From Mageia wiki
Jump to: navigation, search

MGASA-2013-0083

Date: March 2nd, 2013
Affected releases: 2
Media: Core


Description:
This updates kernel-rt to upstream stable 3.4.34.

It also fixes the following security issues:

An unprivileged user can send a netlink message resulting in an
out-of-bounds access of the sock_diag_handlers[] array which, in turn,
allows userland to take over control while in kernel mode.
(CVE-2013-1763).

Linux kernel is prone to a local privilege-escalation vulnerability
due to a tmpfs use-after-free error.
Local attackers can exploit the issue to execute arbitrary code with
kernel privileges or to crash the kernel, effectively denying service
to legitimate users (CVE-2013-1767).

Linux kernel built with Edgeport USB serial converter driver io_ti,
is vulnerable to a NULL pointer dereference flaw. It happens if the
device is disconnected while corresponding /dev/ttyUSB? file is in use.
An unprivileged user could use this flaw to crash the system, resulting
DoS (CVE-2013-1774).

The -rt patch has also ben updated to rt47.

Updated Packages:
i586:
kernel-rt-3.4.34-0.rt47.1.mga2-1-1.mga2.i586.rpm
kernel-rt-devel-3.4.34-0.rt47.1.mga2-1-1.mga2.i586.rpm
kernel-rt-devel-latest-3.4.34-0.rt47.1.mga2.i586.rpm
kernel-rt-doc-3.4.34-0.rt47.1.mga2.noarch.rpm
kernel-rt-latest-3.4.34-0.rt47.1.mga2.i586.rpm
kernel-rt-source-3.4.34-0.rt47.1.mga2-1-1.mga2.noarch.rpm
kernel-rt-source-latest-3.4.34-0.rt47.1.mga2.noarch.rpm

x86_64:
kernel-rt-3.4.34-0.rt47.1.mga2-1-1.mga2.x86_64.rpm
kernel-rt-devel-3.4.34-0.rt47.1.mga2-1-1.mga2.x86_64.rpm
kernel-rt-devel-latest-3.4.34-0.rt47.1.mga2.x86_64.rpm
kernel-rt-doc-3.4.34-0.rt47.1.mga2.noarch.rpm
kernel-rt-latest-3.4.34-0.rt47.1.mga2.x86_64.rpm
kernel-rt-source-3.4.34-0.rt47.1.mga2-1-1.mga2.noarch.rpm
kernel-rt-source-latest-3.4.34-0.rt47.1.mga2.noarch.rpm

SRPMS:
kernel-rt-3.4.34-0.rt47.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.34
https://bugs.mageia.org/show_bug.cgi?id=9221