MGASA-2014-0206

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0206.html

Import Source

https://advisories.mageia.org/MGASA-2014-0206.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0206

Related

Published

2014-05-08T21:48:19Z

Modified

2014-05-08T21:48:09Z

Summary

Updated kernel packages fixes multiple bugs and vulnerabilities

Details

Updated kernel provides upstream 3.12.18 kernel and fixes the following security issues:

Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancelworkitem data. (CVE-2014-0049)

The getrxbufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhostgetvq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (CVE-2014-0055)

The cifsiovecwrite function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (CVE-2014-0069)

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handlerx and getrx_bufs functions. (CVE-2014-0077)

Integer overflow in the pinginitsock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (CVE-2014-2851)

Oter fixes in this update: - switch hugepages back to madvise to fix performance regression (mga#12994) - enable Intel P-state driver (mga#13080) - fix r8169 suspend/resume issue (mga#13255)

For upstream merged fixes, read the referenced changelogs:

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.18-1.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.18-1.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.10-2.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.10-2.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3-44.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / kmod-broadcom-wl

Package

Name: kmod-broadcom-wl
Purl: pkg:rpm/mageia/kmod-broadcom-wl?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.30.223.141-28.mga4.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:4 / kmod-fglrx

Package

Name: kmod-fglrx
Purl: pkg:rpm/mageia/kmod-fglrx?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

13.251-13.mga4.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:4 / kmod-nvidia173

Package

Name: kmod-nvidia173
Purl: pkg:rpm/mageia/kmod-nvidia173?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

173.14.39-14.mga4.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:4 / kmod-nvidia304

Package

Name: kmod-nvidia304
Purl: pkg:rpm/mageia/kmod-nvidia304?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

304.119-6.mga4.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Mageia:4 / kmod-nvidia-current

Package

Name: kmod-nvidia-current
Purl: pkg:rpm/mageia/kmod-nvidia-current?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

331.49-3.mga4.nonfree

Ecosystem specific

{
    "section": "nonfree"
}