-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0065

Title: Multiple issues in Linux Kernel

Version history:
21.05.2012 Initial publication

Summary and Potential impact
============================

Multiple issues in Linux Kernel include multiple buffer overflows 
in the hfsplus filesystem implementation, problems with handling the use 
of file system capabilities by the cap_bprm_set_creds function in 
security/commoncap.c, and the KVM implementation makes a KVM_CREATE_IRQCHIP
ioctl call after a virtual CPU already exists.

1) Multiple buffer overflows in the hfsplus filesystem implementation in
the Linux kernel before 3.3.5 allow local users to gain privileges via a
crafted HFS plus filesystem, This issue is related to CVE-2009-4020.[3]

CVE-2012-2319

Severity Level: CVSS v2 Base Score:7.2 (HIGH)
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  [2]

The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to perform adequate boundary checks on user-supplied data.
Local attackers can exploit this issue to run arbitrary code with
elevated privileges. Failed exploit attempts can crash the affected
kernel, denying service to legitimate users.

Updates are available.[1][4][5]

2) The cap_bprm_set_creds function in security/commoncap.c in the Linux
kernel before 3.3.3 does not properly handle the use of file system
capabilities (aka fcaps) for implementing a privileged executable file,
which allows local users  to bypass intended personality restrictions
via a crafted application, as demonstrated by an attack that uses a
parent process to disable ASLR

CVE-2012-2123

Severity Level: CVSS v2 Base Score:7.2 (HIGH)
(AV:L/AC:L/Au:N/C:C/I:C/A:C) [2]

Linux kernel fcaps is prone to a local security-bypass vulnerability.
Local attackers can exploit this issue to bypass certain security
restrictions and perform unauthorized actions. [4]

Updates are available.[6][7][5]

3) The KVM implementation in the Linux kernel before 3.3.6 allows host
OS users to cause a denial of service (NULL pointer dereference and host
OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU
already exists.[8]

CVE-2012-1601

Severity Level: CVSS v2 Base Score:4.9 (MEDIUM)
(AV:L/AC:L/Au:N/C:N/I:N/A:C)  [2]

The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to crash a host system, resulting in a
denial-of-service condition.[9]

Updates are available.[9][10][5]

Vulnerable Systems
==================
Linux kernel

What can you do?
================
Updates are available - see references.

What to tell your users?
========================
N/A

More information
================
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2319
[2] More information about CVSS is available at:
http://www.first.org/cvss/cvss-guide.html
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2319
[4] http://www.securityfocus.com/bid/53401/solution
[5] http://www.kernel.org/
[6] http://www.securityfocus.com/bid/53166/discuss
[7] https://bugzilla.redhat.com/show_bug.cgi?id=806722
[8] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1601
[9] http://www.securityfocus.com/bid/53488/discuss
[10] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1601

Best regards,

CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html

(DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in
its setup phase, until May 2012. Services are provided in a pilot
fashion, and are not yet fully functional. Announcements, alerts and
warnings are sent out in best   effort manner, and to contact
information currently known to us. We apologise if you are not the
correct recipient, or if you had already been warned about this issue
from another source . Format, content and way of alerting are  subject
to change in the future. Contact information or even the team name may
change as well.)

-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.39

iQJXBAEBAgBBBQJPuk2kOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp
b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4ODCxAAsejnmz8i
ehxheseFRC2X/j9r/td0GL5D0KfjnmAEvcSBkjS7mS6NR+f2UpA6aLgnZwFh65k5
0Mz636iew/gK7PolGbj1x0XLvWGXnl1T/BRPNxMLfyQfgTUR80bGFAL9lNQMrrCn
TLHxWlLroAPn9ABPszVZcTIsSNyZnAs4zcqcBwhTQMgVpj3zkyFHeS2JSFYjvGoR
bi84g4U5zSQHjkIF3S84P2PZQf7VZ40djZ74vCH1qGy15C2Cix928isKW5+4fGHl
28KVB8AOwze6DZ61icJ2LKDPHdSjUVU8o44bP48rV+cUzqHcmDwn4pa7gcDUya1s
tENLVDzbk8sVO5EscpX3yGakdXD3HKxl9w7Fa2tbBf9rRQLXZwd+8nxvMulFI0WD
ztSKxbCy+WFpXKmvfWsg4TJsvi46tj4d92J2EpvPGGFi9TSq6tLgT48bHewaEqKT
JG1pFJN3udwT1WZrOakBipomByT7U3759eW1Rd5hAcyJ6OL9dxlIRsgfvzEA2pNt
7HtIBAi5ELB8QUa4pSSr7jLlGTI6w1SpLcyb/wLiPdy7amHzTUT9k/KcILV/Wp+q
s1IOkHzzAhryU+av6ZrsOjEA4WFfNsnpyPZ3l2k1QpmpI/zdrATpScNQ0z/Z0HB1
SOJJz7AdXpSSDrH0rqQ9cHXSiwbC/dNP1Rg=
=Xfra
-----END PGP SIGNATURE-----