openSUSE Security Update: kernel: security and bugfix update to 3.4.63 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1619-1 Rating: moderate References: #783858 #785542 #787649 #789598 #794988 #801178 #806976 #807153 #807471 #814336 #815320 #817377 #818053 #821560 #821612 #822575 #823342 #823517 #824171 #824295 #827749 #827750 #828119 #828714 #831055 #831058 #833321 #835414 #838346 Cross-References: CVE-2013-0231 CVE-2013-1774 CVE-2013-1819 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2850 CVE-2013-2851 CVE-2013-4162 CVE-2013-4163 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 17 fixes is now available. Description: The Linux kernel was updated to 3.4.63, fixing various bugs and security issues. - Linux 3.4.59 (CVE-2013-2237 bnc#828119). - Linux 3.4.57 (CVE-2013-2148 bnc#823517). - Linux 3.4.55 (CVE-2013-2232 CVE-2013-2234 CVE-2013-4162 CVE-2013-4163 bnc#827749 bnc#827750 bnc#831055 bnc#831058). - Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). - bnx2x: protect different statistics flows (bnc#814336). - bnx2x: Avoid sending multiple statistics queries (bnc#814336). - Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). - Update Xen patches to 3.4.53. - netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - netback: don't disconnect frontend when seeing oversize packet (bnc#823342). - netfront: reduce gso_max_size to account for max TCP header. - backends: Check for insane amounts of requests on the ring. - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: locking, release lock around quota operations (bnc#815320). - reiserfs: locking, handle nested locks properly (bnc#815320). - reiserfs: locking, push write lock out of xattr code (bnc#815320). - ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (bnc#831055, CVE-2013-4163). - af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234). - af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237). - ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162). - ipv6: ip6_sk_dst_check() must not assume ipv6 dst. - xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471). - brcmsmac: don't start device when RfKill is engaged (bnc#787649). - CIFS: Protect i_nlink from being negative (bnc#785542 bnc#789598). - cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bnc#794988). - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053 bnc#807153). - Linux 3.4.53 (CVE-2013-2164 CVE-2013-2851 bnc#822575 bnc#824295). - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164). - fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517). - block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851). - ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377). - Linux 3.4.49 (CVE-2013-0231 XSA-43 bnc#801178). - Linux 3.4.48 (CVE-2013-1774 CVE-2013-2850 bnc#806976 bnc#821560). - Always include the git commit in KOTD builds This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - Bluetooth: Really fix registering hci with duplicate name (bnc#783858). - Bluetooth: Fix registering hci with duplicate name (bnc#783858). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-813 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): kernel-default-3.4.63-2.44.1 kernel-default-base-3.4.63-2.44.1 kernel-default-base-debuginfo-3.4.63-2.44.1 kernel-default-debuginfo-3.4.63-2.44.1 kernel-default-debugsource-3.4.63-2.44.1 kernel-default-devel-3.4.63-2.44.1 kernel-default-devel-debuginfo-3.4.63-2.44.1 kernel-syms-3.4.63-2.44.1 - openSUSE 12.2 (i686 x86_64): kernel-debug-3.4.63-2.44.1 kernel-debug-base-3.4.63-2.44.1 kernel-debug-base-debuginfo-3.4.63-2.44.1 kernel-debug-debuginfo-3.4.63-2.44.1 kernel-debug-debugsource-3.4.63-2.44.1 kernel-debug-devel-3.4.63-2.44.1 kernel-debug-devel-debuginfo-3.4.63-2.44.1 kernel-desktop-3.4.63-2.44.1 kernel-desktop-base-3.4.63-2.44.1 kernel-desktop-base-debuginfo-3.4.63-2.44.1 kernel-desktop-debuginfo-3.4.63-2.44.1 kernel-desktop-debugsource-3.4.63-2.44.1 kernel-desktop-devel-3.4.63-2.44.1 kernel-desktop-devel-debuginfo-3.4.63-2.44.1 kernel-ec2-3.4.63-2.44.1 kernel-ec2-base-3.4.63-2.44.1 kernel-ec2-base-debuginfo-3.4.63-2.44.1 kernel-ec2-debuginfo-3.4.63-2.44.1 kernel-ec2-debugsource-3.4.63-2.44.1 kernel-ec2-devel-3.4.63-2.44.1 kernel-ec2-devel-debuginfo-3.4.63-2.44.1 kernel-ec2-extra-3.4.63-2.44.1 kernel-ec2-extra-debuginfo-3.4.63-2.44.1 kernel-trace-3.4.63-2.44.1 kernel-trace-base-3.4.63-2.44.1 kernel-trace-base-debuginfo-3.4.63-2.44.1 kernel-trace-debuginfo-3.4.63-2.44.1 kernel-trace-debugsource-3.4.63-2.44.1 kernel-trace-devel-3.4.63-2.44.1 kernel-trace-devel-debuginfo-3.4.63-2.44.1 kernel-vanilla-3.4.63-2.44.1 kernel-vanilla-debuginfo-3.4.63-2.44.1 kernel-vanilla-debugsource-3.4.63-2.44.1 kernel-vanilla-devel-3.4.63-2.44.1 kernel-vanilla-devel-debuginfo-3.4.63-2.44.1 kernel-xen-3.4.63-2.44.1 kernel-xen-base-3.4.63-2.44.1 kernel-xen-base-debuginfo-3.4.63-2.44.1 kernel-xen-debuginfo-3.4.63-2.44.1 kernel-xen-debugsource-3.4.63-2.44.1 kernel-xen-devel-3.4.63-2.44.1 kernel-xen-devel-debuginfo-3.4.63-2.44.1 - openSUSE 12.2 (noarch): kernel-devel-3.4.63-2.44.1 kernel-docs-3.4.63-2.44.2 kernel-source-3.4.63-2.44.1 kernel-source-vanilla-3.4.63-2.44.1 - openSUSE 12.2 (i686): kernel-pae-3.4.63-2.44.1 kernel-pae-base-3.4.63-2.44.1 kernel-pae-base-debuginfo-3.4.63-2.44.1 kernel-pae-debuginfo-3.4.63-2.44.1 kernel-pae-debugsource-3.4.63-2.44.1 kernel-pae-devel-3.4.63-2.44.1 kernel-pae-devel-debuginfo-3.4.63-2.44.1 References: http://support.novell.com/security/cve/CVE-2013-0231.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1819.html http://support.novell.com/security/cve/CVE-2013-2148.html http://support.novell.com/security/cve/CVE-2013-2164.html http://support.novell.com/security/cve/CVE-2013-2232.html http://support.novell.com/security/cve/CVE-2013-2234.html http://support.novell.com/security/cve/CVE-2013-2237.html http://support.novell.com/security/cve/CVE-2013-2850.html http://support.novell.com/security/cve/CVE-2013-2851.html http://support.novell.com/security/cve/CVE-2013-4162.html http://support.novell.com/security/cve/CVE-2013-4163.html https://bugzilla.novell.com/783858 https://bugzilla.novell.com/785542 https://bugzilla.novell.com/787649 https://bugzilla.novell.com/789598 https://bugzilla.novell.com/794988 https://bugzilla.novell.com/801178 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/807153 https://bugzilla.novell.com/807471 https://bugzilla.novell.com/814336 https://bugzilla.novell.com/815320 https://bugzilla.novell.com/817377 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821612 https://bugzilla.novell.com/822575 https://bugzilla.novell.com/823342 https://bugzilla.novell.com/823517 https://bugzilla.novell.com/824171 https://bugzilla.novell.com/824295 https://bugzilla.novell.com/827749 https://bugzilla.novell.com/827750 https://bugzilla.novell.com/828119 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/831055 https://bugzilla.novell.com/831058 https://bugzilla.novell.com/833321 https://bugzilla.novell.com/835414 https://bugzilla.novell.com/838346