http://www.mandriva.com/en/
______________________________
Package : kernel
Date : November 27, 2014
Affected: Business Server 1.0
______________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in the Linux
kernel:
The WRMSR processing functionality in the KVM subsystem in the
Linux kernel through 3.17.2 does not properly handle the writing of a
non-canonical address to a model-specific register, which allows guest
OS users to cause a denial of service (host OS crash) by leveraging
guest OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c
(CVE-2014-3610).
Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through
3.17.2 allows guest OS users to cause a denial of service (host OS
crash) by leveraging incorrect PIT emulation (CVE-2014-3611).
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.12 does not have an exit handler for the INVEPT instruction, which
allows guest OS users to cause a denial of service (guest OS crash)
via a crafted application (CVE-2014-3645).
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through
3.17.2 does not have an exit handler for the INVVPID instruction,
which allows guest OS users to cause a denial of service (guest OS
crash) via a crafted application (CVE-2014-3646).
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel
through 3.17.2 does not properly perform RIP changes, which allows
guest OS users to cause a denial of service (guest OS crash) via a
crafted application (CVE-2014-3647).
The SCTP implementation in the Linux kernel through 3.17.2 allows
remote attackers to cause a denial of service (system crash) via
a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and
net/sctp/sm_statefuns.c (CVE-2014-3673).
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c
in the SCTP implementation in the Linux kernel through 3.17.2 allows
remote attackers to cause a denial of service (panic) via duplicate
ASCONF chunks that trigger an incorrect uncork within the side-effect
interpreter (CVE-2014-3687).
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host
OS users to kill arbitrary processes or cause a denial of service
(system disruption) by leveraging /dev/kvm access, as demonstrated by
PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690).
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2
does not properly handle private syscall numbers during use of the
perf subsystem, which allows local users to cause a denial of service
(out-of-bounds read and OOPS) or bypass the ASLR protection mechanism
via a crafted application (CVE-2014-7825).
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2
does not properly handle private syscall numbers during use of the
ftrace subsystem, which allows local users to gain privileges or
cause a denial of service (invalid pointer dereference) via a crafted
application (CVE-2014-7826).
The pivot_root implementation in fs/namespace.c in the Linux kernel
through 3.17 does not properly interact with certain locations of
a chroot directory, which allows local users to cause a denial of
service (mount-tree loop) via . (dot) values in both arguments to
the pivot_root system call (CVE-2014-7970).
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.17.2 miscalculates the number of pages during
the handling of a mapping failure, which allows guest OS users to
cause a denial of service (host OS page unpinning) or possibly have
unspecified other impact by leveraging guest OS privileges. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2014-3601
(CVE-2014-8369).
The updated packages provides a solution for these security issues.
______________________________
References:
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
______________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
844335653b0d9e326bd0a216f3ea30
0944cdafdcb39a677b01248786a2a5
ba7ff021bc473448d12f34507ed3c4
c5da0b82ad77b075f6ce0390cafe45
818764027cea7651b6eed4bdaefcb6
fb73af4d10dbfb744772697aeded56
cb9483eb41b264e9c0844098912dc3
bca76ebdff84f3fcb662ed40f337da
dd64b01e869b7cfb3c565310d4bcd4
06db298a74aae5b928698a4ab1c5ca
096237c036ac96f145cce3045968ee
b28b50590a939c293d1f5b47a210a4
d6b2dd0334645247996a487d5b946f
7457a1bb39e640bebe34b68857e04b
45b43544167a6e121148276e9ddb6a
______________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Komentarų nėra:
Rašyti komentarą