[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Mageia alert MGASA-2014-0265 (kernel)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0265: Updated kernel packages fixes security vulnerabilities. 


Date:
    	      Wed, 18 Jun 2014 22:50:13 +0200


Message-ID:
    	      <20140618205013.9D9325CB4A@valstar.mageia.org>


MGASA-2014-0265 - Updated kernel packages fixes security vulnerabilities.

Publication date: 18 Jun 2014
URL: http://advisories.mageia.org/MGASA-2014-0265.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2014-1739,
     CVE-2014-3153,
     CVE-2014-3917

Description:
Updated kernel packages fixes security vulnerabilities.

The kernel has been updated to the upstream 3.12.21 longterm kernel,
and fixes the following security issues:

media-device: fix infoleak in ioctl media_enum_entities()
(CVE-2014-1739)

The futex_requeue function in kernel/futex.c in the Linux kernel through
3.14.5 does not ensure that calls have two different futex addresses,
which allows local users to gain privileges via a crafted FUTEX_REQUEUE
command that facilitates unsafe waiter modification. (CVE-2014-3153)

kernel/auditsc.c in the Linux kernel through 3.14.5, when 
CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local
users to obtain potentially sensitive single-bit values from kernel memory
or cause a denial of service (OOPS) via a large value of a syscall number.
To avoid this and other issues CONFIG_AUDITSYSCALL has been disabled.
(CVE-2014-3917)

Other changes:
iwlwifi: mvm: disable beacon filtering
ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets

For other upstream changes, see the referenced changelog.

References:
- https://bugs.mageia.org/show_bug.cgi?id=13449
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3....
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917

SRPMS:
- 4/core/kernel-3.12.21-2.mga4
- 4/core/kernel-userspace-headers-3.12.21-2.mga4
- 4/core/kmod-vboxadditions-4.3.10-7.mga4
- 4/core/kmod-virtualbox-4.3.10-7.mga4
- 4/core/kmod-xtables-addons-2.3-47.mga4
- 4/nonfree/kmod-broadcom-wl-6.30.223.141-32.mga4.nonfree
- 4/nonfree/kmod-nvidia173-173.14.39-17.mga4.nonfree
- 4/nonfree/kmod-nvidia304-304.119-12.mga4.nonfree
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds