{"id":"MGASA-2014-0332","summary":"Updated kernel-vserver package fixes security vulnerabilities","details":"Updated kernel-vserver provides upstream 3.10.51 kernel and fixes the\nfollowing security issues:\n\nArray index error in the aio_read_events_ring function in fs/aio.c in\nthe Linux kernel through 3.15.1 allows local users to obtain sensitive\ninformation from kernel memory via a large head value (CVE-2014-0206).\n\nThe Netlink implementation in the Linux kernel through 3.14.1 does not\nprovide a mechanism for authorizing socket operations based on the\nopener of a socket, which allows local users to bypass intended access\nrestrictions and modify network configurations by using a Netlink socket\nfor the (1) stdout or (2) stderr of a setuid program. (CVE-2014-0181)\n\nmedia-device: fix infoleak in ioctl media_enum_entities()\n(CVE-2014-1739)\n\nThe futex_requeue function in kernel/futex.c in the Linux kernel through\n3.14.5 does not ensure that calls have two different futex addresses,\nwhich allows local users to gain privileges via a crafted FUTEX_REQUEUE\ncommand that facilitates unsafe waiter modification. (CVE-2014-3153)\n\nkernel/auditsc.c in the Linux kernel through 3.14.5, when AUDITSYSCALL\nis enabled with certain syscall rules, allows local users to obtain\npotentially sensitive single-bit values from kernel memory or cause a\ndenial of service (OOPS) via a large value of a syscall number.\n(CVE-2014-3917)\n\nAndy Lutomirski has reported a vulnerability in Linux Kernel, which can\nbe exploited by malicious, local users to gain escalated privileges.\nThe vulnerability is caused due to an error related to checking Inode\ncapabilities, which can be exploited to conduct certain actions with\nescalated privileges.\nSuccessful exploitation requires a kernel built with user namespaces\n(USER_NS) enabled. (CVE-2014-4014)\n\nmm/shmem.c in the Linux kernel through 3.15.1 does not properly implement\nthe interaction between range notification and hole punching, which allows\nlocal users to cause a denial of service (i_mutex hold) by using the mmap\nsystem call to access a hole, as demonstrated by interfering with intended\nshmem activity by blocking completion of (1) an MADV_REMOVE madvise call\nor (2) an FALLOC_FL_PUNCH_HOLE fallocate call (CVE-2014-4171).\n\narch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit\nx86 platforms, when syscall auditing is enabled and the sep CPU feature\nflag is set, allows local users to cause a denial of service (OOPS and\nsystem crash) via an invalid syscall number, as demonstrated by number\n1000 (CVE-2014-4508). \n\nFor other fixes, see the referenced changelogs.\n","modified":"2026-01-30T03:59:37.522970Z","published":"2014-08-18T09:14:56Z","related":["CVE-2014-0181","CVE-2014-0206","CVE-2014-1739","CVE-2014-3153","CVE-2014-3917","CVE-2014-4014","CVE-2014-4171","CVE-2014-4508"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0332.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13869"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.51"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.50"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.49"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.48"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.46"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.44"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.43"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.42"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.41"}],"affected":[{"package":{"name":"kernel-vserver","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kernel-vserver?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.51-0.vs2.3.6.8.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0332.json"}},{"package":{"name":"kernel-vserver","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/kernel-vserver?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.51-0.vs2.3.6.8.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0332.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}