Mailinglist Archive: opensuse-security-announce (21 mails)

< Previous Next >
[security-announce] openSUSE-SU-2013:0847-1: important: kernel: security and bugfix update
openSUSE Security Update: kernel: security and bugfix update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0847-1
Rating: important
References: #806138 #806976 #806980 #808829 #809748 #813735
#815745 #819519 #819789
Cross-References: CVE-2013-0913 CVE-2013-1767 CVE-2013-1774
CVE-2013-1796 CVE-2013-1797 CVE-2013-1798
CVE-2013-2094
Affected Products:
openSUSE 12.1
______________________________________________________________________________

An update that solves 7 vulnerabilities and has two fixes
is now available.

Description:


The openSUSE 12.1 kernel was updated to fix a severe
secrutiy issue and various bugs.

Security issues fixed: CVE-2013-2094: The perf_swevent_init
function in kernel/events/core.c in the Linux kernel used
an incorrect integer data type, which allowed local users
to gain privileges via a crafted perf_event_open system
call.

CVE-2013-1774: The chase_port function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed
local users to cause a denial of service (NULL pointer
dereference and system crash) via an attempted /dev/ttyUSB
read or write operation on a disconnected Edgeport USB
serial converter.

CVE-2013-1928: The do_video_set_spu_palette function in
fs/compat_ioctl.c in the Linux kernel lacked a certain
error check, which might have allowed local users to obtain
sensitive information from kernel stack memory via a
crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb
device.

CVE-2013-1796: The kvm_set_msr_common function in
arch/x86/kvm/x86.c in the Linux kernel did not ensure a
required time_page alignment during an MSR_KVM_SYSTEM_TIME
operation, which allowed guest OS users to cause a denial
of service (buffer overflow and host OS memory corruption)
or possibly have unspecified other impact via a crafted
application.

CVE-2013-1797: Use-after-free vulnerability in
arch/x86/kvm/x86.c in the Linux kernel allowed guest OS
users to cause a denial of service (host OS memory
corruption) or possibly have unspecified other impact via a
crafted application that triggers use of a guest physical
address (GPA) in (1) movable or (2) removable memory during
an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.

CVE-2013-1798: The ioapic_read_indirect function in
virt/kvm/ioapic.c in the Linux kernel did not properly
handle a certain combination of invalid IOAPIC_REG_SELECT
and IOAPIC_REG_WINDOW operations, which allowed guest OS
users to obtain sensitive information from host OS memory
or cause a denial of service (host OS OOPS) via a crafted
application.

CVE-2013-1767: Use-after-free vulnerability in the
shmem_remount_fs function in mm/shmem.c in the Linux kernel
allowed local users to gain privileges or cause a denial of
service (system crash) by remounting a tmpfs filesystem
without specifying a required mpol (aka mempolicy) mount
option.

CVE-2013-0913: Integer overflow in
drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915
driver in the Direct Rendering Manager (DRM) subsystem in
the Linux kernel allowed local users to cause a denial of
service (heap-based buffer overflow) or possibly have
unspecified other impact via a crafted application that
triggers many relocation copies, and potentially leads to a
race condition.

Bugs fixed:
- qlge: fix dma map leak when the last chunk is not
allocated (bnc#819519).

- TTY: fix atime/mtime regression (bnc#815745).

- fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error
check (bnc#813735).

- USB: io_ti: Fix NULL dereference in chase_port()
(bnc#806976, CVE-2013-1774).

- KVM: Convert MSR_KVM_SYSTEM_TIME to use
gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797).
- KVM: Fix bounds checking in ioapic indirect register read
(bnc#806980 CVE-2013-1798).
- KVM: Fix for buffer overflow in handling of
MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796).
- kabi/severities: Allow kvm module abi changes - modules
are self consistent

- loopdev: fix a deadlock (bnc#809748).
- block: use i_size_write() in bd_set_size() (bnc#809748).

- drm/i915: bounds check execbuffer relocation count
(bnc#808829,CVE-2013-0913).

- tmpfs: fix use-after-free of mempolicy object
(bnc#806138, CVE-2013-1767).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-454

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (i586 x86_64):

