what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-265

Mandriva Linux Security Advisory 2013-265
Posted Nov 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-265 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service via a crafted application. The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service via a small value in the IHL field of a packet with IPIP encapsulation. Various other issues have also been addressed.

tags | advisory, remote, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4483, CVE-2013-4348, CVE-2013-4470, CVE-2013-2015, CVE-2013-4387, CVE-2013-4350
SHA-256 | e2830471bcc8e7e6df1c6e5b34dfd41726e01285869d01bb9ed74386acc56edd

Mandriva Linux Security Advisory 2013-265

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:265
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : kernel
Date : November 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

The ipc_rcu_putref function in ipc/util.c in the Linux kernel before
3.10 does not properly manage a reference count, which allows local
users to cause a denial of service (memory consumption or system crash)
via a crafted application (CVE-2013-4483).

The skb_flow_dissect function in net/core/flow_dissector.c in the
Linux kernel through 3.12 allows remote attackers to cause a denial
of service (infinite loop) via a small value in the IHL field of a
packet with IPIP encapsulation (CVE-2013-4348).

The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is
enabled, does not properly initialize certain data structures, which
allows local users to cause a denial of service (memory corruption and
system crash) or possibly gain privileges via a crafted application
that uses the UDP_CORK option in a setsockopt system call and
sends both short and long packets, related to the ip_ufo_append_data
function in net/ipv4/ip_output.c and the ip6_ufo_append_data function
in net/ipv6/ip6_output.c (CVE-2013-4470).

The ext4_orphan_del function in fs/ext4/namei.c in the Linux
kernel before 3.7.3 does not properly handle orphan-list entries
for non-journal filesystems, which allows physically proximate
attackers to cause a denial of service (system hang) via a crafted
filesystem on removable media, as demonstrated by the e2fsprogs
tests/f_orphan_extents_inode/image.gz test (CVE-2013-2015).

net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not
properly determine the need for UDP Fragmentation Offload (UFO)
processing of small packets after the UFO queueing of a large packet,
which allows remote attackers to cause a denial of service (memory
corruption and system crash) or possibly have unspecified other
impact via network traffic that triggers a large response packet
(CVE-2013-4387).

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel
through 3.11.1 uses data structures and function calls that do not
trigger an intended configuration of IPsec encryption, which allows
remote attackers to obtain sensitive information by sniffing the
network (CVE-2013-4350).

The updated packages provides a solution for these security issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4350
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
3e07dbbb16fbf8343e7886d39e59d560 mbs1/x86_64/cpupower-3.4.68-1.1.mbs1.x86_64.rpm
a8d76e647c25732e008d5fe0cc901b74 mbs1/x86_64/kernel-firmware-3.4.68-1.1.mbs1.noarch.rpm
df7a5f41d1a57b5330ef9670e3029b45 mbs1/x86_64/kernel-headers-3.4.68-1.1.mbs1.x86_64.rpm
c5e3580627b85cd13fe34f01ecd281ff mbs1/x86_64/kernel-server-3.4.68-1.1.mbs1.x86_64.rpm
191a77d39e1608ba61bedad37934ee59 mbs1/x86_64/kernel-server-devel-3.4.68-1.1.mbs1.x86_64.rpm
60757fbb2e02db7a65abb068d668bbeb mbs1/x86_64/kernel-source-3.4.68-1.mbs1.noarch.rpm
1d3d7fa9c0343a0f864888af7ae6adf2 mbs1/x86_64/lib64cpupower0-3.4.68-1.1.mbs1.x86_64.rpm
9dcc6574393b87fb14cf61dae7d1bdb6 mbs1/x86_64/lib64cpupower-devel-3.4.68-1.1.mbs1.x86_64.rpm
4e2890287eb20fe8c838201e01c2b630 mbs1/x86_64/perf-3.4.68-1.1.mbs1.src.rpm
e457d243d932d91bfffc0526c61f3edd mbs1/x86_64/perf-3.4.68-1.1.mbs1.x86_64.rpm
7b16a80336ac11a7b874e698bf95faf6 mbs1/SRPMS/cpupower-3.4.68-1.1.mbs1.src.rpm
2613ea858b6691a30613bc1edc14e245 mbs1/SRPMS/kernel-firmware-3.4.68-1.1.mbs1.src.rpm
9d28c4f34a316d012fc30a864dbb6b8e mbs1/SRPMS/kernel-headers-3.4.68-1.1.mbs1.src.rpm
574f76f01511c7c33606f60be964ea95 mbs1/SRPMS/kernel-server-3.4.68-1.1.mbs1.src.rpm
3bb6f3c5e0efe45d41c169cb5a2269cf mbs1/SRPMS/kernel-source-3.4.68-1.mbs1.src.rpm
2c7c1b9db777af533334dfc3dcd43649 mbs1/SRPMS/perf-3.4.68-1.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSf2lTmqjQ0CJFipgRAuXPAJ9Ml0xBSFFklcKZHngYmb0ldOtU/QCeIQ2t
do+JndxB3ZBWZxk1wXBYUsE=
=kREG
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close