openSUSE Security
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
July 2013
- 19 participants
- 18 discussions
31 Jul '13
hi
is there something declared about this
https://kb.isc.org/article/AA-01015/0/CVE-2013-4854%3A-A-specially-crafted-…
or is it already patched in the 9.9.2 p2???
regards
jluce
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
3
4
Guten Tag
Wenn Sie immer noch an den Datenbanken der Unternehmen für das Jahr 2013 interessiert sind, dann haben wir für Sie eine gute Nachricht.
Speziell für Sie haben wir eine Rabatt-Code über 30% vorbereitet, die ist nur gültig bis 26.07.2013.
ML77D-DWO-1024-A
http://www.db-contact.net/
Geben Sie bitte die Codenummer bei der Bestellung mit an, der Rabatt wird mit 30% verbucht.
Mit besten Grüßen
Glob-Contact.
http://www.db-contact.net/
---
Wollen Sie keine Infos mehr über unsere Datenbanken erhalten, klicken Sie bitte den Link an und melden sich ab:
http://www.db-contact.net/?lang=deu&page=unsubscribe&email=opensuse-securit…
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
1
0
UNSUSCRIBE
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
1
0
Guten Tag
Wenn Sie immer noch an den Datenbanken der Unternehmen für das Jahr 2013 interessiert sind, dann haben wir für Sie eine gute Nachricht.
Speziell für Sie haben wir eine Rabatt-Code über 30% vorbereitet, die ist nur gültig bis 19.07.2013.
ML77D-DWO-1024-A
http://www.db-contact.net/
Geben Sie bitte die Codenummer bei der Bestellung mit an, der Rabatt wird mit 30% verbucht.
Mit besten Grüßen
Glob-Contact.
http://www.db-contact.net/
---
Wollen Sie keine Infos mehr über unsere Datenbanken erhalten, klicken Sie bitte den Link an und melden sich ab:
http://www.db-contact.net/?lang=deu&page=unsubscribe&email=opensuse-securit…
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
1
0
16 Jul '13
Hi,
After installing the qemu related upgrade I have noticed the following message:
( 7/11) Installing: qemu-tools-1.3.1-3.4.1 ....................[done]
Additional rpm output:
/usr/lib/qemu-bridge-helper: cannot verify root:root 0755 - not listed in /etc/permissions
Now, normally I would consider this as a bug, but the machine has been via
zypper dup upgraded, therefore I am not sure if this is something on my end or
common for everyone.
Any thoughts
Thanks
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
4
3
Guten Tag
Wenn Sie immer noch an den Datenbanken der Unternehmen für das Jahr 2013 interessiert sind, dann haben wir für Sie eine gute Nachricht.
Speziell für Sie haben wir eine Rabatt-Code über 30% vorbereitet, die ist nur gültig 15.07.2013.
ML77D-DWO-1024-A
http://www.db-contact.net/
Geben Sie bitte die Codenummer bei der Bestellung mit an, der Rabatt wird mit 30% verbucht.
Mit besten Grüßen
Glob-Contact.
http://www.db-contact.net/
---
Wollen Sie keine Infos mehr über unsere Datenbanken erhalten, klicken Sie bitte den Link an und melden sich ab:
http://www.db-contact.net/?lang=deu&page=unsubscribe&email=opensuse-securit…
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
1
0
Re: [opensuse-security] [DE-CIX-RT #89589] AutoReply: [security-announce] SUSE-SU-2013:1182-1: important: kernel update for SLE11 SP3
by S.Dittmar@eureca.de via RT 13 Jul '13
by S.Dittmar@eureca.de via RT 13 Jul '13
13 Jul '13
Dear Sirs,
could you please advice your ticket system not to send the "ticket has been
created" answer to SUSE's security-announce mailing list? It's terribly annoying
to be spammed with such mails just because I'm a reader of the same list.
Susan Dittmar
The default queue via RT schrieb:
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
> "[security-announce] SUSE-SU-2013:1182-1: important: kernel update for SLE11 SP3",
> a summary of which appears below.
>
> There is no need to reply to this message right now. Your ticket has been
> assigned an ID of [DE-CIX-RT #89589].
>
> Please include the string:
>
> [DE-CIX-RT #89589]
>
> in the subject line of all future correspondence about this issue. To do so,
> you may reply to this message.
