[PVE-User] pve-user Digest, Vol 73, Issue 19

Irek Fasikhov malmyzh at gmail.com
Fri Apr 25 07:34:38 CEST 2014


Hi, Iosif Peterfi.

Proxmox uses Red Hat-base kernel.
https://pve.proxmox.com/wiki/Proxmox_VE_Kernel


2014-04-25 9:27 GMT+04:00 <pve-user-request at pve.proxmox.com>:

> Send pve-user mailing list submissions to
>         pve-user at pve.proxmox.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> or, via email, send a message with subject or body 'help' to
>         pve-user-request at pve.proxmox.com
>
> You can reach the person managing the list at
>         pve-user-owner at pve.proxmox.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of pve-user digest..."
>
>
> Today's Topics:
>
>    1. Re: pve-user Digest, Vol 73, Issue 18 (Irek Fasikhov)
>    2. Re: [SECURITY] [DSA 2906-1] linux-2.6 security update
>       (Iosif Peterfi)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 25 Apr 2014 08:20:27 +0400
> From: Irek Fasikhov <malmyzh at gmail.com>
> To: "pve-user at pve.proxmox.com" <pve-user at pve.proxmox.com>
> Subject: Re: [PVE-User] pve-user Digest, Vol 73, Issue 18
> Message-ID:
>         <CAF-rypxybAu33XSd3_n+98Lixa+0eJT=
> 3NO0MFHLToYxTumk1Q at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi, Alexandre DERUMIER
>
> Sync the files please git kernel ;).
>
>
> 2014-04-24 14:00 GMT+04:00 <pve-user-request at pve.proxmox.com>:
>
> > Send pve-user mailing list submissions to
> >         pve-user at pve.proxmox.com
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >         http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> > or, via email, send a message with subject or body 'help' to
> >         pve-user-request at pve.proxmox.com
> >
> > You can reach the person managing the list at
> >         pve-user-owner at pve.proxmox.com
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of pve-user digest..."
> >
> >
> > Today's Topics:
> >
> >    1. There are no files in Git Kernel (Irek Fasikhov)
> >    2. Re: There are no files in Git Kernel (Dietmar Maurer)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Thu, 24 Apr 2014 11:12:40 +0400
> > From: Irek Fasikhov <malmyzh at gmail.com>
> > To: "pve-user at pve.proxmox.com" <pve-user at pve.proxmox.com>
> > Subject: [PVE-User] There are no files in Git Kernel
> > Message-ID:
> >         <
> > CAF-rypwddS_vDe4UGW0AATu01xmJXE8qocY4F1zKeURga4hV-w at mail.gmail.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Hi, Dietmar Maurer, Alexandre DERUMIER
> >
> > In git repository is missing the following files(
> >
> >
> https://git.proxmox.com/?p=pve-kernel-2.6.32.git;a=tree;h=dcfe603b71a1e227bfa8fe1b1b4b39570e7f74f9;hb=dcfe603b71a1e227bfa8fe1b1b4b39570e7f74f9
> > ):
> >
> > config-2.6.32-042stab088.4.x86_64
> > vzkernel-2.6.32-042stab088.4.src.rpm
> >
> > --
> > ? ?????????, ??????? ???? ???????????
> > ???.: +79229045757
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://pve.proxmox.com/pipermail/pve-user/attachments/20140424/a0c7f0a6/attachment-0001.html
> > >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Thu, 24 Apr 2014 08:45:05 +0000
> > From: Dietmar Maurer <dietmar at proxmox.com>
> > To: Irek Fasikhov <malmyzh at gmail.com>, "pve-user at pve.proxmox.com"
> >         <pve-user at pve.proxmox.com>
> > Subject: Re: [PVE-User] There are no files in Git Kernel
> > Message-ID:
> >         <24E144B8C0207547AD09C467A8259F75594E1C5C at lisa.maurer-it.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > thanks for the bug report ? just added those files.
> >
> > Should appear on the puplic repository in a few minutes.
> >
> > From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf Of
> > Irek Fasikhov
> > Sent: Donnerstag, 24. April 2014 09:13
> > To: pve-user at pve.proxmox.com
> > Subject: [PVE-User] There are no files in Git Kernel
