Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 30 Mar 2014 14:03:36 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: Linux Kernel, two security issues

I don't see a cve assigned for the following:

1) https://secunia.com/advisories/57468/ :

A vulnerability has been reported in Linux Kernel, which can be exploited by 
malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition error in the 
"ath_tx_aggr_sleep()" function (drivers/net/wireless/ath/ath9k/xmit.c), which 
can be exploited to cause a crash.

The vulnerability is reported in versions prior to 3.12.15 and prior to 
3.13.7.


Solution:
Update to version 3.12.15 or 3.13.7.

Provided and/or discovered by:
Max Sydorenko within a bug report.

Original Advisory:
Kernel:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7

Max Sydorenko:
https://bugzilla.kernel.org/show_bug.cgi?id=70551




2) https://secunia.com/advisories/57436/ :

Description

A vulnerability has been reported in Linux Kernel, which can be exploited by 
malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "arch_dup_task_struct()" 
function (arch/powerpc/kernel/process.c) and can be exploited to cause a crash 
via a specially crafted instruction sequence.

Note: This only affects systems running on PowerPC.

The vulnerability is reported in versions prior to 3.12.15 and 3.13.7.


Solution:
Update to version 3.12.15 or 3.13.7.

Provided and/or discovered by:
The vendor credits Adhemerval Zanella Neto.

Original Advisory:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