Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 475638 (CVE-2013-2224) - <sys-kernel/openvz-sources-2.6.32.78.27 - local unprivileged user could crash the system resulting in DoS (CVE-2013-2224)
Summary: <sys-kernel/openvz-sources-2.6.32.78.27 - local unprivileged user could crash...
Status: RESOLVED FIXED
Alias: CVE-2013-2224
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-03 16:44 UTC by Joakim
Modified: 2013-08-29 22:46 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Joakim 2013-07-03 16:44:59 UTC
The currently stable gentoo ebuild openvz-sources-2.6.32.78.26 has a security problem and was replaced by openvz-sources-2.6.32.78.27

http://wiki.openvz.org/Download/kernel/rhel6/042stab078.27
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2224

Please bump asap

Thanks
Comment 1 Agostino Sarubbo gentoo-dev 2013-07-04 19:12:11 UTC
@pva, could you confirm the issue?
Comment 2 Andreis Vinogradovs ( slepnoga ) 2013-07-05 06:05:09 UTC
(In reply to Agostino Sarubbo from comment #1)
> @pva, could you confirm the issue?

I'm not pva ;), but ,yes, i confirm this;
I plan to bump it this weekend.
Comment 3 Sergey Popov gentoo-dev 2013-07-15 15:09:18 UTC
2.6.32.78.28 is in tree now, let's stabilize it

Target keywords: amd64 x86
Comment 4 Peter Volkov (RETIRED) gentoo-dev 2013-07-17 17:56:54 UTC
amd64/x86 stable.
Comment 5 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-29 17:12:31 UTC
Kernels don't get GLSAs. Closing.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-08-29 22:46:26 UTC
CVE-2013-2224 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2224):
  A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise
  Linux (RHEL) 6 allows local users to cause a denial of service (invalid free
  operation and system crash) or possibly gain privileges via a sendmsg system
  call with the IP_RETOPTS option, as demonstrated by hemlock.c.  NOTE: this
  vulnerability exists because of an incorrect fix for CVE-2012-3552.