>
> Thank you,
>
>
> -------------------------------------------------------------------------
> SUSE Security Update: kernel update for SLE11 SP3
> ______________________________________________________________________________
>
> Announcement ID: SUSE-SU-2013:1182-1
> Rating: important
> References: #763968 #773837 #785901 #797090 #797727 #801427
> #803320 #804482 #804609 #805804 #806976 #808015
> #808136 #808837 #808855 #809130 #809895 #809975
> #810722 #812281 #812332 #812526 #812974 #813604
> #813922 #815356 #816451 #817035 #817377 #818047
> #818371 #818465 #819018 #819195 #819523 #819610
> #819655 #820172 #820434 #821052 #821070 #821235
> #821799 #821859 #821930 #822066 #822077 #822080
> #822164 #822340 #822431 #822722 #822825 #823082
> #823223 #823342 #823386 #823597 #823795 #824159
> #825037 #825591 #825657 #825696 #826186
> Cross-References: CVE-2013-0160 CVE-2013-1774 CVE-2013-1979
> CVE-2013-3076 CVE-2013-3222 CVE-2013-3223
> CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
> CVE-2013-3228 CVE-2013-3229 CVE-2013-3231
> CVE-2013-3232 CVE-2013-3234 CVE-2013-3235
>
> Affected Products:
> SLE 11 SERVER Unsupported Extras
> ______________________________________________________________________________
>
> An update that solves 15 vulnerabilities and has 50 fixes
> is now available.
>
> Description:
>
> The SUSE Linux Enterprise 11 Service Pack 3 kernel was
> updated to 3.0.82 and to fix various bugs and security
> issues.
>
> Following security issues were fixed: CVE-2013-1774: The
> chase_port function in drivers/usb/serial/io_ti.c in the
> Linux kernel allowed local users to cause a denial of
> service (NULL pointer dereference and system crash) via an
> attempted /dev/ttyUSB read or write operation on a
> disconnected Edgeport USB serial converter.
>
> CVE-2013-0160: Timing side channel on attacks were possible
> on /dev/ptmx that could allow local attackers to predict
> keypresses like e.g. passwords. This has been fixed again
> by updating accessed/modified time on the pty devices in
> resolution of 8 seconds, so that idle time detection can
> still work.
>
> CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
> in the Linux kernel did not initialize a certain length
> variable, which allowed local users to obtain sensitive
> information from kernel stack memory via a crafted recvmsg
> or recvfrom system call.
>
> CVE-2013-3223: The ax25_recvmsg function in
> net/ax25/af_ax25.c in the Linux kernel did not initialize a
> certain data structure, which allowed local users to obtain
> sensitive information from kernel stack memory via a
> crafted recvmsg or recvfrom system call.
>
> CVE-2013-3224: The bt_sock_recvmsg function in
> net/bluetooth/af_bluetooth.c in the Linux kernel did not
> properly initialize a certain length variable, which
> allowed local users to obtain sensitive information from
> kernel stack memory via a crafted recvmsg or recvfrom
> system call.
>
> CVE-2013-3225: The rfcomm_sock_recvmsg function in
> net/bluetooth/rfcomm/sock.c in the Linux kernel did not
> initialize a certain length variable, which allowed local
> users to obtain sensitive information from kernel stack
> memory via a crafted recvmsg or recvfrom system call.
>
> CVE-2013-3227: The caif_seqpkt_recvmsg function in
> net/caif/caif_socket.c in the Linux kernel did not
> initialize a certain length variable, which allowed local
> users to obtain sensitive information from kernel stack
> memory via a crafted recvmsg or recvfrom system call.
>
> CVE-2013-3228: The irda_recvmsg_dgram function in
> net/irda/af_irda.c in the Linux kernel did not initialize a
> certain length variable, which allowed local users to
> obtain sensitive information from kernel stack memory via a
> crafted recvmsg or recvfrom system call.
>
> CVE-2013-3229: The iucv_sock_recvmsg function in
> net/iucv/af_iucv.c in the Linux kernel did not initialize a
> certain length variable, which allowed local users to
> obtain sensitive information from kernel stack memory via a
> crafted recvmsg or recvfrom system call.
>
> CVE-2013-3231: The llc_ui_recvmsg function in
> net/llc/af_llc.c in the Linux kernel did not initialize a
> certain length variable, which allowed local users to
> obtain sensitive information from kernel stack memory via a
> crafted recvmsg or recvfrom system call.
