SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0856-1 Rating: important References: #760753 #789831 #790236 #810628 #812317 #813735 #815745 #817666 #818337 #819403 Cross-References: CVE-2012-4444 CVE-2013-1928 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 10 SP4 kernel has been updated to fix various bugs and security issues. Security issues fixed: * CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. * CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. Also the following bugs have been fixed: * hugetlb: Fix regression introduced by the original patch (bnc#790236, bnc#819403). * NFSv3/v2: Fix data corruption with NFS short reads (bnc#818337). * Fix package descriptions in specfiles (bnc#817666). * TTY: fix atime/mtime regression (bnc#815745). * virtio_net: ensure big packets are 64k (bnc#760753). * virtio_net: refill rx buffers when oom occurs (bnc#760753). * qeth: fix qeth_wait_for_threads() deadlock for OSN devices (bnc#812317, LTC#90910). * nfsd: remove unnecessary NULL checks from nfsd_cross_mnt (bnc#810628). * knfsd: Fixed problem with NFS exporting directories which are mounted on (bnc#810628). Security Issue references: * CVE-2012-4444 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4444
* CVE-2013-1928 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1928
Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): kernel-default-2.6.16.60-0.103.1 kernel-source-2.6.16.60-0.103.1 kernel-syms-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): kernel-smp-2.6.16.60-0.103.1 kernel-xen-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.103.1 kernel-kdumppae-2.6.16.60-0.103.1 kernel-vmi-2.6.16.60-0.103.1 kernel-vmipae-2.6.16.60-0.103.1 kernel-xenpae-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): kernel-iseries64-2.6.16.60-0.103.1 kernel-ppc64-2.6.16.60-0.103.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): kernel-default-2.6.16.60-0.103.1 kernel-smp-2.6.16.60-0.103.1 kernel-source-2.6.16.60-0.103.1 kernel-syms-2.6.16.60-0.103.1 kernel-xen-2.6.16.60-0.103.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.103.1 kernel-xenpae-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586 x86_64): kernel-xen-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586): kernel-xenpae-2.6.16.60-0.103.1 References: http://support.novell.com/security/cve/CVE-2012-4444.html http://support.novell.com/security/cve/CVE-2013-1928.html https://bugzilla.novell.com/760753 https://bugzilla.novell.com/789831 https://bugzilla.novell.com/790236 https://bugzilla.novell.com/810628 https://bugzilla.novell.com/812317 https://bugzilla.novell.com/813735 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/817666 https://bugzilla.novell.com/818337 https://bugzilla.novell.com/819403 http://download.novell.com/patch/finder/?keywords=42590e04eddb51fa31379710de... http://download.novell.com/patch/finder/?keywords=4f3691ec5a62d5e0a58b289de3... http://download.novell.com/patch/finder/?keywords=60a0921c1bb3961c00333f60f4... http://download.novell.com/patch/finder/?keywords=806641e6eb093ae891357f0c47... http://download.novell.com/patch/finder/?keywords=b108e81194a14724506e0d40a5... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org