2014-0069).
 
 arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390
 platform does not properly handle attempted use of the linkage stack,
 which allows local users to cause a denial of service (system crash)
 by executing a crafted instruction (CVE-2014-2039).
 
 Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the
 Linux kernel before 3.2.24 allows local users to cause a denial
 of service (crash) and possibly execute arbitrary code via vectors
 related to Message Signaled Interrupts (MSI), irq routing entries,
 and an incorrect check by the setup_routing_entry function before
 invoking the kvm_set_irq function (CVE-2012-2137).
 
 The security_context_to_sid_core function in
 security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows
 local users to cause a denial of service (system crash) by leveraging
 the CAP_MAC_ADMIN capability to set a zero-length security context
 (CVE-2014-1874).
 
 The updated packages provides a solution for these security issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2137
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0077
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2039
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2672
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 d4a1665d801553272f379aa8190d7208  mbs1/x86_64/cpupower-3.4.93-1.1.mbs1.x86_64.rpm
 dac586e9467ccffcb0f03d7d6902c714  mbs1/x86_64/kernel-firmware-3.4.93-1.1.mbs1.noarch.rpm
 d67bdbd6148b7e7f187244fc2fb17629  mbs1/x86_64/kernel-headers-3.4.93-1.1.mbs1.src.rpm
 6f011d528d57e6bfe3f348e124cc11d5  mbs1/x86_64/kernel-headers-3.4.93-1.1.mbs1.x86_64.rpm
 6d7935addb463a2dc0cec144390f0786  mbs1/x86_64/kernel-server-3.4.93-1.1.mbs1.x86_64.rpm
 c013f3a9ae5f48694d91bfac81169c67  mbs1/x86_64/kernel-server-devel-3.4.93-1.1.mbs1.x86_64.rpm
 87c7893b5fdfed6d766cac365e78f213  mbs1/x86_64/kernel-source-3.4.93-1.mbs1.noarch.rpm
 298e025c2b05845d67efc4566db3d152  mbs1/x86_64/lib64cpupower0-3.4.93-1.1.mbs1.x86_64.rpm
 45e43387ed27d1281fe5b15304f796f6  mbs1/x86_64/lib64cpupower-devel-3.4.93-1.1.mbs1.x86_64.rpm
 3a74f07a429ea1b403d676f73b7ecbf9  mbs1/x86_64/perf-3.4.93-1.1.mbs1.x86_64.rpm 
 bd6bd37cd3ff3b6844b04821d6da2779  mbs1/SRPMS/cpupower-3.4.93-1.1.mbs1.src.rpm
 88c98d0723446a0717159574e06d9e3b  mbs1/SRPMS/kernel-firmware-3.4.93-1.1.mbs1.src.rpm
 7a84b2886c92e812943c76b2faafd068  mbs1/SRPMS/kernel-server-3.4.93-1.1.mbs1.src.rpm
 7a431cec5f9862815f4d92f2ca1f8d9d  mbs1/SRPMS/kernel-source-3.4.93-1.mbs1.src.rpm
 65654157eb504295dbd05676ed40c968  mbs1/SRPMS/perf-3.4.93-1.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Ottawa Linux Symposium: May get by with a little help from its friends
Black Hat 2014: How to crack just about everything
NSA Playset, 911 hacked and war cats: A wild ride at DEF CON 22
More Details of Onion/Critroni Crypto Ransomware Emerge
Is there Another NSA Leaker? Updated
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.