>
> CVE-2013-3232: The nr_recvmsg function in
> net/netrom/af_netrom.c in the Linux kernel did not
> initialize a certain data structure, which allowed local
> users to obtain sensitive information from kernel stack
> memory via a crafted recvmsg or recvfrom system call.
>
> CVE-2013-3234: The rose_recvmsg function in
> net/rose/af_rose.c in the Linux kernel did not initialize a
> certain data structure, which allowed local users to obtain
> sensitive information from kernel stack memory via a
> crafted recvmsg or recvfrom system call.
>
> CVE-2013-3235: net/tipc/socket.c in the Linux kernel did
> not initialize a certain data structure and a certain
> length variable, which allowed local users to obtain
> sensitive information from kernel stack memory via a
> crafted recvmsg or recvfrom system call.
>
> CVE-2013-3076: The crypto API in the Linux kernel did not
> initialize certain length variables, which allowed local
> users to obtain sensitive information from kernel stack
> memory via a crafted recvmsg or recvfrom system call,
> related to the hash_recvmsg function in crypto/algif_hash.c
> and the skcipher_recvmsg function in
> crypto/algif_skcipher.c.
>
> CVE-2013-1979: The scm_set_cred function in
> include/net/scm.h in the Linux kernel used incorrect uid
> and gid values during credentials passing, which allowed
> local users to gain privileges via a crafted application.
>
> A kernel information leak via tkill/tgkill was fixed.
>
> Following non security bugs were fixed: S/390:
> - af_iucv: Missing man page (bnc#825037, LTC#94825).
> - iucv: fix kernel panic at reboot (bnc#825037, LTC#93803).
> - kernel: lost IPIs on CPU hotplug (bnc#825037, LTC#94784).
> - dasd: Add missing descriptions for dasd timeout messages
> (bnc#825037, LTC#94762).
> - dasd: Fix hanging device after resume with internal error
> 13 (bnc#825037, LTC#94554).
> - cio: Suppress 2nd path verification during resume
> (bnc#825037, LTC#94554).
> - vmcp: Missing man page (bnc#825037, LTC#94453).
> - kernel: 3215 console crash (bnc#825037, LTC#94302).
> - netiucv: Hold rtnl between name allocation and device
> registration (bnc#824159).
> - s390/ftrace: fix mcount adjustment (bnc#809895).
>
> HyperV:
> - Drivers: hv: Fix a bug in get_vp_index().
> - hyperv: Fix a compiler warning in netvsc_send().
> - Tools: hv: Fix a checkpatch warning.
> - tools: hv: skip iso9660 mounts in hv_vss_daemon.
> - tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon.
> - tools: hv: use getmntent in hv_vss_daemon.
> - Tools: hv: Fix a checkpatch warning.
> - tools: hv: fix checks for origin of netlink message in
> hv_vss_daemon.
> - Tools: hv: fix warnings in hv_vss_daemon.
> - x86, hyperv: Handle Xen emulation of Hyper-V more
> gracefully.
> - hyperv: Fix a kernel warning from
> netvsc_linkstatus_callback().
> - Drivers: hv: balloon: make local functions static.
> - tools: hv: daemon should check type of received Netlink
> msg.
> - tools: hv: daemon setsockopt should use options macros.
> - tools: hv: daemon should subscribe only to CN_KVP_IDX
> group.
> - driver: hv: remove cast for kmalloc return value.
> - hyperv: use 3.4 as LIC version string (bnc#822431).
>
> BTRFS:
> - btrfs: flush delayed inodes if we are short on space
> (bnc#801427).
> - btrfs: rework shrink_delalloc (bnc#801427).
> - btrfs: fix our overcommit math (bnc#801427).
> - btrfs: delay block group item insertion (bnc#801427).
> - btrfs: remove bytes argument from do_chunk_alloc
> (bnc#801427).
> - btrfs: run delayed refs first when out of space
> (bnc#801427).
> - btrfs: do not commit instead of overcommitting
> (bnc#801427).
> - btrfs: do not take inode delalloc mutex if we are a free
> space inode (bnc#801427).
> - btrfs: fix chunk allocation error handling (bnc#801427).
> - btrfs: remove extent mapping if we fail to add chunk
> (bnc#801427).
> - btrfs: do not overcommit if we do not have enough space
> for global rsv (bnc#801427).
> - btrfs: rework the overcommit logic to be based on the
> total size (bnc#801427).
> - btrfs: steal from global reserve if we are cleaning up
> orphans (bnc#801427).
> - btrfs: clear chunk_alloc flag on retryable failure
> (bnc#801427).
> - btrfs: use reserved space for creating a snapshot
> (bnc#801427).
> - btrfs: cleanup to make the function
> btrfs_delalloc_reserve_metadata more logic (bnc#801427).
> - btrfs: fix space leak when we fail to reserve metadata
> space (bnc#801427).
> - btrfs: fix space accounting for unlink and rename
> (bnc#801427).
> - btrfs: allocate new chunks if the space is not enough for
> global rsv (bnc#801427).
> - btrfs: various abort cleanups (bnc#812526 bnc#801427).
> - btrfs: simplify unlink reservations (bnc#801427).
>
> XFS:
> - xfs: Move allocation stack switch up to xfs_bmapi
> (bnc#815356).
> - xfs: introduce XFS_BMAPI_STACK_SWITCH (bnc#815356).
> - xfs: zero allocation_args on the kernel stack
> (bnc#815356).
> - xfs: fix debug_object WARN at xfs_alloc_vextent()
> (bnc#815356).
> - xfs: do not defer metadata allocation to the workqueue
> (bnc#815356).
> - xfs: introduce an allocation workqueue (bnc#815356).
> - xfs: fix race while discarding buffers [V4] (bnc#815356
> (comment 36)).
> - xfs: Serialize file-extending direct IO (bnc#818371).
> - xfs: Do not allocate new buffers on every call to
> _xfs_buf_find (bnc#763968).
> - xfs: fix buffer lookup race on allocation failure
> (bnc#763968).
>
> ALSA:
> - Fix VT1708 jack detection on SLEPOS machines (bnc#813922).
> - ALSA: hda - Avoid choose same converter for unused pins
> (bnc#826186).
> - ALSA: hda - Cache the MUX selection for generic HDMI
> (bnc#826186).
> - ALSA: hda - Haswell converter power state D0 verify
> (bnc#826186).
> - ALSA: hda - Do not take unresponsive D3 transition too
> serious (bnc#823597).
> - ALSA: hda - Introduce bit flags to
> snd_hda_codec_read/write() (bnc#823597).
> - ALSA: hda - Check CORB overflow (bnc#823597).
> - ALSA: hda - Check validity of CORB/RIRB WP reads
> (bnc#823597).
> - ALSA: hda - Fix system panic when DMA > 40 bits for
> Nvidia audio controllers (bnc#818465).
> - ALSA: hda - Add hint for suppressing lower cap for IDT
> codecs (bnc#812332).
> - ALSA: hda - Enable mic-mute LED on more HP laptops
> (bnc#821859).
>
> Direct Rendering Manager (DRM):
> - drm/i915: Add wait_for in init_ring_common (bnc#813604).
> - drm/i915: Mark the ringbuffers as being in the GTT domain
> (bnc#813604).
> - drm/edid: Do not print messages regarding stereo or csync
> by default (bnc #821235).
> - drm/i915: force full modeset if the connector is in DPMS
> OFF mode (bnc #809975).
> - drm/i915/sdvo: Use &intel_sdvo->ddc instead of
> intel_sdvo->i2c for DDC (bnc #808855).
> - drm/mm: fix dump table BUG. (bnc#808837)
> - drm/i915: Clear the stolen fb before enabling
> (bnc#808015).
>
> XEN:
> - xen/netback: Update references (bnc#823342).
> - xen: Check for insane amounts of requests on the ring.
> - Update Xen patches to 3.0.82.
> - netback: do not disconnect frontend when seeing oversize
> packet.
> - netfront: reduce gso_max_size to account for max TCP
> header.
> - netfront: fix kABI after "reduce gso_max_size to account
> for max TCP header".
>
> Other:
> - x86, efi: retry ExitBootServices() on failure
> (bnc#823386).
> - x86/efi: Fix dummy variable buffer allocation
> (bnc#822080).
>
> - ext4: avoid hang when mounting non-journal filesystems
> with orphan list (bnc#817377).
>
> - mm: compaction: Scan PFN caching KABI workaround (Fix
> KABI breakage (bnc#825657)).
>
> - autofs4 - fix get_next_positive_subdir() (bnc#819523).
>
> - ocfs2: Add bits_wanted while calculating credits in
> ocfs2_calc_extend_credits (bnc#822077).
