Mailinglist Archive: opensuse-security-announce (24 mails)

< Previous Next >
[security-announce] SUSE-SU-2013:0674-1: important: Security update for Linux kernel
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2013:0674-1
Rating: important
References: #742111 #765687 #769093 #770980 #776370 #781485
#785101 #786013 #787272 #789012 #790236 #792697
#795075 #795335 #797175 #799611 #800280 #801178
#802642 #804154 #809692
Cross-References: CVE-2012-4530 CVE-2013-0160 CVE-2013-0216
CVE-2013-0231 CVE-2013-0268 CVE-2013-0871

Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 15 fixes is
now available.

Description:


This Linux kernel update fixes various security issues and
bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed:

*

CVE-2013-0871: A race condition in ptrace(2) could be
used by local attackers to crash the kernel and/or execute
code in kernel context.

*

CVE-2013-0160: Avoid side channel information leaks
from the ptys via ptmx, which allowed local attackers to
guess keypresses.

*

CVE-2012-4530: Avoid leaving bprm->interp on the
stack which might have leaked information from the kernel
to userland attackers.

*

CVE-2013-0268: The msr_open function in
arch/x86/kernel/msr.c in the Linux kernel allowed local
users to bypass intended capability restrictions by
executing a crafted application as root, as demonstrated by
msr32.c.

*

CVE-2013-0216: The Xen netback functionality in the
Linux kernel allowed guest OS users to cause a denial of
service (loop) by triggering ring pointer corruption.

*

CVE-2013-0231: The pciback_enable_msi function in the
PCI backend driver
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen
for the Linux kernel allowed guest OS users with PCI device
access to cause a denial of service via a large number of
kernel log messages. NOTE: some of these details are
obtained from third party information.

Also the following non-security bugs have been fixed:

S/390:

* s390x: tty struct used after free (bnc#809692,
LTC#90216).
* s390x/kernel: sched_clock() overflow (bnc#799611,
LTC#87978).
* qeth: set new mac even if old mac is gone
(bnc#789012,LTC#86643).
* qeth: set new mac even if old mac is gone (2)
(bnc#792697,LTC#87138).
* qeth: fix deadlock between recovery and bonding
driver (bnc#785101,LTC#85905).
* dasd: check count address during online setting
(bnc#781485,LTC#85346).
* hugetlbfs: add missing TLB invalidation
(bnc#781485,LTC#85463).
* s390/kernel: make user-access pagetable walk code
huge page aware (bnc#781485,LTC#85455).

XEN:

* xen/netback: fix netbk_count_requests().
* xen: properly bound buffer access when parsing
cpu/availability.
* xen/scsiback/usbback: move cond_resched() invocations
to proper place.
* xen/pciback: properly clean up after calling
pcistub_device_find().
* xen: add further backward-compatibility configure
options.
* xen/PCI: suppress bogus warning on old hypervisors.
* xenbus: fix overflow check in xenbus_dev_write().
* xen/x86: do not corrupt %eip when returning from a
signal handler.

Other:

* kernel: Restrict clearing TIF_SIGPENDING (bnc#742111).
* kernel: recalc_sigpending_tsk fixes (bnc#742111).
* xfs: Do not reclaim new inodes in xfs_sync_inodes()
(bnc#770980).
* jbd: Avoid BUG_ON when checkpoint stalls (bnc#795335).
* reiserfs: Fix int overflow while calculating free
space (bnc#795075).
* cifs: clarify the meaning of tcpStatus == CifsGood
(bnc#769093).
* cifs: do not allow cifs_reconnect to exit with NULL
socket pointer (bnc#769093).
* cifs: switch to seq_files (bnc#776370).
* scsi: fix check of PQ and PDT bits for WLUNs
(bnc#765687).
* hugetlb: preserve hugetlb pte dirty state
(bnc#790236).
* poll: enforce RLIMIT_NOFILE in poll() (bnc#787272).
* proc: fix ->open less usage due to ->proc_fops flip
(bnc#776370).
* rpm/kernel-binary.spec.in: Ignore kabi errors if
%%ignore_kabi_badness is defined. This is used in the
Kernel:* projects in the OBS.

Security Issue references:

* CVE-2012-4530
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
>
* CVE-2013-0160
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160
>
* CVE-2013-0216
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0216
>
* CVE-2013-0231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
>
* CVE-2013-0268
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268
>
* CVE-2013-0871
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.


Package List:

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

kernel-default-2.6.16.60-0.101.1
kernel-source-2.6.16.60-0.101.1
kernel-syms-2.6.16.60-0.101.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.101.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.101.1

- SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

kernel-smp-2.6.16.60-0.101.1
kernel-xen-2.6.16.60-0.101.1

- SUSE Linux Enterprise Server 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.101.1
kernel-kdumppae-2.6.16.60-0.101.1
kernel-vmi-2.6.16.60-0.101.1
kernel-vmipae-2.6.16.60-0.101.1
kernel-xenpae-2.6.16.60-0.101.1

- SUSE Linux Enterprise Server 10 SP4 (ppc):

kernel-iseries64-2.6.16.60-0.101.1
kernel-ppc64-2.6.16.60-0.101.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

kernel-default-2.6.16.60-0.101.1
kernel-smp-2.6.16.60-0.101.1
kernel-source-2.6.16.60-0.101.1
kernel-syms-2.6.16.60-0.101.1
kernel-xen-2.6.16.60-0.101.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.101.1
kernel-xenpae-2.6.16.60-0.101.1

- SLE SDK 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.101.1

- SLE SDK 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.101.1

- SLE SDK 10 SP4 (i586 x86_64):

kernel-xen-2.6.16.60-0.101.1

- SLE SDK 10 SP4 (i586):

kernel-xenpae-2.6.16.60-0.101.1


References:

http://support.novell.com/security/cve/CVE-2012-4530.html
http://support.novell.com/security/cve/CVE-2013-0160.html
http://support.novell.com/security/cve/CVE-2013-0216.html
http://support.novell.com/security/cve/CVE-2013-0231.html
http://support.novell.com/security/cve/CVE-2013-0268.html
http://support.novell.com/security/cve/CVE-2013-0871.html
https://bugzilla.novell.com/742111
https://bugzilla.novell.com/765687
https://bugzilla.novell.com/769093
https://bugzilla.novell.com/770980
https://bugzilla.novell.com/776370
https://bugzilla.novell.com/781485
https://bugzilla.novell.com/785101
https://bugzilla.novell.com/786013
https://bugzilla.novell.com/787272
https://bugzilla.novell.com/789012
https://bugzilla.novell.com/790236
https://bugzilla.novell.com/792697
https://bugzilla.novell.com/795075
https://bugzilla.novell.com/795335
https://bugzilla.novell.com/797175
https://bugzilla.novell.com/799611
https://bugzilla.novell.com/800280
https://bugzilla.novell.com/801178
https://bugzilla.novell.com/802642
https://bugzilla.novell.com/804154
https://bugzilla.novell.com/809692

http://download.novell.com/patch/finder/?keywords=2b51bf3e02179f8f70c7b2ada2571a2d

http://download.novell.com/patch/finder/?keywords=7cf4de409b28c5f187bc1e9f71ccd64f

http://download.novell.com/patch/finder/?keywords=ac5626f6e7f483c6dac1cc5fe253fcf9

http://download.novell.com/patch/finder/?keywords=ba0e542087a9075aed8c17a29d5f1cb8

http://download.novell.com/patch/finder/?keywords=dba6fc0fdae22199ec260695a6d2179e

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages