Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme im Kernel
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme im Kernel
ID: MDVSA-2014:038
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Mo, 17. Februar 2014, 21:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446
Applikationen: Linux

Originalnachricht

This is a multi-part message in MIME format...

------------=_1392659323-6393-3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:038
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : kernel
Date : February 17, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel
before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users
to gain privileges via a recvmmsg system call with a crafted timeout
pointer parameter (CVE-2014-0038).

The restore_fpu_checking function in
arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8
on the AMD K7 and K8 platforms does not clear pending exceptions
before proceeding to an EMMS instruction, which allows local users
to cause a denial of service (task kill) or possibly gain privileges
via a crafted application (CVE-2014-1438).

The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux
kernel before 3.12.8 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel
memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG
ioctl call (CVE-2014-1446).

The updated packages provides a solution for these security issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
d1faf9544075ff4790e29edd6e7061f6
mbs1/x86_64/cpupower-3.4.80-1.1.mbs1.x86_64.rpm
3498721d639bf646ed55e2903ce728e4
mbs1/x86_64/kernel-firmware-3.4.80-1.1.mbs1.noarch.rpm
f9927f4b1512a26d874a82a99636fb09
mbs1/x86_64/kernel-firmware-3.4.80-1.1.mbs1.src.rpm
e874467839b96e04bebd0c5b24f31fc3
mbs1/x86_64/kernel-headers-3.4.80-1.1.mbs1.src.rpm
208f74225f3d18189a871ac308c8df5b
mbs1/x86_64/kernel-headers-3.4.80-1.1.mbs1.x86_64.rpm
e1f82c2b50db46cdb4db2daa933f7173
mbs1/x86_64/kernel-server-3.4.80-1.1.mbs1.x86_64.rpm
ed0d8eed6c61553e73121117bcfc978f
mbs1/x86_64/kernel-server-devel-3.4.80-1.1.mbs1.x86_64.rpm
00ca38d2289182149e8f43c6871711e8
mbs1/x86_64/kernel-source-3.4.80-1.mbs1.noarch.rpm
429b6e48ee63a03a83577a710bc5368d
mbs1/x86_64/lib64cpupower0-3.4.80-1.1.mbs1.x86_64.rpm
a6e3898905be2a8d7ded39a5312f7670
mbs1/x86_64/lib64cpupower-devel-3.4.80-1.1.mbs1.x86_64.rpm
086bc3e49adec4147aa1138ae5d5245c mbs1/x86_64/perf-3.4.80-1.1.mbs1.x86_64.rpm
f5a65feb515d65f9f1f526f6294af2c3 mbs1/SRPMS/cpupower-3.4.80-1.1.mbs1.src.rpm
56fafb86f60233b29fcd8d42d35e4678
mbs1/SRPMS/kernel-server-3.4.80-1.1.mbs1.src.rpm
715647161acd9ec082c0a2fef0f35fc3
mbs1/SRPMS/kernel-source-3.4.80-1.mbs1.src.rpm
cc72e360fa32823a575d1c9536fdecc3 mbs1/SRPMS/perf-3.4.80-1.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTAiBGmqjQ0CJFipgRAiryAKCz6vqRlzaZ+l0B6QyuMb95i8UVoACgjAGx
F7TlfjN081P00FfeKN47Je4=
=osPP
-----END PGP SIGNATURE-----


------------=_1392659323-6393-3
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1392659323-6393-3--
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung