SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0652-1 Rating: important References: #771619 #833820 #846404 #857643 #875051 #885077 #891211 #892235 #896390 #896391 #896779 #899338 #902346 #902349 #902351 #904700 #905100 #905312 #907822 #908870 #911325 #912654 #912705 #912916 #913059 #915335 #915826 Cross-References: CVE-2010-5313 CVE-2012-6657 CVE-2013-4299 CVE-2013-7263 CVE-2014-0181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7841 CVE-2014-7842 CVE-2014-8160 CVE-2014-8709 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 10 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed: * CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404). * CVE-2014-8160: SCTP firewalling failed until the SCTP module was loaded (bnc#913059). * CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bnc#911325). * CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). * CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allowed L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842 (bnc#907822). * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). * CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). * CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2013-7263: The Linux kernel before 3.12.4 updated certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). * CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). The following non-security bugs have been fixed: * KVM: SVM: Make Use of the generic guest-mode functions (bnc#907822). * KVM: inject #UD if instruction emulation fails and exit to userspace (bnc#907822). * block: Fix bogus partition statistics reports (bnc#885077 bnc#891211). * block: skip request queue cleanup if no elevator is assigned (bnc#899338). * isofs: Fix unchecked printing of ER records. * Re-enable nested-spinlocks-backport patch for xen (bnc#908870). * time, ntp: Do not update time_state in middle of leap second (bnc#912916). * timekeeping: Avoid possible deadlock from clock_was_set_delayed (bnc#771619, bnc#915335). * udf: Check component length before reading it. * udf: Check path length when reading symlink. * udf: Verify i_size when loading inode. * udf: Verify symlink size before loading it. * vt: prevent race between modifying and reading unicode map (bnc#915826). * writeback: Do not sync data dirtied after sync start (bnc#833820). * xfs: Avoid blocking on inode flush in background inode reclaim (bnc#892235). Security Issues: * CVE-2010-5313 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313> * CVE-2012-6657 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657> * CVE-2013-4299 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299> * CVE-2013-7263 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263> * CVE-2014-0181 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181> * CVE-2014-3184 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184> * CVE-2014-3185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185> * CVE-2014-3673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673> * CVE-2014-3687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687> * CVE-2014-3688 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688> * CVE-2014-7841 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841> * CVE-2014-7842 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842> * CVE-2014-8160 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160> * CVE-2014-8709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709> * CVE-2014-9420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420> * CVE-2014-9584 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584> * CVE-2014-9585 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585> Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-kernel=10315 slessp1-kernel=10316 slessp1-kernel=10317 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.6.32.59]: kernel-default-2.6.32.59-0.19.1 kernel-default-base-2.6.32.59-0.19.1 kernel-default-devel-2.6.32.59-0.19.1 kernel-source-2.6.32.59-0.19.1 kernel-syms-2.6.32.59-0.19.1 kernel-trace-2.6.32.59-0.19.1 kernel-trace-base-2.6.32.59-0.19.1 kernel-trace-devel-2.6.32.59-0.19.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64) [New Version: 2.6.32.59]: kernel-ec2-2.6.32.59-0.19.1 kernel-ec2-base-2.6.32.59-0.19.1 kernel-ec2-devel-2.6.32.59-0.19.1 kernel-xen-2.6.32.59-0.19.1 kernel-xen-base-2.6.32.59-0.19.1 kernel-xen-devel-2.6.32.59-0.19.1 xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-0.9.17 xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-0.9.17 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x) [New Version: 2.6.32.59]: kernel-default-man-2.6.32.59-0.19.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586) [New Version: 2.6.32.59]: kernel-pae-2.6.32.59-0.19.1 kernel-pae-base-2.6.32.59-0.19.1 kernel-pae-devel-2.6.32.59-0.19.1 xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.9.17 - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64): kernel-default-extra-2.6.32.59-0.19.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-2.6.32.59-0.19.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-2.6.32.59-0.19.1 References: https://www.suse.com/security/cve/CVE-2010-5313.html https://www.suse.com/security/cve/CVE-2012-6657.html https://www.suse.com/security/cve/CVE-2013-4299.html https://www.suse.com/security/cve/CVE-2013-7263.html https://www.suse.com/security/cve/CVE-2014-0181.html https://www.suse.com/security/cve/CVE-2014-3184.html https://www.suse.com/security/cve/CVE-2014-3185.html https://www.suse.com/security/cve/CVE-2014-3673.html https://www.suse.com/security/cve/CVE-2014-3687.html https://www.suse.com/security/cve/CVE-2014-3688.html https://www.suse.com/security/cve/CVE-2014-7841.html https://www.suse.com/security/cve/CVE-2014-7842.html https://www.suse.com/security/cve/CVE-2014-8160.html https://www.suse.com/security/cve/CVE-2014-8709.html https://www.suse.com/security/cve/CVE-2014-9420.html https://www.suse.com/security/cve/CVE-2014-9584.html https://www.suse.com/security/cve/CVE-2014-9585.html https://bugzilla.suse.com/771619 https://bugzilla.suse.com/833820 https://bugzilla.suse.com/846404 https://bugzilla.suse.com/857643 https://bugzilla.suse.com/875051 https://bugzilla.suse.com/885077 https://bugzilla.suse.com/891211 https://bugzilla.suse.com/892235 https://bugzilla.suse.com/896390 https://bugzilla.suse.com/896391 https://bugzilla.suse.com/896779 https://bugzilla.suse.com/899338 https://bugzilla.suse.com/902346 https://bugzilla.suse.com/902349 https://bugzilla.suse.com/902351 https://bugzilla.suse.com/904700 https://bugzilla.suse.com/905100 https://bugzilla.suse.com/905312 https://bugzilla.suse.com/907822 https://bugzilla.suse.com/908870 https://bugzilla.suse.com/911325 https://bugzilla.suse.com/912654 https://bugzilla.suse.com/912705 https://bugzilla.suse.com/912916 https://bugzilla.suse.com/913059 https://bugzilla.suse.com/915335 https://bugzilla.suse.com/915826 https://download.suse.com/patch/finder/?keywords=01007b3b761286f24a9cd5a7197... https://download.suse.com/patch/finder/?keywords=8944e139fcc8a84a52412d23cce... https://download.suse.com/patch/finder/?keywords=a5e2892de750f2c5d2fba65db2f... https://download.suse.com/patch/finder/?keywords=afe31f60701fa39738b0574722e... https://download.suse.com/patch/finder/?keywords=cfbfe04e5c8b61b50f91d849de2... https://download.suse.com/patch/finder/?keywords=ef5762f62e2e26eab3ef31d6b58... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org