kernel-debug-3.1.10-1.23.1.g8645a72
kernel-debug-base-3.1.10-1.23.1.g8645a72
kernel-debug-base-debuginfo-3.1.10-1.23.1.g8645a72
kernel-debug-debuginfo-3.1.10-1.23.1.g8645a72
kernel-debug-debugsource-3.1.10-1.23.1.g8645a72
kernel-debug-devel-3.1.10-1.23.1.g8645a72
kernel-debug-devel-debuginfo-3.1.10-1.23.1.g8645a72
kernel-default-3.1.10-1.23.1.g8645a72
kernel-default-base-3.1.10-1.23.1.g8645a72
kernel-default-base-debuginfo-3.1.10-1.23.1.g8645a72
kernel-default-debuginfo-3.1.10-1.23.1.g8645a72
kernel-default-debugsource-3.1.10-1.23.1.g8645a72
kernel-default-devel-3.1.10-1.23.1.g8645a72
kernel-default-devel-debuginfo-3.1.10-1.23.1.g8645a72
kernel-desktop-3.1.10-1.23.1.g8645a72
kernel-desktop-base-3.1.10-1.23.1.g8645a72
kernel-desktop-base-debuginfo-3.1.10-1.23.1.g8645a72
kernel-desktop-debuginfo-3.1.10-1.23.1.g8645a72
kernel-desktop-debugsource-3.1.10-1.23.1.g8645a72
kernel-desktop-devel-3.1.10-1.23.1.g8645a72
kernel-desktop-devel-debuginfo-3.1.10-1.23.1.g8645a72
kernel-ec2-3.1.10-1.23.1.g8645a72
kernel-ec2-base-3.1.10-1.23.1.g8645a72
kernel-ec2-base-debuginfo-3.1.10-1.23.1.g8645a72
kernel-ec2-debuginfo-3.1.10-1.23.1.g8645a72
kernel-ec2-debugsource-3.1.10-1.23.1.g8645a72
kernel-ec2-devel-3.1.10-1.23.1.g8645a72
kernel-ec2-devel-debuginfo-3.1.10-1.23.1.g8645a72
kernel-ec2-extra-3.1.10-1.23.1.g8645a72
kernel-ec2-extra-debuginfo-3.1.10-1.23.1.g8645a72
kernel-syms-3.1.10-1.23.1.g8645a72
kernel-trace-3.1.10-1.23.1.g8645a72
kernel-trace-base-3.1.10-1.23.1.g8645a72
kernel-trace-base-debuginfo-3.1.10-1.23.1.g8645a72
kernel-trace-debuginfo-3.1.10-1.23.1.g8645a72
kernel-trace-debugsource-3.1.10-1.23.1.g8645a72
kernel-trace-devel-3.1.10-1.23.1.g8645a72
kernel-trace-devel-debuginfo-3.1.10-1.23.1.g8645a72
kernel-vanilla-3.1.10-1.23.1.g8645a72
kernel-vanilla-base-3.1.10-1.23.1.g8645a72
kernel-vanilla-base-debuginfo-3.1.10-1.23.1.g8645a72
kernel-vanilla-debuginfo-3.1.10-1.23.1.g8645a72
kernel-vanilla-debugsource-3.1.10-1.23.1.g8645a72
kernel-vanilla-devel-3.1.10-1.23.1.g8645a72
kernel-vanilla-devel-debuginfo-3.1.10-1.23.1.g8645a72
kernel-xen-3.1.10-1.23.1.g8645a72
kernel-xen-base-3.1.10-1.23.1.g8645a72
kernel-xen-base-debuginfo-3.1.10-1.23.1.g8645a72
kernel-xen-debuginfo-3.1.10-1.23.1.g8645a72
kernel-xen-debugsource-3.1.10-1.23.1.g8645a72
kernel-xen-devel-3.1.10-1.23.1.g8645a72
kernel-xen-devel-debuginfo-3.1.10-1.23.1.g8645a72

- openSUSE 12.1 (noarch):

kernel-devel-3.1.10-1.23.1.g8645a72
kernel-docs-3.1.10-1.23.2.g8645a72
kernel-source-3.1.10-1.23.1.g8645a72
kernel-source-vanilla-3.1.10-1.23.1.g8645a72

- openSUSE 12.1 (i586):

kernel-pae-3.1.10-1.23.1.g8645a72
kernel-pae-base-3.1.10-1.23.1.g8645a72
kernel-pae-base-debuginfo-3.1.10-1.23.1.g8645a72
kernel-pae-debuginfo-3.1.10-1.23.1.g8645a72
kernel-pae-debugsource-3.1.10-1.23.1.g8645a72
kernel-pae-devel-3.1.10-1.23.1.g8645a72
kernel-pae-devel-debuginfo-3.1.10-1.23.1.g8645a72


References:

http://support.novell.com/security/cve/CVE-2013-0913.html
http://support.novell.com/security/cve/CVE-2013-1767.html
http://support.novell.com/security/cve/CVE-2013-1774.html
http://support.novell.com/security/cve/CVE-2013-1796.html
http://support.novell.com/security/cve/CVE-2013-1797.html
http://support.novell.com/security/cve/CVE-2013-1798.html
http://support.novell.com/security/cve/CVE-2013-2094.html
https://bugzilla.novell.com/806138
https://bugzilla.novell.com/806976
https://bugzilla.novell.com/806980
https://bugzilla.novell.com/808829
https://bugzilla.novell.com/809748
https://bugzilla.novell.com/813735
https://bugzilla.novell.com/815745
https://bugzilla.novell.com/819519
https://bugzilla.novell.com/819789

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages