-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:242 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : kernel Date : September 26, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in the Linux kernel: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID (CVE-2013-2888). drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2889). drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2892). The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (CVE-2013-2893). drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device (CVE-2013-2895). drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2896). Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897). drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2899). The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4162). The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4163). The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event (CVE-2013-4254 The updated packages provides a solution for these security issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2892 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2896 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4254 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 8d1134181d478c0a1c6dbf1449991b6b mbs1/x86_64/cpupower-3.4.62-1.1.mbs1.x86_64.rpm 37937e41c97631fd97ff33d9b9ba5814 mbs1/x86_64/kernel-firmware-3.4.62-1.1.mbs1.noarch.rpm 96e1efeb3d657e3c3e59abadca7a415d mbs1/x86_64/kernel-headers-3.4.62-1.1.mbs1.x86_64.rpm 47b765b1d8710bfb333a613b03a56161 mbs1/x86_64/kernel-server-3.4.62-1.1.mbs1.x86_64.rpm 9af9dd38b2a551cc63c029384d0a0e72 mbs1/x86_64/kernel-server-devel-3.4.62-1.1.mbs1.x86_64.rpm 14be9b94085e9a01dd9cca95e38a2818 mbs1/x86_64/kernel-source-3.4.62-1.mbs1.noarch.rpm 7e72ba0f7bce7ccbdb1470d3426ed019 mbs1/x86_64/lib64cpupower0-3.4.62-1.1.mbs1.x86_64.rpm 296ebc6c41bfde917caea75bf3c0ba68 mbs1/x86_64/lib64cpupower-devel-3.4.62-1.1.mbs1.x86_64.rpm 5cba7555d3490eee675d47e719cfa37e mbs1/x86_64/perf-3.4.62-1.1.mbs1.x86_64.rpm f9854e12b7264dfeb6751a92b22ee4ff mbs1/SRPMS/cpupower-3.4.62-1.1.mbs1.src.rpm d3574b371323d22eca16bf6cb2d73334 mbs1/SRPMS/kernel-firmware-3.4.62-1.1.mbs1.src.rpm 6310fd3a2872494bdbbd0c69960dc8b1 mbs1/SRPMS/kernel-headers-3.4.62-1.1.mbs1.src.rpm c2b2de6ae43dc8cba2678adc445deabd mbs1/SRPMS/kernel-server-3.4.62-1.1.mbs1.src.rpm 861c839b28c73378727f35801629489d mbs1/SRPMS/kernel-source-3.4.62-1.mbs1.src.rpm 6859e841effe9ae2528f9a65dd57dd41 mbs1/SRPMS/perf-3.4.62-1.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSQ/oSmqjQ0CJFipgRAhgmAKDb8jFGiWgtokzIyLZDCTjPdqtQpgCg3cNj ofWbH+ulXdyYbr/wkrRj5uI= =sNPZ -----END PGP SIGNATURE-----
