Package name
kernel
Date
2013-09-26
Advisory ID
MDVSA-2013:242
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

Multiple array index errors in drivers/hid/hid-core.c in the Human
Interface Device (HID) subsystem in the Linux kernel through 3.11
allow physically proximate attackers to execute arbitrary code or
cause a denial of service (heap memory corruption) via a crafted
device that provides an invalid Report ID (CVE-2013-2888).

drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem
in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled,
allows physically proximate attackers to cause a denial of service
(heap-based out-of-bounds write) via a crafted device (CVE-2013-2889).

drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in
the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled,
allows physically proximate attackers to cause a denial of service
(heap-based out-of-bounds write) via a crafted device (CVE-2013-2892).

The Human Interface Device (HID) subsystem in the Linux kernel
through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or
CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate
attackers to cause a denial of service (heap-based out-of-bounds
write) via a crafted device, related to (1) drivers/hid/hid-lgff.c,
(2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c
(CVE-2013-2893).

drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ
is enabled, allows physically proximate attackers to cause a denial
of service (NULL pointer dereference and OOPS) or obtain sensitive
information from kernel memory via a crafted device (CVE-2013-2895).

drivers/hid/hid-ntrig.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG
is enabled, allows physically proximate attackers to cause a denial
of service (NULL pointer dereference and OOPS) via a crafted device
(CVE-2013-2896).

Multiple array index errors in drivers/hid/hid-multitouch.c in the
Human Interface Device (HID) subsystem in the Linux kernel through
3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate
attackers to cause a denial of service (heap memory corruption, or NULL
pointer dereference and OOPS) via a crafted device (CVE-2013-2897).

drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD
is enabled, allows physically proximate attackers to cause a denial
of service (NULL pointer dereference and OOPS) via a crafted device
(CVE-2013-2899).

The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6
implementation in the Linux kernel through 3.10.3 makes an incorrect
function call for pending data, which allows local users to cause a
denial of service (BUG and system crash) via a crafted application that
uses the UDP_CORK option in a setsockopt system call (CVE-2013-4162).

The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6
implementation in the Linux kernel through 3.10.3 does not properly
maintain information about whether the IPV6_MTU setsockopt option
had been specified, which allows local users to cause a denial of
service (BUG and system crash) via a crafted application that uses
the UDP_CORK option in a setsockopt system call (CVE-2013-4163).

The validate_event function in arch/arm/kernel/perf_event.c in the
Linux kernel before 3.10.8 on the ARM platform allows local users to
gain privileges or cause a denial of service (NULL pointer dereference
and system crash) by adding a hardware event to an event group led
by a software event (CVE-2013-4254

The updated packages provides a solution for these security issues.

Updated packages

MBS1 x86_64

 8d1134181d478c0a1c6dbf1449991b6b  mbs1/x86_64/cpupower-3.4.62-1.1.mbs1.x86_64.rpm
 37937e41c97631fd97ff33d9b9ba5814  mbs1/x86_64/kernel-firmware-3.4.62-1.1.mbs1.noarch.rpm
 96e1efeb3d657e3c3e59abadca7a415d  mbs1/x86_64/kernel-headers-3.4.62-1.1.mbs1.x86_64.rpm
 47b765b1d8710bfb333a613b03a56161  mbs1/x86_64/kernel-server-3.4.62-1.1.mbs1.x86_64.rpm
 9af9dd38b2a551cc63c029384d0a0e72  mbs1/x86_64/kernel-server-devel-3.4.62-1.1.mbs1.x86_64.rpm
 14be9b94085e9a01dd9cca95e38a2818  mbs1/x86_64/kernel-source-3.4.62-1.mbs1.noarch.rpm
 7e72ba0f7bce7ccbdb1470d3426ed019  mbs1/x86_64/lib64cpupower0-3.4.62-1.1.mbs1.x86_64.rpm
 296ebc6c41bfde917caea75bf3c0ba68  mbs1/x86_64/lib64cpupower-devel-3.4.62-1.1.mbs1.x86_64.rpm
 5cba7555d3490eee675d47e719cfa37e  mbs1/x86_64/perf-3.4.62-1.1.mbs1.x86_64.rpm 
 f9854e12b7264dfeb6751a92b22ee4ff  mbs1/SRPMS/cpupower-3.4.62-1.1.mbs1.src.rpm
 d3574b371323d22eca16bf6cb2d73334  mbs1/SRPMS/kernel-firmware-3.4.62-1.1.mbs1.src.rpm
 6310fd3a2872494bdbbd0c69960dc8b1  mbs1/SRPMS/kernel-headers-3.4.62-1.1.mbs1.src.rpm
 c2b2de6ae43dc8cba2678adc445deabd  mbs1/SRPMS/kernel-server-3.4.62-1.1.mbs1.src.rpm
 861c839b28c73378727f35801629489d  mbs1/SRPMS/kernel-source-3.4.62-1.mbs1.src.rpm
 6859e841effe9ae2528f9a65dd57dd41  mbs1/SRPMS/perf-3.4.62-1.1.mbs1.src.rpm

References