>
> - writeback: Avoid needless scanning of b_dirty list
> (bnc#819018).
> - writeback: Do not sort b_io list only because of block
> device inode (bnc#819018).
>
> - re-enable io tracing (bnc#785901).
>
> - pciehp: Corrected the old mismatching DMI strings.
>
> - SUNRPC: Prevent an rpc_task wakeup race (bnc#825591).
>
> - tg3: Prevent system hang during repeated EEH errors
> (bnc#822066).
>
> - scsi_dh_alua: multipath failover fails with error 15
> (bnc#825696).
>
> - Do not switch camera on HP EB 8780 (bnc#797090).
>
> - Do not switch webcam for HP EB 8580w (bnc#797090).
>
> - mm: fixup compilation error due to an asm write through a
> const pointer. (bnc#823795)
>
> - do not switch cam port on HP EliteBook 840 (bnc#822164).
>
> - net/sunrpc: xpt_auth_cache should be ignored when expired
> (bnc#803320).
> - sunrpc/cache: ensure items removed from cache do not have
> pending upcalls (bnc#803320).
> - sunrpc/cache: remove races with queuing an upcall
> (bnc#803320).
> - sunrpc/cache: use cache_fresh_unlocked consistently and
> correctly (bnc#803320).
>
> - KVM: x86: emulate movdqa (bnc#821070).
> - KVM: x86: emulator: add support for vector alignment
> (bnc#821070).
> - KVM: x86: emulator: expand decode flags to 64 bits
> (bnc#821070).
>
> - xhci - correct comp_mode_recovery_timer on return from
> hibernate (bnc#808136).
>
> - md/raid10 enough fixes (bnc#773837).
>
> - lib/Makefile: Fix oid_registry build dependency
> (bnc#823223).
>
> - Update config files: disable IP_PNP (bnc#822825)
>
> - Fix kABI breakage for addition of
> snd_hda_bus.no_response_fallback (bnc#823597).
>
> - Disable efi pstore by default (bnc#804482 bnc#820172).
>
> - md: Fix problem with GET_BITMAP_FILE returning wrong
> status (bnc#812974).
>
> - bnx2x: Fix bridged GSO for 57710/57711 chips (bnc#819610).
>
> - USB: xHCI: override bogus bulk wMaxPacketSize values
> (bnc#823082).
>
> - BTUSB: Add MediaTek bluetooth MT76x0E support (bnc#797727
> bnc#822340).
>
> - qlge: Update version to 1.00.00.32 (bnc#819195).
> - qlge: Fix ethtool autoneg advertising (bnc#819195).
> - qlge: Fix receive path to drop error frames (bnc#819195).
> - qlge: remove NETIF_F_TSO6 flag (bnc#819195).
> - remove init of dev->perm_addr in drivers (bnc#819195).
> - drivers/net: fix up function prototypes after __dev*
> removals (bnc#819195).
> - qlge: remove __dev* attributes (bnc#819195).
> - drivers: ethernet: qlogic: qlge_dbg.c: Fixed a coding
> style issue (bnc#819195).
>
> - cxgb4: Force uninitialized state if FW_ON_ADAPTER is <
> FW_VERSION and we are the MASTER_PF (bnc#809130).
>
> - USB: UHCI: fix for suspend of virtual HP controller
> (bnc#817035).
>
> - timer_list: Convert timer list to be a proper seq_file
> (bnc#818047).
> - timer_list: Split timer_list_show_tickdevices
> (bnc#818047).
> - sched: Fix /proc/sched_debug failure on very very large
> systems (bnc#818047).
> - sched: Fix /proc/sched_stat failure on very very large
> systems (bnc#818047).
>
> - reiserfs: fix spurious multiple-fill in
> reiserfs_readdir_dentry (bnc#822722).
>
> - libfc: do not exch_done() on invalid sequence ptr
> (bnc#810722).
>
> - netfilter: ip6t_LOG: fix logging of packet mark
> (bnc#821930).
>
>
> - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
> (bnc#819655).
>
> - HWPOISON: fix misjudgement of page_action() for errors on
> mlocked pages (Memory failure RAS (bnc#821799)).
> - HWPOISON: check dirty flag to match against clean page
> (Memory failure RAS (bnc#821799)).
> - HWPOISON: change order of error_states elements (Memory
> failure RAS (bnc#821799)).