> >
> > Hi, Dietmar Maurer, Alexandre DERUMIER
> >
> > In git repository is missing the following files(
> >
> https://git.proxmox.com/?p=pve-kernel-2.6.32.git;a=tree;h=dcfe603b71a1e227bfa8fe1b1b4b39570e7f74f9;hb=dcfe603b71a1e227bfa8fe1b1b4b39570e7f74f9
> > ):
> >
> > config-2.6.32-042stab088.4.x86_64
> > vzkernel-2.6.32-042stab088.4.src.rpm
> >
> > --
> > ? ?????????, ??????? ???? ???????????
> > ???.: +79229045757
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://pve.proxmox.com/pipermail/pve-user/attachments/20140424/88997601/attachment-0001.html
> > >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > pve-user mailing list
> > pve-user at pve.proxmox.com
> > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >
> >
> > ------------------------------
> >
> > End of pve-user Digest, Vol 73, Issue 18
> > ****************************************
> >
>
>
>
> --
> ? ?????????, ??????? ???? ???????????
> ???.: +79229045757
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://pve.proxmox.com/pipermail/pve-user/attachments/20140425/dc75c528/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 25 Apr 2014 07:27:34 +0200
> From: Iosif Peterfi <iosif.peterfi at gmail.com>
> To: pve-user at pve.proxmox.com
> Subject: Re: [PVE-User] [SECURITY] [DSA 2906-1] linux-2.6 security
>         update
> Message-ID:
>         <
> CA+M5w7vty7k3o8izkJA07L-8a5NX+y8aRJZX48inuP9gbc6HLw at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Guys,
>
> Has this been fixed in the pve-kernel 2.6 ?! This has just been patched in
> debian last night (CET).
>
> Let me know,
> Iosif
>
>
> On Fri, Apr 25, 2014 at 2:12 AM, dann frazier <dannf at debian.org> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > - ----------------------------------------------------------------------
> > Debian Security Advisory DSA-2906-1                security at debian.org
> > http://www.debian.org/security/                           Dann Frazier
> > April 24, 2014                      http://www.debian.org/security/faq
> > - ----------------------------------------------------------------------
> >
> > Package        : linux-2.6
> > Vulnerability  : privilege escalation/denial of service/information leak
> > Problem type   : local/remote
> > Debian-specific: no
> > CVE Id(s)      : CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893
> >                  CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4512
> >                  CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6381
> >                  CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7264
> >                  CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-1444
> >                  CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2039
> >                  CVE-2014-2523 CVE-2103-2929
> >
> > Several vulnerabilities have been discovered in the Linux kernel that may
> > lead
> > to a denial of service, information leak or privilege escalation. The
> > Common
> > Vulnerabilities and Exposures project identifies the following problems:
> >
> > CVE-2013-0343
> >
> >     George Kargiotakis reported an issue in the temporary address
> handling
> >     of the IPv6 privacy extensions. Users on the same LAN can cause a
> > denial
> >     of service or obtain access to sensitive information by sending
> router
> >     advertisement messages that cause temporary address generation to be
> >     disabled.
> >
> > CVE-2013-2147
> >
> >     Dan Carpenter reported issues in the cpqarray driver for Compaq
> >     Smart2 Controllers and the cciss driver for HP Smart Array
> controllers
> >     allowing users to gain access to sensitive kernel memory.
> >
> > CVE-2013-2889
> >
> >     Kees Cook discovered missing input sanitization in the HID driver for
> >     Zeroplus game pads that could lead to a local denial of service.
> >
> > CVE-2013-2893
> >
> >     Kees Cook discovered that missing input sanitization in the HID
> driver
> >     for various Logitech force feedback devices could lead to a local
> > denial
> >     of service.
> >
> > CVE-2013-2929
> >
> >     Vasily Kulikov discovered that a flaw in the get_dumpable() function
> of
> >     the ptrace subsytsem could lead to information disclosure. Only
> systems
> >     with the fs.suid_dumpable sysctl set to a non-default value of '2'
> are
> >     vulnerable.
> >
> > CVE-2013-4162
> >
> >     Hannes Frederic Sowa discovered that incorrect handling of IPv6
> sockets
> >     using the UDP_CORK option could result in denial of service.
> >
> > CVE-2013-4299
> >
> >     Fujitsu reported an issue in the device-mapper subsystem. Local users
> >     could gain access to sensitive kernel memory.
> >
> > CVE-2013-4345
> >
> >     Stephan Mueller found in bug in the ANSI pseudo random number
> generator
> >     which could lead to the use of less entropy than expected.
> >
> > CVE-2013-4512
> >
> >     Nico Golde and Fabian Yamaguchi reported an issue in the user mode
> >     linux port. A buffer overflow condition exists in the write method
> >     for the /proc/exitcode file. Local users with sufficient privileges
> >     allowing them to write to this file could gain further elevated
> >     privileges.
> >
> > CVE-2013-4587
> >
> >     Andrew Honig of Google reported an issue in the KVM virtualization
> >     subsystem. A local user could gain elevated privileges by passing
> >     a large vcpu_id parameter.
> >
> > CVE-2013-6367
> >
> >     Andrew Honig of Google reported an issue in the KVM virtualization
> >     subsystem. A divide-by-zero condition could allow a guest user to
> >     cause a denial of service on the host (crash).
> >
> > CVE-2013-6380
> >
> >     Mahesh Rajashekhara reported an issue in the aacraid driver for
> storage
> >     products from various vendors. Local users with CAP_SYS_ADMIN
> > privileges
> >     could gain further elevated privileges.
> >
> > CVE-2013-6381
> >
> >     Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit
> > Ethernet
> >     device support for s390 systems. Local users could cause a denial of
> >     service or gain elevated privileges via the
> > SIOC_QETH_ADP_SET_SNMP_CONTROL
> >     ioctl.
> >
> > CVE-2013-6382
> >
> >     Nico Golde and Fabian Yamaguchi reported an issue in the XFS
> > filesystem.
> >     Local users with CAP_SYS_ADMIN privileges could gain further elevated
> >     privileges.
> >
> > CVE-2013-6383
> >
> >     Dan Carpenter reported an issue in the aacraid driver for storage
> > devices
> >     from various vendors. A local user could gain elevated privileges due
> > to
> >     a missing privilege level check in the aac_compat_ioctl function.
> >
> > CVE-2013-7263 CVE-2013-7264 CVE-2013-7265
> >
> >     mpb reported an information leak in the recvfrom, recvmmsg and
> recvmsg
> >     system calls. A local user could obtain access to sensitive kernel
> > memory.
> >
> > CVE-2013-7339
> >
> >     Sasha Levin reported an issue in the RDS network protocol over
> > Infiniband.
> >     A local user could cause a denial of service condition.
> >
> > CVE-2014-0101
> >
> >     Nokia Siemens Networks reported an issue in the SCTP network protocol
> >     subsystem. Remote users could cause a denial of service (NULL pointer
> >     dereference).
> >
> > CVE-2014-1444
> >
> >     Salva Peiro reported an issue in the FarSync WAN driver. Local users
> >     with the CAP_NET_ADMIN capability could gain access to sensitive
> kernel
> >     memory.
> >
> > CVE-2014-1445
> >
> >     Salva Peiro reported an issue in the wanXL serial card driver. Local
