Hello community, here is the log from the commit of package patchinfo.1692 for openSUSE:12.1:Update checked in at 2013-05-31 15:30:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/patchinfo.1692 (Old) and /work/SRC/openSUSE:12.1:Update/.patchinfo.1692.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.1692" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="808829" tracker="bnc">VUL-1: CVE-2013-0913: kernel: drm/i915 integer overflow</issue> <issue id="806980" tracker="bnc">VUL-0: kvm:CVE-2013-1796, CVE-2013-1797,CVE-2013-1798: multiple buffer overflows</issue> <issue id="806138" tracker="bnc">VUL-1: CVE-2013-1767: kernel: tmpfs: use-after-free with mempolicy</issue> <issue id="815745" tracker="bnc">terminal idle time displayed by "w" command is incorrect</issue> <issue id="819789" tracker="bnc">L3: VUL-0: CVE-2013-2094: kernel: linux kernel perf out-of-bounds access</issue> <issue id="809748" tracker="bnc">loopdev: deadlock between open and ioctl(LOOP_SET_CAPACITY)</issue> <issue id="819519" tracker="bnc">qlge fails to DLPAR (Qlogic)</issue> <issue id="813735" tracker="bnc">VUL-1: CVE-2013-1928: kernel: fs/compat_ioctl.c: info leak in VIDEO_SET_SPU_PALETTE</issue> <issue id="806976" tracker="bnc">VUL-1: CVE-2013-1774: kernel: usb: io_ti: NULL pointer dereference</issue> <issue id="CVE-2013-1767" tracker="cve" /> <issue id="CVE-2013-2094" tracker="cve" /> <issue id="CVE-2013-0913" tracker="cve" /> <issue id="CVE-2013-1796" tracker="cve" /> <issue id="CVE-2013-1797" tracker="cve" /> <issue id="CVE-2013-1774" tracker="cve" /> <issue id="CVE-2013-1798" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>jeff_mahoney</packager> <description> The openSUSE 12.1 kernel was updated to fix a severe secrutiy issue and various bugs. Security issues fixed: CVE-2013-2094: The perf_swevent_init function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_event_open system call. CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel did not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allowed guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel allowed guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel did not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allowed guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. CVE-2013-0913: Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel allowed local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. Bugs fixed: - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - TTY: fix atime/mtime regression (bnc#815745). - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (bnc#813735). - USB: io_ti: Fix NULL dereference in chase_port() (bnc#806976, CVE-2013-1774). - KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797). - KVM: Fix bounds checking in ioapic indirect register read (bnc#806980 CVE-2013-1798). - KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796). - kabi/severities: Allow kvm module abi changes - modules are self consistent - loopdev: fix a deadlock (bnc#809748). - block: use i_size_write() in bd_set_size() (bnc#809748). - drm/i915: bounds check execbuffer relocation count (bnc#808829,CVE-2013-0913). - tmpfs: fix use-after-free of mempolicy object (bnc#806138, CVE-2013-1767). </description> <summary>kernel: security and bugfix update</summary> <reboot_needed/> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org