> - mm: hwpoison: fix action_result() to print out
> dirty/clean (Memory failure RAS (bnc#821799)).
>
> - mm: mmu_notifier: re-fix freed page still mapped in
> secondary MMU (bnc#821052).
>
> - Do not switch webcams in some HP ProBooks to XHCI
> (bnc#805804).
>
> - Do not switch BT on HP ProBook 4340 (bnc#812281).
>
> - mm: memory_dev_init make sure nmi watchdog does not
> trigger while registering memory sections (bnc#804609,
> bnc#820434).
>
> - mm: compaction: Restart compaction from near where it
> left off
> - mm: compaction: cache if a pageblock was scanned and no
> pages were isolated
> - mm: compaction: clear PG_migrate_skip based on compaction
> and reclaim activity
> - mm: compaction: Scan PFN caching KABI workaround
> - mm: page_allocator: Remove first_pass guard
> - mm: vmscan: do not stall on writeback during memory
> compaction Cache compaction restart points for faster
> compaction cycles (bnc#816451)
>
>
> Special Instructions and Notes:
>
> Please reboot the system after installing this update.
>
>
> Package List:
>
> - SLE 11 SERVER Unsupported Extras (ppc64 s390x x86_64):
>
> kernel-default-extra-3.0.82-0.7.9
>
> - SLE 11 SERVER Unsupported Extras (x86_64):
>
> kernel-xen-extra-3.0.82-0.7.9
>
> - SLE 11 SERVER Unsupported Extras (ppc64):
>
> kernel-ppc64-extra-3.0.82-0.7.9
>
>
> References:
>
> http://support.novell.com/security/cve/CVE-2013-0160.html
> http://support.novell.com/security/cve/CVE-2013-1774.html
> http://support.novell.com/security/cve/CVE-2013-1979.html
> http://support.novell.com/security/cve/CVE-2013-3076.html
> http://support.novell.com/security/cve/CVE-2013-3222.html
> http://support.novell.com/security/cve/CVE-2013-3223.html
> http://support.novell.com/security/cve/CVE-2013-3224.html
> http://support.novell.com/security/cve/CVE-2013-3225.html
> http://support.novell.com/security/cve/CVE-2013-3227.html
> http://support.novell.com/security/cve/CVE-2013-3228.html
> http://support.novell.com/security/cve/CVE-2013-3229.html
> http://support.novell.com/security/cve/CVE-2013-3231.html
> http://support.novell.com/security/cve/CVE-2013-3232.html
> http://support.novell.com/security/cve/CVE-2013-3234.html
> http://support.novell.com/security/cve/CVE-2013-3235.html
> https://bugzilla.novell.com/763968
> https://bugzilla.novell.com/773837
> https://bugzilla.novell.com/785901
> https://bugzilla.novell.com/797090
> https://bugzilla.novell.com/797727
> https://bugzilla.novell.com/801427
> https://bugzilla.novell.com/803320
> https://bugzilla.novell.com/804482
> https://bugzilla.novell.com/804609
> https://bugzilla.novell.com/805804
> https://bugzilla.novell.com/806976
> https://bugzilla.novell.com/808015
> https://bugzilla.novell.com/808136
> https://bugzilla.novell.com/808837
> https://bugzilla.novell.com/808855
> https://bugzilla.novell.com/809130
> https://bugzilla.novell.com/809895
> https://bugzilla.novell.com/809975
> https://bugzilla.novell.com/810722
> https://bugzilla.novell.com/812281
> https://bugzilla.novell.com/812332
> https://bugzilla.novell.com/812526
> https://bugzilla.novell.com/812974
> https://bugzilla.novell.com/813604
> https://bugzilla.novell.com/813922
> https://bugzilla.novell.com/815356
> https://bugzilla.novell.com/816451
> https://bugzilla.novell.com/817035
> https://bugzilla.novell.com/817377
> https://bugzilla.novell.com/818047
> https://bugzilla.novell.com/818371
> https://bugzilla.novell.com/818465
> https://bugzilla.novell.com/819018
> https://bugzilla.novell.com/819195
> https://bugzilla.novell.com/819523
> https://bugzilla.novell.com/819610
> https://bugzilla.novell.com/819655
> https://bugzilla.novell.com/820172
> https://bugzilla.novell.com/820434
> https://bugzilla.novell.com/821052
> https://bugzilla.novell.com/821070
> https://bugzilla.novell.com/821235
> https://bugzilla.novell.com/821799
> https://bugzilla.novell.com/821859
> https://bugzilla.novell.com/821930
> https://bugzilla.novell.com/822066
> https://bugzilla.novell.com/822077
> https://bugzilla.novell.com/822080
> https://bugzilla.novell.com/822164
> https://bugzilla.novell.com/822340
> https://bugzilla.novell.com/822431
> https://bugzilla.novell.com/822722
> https://bugzilla.novell.com/822825
> https://bugzilla.novell.com/823082
> https://bugzilla.novell.com/823223
> https://bugzilla.novell.com/823342
> https://bugzilla.novell.com/823386
> https://bugzilla.novell.com/823597
> https://bugzilla.novell.com/823795
> https://bugzilla.novell.com/824159
> https://bugzilla.novell.com/825037
> https://bugzilla.novell.com/825591
> https://bugzilla.novell.com/825657
> https://bugzilla.novell.com/825696
> https://bugzilla.novell.com/826186
> http://download.novell.com/patch/finder/?keywords=9deafe882b5e3b5f0df9f5075…
> http://download.novell.com/patch/finder/?keywords=bdd1cc737ed1a109b28b07718…
> http://download.novell.com/patch/finder/?keywords=ddd472e1f756fe2a224c4a247…
>
--
Susan Dittmar, CIO - CCD and CMOS devices
EURECA Messtechnik GmbH for science, space and military
Eupenerstr. 150 customized and standard parts
50933 Köln
Germany - lenses and optical filters
phone: +49 (0)221 / 952629 - 0 - thermoelectric devices
fax: +49 (0)221 / 952629 - 9
email: S.Dittmar(a)eureca.de - consulting services
Handelsreg. Eintrag / Register entry : HRB 28609 Amtsgericht Köln
USt.-IdNr. / VAT number : DE 186 063 293
Steuernummer / tax number : 223 / 5805 / 2511
Geschäftsführung / Management : J. Beckers, K. Sengebusch
Diese Mitteilung erfolgt vertraulich und nur zur Kenntnisnahme durch
die hierfür vorgesehenen Personen. Sollten Sie die Mitteilung
irrtümlich erhalten haben, ist jede Weitergabe, Kopie oder Nutzung des
Inhalts unzulässig. Bitte benachrichtigen Sie in diesem Fall den
Absender und löschen Sie diese Nachricht und alle Anhänge dazu
unverzüglich.
This message is confidential and intended only for the exclusive use
by particular persons. If you have received it by mistake, any review,
copying, use or dissemination in whole or in part is strictly
prohibited. Please notify the sender and delete this message and all
its attachments from your system.
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
5
4
[opensuse-security] [DE-CIX-RT #89589] AutoReply: [security-announce] SUSE-SU-2013:1182-1: important: kernel update for SLE11 SP3
by The default queue via RT 12 Jul '13
by The default queue via RT 12 Jul '13
12 Jul '13
Greetings,
This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"[security-announce] SUSE-SU-2013:1182-1: important: kernel update for SLE11 SP3",
a summary of which appears below.
There is no need to reply to this message right now. Your ticket has been
assigned an ID of [DE-CIX-RT #89589].
Please include the string:
[DE-CIX-RT #89589]
in the subject line of all future correspondence about this issue. To do so,
you may reply to this message.
Thank you,
-------------------------------------------------------------------------
SUSE Security Update: kernel update for SLE11 SP3
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1182-1
Rating: important
References: #763968 #773837 #785901 #797090 #797727 #801427
#803320 #804482 #804609 #805804 #806976 #808015
#808136 #808837 #808855 #809130 #809895 #809975
#810722 #812281 #812332 #812526 #812974 #813604
#813922 #815356 #816451 #817035 #817377 #818047
#818371 #818465 #819018 #819195 #819523 #819610
#819655 #820172 #820434 #821052 #821070 #821235
#821799 #821859 #821930 #822066 #822077 #822080
#822164 #822340 #822431 #822722 #822825 #823082
#823223 #823342 #823386 #823597 #823795 #824159
#825037 #825591 #825657 #825696 #826186
Cross-References: CVE-2013-0160 CVE-2013-1774 CVE-2013-1979
CVE-2013-3076 CVE-2013-3222 CVE-2013-3223
CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
CVE-2013-3228 CVE-2013-3229 CVE-2013-3231
CVE-2013-3232 CVE-2013-3234 CVE-2013-3235
Affected Products:
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves 15 vulnerabilities and has 50 fixes
is now available.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to 3.0.82 and to fix various bugs and security
issues.