> >     users could gain access to sensitive kernel memory.
> >
> > CVE-2014-1446
> >
> >     Salva Peiro reported an issue in the YAM radio modem driver. Local
> > users
> >     with the CAP_NET_ADMIN capability could gain access to sensitive
> kernel
> >     memory.
> >
> > CVE-2014-1874
> >
> >     Matthew Thode reported an issue in the SELinux subsystem. A local
> user
> >     with CAP_MAC_ADMIN privileges could cause a denial of service by
> > setting
> >     an empty security context on a file.
> >
> > CVE-2014-2039
> >
> >     Martin Schwidefsky reported an issue on s390 systems. A local user
> >     could cause a denial of service (kernel oops) by executing an
> > application
> >     with a linkage stack instruction.
> >
> > CVE-2014-2523
> >
> >     Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp
> >     module. Remote users could cause a denial of service (system crash)
> >     or potentially gain elevated privileges.
> >
> > For the oldstable distribution (squeeze), this problem has been fixed in
> > version 2.6.32-48squeeze5.
> >
> > The following matrix lists additional source packages that were rebuilt
> for
> > compatibility with or to take advantage of this update:
> >
> >                                              Debian 6.0 (squeeze)
> >      user-mode-linux                         2.6.32-1um-4+48squeeze5
> >
> > We recommend that you upgrade your linux-2.6 and user-mode-linux
> packages.
> >
> > Note: Debian carefully tracks all known security issues across every
> > linux kernel package in all releases under active security support.
> > However, given the high frequency at which low-severity security
> > issues are discovered in the kernel and the resource requirements of
> > doing an update, updates for lower priority issues will normally not
> > be released for all kernels at the same time. Rather, they will be
> > released in a staggered or "leap-frog" fashion.
> >
> > Further information about Debian Security Advisories, how to apply
> > these updates to your system and frequently asked questions can be
> > found at: http://www.debian.org/security/
> >
> > Mailing list: debian-security-announce at lists.debian.org
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1
> >
> > iQIcBAEBAgAGBQJTWaeAAAoJEBv4PF5U/IZAzFkP/2+YLfDXhZaBIoR1gugvac+F
> > q3/PgKXURH35N2vOU3pTkmYgwZh6gOHCzLJ3/ae2qL2GDTw5ZLu2EYv+xiJLOk8a
> > 9k5dki6j2k38EI7ktTn7BMVfOgoZTmlfYYVjdGmRU+2YEXu1ATr4zt0wN4azvThU
> > 25sgo21rYcaMPvOwng922/RAFQPtDZmAODTXxfpkL6c/zzeMLOILqlAYRe9uMfu5
> > 4X8G1/wglfSzx6b4yWZPvltWCgW+yi3OklrAalSsn8PnDf7yS8wWmxXsZ0pOEHHV
> > 7bbUCMDYtUkqqTq9/Ak/ohGo3mJkPJnzSeg8ShemSEY40NTlIbSmfUTYepTovhCF
> > A7A8TmYUhsAavD+DUxbQvYJjRKufzsymCg3yA0qp9JTKVRr5/IVkqpSeAx2Hpo7C
> > Jqkf0Or4t9BYc5juJasgicb4ttyYlleGnlJ8+ojelxXLROkH8EnIv3CDP87WGnOt
> > Dora/G+Al0AmRuk6TQuZofMtXK9dcBanN2+jr7HipE6dnH7vMo7xn979NdEaTkHs
> > Yskm+FJJXFoTGS49/V2YlIhDU2zuCnXodGYsZl+RSI54XPMkKrrfKZ6zRIJ5r3vJ
> > IFiqcMUlNJtEU4viwMjBkXlMvQZoN0e44ufK+/+VfQYPrj3puYoYLq1FOeF0JFaE
> > 8D7zI3prwl5DKG9kWEaq
> > =T6VL
> > -----END PGP SIGNATURE-----
> >
> >
> > --
> > To UNSUBSCRIBE, email to
> debian-security-announce-REQUEST at lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster at lists.debian.org
> > Archive: https://lists.debian.org/20140425001210.GA6824@fluid.dannf
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://pve.proxmox.com/pipermail/pve-user/attachments/20140425/40d70e03/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
>
> ------------------------------
>
> End of pve-user Digest, Vol 73, Issue 19
> ****************************************
>



-- 
С уважением, Фасихов Ирек Нургаязович
Моб.: +79229045757
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20140425/abfc188a/attachment-0014.html>


More information about the pve-user mailing list