openSUSE Security Update: kernel: Security and Bugfix update for 3.4.42 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0824-1 Rating: moderate References: #792500 #802153 #805633 #806138 #806976 #806980 #808829 #809155 #809330 #809748 #813963 Cross-References: CVE-2013-0913 CVE-2013-1763 CVE-2013-1767 CVE-2013-1774 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1848 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has three fixes is now available. Description: Linux kernel was updated to kernel 3.4.42 fixing various bugs and security issues. - Refresh patches.suse/SUSE-bootsplash. Fix bootsplash breakage due to stable fix (bnc#813963) - Linux 3.4.39. - kABI: protect struct tracer. - Linux 3.4.38 (bnc#808829,CVE-2013-0913). - patches.kabi/kabi-protect-struct-sk_buff.patch: kABI: protect struct sk_buff. - patches.kabi/kabi-ipv4-remove-inclusion.patch: kABI: ipv4, remove inclusion. - USB: io_ti: Fix NULL dereference in chase_port() (bnc#806976, CVE-2013-1774). - Linux 3.4.37 (bnc#809155 bnc#809330 bnc#809748 CVE-2013-1848). - Linux 3.4.36. - KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797). - KVM: Fix bounds checking in ioapic indirect register read (bnc#806980 CVE-2013-1798). - KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796). - kabi/severities: Allow kvm abi changes - kvm modules are self consistent - loopdev: fix a deadlock (bnc#809748). - block: use i_size_write() in bd_set_size() (bnc#809748). - drm/i915: bounds check execbuffer relocation count (bnc#808829,CVE-2013-0913). - TTY: do not reset master's packet mode (bnc#809330). - Update patches.fixes/ext3-Fix-format-string-issues.patch (bnc#809155 CVE-2013-1848). - ext3: Fix format string issues (bnc#809155). - Linux 3.4.35 (bnc#802153). - Linux 3.4.34 (CVE-2013-1763 CVE-2013-1767 bnc#792500 bnc#806138 bnc#805633). - tmpfs: fix use-after-free of mempolicy object (bnc#806138, CVE-2013-1767). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-440 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): kernel-default-3.4.42-2.28.1 kernel-default-base-3.4.42-2.28.1 kernel-default-base-debuginfo-3.4.42-2.28.1 kernel-default-debuginfo-3.4.42-2.28.1 kernel-default-debugsource-3.4.42-2.28.1 kernel-default-devel-3.4.42-2.28.1 kernel-default-devel-debuginfo-3.4.42-2.28.1 kernel-syms-3.4.42-2.28.1 - openSUSE 12.2 (i686 x86_64): kernel-debug-3.4.42-2.28.1 kernel-debug-base-3.4.42-2.28.1 kernel-debug-base-debuginfo-3.4.42-2.28.1 kernel-debug-debuginfo-3.4.42-2.28.1 kernel-debug-debugsource-3.4.42-2.28.1 kernel-debug-devel-3.4.42-2.28.1 kernel-debug-devel-debuginfo-3.4.42-2.28.1 kernel-desktop-3.4.42-2.28.1 kernel-desktop-base-3.4.42-2.28.1 kernel-desktop-base-debuginfo-3.4.42-2.28.1 kernel-desktop-debuginfo-3.4.42-2.28.1 kernel-desktop-debugsource-3.4.42-2.28.1 kernel-desktop-devel-3.4.42-2.28.1 kernel-desktop-devel-debuginfo-3.4.42-2.28.1 kernel-ec2-3.4.42-2.28.1 kernel-ec2-base-3.4.42-2.28.1 kernel-ec2-base-debuginfo-3.4.42-2.28.1 kernel-ec2-debuginfo-3.4.42-2.28.1 kernel-ec2-debugsource-3.4.42-2.28.1 kernel-ec2-devel-3.4.42-2.28.1 kernel-ec2-devel-debuginfo-3.4.42-2.28.1 kernel-ec2-extra-3.4.42-2.28.1 kernel-ec2-extra-debuginfo-3.4.42-2.28.1 kernel-trace-3.4.42-2.28.1 kernel-trace-base-3.4.42-2.28.1 kernel-trace-base-debuginfo-3.4.42-2.28.1 kernel-trace-debuginfo-3.4.42-2.28.1 kernel-trace-debugsource-3.4.42-2.28.1 kernel-trace-devel-3.4.42-2.28.1 kernel-trace-devel-debuginfo-3.4.42-2.28.1 kernel-vanilla-3.4.42-2.28.1 kernel-vanilla-debuginfo-3.4.42-2.28.1 kernel-vanilla-debugsource-3.4.42-2.28.1 kernel-vanilla-devel-3.4.42-2.28.1 kernel-vanilla-devel-debuginfo-3.4.42-2.28.1 kernel-xen-3.4.42-2.28.1 kernel-xen-base-3.4.42-2.28.1 kernel-xen-base-debuginfo-3.4.42-2.28.1 kernel-xen-debuginfo-3.4.42-2.28.1 kernel-xen-debugsource-3.4.42-2.28.1 kernel-xen-devel-3.4.42-2.28.1 kernel-xen-devel-debuginfo-3.4.42-2.28.1 - openSUSE 12.2 (noarch): kernel-devel-3.4.42-2.28.1 kernel-docs-3.4.42-2.28.2 kernel-source-3.4.42-2.28.1 kernel-source-vanilla-3.4.42-2.28.1 - openSUSE 12.2 (i686): kernel-pae-3.4.42-2.28.1 kernel-pae-base-3.4.42-2.28.1 kernel-pae-base-debuginfo-3.4.42-2.28.1 kernel-pae-debuginfo-3.4.42-2.28.1 kernel-pae-debugsource-3.4.42-2.28.1 kernel-pae-devel-3.4.42-2.28.1 kernel-pae-devel-debuginfo-3.4.42-2.28.1 References: http://support.novell.com/security/cve/CVE-2013-0913.html http://support.novell.com/security/cve/CVE-2013-1763.html http://support.novell.com/security/cve/CVE-2013-1767.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1796.html http://support.novell.com/security/cve/CVE-2013-1797.html http://support.novell.com/security/cve/CVE-2013-1798.html http://support.novell.com/security/cve/CVE-2013-1848.html https://bugzilla.novell.com/792500 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/805633 https://bugzilla.novell.com/806138 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808829 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809330 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/813963