Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme im Kernel
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme im Kernel
ID: MDVSA-2014:155
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Do, 7. August 2014, 13:26
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943
Applikationen: Linux

Originalnachricht

This is a multi-part message in MIME format...

------------=_1407406690-8562-0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:155
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : kernel
Date : August 7, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c
in the Linux kernel before 3.12 allow local users to cause a
denial of service or possibly have unspecified other impact
by leveraging the CAP_NET_ADMIN capability and providing a long
station-name string, related to the (1) wvlan_uil_put_info and (2)
wvlan_set_station_nickname functions (CVE-2013-4514).

Use-after-free vulnerability in the skb_segment function in
net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers
to obtain sensitive information from kernel memory by leveraging the
absence of a certain orphaning operation (CVE-2014-0131).

The rd_build_device_space function in drivers/target/target_core_rd.c
in the Linux kernel before 3.14 does not properly initialize a
certain data structure, which allows local users to obtain sensitive
information from ramdisk_mcp memory by leveraging access to a SCSI
initiator (CVE-2014-4027).

Multiple integer overflows in the lzo1x_decompress_safe function in
lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux
kernel before 3.15.2 allow context-dependent attackers to cause
a denial of service (memory corruption) via a crafted Literal Run
(CVE-2014-4608).

Race condition in the tlv handler functionality in the
snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA
control implementation in the Linux kernel before 3.15.2 allows local
users to obtain sensitive information from kernel memory by leveraging
/dev/snd/controlCX access (CVE-2014-4652).

sound/core/control.c in the ALSA control implementation in the Linux
kernel before 3.15.2 does not ensure possession of a read/write lock,
which allows local users to cause a denial of service (use-after-free)
and obtain sensitive information from kernel memory by leveraging
/dev/snd/controlCX access (CVE-2014-4653).

The snd_ctl_elem_add function in sound/core/control.c in the ALSA
control implementation in the Linux kernel before 3.15.2 does not check
authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows
local users to remove kernel controls and cause a denial of service
(use-after-free and system crash) by leveraging /dev/snd/controlCX
access for an ioctl call (CVE-2014-4654).

The snd_ctl_elem_add function in sound/core/control.c in the ALSA
control implementation in the Linux kernel before 3.15.2 does not
properly maintain the user_ctl_count value, which allows local users
to cause a denial of service (integer overflow and limit bypass)
by leveraging /dev/snd/controlCX access for a large number of
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls (CVE-2014-4655).

Multiple integer overflows in sound/core/control.c in the ALSA control
implementation in the Linux kernel before 3.15.2 allow local users
to cause a denial of service by leveraging /dev/snd/controlCX access,
related to (1) index values in the snd_ctl_add function and (2) numid
values in the snd_ctl_remove_numid_conflict function (CVE-2014-4656).

The sctp_association_free function in net/sctp/associola.c in the
Linux kernel before 3.15.2 does not properly manage a certain backlog
value, which allows remote attackers to cause a denial of service
(socket outage) via a crafted SCTP packet (CVE-2014-4667).

The Linux kernel before 3.15.4 on Intel processors does not properly
restrict use of a non-canonical value for the saved RIP address in
the case of a system call that does not use IRET, which allows local
users to leverage a race condition and gain privileges, or cause
a denial of service (double fault), via a crafted application that
makes ptrace and fork system calls (CVE-2014-4699).

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel
through 3.15.6 allows local users to gain privileges by leveraging
data-structure differences between an l2tp socket and an inet socket
(CVE-2014-4943).

The updated packages provides a solution for these security issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
c2f39cb08d096b60bc8bbd2ae8f11e19
mbs1/x86_64/cpupower-3.4.100-1.1.mbs1.x86_64.rpm
3db9df4dbdd04f72ef30734bbb001322
mbs1/x86_64/kernel-firmware-3.4.100-1.1.mbs1.noarch.rpm
c4abbe488cd50058ee544f6c39c8ea95
mbs1/x86_64/kernel-headers-3.4.100-1.1.mbs1.x86_64.rpm
aee7594e36d538798a7d0ac4f0ba4c47
mbs1/x86_64/kernel-server-3.4.100-1.1.mbs1.x86_64.rpm
a2cfe35a3117b2cfe3de75589612b540
mbs1/x86_64/kernel-server-devel-3.4.100-1.1.mbs1.x86_64.rpm
75fffbe82cefb6e8cfdc502c8dfdbd9a
mbs1/x86_64/lib64cpupower0-3.4.100-1.1.mbs1.x86_64.rpm
fe94d08a35090e84cec11a1d03cd38d8
mbs1/x86_64/lib64cpupower-devel-3.4.100-1.1.mbs1.x86_64.rpm
0a9dab31e19cf4740e0f10dd58ae031c mbs1/x86_64/perf-3.4.100-1.1.mbs1.x86_64.rpm

f34e4ceff2962eb6e7177043e4b0fd2f mbs1/SRPMS/cpupower-3.4.100-1.1.mbs1.src.rpm
9ee8ebf3071324459be1970d8dc3c3e0
mbs1/SRPMS/kernel-firmware-3.4.100-1.1.mbs1.src.rpm
faefe75b8ba9efdc50f8028700991a7c
mbs1/SRPMS/kernel-headers-3.4.100-1.1.mbs1.src.rpm
845229627d2cb959547db1cbfe81753f
mbs1/SRPMS/kernel-server-3.4.100-1.1.mbs1.src.rpm
30b1055810489c6b4e89623c7768e182 mbs1/SRPMS/perf-3.4.100-1.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFT4yfXmqjQ0CJFipgRAuk5AKDbuUKogDrhb4iKIs1yOP4IQdpAcwCgodf8
OMQTfJFCDxSAMSI8iUevOkc=
=mxBf
-----END PGP SIGNATURE-----


------------=_1407406690-8562-0
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1407406690-8562-0--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung