June 2013 - openSUSE Security Announce

[security-announce] SUSE-SU-2013:1075-1: important: Security update for Xen
by opensuse-security＠opensuse.org 25 Jun '13

25 Jun '13

SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1075-1 Rating: important References: #801663 #809662 #813673 #813675 #813677 #814709 #816156 #816159 #816163 #819416 #820917 #820919 #820920 Cross-References: CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1952 CVE-2013-1964 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has three fixes is now available. Description: XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed: * CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal. * CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. * CVE-2013-2076: A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. * CVE-2013-2077: A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users. * CVE-2013-2078: A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users. * CVE-2013-2072: Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. * CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. * CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." * CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, used the wrong ordering of operations when extending the per-domain event channel tracking table, which caused a use-after-free and allowed local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. * CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly released a grant reference when releasing a non-v1, non-transitive grant, which allowed local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. Bugfixes: * Upstream patches from Jan 26956-x86-mm-preemptible-cleanup.patch 27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch 27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.pat ch 27079-fix-XSA-46-regression-with-xend-xm.patch 27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointe rs.patch * Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. * bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec * Upstream patches from Jan 26702-powernow-add-fixups-for-AMD-P-state-figures.patch 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-ev ents.patch 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-m appings.patch 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-message s.patch 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch 26742-IOMMU-properly-check-whether-interrupt-remapping-is-en abled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.pat ch 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics .patch 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vect ors.patch 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mo de.patch 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap- pages.patch 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch 26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-cr ash.patch * bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch * Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_extended _msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpup ool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-values.pa tch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch 26683-credit1-Use-atomic-bit-operations-for-the-flags-struct ure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch Security Issue references: * CVE-2013-1917 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917 > * CVE-2013-1918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918 > * CVE-2013-1919 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919 > * CVE-2013-1920 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920 > * CVE-2013-1952 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952 > * CVE-2013-1964 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964 > * CVE-2013-2072 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072 > * CVE-2013-2076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076 > * CVE-2013-2077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077 > * CVE-2013-2078 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078 > Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201305-7798 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-201305-7798 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201305-7798 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201305-7798 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): xen-devel-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-libs-4.1.5_02-0.5.1 xen-tools-domU-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.5_02-0.5.1 xen-doc-html-4.1.5_02-0.5.1 xen-doc-pdf-4.1.5_02-0.5.1 xen-libs-32bit-4.1.5_02-0.5.1 xen-tools-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-libs-4.1.5_02-0.5.1 xen-tools-domU-4.1.5_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.5_02-0.5.1 xen-doc-html-4.1.5_02-0.5.1 xen-doc-pdf-4.1.5_02-0.5.1 xen-libs-32bit-4.1.5_02-0.5.1 xen-tools-4.1.5_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586): xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1917.html http://support.novell.com/security/cve/CVE-2013-1918.html http://support.novell.com/security/cve/CVE-2013-1919.html http://support.novell.com/security/cve/CVE-2013-1920.html http://support.novell.com/security/cve/CVE-2013-1952.html http://support.novell.com/security/cve/CVE-2013-1964.html http://support.novell.com/security/cve/CVE-2013-2072.html http://support.novell.com/security/cve/CVE-2013-2076.html http://support.novell.com/security/cve/CVE-2013-2077.html http://support.novell.com/security/cve/CVE-2013-2078.html https://bugzilla.novell.com/801663 https://bugzilla.novell.com/809662 https://bugzilla.novell.com/813673 https://bugzilla.novell.com/813675 https://bugzilla.novell.com/813677 https://bugzilla.novell.com/814709 https://bugzilla.novell.com/816156 https://bugzilla.novell.com/816159 https://bugzilla.novell.com/816163 https://bugzilla.novell.com/819416 https://bugzilla.novell.com/820917 https://bugzilla.novell.com/820919 https://bugzilla.novell.com/820920 http://download.novell.com/patch/finder/?keywords=2f3309c493da194384ed2eba6… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1060-1: important: Security update for GnuTLS
by opensuse-security＠opensuse.org 20 Jun '13

20 Jun '13

SUSE Security Update: Security update for GnuTLS ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1060-1 Rating: important References: #821818 Cross-References: CVE-2013-2116 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of GnuTLS fixes a regression introduced by the previous update that could have resulted in a Denial of Service (application crash). Security Issue reference: * CVE-2013-2116 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-gnutls-7781 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gnutls-7781 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gnutls-7781 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gnutls-7781 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.47.1 libgnutls-extra-devel-2.4.1-24.39.47.1 libgnutls-extra26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gnutls-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.47.1 libgnutls-extra26-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libgnutls26-x86-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): gnutls-1.2.10-13.36.1 gnutls-devel-1.2.10-13.36.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): gnutls-32bit-1.2.10-13.36.1 gnutls-devel-32bit-1.2.10-13.36.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): gnutls-x86-1.2.10-13.36.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): gnutls-64bit-1.2.10-13.36.1 gnutls-devel-64bit-1.2.10-13.36.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gnutls-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): gnutls-1.2.10-13.36.1 gnutls-devel-1.2.10-13.36.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): gnutls-32bit-1.2.10-13.36.1 gnutls-devel-32bit-1.2.10-13.36.1 References: http://support.novell.com/security/cve/CVE-2013-2116.html https://bugzilla.novell.com/821818 http://download.novell.com/patch/finder/?keywords=6b62ecb51e089af80ba626d07… http://download.novell.com/patch/finder/?keywords=c39cabef26db30df30eff8a1b… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2013:1043-1: critical: kernel
by opensuse-security＠opensuse.org 19 Jun '13

19 Jun '13

openSUSE Security Update: kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1043-1 Rating: critical References: #790920 #821560 #822722 Cross-References: CVE-2013-2850 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: The openSUSE 12.3 kernel was updated to fix a critical security issue and two reiserfs bugs. CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi target running on the machine and the attacker able to make a network connection to it (aka not filtered by firewalls). Bugs fixed: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - reiserfs: fix problems with chowning setuid file w/ xattrs (bnc#790920). - iscsi-target: fix heap buffer overflow on error (CVE-2013-2850, bnc#821560). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-513 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): kernel-default-3.7.10-1.16.1 kernel-default-base-3.7.10-1.16.1 kernel-default-devel-3.7.10-1.16.1 kernel-syms-3.7.10-1.16.1 - openSUSE 12.3 (i686 x86_64): kernel-debug-3.7.10-1.16.1 kernel-debug-base-3.7.10-1.16.1 kernel-debug-devel-3.7.10-1.16.1 kernel-desktop-3.7.10-1.16.1 kernel-desktop-base-3.7.10-1.16.1 kernel-desktop-devel-3.7.10-1.16.1 kernel-ec2-3.7.10-1.16.1 kernel-ec2-base-3.7.10-1.16.1 kernel-ec2-base-debuginfo-3.7.10-1.16.1 kernel-ec2-debuginfo-3.7.10-1.16.1 kernel-ec2-debugsource-3.7.10-1.16.1 kernel-ec2-devel-3.7.10-1.16.1 kernel-ec2-devel-debuginfo-3.7.10-1.16.1 kernel-trace-3.7.10-1.16.1 kernel-trace-base-3.7.10-1.16.1 kernel-trace-devel-3.7.10-1.16.1 kernel-vanilla-3.7.10-1.16.1 kernel-vanilla-devel-3.7.10-1.16.1 kernel-xen-3.7.10-1.16.1 kernel-xen-base-3.7.10-1.16.1 kernel-xen-devel-3.7.10-1.16.1 - openSUSE 12.3 (noarch): kernel-devel-3.7.10-1.16.1 kernel-docs-3.7.10-1.16.1 kernel-source-3.7.10-1.16.1 kernel-source-vanilla-3.7.10-1.16.1 - openSUSE 12.3 (i686): kernel-debug-base-debuginfo-3.7.10-1.16.1 kernel-debug-debuginfo-3.7.10-1.16.1 kernel-debug-debugsource-3.7.10-1.16.1 kernel-debug-devel-debuginfo-3.7.10-1.16.1 kernel-desktop-base-debuginfo-3.7.10-1.16.1 kernel-desktop-debuginfo-3.7.10-1.16.1 kernel-desktop-debugsource-3.7.10-1.16.1 kernel-desktop-devel-debuginfo-3.7.10-1.16.1 kernel-pae-3.7.10-1.16.1 kernel-pae-base-3.7.10-1.16.1 kernel-pae-base-debuginfo-3.7.10-1.16.1 kernel-pae-debuginfo-3.7.10-1.16.1 kernel-pae-debugsource-3.7.10-1.16.1 kernel-pae-devel-3.7.10-1.16.1 kernel-pae-devel-debuginfo-3.7.10-1.16.1 kernel-trace-base-debuginfo-3.7.10-1.16.1 kernel-trace-debuginfo-3.7.10-1.16.1 kernel-trace-debugsource-3.7.10-1.16.1 kernel-trace-devel-debuginfo-3.7.10-1.16.1 kernel-vanilla-debuginfo-3.7.10-1.16.1 kernel-vanilla-debugsource-3.7.10-1.16.1 kernel-vanilla-devel-debuginfo-3.7.10-1.16.1 kernel-xen-base-debuginfo-3.7.10-1.16.1 kernel-xen-debuginfo-3.7.10-1.16.1 kernel-xen-debugsource-3.7.10-1.16.1 kernel-xen-devel-debuginfo-3.7.10-1.16.1 - openSUSE 12.3 (i586): kernel-default-base-debuginfo-3.7.10-1.16.1 kernel-default-debuginfo-3.7.10-1.16.1 kernel-default-debugsource-3.7.10-1.16.1 kernel-default-devel-debuginfo-3.7.10-1.16.1 References: http://support.novell.com/security/cve/CVE-2013-2850.html https://bugzilla.novell.com/790920 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/822722 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2013:1042-1: critical: kernel: security and bugfix update
by opensuse-security＠opensuse.org 19 Jun '13

19 Jun '13

openSUSE Security Update: kernel: security and bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1042-1 Rating: critical References: #790920 #803931 #815745 #818327 #819519 #819789 #821560 #822722 Cross-References: CVE-2013-0290 CVE-2013-2094 CVE-2013-2850 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: The openSUSE 12.2 kernel was updated to fix security issue and other bugs. Security issues fixed: CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi target running on the machine and the attacker able to make a network connection to it (aka not filtered by firewalls). CVE-2013-2094: The perf_swevent_init function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_event_open system call. CVE-2013-0290: The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel did not properly handle the MSG_PEEK flag with zero-length data, which allowed local users to cause a denial of service (infinite loop and system hang) via a crafted application. Bugs fixed: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - reiserfs: fix problems with chowning setuid file w/ xattrs (bnc#790920). - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - Update config files: disable UCB1400 on all but ARM Currently UCB1400 is only used on ARM OMAP systems, and part of the code is dead code that can't even be modularized. - CONFIG_UCB1400_CORE=n - CONFIG_TOUCHSCREEN_UCB1400=n - CONFIG_GPIO_UCB1400=n - mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). - unix/stream: fix peeking with an offset larger than data in queue (bnc#803931 CVE-2013-0290). - unix/dgram: fix peeking with an offset larger than data in queue (bnc#803931 CVE-2013-0290). - unix/dgram: peek beyond 0-sized skbs (bnc#803931 CVE-2013-0290). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-512 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): kernel-default-3.4.47-2.38.1 kernel-default-base-3.4.47-2.38.1 kernel-default-base-debuginfo-3.4.47-2.38.1 kernel-default-debuginfo-3.4.47-2.38.1 kernel-default-debugsource-3.4.47-2.38.1 kernel-default-devel-3.4.47-2.38.1 kernel-default-devel-debuginfo-3.4.47-2.38.1 kernel-syms-3.4.47-2.38.1 - openSUSE 12.2 (i686 x86_64): kernel-debug-3.4.47-2.38.1 kernel-debug-base-3.4.47-2.38.1 kernel-debug-base-debuginfo-3.4.47-2.38.1 kernel-debug-debuginfo-3.4.47-2.38.1 kernel-debug-debugsource-3.4.47-2.38.1 kernel-debug-devel-3.4.47-2.38.1 kernel-debug-devel-debuginfo-3.4.47-2.38.1 kernel-desktop-3.4.47-2.38.1 kernel-desktop-base-3.4.47-2.38.1 kernel-desktop-base-debuginfo-3.4.47-2.38.1 kernel-desktop-debuginfo-3.4.47-2.38.1 kernel-desktop-debugsource-3.4.47-2.38.1 kernel-desktop-devel-3.4.47-2.38.1 kernel-desktop-devel-debuginfo-3.4.47-2.38.1 kernel-ec2-3.4.47-2.38.1 kernel-ec2-base-3.4.47-2.38.1 kernel-ec2-base-debuginfo-3.4.47-2.38.1 kernel-ec2-debuginfo-3.4.47-2.38.1 kernel-ec2-debugsource-3.4.47-2.38.1 kernel-ec2-devel-3.4.47-2.38.1 kernel-ec2-devel-debuginfo-3.4.47-2.38.1 kernel-ec2-extra-3.4.47-2.38.1 kernel-ec2-extra-debuginfo-3.4.47-2.38.1 kernel-trace-3.4.47-2.38.1 kernel-trace-base-3.4.47-2.38.1 kernel-trace-base-debuginfo-3.4.47-2.38.1 kernel-trace-debuginfo-3.4.47-2.38.1 kernel-trace-debugsource-3.4.47-2.38.1 kernel-trace-devel-3.4.47-2.38.1 kernel-trace-devel-debuginfo-3.4.47-2.38.1 kernel-vanilla-3.4.47-2.38.1 kernel-vanilla-debuginfo-3.4.47-2.38.1 kernel-vanilla-debugsource-3.4.47-2.38.1 kernel-vanilla-devel-3.4.47-2.38.1 kernel-vanilla-devel-debuginfo-3.4.47-2.38.1 kernel-xen-3.4.47-2.38.1 kernel-xen-base-3.4.47-2.38.1 kernel-xen-base-debuginfo-3.4.47-2.38.1 kernel-xen-debuginfo-3.4.47-2.38.1 kernel-xen-debugsource-3.4.47-2.38.1 kernel-xen-devel-3.4.47-2.38.1 kernel-xen-devel-debuginfo-3.4.47-2.38.1 - openSUSE 12.2 (noarch): kernel-devel-3.4.47-2.38.1 kernel-docs-3.4.47-2.38.2 kernel-source-3.4.47-2.38.1 kernel-source-vanilla-3.4.47-2.38.1 - openSUSE 12.2 (i686): kernel-pae-3.4.47-2.38.1 kernel-pae-base-3.4.47-2.38.1 kernel-pae-base-debuginfo-3.4.47-2.38.1 kernel-pae-debuginfo-3.4.47-2.38.1 kernel-pae-debugsource-3.4.47-2.38.1 kernel-pae-devel-3.4.47-2.38.1 kernel-pae-devel-debuginfo-3.4.47-2.38.1 References: http://support.novell.com/security/cve/CVE-2013-0290.html http://support.novell.com/security/cve/CVE-2013-2094.html http://support.novell.com/security/cve/CVE-2013-2850.html https://bugzilla.novell.com/790920 https://bugzilla.novell.com/803931 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/822722 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1039-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 18 Jun '13

18 Jun '13

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1039-1 Rating: important References: #824512 Cross-References: CVE-2013-3343 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Adobe flash-player has been updated to the 11.2.202.291 security update which fixes several security issues. Bug#824512 / CVE-2013-3343 / APSB13-16 Security Issue reference: * CVE-2013-3343 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3343 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7850 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.291]: flash-player-11.2.202.291-0.3.1 flash-player-gnome-11.2.202.291-0.3.1 flash-player-kde4-11.2.202.291-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.291]: flash-player-11.2.202.291-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3343.html https://bugzilla.novell.com/824512 http://download.novell.com/patch/finder/?keywords=79c597776eb65522c777c2c31… http://download.novell.com/patch/finder/?keywords=eade46809046296377fc288dd… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1022-3: important: Security update for Linux kernel
by opensuse-security＠opensuse.org 18 Jun '13

18 Jun '13

SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-3 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Real Time 11 SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues. The following security issues have been fixed: * CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. * CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. * A kernel information leak via tkill/tgkill was fixed. The following bugs have been fixed: * reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). * libfc: do not exch_done() on invalid sequence ptr (bnc#810722). * netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). * hyperv: use 3.4 as LIC version string (bnc#822431). * virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). * xen/netback: do not disconnect frontend when seeing oversize packet. * xen/netfront: reduce gso_max_size to account for max TCP header. * xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". * xfs: Fix kABI due to change in xfs_buf (bnc#815356). * xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). * xfs: Serialize file-extending direct IO (bnc#818371). * xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). * bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). * s390/ftrace: fix mcount adjustment (bnc#809895). * mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). * patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). * mm: compaction: Restart compaction from near where it left off * mm: compaction: cache if a pageblock was scanned and no pages were isolated * mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity * mm: compaction: Scan PFN caching KABI workaround * mm: page_allocator: Remove first_pass guard * mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) * qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). * SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). * SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). * SUNRPC: Fix a UDP transport regression (bnc#800907). * SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). * SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). * SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). * md: cannot re-add disks after recovery (bnc#808647). * fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). * fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). * virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). * usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). * patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). * usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). * xhci: Fix TD size for isochronous URBs (bnc#818514). * ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). * ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). * xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). * xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). * xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). * xHCI: store rings type. * xhci: Fix hang on back-to-back Set TR Deq Ptr commands. * xHCI: check enqueue pointer advance into dequeue seg. * xHCI: store rings last segment and segment numbers. * xHCI: Allocate 2 segments for transfer ring. * xHCI: count free TRBs on transfer ring. * xHCI: factor out segments allocation and free function. * xHCI: update sg tablesize. * xHCI: set cycle state when allocate rings. * xhci: Reserve one command for USB3 LPM disable. * xHCI: dynamic ring expansion. * xhci: Do not warn on empty ring for suspended devices. * md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). * rpm/mkspec: Stop generating the get_release_number.sh file. * rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. * rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. * rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "<RELEASE>" string in specfiles. * mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * bonding: only use primary address for ARP (bnc#815444). * bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). * mm: speedup in __early_pfn_to_nid (bnc#810624). * TTY: fix atime/mtime regression (bnc#815745). * sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). * sched: harden rq rt usage accounting (bnc#769685, bnc#788590). * rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). * rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). * rcu: Fix detection of abruptly-ending stall (bnc#816586). * rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). * Update Xen patches to 3.0.74. * btrfs: do not re-enter when allocating a chunk. * btrfs: save us a read_lock. * btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. * btrfs: remove unused fs_info from btrfs_decode_error(). * btrfs: handle null fs_info in btrfs_panic(). * btrfs: fix varargs in __btrfs_std_error. * btrfs: fix the race between bio and btrfs_stop_workers. * btrfs: fix NULL pointer after aborting a transaction. * btrfs: fix infinite loop when we abort on mount. * xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). * xfs: fix buffer lookup race on allocation failure (bnc#763968). Security Issue references: * CVE-2013-0160 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160 > * CVE-2013-3076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3076 > * CVE-2013-3222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222 > * CVE-2013-3223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223 > * CVE-2013-3224 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224 > * CVE-2013-3225 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3225 > * CVE-2013-3227 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3227 > * CVE-2013-3228 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228 > * CVE-2013-3229 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229 > * CVE-2013-3231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231 > * CVE-2013-3232 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232 > * CVE-2013-3234 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234 > * CVE-2013-3235 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235 > * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979 > Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-kernel-7828 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.80.rt108]: cluster-network-kmp-rt-1.4_3.0.80_rt108_0.5-2.18.47 cluster-network-kmp-rt_trace-1.4_3.0.80_rt108_0.5-2.18.47 drbd-kmp-rt-8.4.2_3.0.80_rt108_0.5-0.6.6.38 drbd-kmp-rt_trace-8.4.2_3.0.80_rt108_0.5-0.6.6.38 iscsitarget-kmp-rt-1.4.20_3.0.80_rt108_0.5-0.23.44 iscsitarget-kmp-rt_trace-1.4.20_3.0.80_rt108_0.5-0.23.44 kernel-rt-3.0.80.rt108-0.5.1 kernel-rt-base-3.0.80.rt108-0.5.1 kernel-rt-devel-3.0.80.rt108-0.5.1 kernel-rt_trace-3.0.80.rt108-0.5.1 kernel-rt_trace-base-3.0.80.rt108-0.5.1 kernel-rt_trace-devel-3.0.80.rt108-0.5.1 kernel-source-rt-3.0.80.rt108-0.5.1 kernel-syms-rt-3.0.80.rt108-0.5.1 lttng-modules-kmp-rt-2.0.4_3.0.80_rt108_0.5-0.7.35 lttng-modules-kmp-rt_trace-2.0.4_3.0.80_rt108_0.5-0.7.35 ocfs2-kmp-rt-1.6_3.0.80_rt108_0.5-0.11.46 ocfs2-kmp-rt_trace-1.6_3.0.80_rt108_0.5-0.11.46 ofed-kmp-rt-1.5.2_3.0.80_rt108_0.5-0.28.28.18 ofed-kmp-rt_trace-1.5.2_3.0.80_rt108_0.5-0.28.28.18 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=0a3106322709c3a3f920332f0… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1022-2: important: Security update for Linux kernel
by opensuse-security＠opensuse.org 17 Jun '13

17 Jun '13

SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-2 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues. The following security issues have been fixed: * CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. * CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. * A kernel information leak via tkill/tgkill was fixed. The following bugs have been fixed: * reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). * libfc: do not exch_done() on invalid sequence ptr (bnc#810722). * netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). * hyperv: use 3.4 as LIC version string (bnc#822431). * virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). * xen/netback: do not disconnect frontend when seeing oversize packet. * xen/netfront: reduce gso_max_size to account for max TCP header. * xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". * xfs: Fix kABI due to change in xfs_buf (bnc#815356). * xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). * xfs: Serialize file-extending direct IO (bnc#818371). * xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). * bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). * s390/ftrace: fix mcount adjustment (bnc#809895). * mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). * patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). * mm: compaction: Restart compaction from near where it left off * mm: compaction: cache if a pageblock was scanned and no pages were isolated * mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity * mm: compaction: Scan PFN caching KABI workaround * mm: page_allocator: Remove first_pass guard * mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) * qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). * SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). * SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). * SUNRPC: Fix a UDP transport regression (bnc#800907). * SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). * SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). * SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). * md: cannot re-add disks after recovery (bnc#808647). * fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). * fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). * virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). * usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). * patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). * usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). * xhci: Fix TD size for isochronous URBs (bnc#818514). * ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). * ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). * xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). * xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). * xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). * xHCI: store rings type. * xhci: Fix hang on back-to-back Set TR Deq Ptr commands. * xHCI: check enqueue pointer advance into dequeue seg. * xHCI: store rings last segment and segment numbers. * xHCI: Allocate 2 segments for transfer ring. * xHCI: count free TRBs on transfer ring. * xHCI: factor out segments allocation and free function. * xHCI: update sg tablesize. * xHCI: set cycle state when allocate rings. * xhci: Reserve one command for USB3 LPM disable. * xHCI: dynamic ring expansion. * xhci: Do not warn on empty ring for suspended devices. * md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). * rpm/mkspec: Stop generating the get_release_number.sh file. * rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. * rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. * rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "<RELEASE>" string in specfiles. * mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * bonding: only use primary address for ARP (bnc#815444). * bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). * mm: speedup in __early_pfn_to_nid (bnc#810624). * TTY: fix atime/mtime regression (bnc#815745). * sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). * sched: harden rq rt usage accounting (bnc#769685, bnc#788590). * rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). * rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). * rcu: Fix detection of abruptly-ending stall (bnc#816586). * rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). * Update Xen patches to 3.0.74. * btrfs: do not re-enter when allocating a chunk. * btrfs: save us a read_lock. * btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. * btrfs: remove unused fs_info from btrfs_decode_error(). * btrfs: handle null fs_info in btrfs_panic(). * btrfs: fix varargs in __btrfs_std_error. * btrfs: fix the race between bio and btrfs_stop_workers. * btrfs: fix NULL pointer after aborting a transaction. * btrfs: fix infinite loop when we abort on mount. * xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). * xfs: fix buffer lookup race on allocation failure (bnc#763968). Security Issue references: * CVE-2013-0160 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160 > * CVE-2013-3076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3076 > * CVE-2013-3222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222 > * CVE-2013-3223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223 > * CVE-2013-3224 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224 > * CVE-2013-3225 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3225 > * CVE-2013-3227 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3227 > * CVE-2013-3228 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228 > * CVE-2013-3229 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229 > * CVE-2013-3231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231 > * CVE-2013-3232 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232 > * CVE-2013-3234 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234 > * CVE-2013-3235 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235 > * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979 > Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-7811 slessp2-kernel-7814 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-7811 slessp2-kernel-7812 slessp2-kernel-7813 slessp2-kernel-7814 slessp2-kernel-7819 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-7811 sleshasp2-kernel-7812 sleshasp2-kernel-7813 sleshasp2-kernel-7814 sleshasp2-kernel-7819 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-7811 sledsp2-kernel-7814 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.5.1 kernel-default-base-3.0.80-0.5.1 kernel-default-devel-3.0.80-0.5.1 kernel-source-3.0.80-0.5.1 kernel-syms-3.0.80-0.5.1 kernel-trace-3.0.80-0.5.1 kernel-trace-base-3.0.80-0.5.1 kernel-trace-devel-3.0.80-0.5.1 kernel-xen-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.5.1 kernel-pae-base-3.0.80-0.5.1 kernel-pae-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.5.1 kernel-default-base-3.0.80-0.5.1 kernel-default-devel-3.0.80-0.5.1 kernel-source-3.0.80-0.5.1 kernel-syms-3.0.80-0.5.1 kernel-trace-3.0.80-0.5.1 kernel-trace-base-3.0.80-0.5.1 kernel-trace-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.80]: kernel-ec2-3.0.80-0.5.1 kernel-ec2-base-3.0.80-0.5.1 kernel-ec2-devel-3.0.80-0.5.1 kernel-xen-3.0.80-0.5.1 kernel-xen-base-3.0.80-0.5.1 kernel-xen-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-kmp-default-4.1.5_02_3.0.80_0.5-0.5.5 xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.80]: kernel-default-man-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.80]: kernel-ppc64-3.0.80-0.5.1 kernel-ppc64-base-3.0.80-0.5.1 kernel-ppc64-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.5.1 kernel-pae-base-3.0.80-0.5.1 kernel-pae-devel-3.0.80-0.5.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.80_0.5-2.18.45 cluster-network-kmp-trace-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-default-2_3.0.80_0.5-0.7.76 gfs2-kmp-trace-2_3.0.80_0.5-0.7.76 ocfs2-kmp-default-1.6_3.0.80_0.5-0.11.44 ocfs2-kmp-trace-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-xen-2_3.0.80_0.5-0.7.76 ocfs2-kmp-xen-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-ppc64-2_3.0.80_0.5-0.7.76 ocfs2-kmp-ppc64-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-pae-2_3.0.80_0.5-0.7.76 ocfs2-kmp-pae-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.5.1 kernel-default-base-3.0.80-0.5.1 kernel-default-devel-3.0.80-0.5.1 kernel-default-extra-3.0.80-0.5.1 kernel-source-3.0.80-0.5.1 kernel-syms-3.0.80-0.5.1 kernel-trace-3.0.80-0.5.1 kernel-trace-base-3.0.80-0.5.1 kernel-trace-devel-3.0.80-0.5.1 kernel-trace-extra-3.0.80-0.5.1 kernel-xen-3.0.80-0.5.1 kernel-xen-base-3.0.80-0.5.1 kernel-xen-devel-3.0.80-0.5.1 kernel-xen-extra-3.0.80-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-kmp-default-4.1.5_02_3.0.80_0.5-0.5.5 xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.5.1 kernel-pae-base-3.0.80-0.5.1 kernel-pae-devel-3.0.80-0.5.1 kernel-pae-extra-3.0.80-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=19c95cc7458aa30d3c072b77a… http://download.novell.com/patch/finder/?keywords=23807efa0fda2554a9635e4ff… http://download.novell.com/patch/finder/?keywords=8bd84321504d865c571ca2d3e… http://download.novell.com/patch/finder/?keywords=9004723920468a034b1397e23… http://download.novell.com/patch/finder/?keywords=ba206bb6e19abef79b40e9307… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1022-1: important: kernel update for SLE11 SP2
by opensuse-security＠opensuse.org 17 Jun '13

17 Jun '13

SUSE Security Update: kernel update for SLE11 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-1 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to Linux kernel 3.0.80, fixing various bugs and security issues. Following security issues were fixed: CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. A kernel information leak via tkill/tgkill was fixed. Following bugs were fixed: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - libfc: do not exch_done() on invalid sequence ptr (bnc#810722). - netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). - hyperv: use 3.4 as LIC version string (bnc#822431). - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). - xen/netback: do not disconnect frontend when seeing oversize packet. - xen/netfront: reduce gso_max_size to account for max TCP header. - xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - xfs: Fix kABI due to change in xfs_buf (bnc#815356). - xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). - xfs: Serialize file-extending direct IO (bnc#818371). - xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). - bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). - s390/ftrace: fix mcount adjustment (bnc#809895). - mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). - patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). - mm: compaction: Restart compaction from near where it left off - mm: compaction: cache if a pageblock was scanned and no pages were isolated - mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity - mm: compaction: Scan PFN caching KABI workaround - mm: page_allocator: Remove first_pass guard - mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). - SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). - SUNRPC: Fix a UDP transport regression (bnc#800907). - SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). - SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). - SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). - md: cannot re-add disks after recovery (bnc#808647). - fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). - fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). - virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). - usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). - patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). - usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). - xhci: Fix TD size for isochronous URBs (bnc#818514). - ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). - ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). - xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). - xHCI: store rings type. - xhci: Fix hang on back-to-back Set TR Deq Ptr commands. - xHCI: check enqueue pointer advance into dequeue seg. - xHCI: store rings last segment and segment numbers. - xHCI: Allocate 2 segments for transfer ring. - xHCI: count free TRBs on transfer ring. - xHCI: factor out segments allocation and free function. - xHCI: update sg tablesize. - xHCI: set cycle state when allocate rings. - xhci: Reserve one command for USB3 LPM disable. - xHCI: dynamic ring expansion. - xhci: Do not warn on empty ring for suspended devices. - md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). - rpm/mkspec: Stop generating the get_release_number.sh file. - rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g<commit> suffix. - rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. - rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "<RELEASE>" string in specfiles. - mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). - bonding: only use primary address for ARP (bnc#815444). - bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). - mm: speedup in __early_pfn_to_nid (bnc#810624). - TTY: fix atime/mtime regression (bnc#815745). - sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). - sched: harden rq rt usage accounting (bnc#769685, bnc#788590). - rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). - rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). - rcu: Fix detection of abruptly-ending stall (bnc#816586). - rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). - Update Xen patches to 3.0.74. - btrfs: do not re-enter when allocating a chunk. - btrfs: save us a read_lock. - btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. - btrfs: remove unused fs_info from btrfs_decode_error(). - btrfs: handle null fs_info in btrfs_panic(). - btrfs: fix varargs in __btrfs_std_error. - btrfs: fix the race between bio and btrfs_stop_workers. - btrfs: fix NULL pointer after aborting a transaction. - btrfs: fix infinite loop when we abort on mount. - xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). - xfs: fix buffer lookup race on allocation failure (bnc#763968). Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.80_0.5-0.14.57 ext4-writeable-kmp-trace-0_3.0.80_0.5-0.14.57 kernel-default-extra-3.0.80-0.5.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.80_0.5-0.14.57 kernel-xen-extra-3.0.80-0.5.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.80_0.5-0.14.57 kernel-ppc64-extra-3.0.80-0.5.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.80_0.5-0.14.57 kernel-pae-extra-3.0.80-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=1018f7c366e9c225d36d59a46… http://download.novell.com/patch/finder/?keywords=194150572b66acba0bd2fe984… http://download.novell.com/patch/finder/?keywords=4d1b612be3e99697ac75bce37… http://download.novell.com/patch/finder/?keywords=ab0bba015edca85724d852aec… http://download.novell.com/patch/finder/?keywords=d0f1f96c578d70a2f51205abe… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE 12.1 has reached end of SUSE support
by Benjamin Brunner 13 Jun '13

13 Jun '13

Hi all, with the release of the kernel-update on May 06th, 2013 the SUSE sponsored maintenance of openSUSE 12.1 has ended. openSUSE 12.1 is now officially discontinued and out of support by SUSE. openSUSE 12.1 was the first openSUSE distribution maintained using OpenBuildService methods (known as "OBS Maintenance"), allowing full community participation, from the beginning. openSUSE 12.1 was released on November 16th 2011, making it 18 months of security and bugfix support. Currently, there are no plans to add 12.1 to the evergreen-project. If something changes, I'll inform you as soon as possible. Here are some statistics of our released updates (compared to 11.4): Total updates: 789 (+65) Security: 389 (-28) Recommended: 398 (+92) Optional: 2 (+1) Fixed CVE-entries: 1508 (+193) Fixed Bugs (overall): 1874 (+319) The increase of the resolved issues is related to the easier participation in working on openSUSE with the OpenBuildService. Thanks on this point to our awesome packagers, community and OpenBuildService-Team! Your maintenance- and security-team -- Benjamin Brunner <bbrunner(a)suse.com>, SUSE LINUX, Maintenance SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2013:1005-1: critical: kernel
by opensuse-security＠opensuse.org 13 Jun '13

13 Jun '13

openSUSE Security Update: kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1005-1 Rating: critical References: #790920 #821560 #822722 Cross-References: CVE-2013-2850 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: The openSUSE 12.1 kernel was updated to fix a critical security issue and also some reiserfs bugs. CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi target running on the machine and the attacker able to make a network connection to it (aka not filtered by firewalls). Bugs: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - reiserfs: fix problems with chowning setuid file w/ xattrs (bnc#790920). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-483 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): kernel-debug-3.1.10-1.29.1 kernel-debug-base-3.1.10-1.29.1 kernel-debug-base-debuginfo-3.1.10-1.29.1 kernel-debug-debuginfo-3.1.10-1.29.1 kernel-debug-debugsource-3.1.10-1.29.1 kernel-debug-devel-3.1.10-1.29.1 kernel-debug-devel-debuginfo-3.1.10-1.29.1 kernel-default-3.1.10-1.29.1 kernel-default-base-3.1.10-1.29.1 kernel-default-base-debuginfo-3.1.10-1.29.1 kernel-default-debuginfo-3.1.10-1.29.1 kernel-default-debugsource-3.1.10-1.29.1 kernel-default-devel-3.1.10-1.29.1 kernel-default-devel-debuginfo-3.1.10-1.29.1 kernel-desktop-3.1.10-1.29.1 kernel-desktop-base-3.1.10-1.29.1 kernel-desktop-base-debuginfo-3.1.10-1.29.1 kernel-desktop-debuginfo-3.1.10-1.29.1 kernel-desktop-debugsource-3.1.10-1.29.1 kernel-desktop-devel-3.1.10-1.29.1 kernel-desktop-devel-debuginfo-3.1.10-1.29.1 kernel-ec2-3.1.10-1.29.1 kernel-ec2-base-3.1.10-1.29.1 kernel-ec2-base-debuginfo-3.1.10-1.29.1 kernel-ec2-debuginfo-3.1.10-1.29.1 kernel-ec2-debugsource-3.1.10-1.29.1 kernel-ec2-devel-3.1.10-1.29.1 kernel-ec2-devel-debuginfo-3.1.10-1.29.1 kernel-ec2-extra-3.1.10-1.29.1 kernel-ec2-extra-debuginfo-3.1.10-1.29.1 kernel-syms-3.1.10-1.29.1 kernel-trace-3.1.10-1.29.1 kernel-trace-base-3.1.10-1.29.1 kernel-trace-base-debuginfo-3.1.10-1.29.1 kernel-trace-debuginfo-3.1.10-1.29.1 kernel-trace-debugsource-3.1.10-1.29.1 kernel-trace-devel-3.1.10-1.29.1 kernel-trace-devel-debuginfo-3.1.10-1.29.1 kernel-vanilla-3.1.10-1.29.1 kernel-vanilla-base-3.1.10-1.29.1 kernel-vanilla-base-debuginfo-3.1.10-1.29.1 kernel-vanilla-debuginfo-3.1.10-1.29.1 kernel-vanilla-debugsource-3.1.10-1.29.1 kernel-vanilla-devel-3.1.10-1.29.1 kernel-vanilla-devel-debuginfo-3.1.10-1.29.1 kernel-xen-3.1.10-1.29.1 kernel-xen-base-3.1.10-1.29.1 kernel-xen-base-debuginfo-3.1.10-1.29.1 kernel-xen-debuginfo-3.1.10-1.29.1 kernel-xen-debugsource-3.1.10-1.29.1 kernel-xen-devel-3.1.10-1.29.1 kernel-xen-devel-debuginfo-3.1.10-1.29.1 - openSUSE 12.1 (noarch): kernel-devel-3.1.10-1.29.1 kernel-docs-3.1.10-1.29.2 kernel-source-3.1.10-1.29.1 kernel-source-vanilla-3.1.10-1.29.1 - openSUSE 12.1 (i586): kernel-pae-3.1.10-1.29.1 kernel-pae-base-3.1.10-1.29.1 kernel-pae-base-debuginfo-3.1.10-1.29.1 kernel-pae-debuginfo-3.1.10-1.29.1 kernel-pae-debugsource-3.1.10-1.29.1 kernel-pae-devel-3.1.10-1.29.1 kernel-pae-devel-debuginfo-3.1.10-1.29.1 References: http://support.novell.com/security/cve/CVE-2013-2850.html https://bugzilla.novell.com/790920 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/822722 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0