openSUSE Security Update: kernel: security and bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0204-1 Rating: important References: #804950 #805226 #808358 #811746 #825006 #831836 #838024 #840226 #840656 #844513 #848079 #848255 #849021 #849023 #849029 #849034 #849362 #852373 #852558 #852559 #853050 #853051 #853052 #853053 #854173 #854634 #854722 #860993 Cross-References: CVE-2013-0343 CVE-2013-1792 CVE-2013-4348 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6378 CVE-2013-6380 CVE-2013-6431 CVE-2013-7027 CVE-2014-0038 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 12 fixes is now available. Description: The Linux kernel was updated to fix various bugs and security issues: - mm/page-writeback.c: do not count anon pages as dirtyable memory (reclaim stalls). - mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (reclaim stalls). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - hwmon: (coretemp) Fix truncated name of alarm attributes - net: fib: fib6_add: fix potential NULL pointer dereference (bnc#854173 CVE-2013-6431). - keys: fix race with concurrent install_user_keyrings() (bnc#808358)(CVE-2013-1792). - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - wireless: radiotap: fix parsing buffer overrun (bnc#854634 CVE-2013-7027). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - staging: ozwpan: prevent overflow in oz_cdev_write() (bnc#849023 CVE-2013-4513). - perf/x86: Fix offcore_rsp valid mask for SNB/IVB (bnc#825006). - perf/x86: Add Intel IvyBridge event scheduling constraints (bnc#825006). - libertas: potential oops in debugfs (bnc#852559 CVE-2013-6378). - aacraid: prevent invalid pointer dereference (bnc#852373 CVE-2013-6380). - staging: wlags49_h2: buffer overflow setting station name (bnc#849029 CVE-2013-4514). - net: flow_dissector: fail on evil iph->ihl (bnc#848079 CVE-2013-4348). - Staging: bcm: info leak in ioctl (bnc#849034 CVE-2013-4515). - Refresh patches.fixes/net-rework-recvmsg-handler-msg_name-and-msg_na melen-logic.patch. - ipv6: remove max_addresses check from ipv6_create_tempaddr (bnc#805226, CVE-2013-0343). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - crypto: ansi_cprng - Fix off by one error in non-block size request (bnc#840226). - x6: Fix reserve_initrd so that acpi_initrd_override is reached (bnc#831836). - Refresh other Xen patches. - aacraid: missing capable() check in compat ioctl (bnc#852558). - patches.fixes/gpio-ich-fix-ichx_gpio_check_available-return. patch: Update upstream reference - perf/ftrace: Fix paranoid level for enabling function tracer (bnc#849362). - xhci: fix null pointer dereference on ring_doorbell_for_active_rings (bnc#848255). - xhci: Fix oops happening after address device timeout (bnc#848255). - xhci: Ensure a command structure points to the correct trb on the command ring (bnc#848255). - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-irq-r emapping-warning.patch: Update upstream reference. - Allow NFSv4 username mapping to work properly (bnc#838024). - Refresh btrfs attribute publishing patchset to match openSUSE-13.1 No user-visible changes, but uses kobj_sysfs_ops and better kobject lifetime management. - Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511). - drm/radeon: don't set hpd, afmt interrupts when interrupts are disabled. - patches.fixes/cifs-fill-TRANS2_QUERY_FILE_INFO-ByteCount-fie lds.patch: Fix TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950). - iommu: Remove stack trace from broken irq remapping warning (bnc#844513). - Disable patches related to bnc#840656 patches.suse/btrfs-cleanup-don-t-check-the-same-thing-twice patches.suse/btrfs-0220-fix-for-patch-cleanup-don-t-check-th e-same-thi.patch - btrfs: use feature attribute names to print better error messages. - btrfs: add ability to change features via sysfs. - btrfs: add publishing of unknown features in sysfs. - btrfs: publish per-super features to sysfs. - btrfs: add per-super attributes to sysfs. - btrfs: export supported featured to sysfs. - kobject: introduce kobj_completion. - btrfs: add ioctls to query/change feature bits online. - btrfs: use btrfs_commit_transaction when setting fslabel. - x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). - NFSv4: Fix issues in nfs4_discover_server_trunking (bnc#811746). - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2014-113 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): kernel-default-3.7.10-1.28.1 kernel-default-base-3.7.10-1.28.1 kernel-default-base-debuginfo-3.7.10-1.28.1 kernel-default-debuginfo-3.7.10-1.28.1 kernel-default-debugsource-3.7.10-1.28.1 kernel-default-devel-3.7.10-1.28.1 kernel-default-devel-debuginfo-3.7.10-1.28.1 kernel-syms-3.7.10-1.28.1 - openSUSE 12.3 (i686 x86_64): kernel-debug-3.7.10-1.28.1 kernel-debug-base-3.7.10-1.28.1 kernel-debug-base-debuginfo-3.7.10-1.28.1 kernel-debug-debuginfo-3.7.10-1.28.1 kernel-debug-debugsource-3.7.10-1.28.1 kernel-debug-devel-3.7.10-1.28.1 kernel-debug-devel-debuginfo-3.7.10-1.28.1 kernel-desktop-3.7.10-1.28.1 kernel-desktop-base-3.7.10-1.28.1 kernel-desktop-base-debuginfo-3.7.10-1.28.1 kernel-desktop-debuginfo-3.7.10-1.28.1 kernel-desktop-debugsource-3.7.10-1.28.1 kernel-desktop-devel-3.7.10-1.28.1 kernel-desktop-devel-debuginfo-3.7.10-1.28.1 kernel-ec2-3.7.10-1.28.1 kernel-ec2-base-3.7.10-1.28.1 kernel-ec2-base-debuginfo-3.7.10-1.28.1 kernel-ec2-debuginfo-3.7.10-1.28.1 kernel-ec2-debugsource-3.7.10-1.28.1 kernel-ec2-devel-3.7.10-1.28.1 kernel-ec2-devel-debuginfo-3.7.10-1.28.1 kernel-trace-3.7.10-1.28.1 kernel-trace-base-3.7.10-1.28.1 kernel-trace-base-debuginfo-3.7.10-1.28.1 kernel-trace-debuginfo-3.7.10-1.28.1 kernel-trace-debugsource-3.7.10-1.28.1 kernel-trace-devel-3.7.10-1.28.1 kernel-trace-devel-debuginfo-3.7.10-1.28.1 kernel-vanilla-3.7.10-1.28.1 kernel-vanilla-debuginfo-3.7.10-1.28.1 kernel-vanilla-debugsource-3.7.10-1.28.1 kernel-vanilla-devel-3.7.10-1.28.1 kernel-vanilla-devel-debuginfo-3.7.10-1.28.1 kernel-xen-3.7.10-1.28.1 kernel-xen-base-3.7.10-1.28.1 kernel-xen-base-debuginfo-3.7.10-1.28.1 kernel-xen-debuginfo-3.7.10-1.28.1 kernel-xen-debugsource-3.7.10-1.28.1 kernel-xen-devel-3.7.10-1.28.1 kernel-xen-devel-debuginfo-3.7.10-1.28.1 - openSUSE 12.3 (noarch): kernel-devel-3.7.10-1.28.1 kernel-docs-3.7.10-1.28.2 kernel-source-3.7.10-1.28.1 kernel-source-vanilla-3.7.10-1.28.1 - openSUSE 12.3 (i686): kernel-pae-3.7.10-1.28.1 kernel-pae-base-3.7.10-1.28.1 kernel-pae-base-debuginfo-3.7.10-1.28.1 kernel-pae-debuginfo-3.7.10-1.28.1 kernel-pae-debugsource-3.7.10-1.28.1 kernel-pae-devel-3.7.10-1.28.1 kernel-pae-devel-debuginfo-3.7.10-1.28.1 References: http://support.novell.com/security/cve/CVE-2013-0343.html http://support.novell.com/security/cve/CVE-2013-1792.html http://support.novell.com/security/cve/CVE-2013-4348.html http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4513.html http://support.novell.com/security/cve/CVE-2013-4514.html http://support.novell.com/security/cve/CVE-2013-4515.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6368.html http://support.novell.com/security/cve/CVE-2013-6376.html http://support.novell.com/security/cve/CVE-2013-6378.html http://support.novell.com/security/cve/CVE-2013-6380.html http://support.novell.com/security/cve/CVE-2013-6431.html http://support.novell.com/security/cve/CVE-2013-7027.html http://support.novell.com/security/cve/CVE-2014-0038.html https://bugzilla.novell.com/804950 https://bugzilla.novell.com/805226 https://bugzilla.novell.com/808358 https://bugzilla.novell.com/811746 https://bugzilla.novell.com/825006 https://bugzilla.novell.com/831836 https://bugzilla.novell.com/838024 https://bugzilla.novell.com/840226 https://bugzilla.novell.com/840656 https://bugzilla.novell.com/844513 https://bugzilla.novell.com/848079 https://bugzilla.novell.com/848255 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/849023 https://bugzilla.novell.com/849029 https://bugzilla.novell.com/849034 https://bugzilla.novell.com/849362 https://bugzilla.novell.com/852373 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/852559 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853052 https://bugzilla.novell.com/853053 https://bugzilla.novell.com/854173 https://bugzilla.novell.com/854634 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/860993 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org