Following security issues were fixed: CVE-2013-1774: The
chase_port function in drivers/usb/serial/io_ti.c in the
Linux kernel allowed local users to cause a denial of
service (NULL pointer dereference and system crash) via an
attempted /dev/ttyUSB read or write operation on a
disconnected Edgeport USB serial converter.
CVE-2013-0160: Timing side channel on attacks were possible
on /dev/ptmx that could allow local attackers to predict
keypresses like e.g. passwords. This has been fixed again
by updating accessed/modified time on the pty devices in
resolution of 8 seconds, so that idle time detection can
still work.
CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
in the Linux kernel did not initialize a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call.
CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom
system call.
CVE-2013-3225: The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3227: The caif_seqpkt_recvmsg function in
net/caif/caif_socket.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3235: net/tipc/socket.c in the Linux kernel did
not initialize a certain data structure and a certain
length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3076: The crypto API in the Linux kernel did not
initialize certain length variables, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call,
related to the hash_recvmsg function in crypto/algif_hash.c
and the skcipher_recvmsg function in
crypto/algif_skcipher.c.
CVE-2013-1979: The scm_set_cred function in
include/net/scm.h in the Linux kernel used incorrect uid
and gid values during credentials passing, which allowed
local users to gain privileges via a crafted application.
A kernel information leak via tkill/tgkill was fixed.
Following non security bugs were fixed: S/390:
- af_iucv: Missing man page (bnc#825037, LTC#94825).
- iucv: fix kernel panic at reboot (bnc#825037, LTC#93803).
- kernel: lost IPIs on CPU hotplug (bnc#825037, LTC#94784).
- dasd: Add missing descriptions for dasd timeout messages
(bnc#825037, LTC#94762).
- dasd: Fix hanging device after resume with internal error
13 (bnc#825037, LTC#94554).
- cio: Suppress 2nd path verification during resume
(bnc#825037, LTC#94554).
- vmcp: Missing man page (bnc#825037, LTC#94453).
- kernel: 3215 console crash (bnc#825037, LTC#94302).
- netiucv: Hold rtnl between name allocation and device
registration (bnc#824159).
- s390/ftrace: fix mcount adjustment (bnc#809895).
HyperV:
- Drivers: hv: Fix a bug in get_vp_index().
- hyperv: Fix a compiler warning in netvsc_send().
- Tools: hv: Fix a checkpatch warning.
- tools: hv: skip iso9660 mounts in hv_vss_daemon.
- tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon.
- tools: hv: use getmntent in hv_vss_daemon.
- Tools: hv: Fix a checkpatch warning.
- tools: hv: fix checks for origin of netlink message in
hv_vss_daemon.
- Tools: hv: fix warnings in hv_vss_daemon.
- x86, hyperv: Handle Xen emulation of Hyper-V more
gracefully.
- hyperv: Fix a kernel warning from
netvsc_linkstatus_callback().
- Drivers: hv: balloon: make local functions static.
- tools: hv: daemon should check type of received Netlink
msg.
- tools: hv: daemon setsockopt should use options macros.
- tools: hv: daemon should subscribe only to CN_KVP_IDX
group.
- driver: hv: remove cast for kmalloc return value.
- hyperv: use 3.4 as LIC version string (bnc#822431).
BTRFS:
- btrfs: flush delayed inodes if we are short on space
(bnc#801427).
- btrfs: rework shrink_delalloc (bnc#801427).
- btrfs: fix our overcommit math (bnc#801427).
- btrfs: delay block group item insertion (bnc#801427).
- btrfs: remove bytes argument from do_chunk_alloc
(bnc#801427).
- btrfs: run delayed refs first when out of space
(bnc#801427).
- btrfs: do not commit instead of overcommitting
(bnc#801427).
- btrfs: do not take inode delalloc mutex if we are a free
space inode (bnc#801427).
- btrfs: fix chunk allocation error handling (bnc#801427).
- btrfs: remove extent mapping if we fail to add chunk
(bnc#801427).
- btrfs: do not overcommit if we do not have enough space
for global rsv (bnc#801427).
- btrfs: rework the overcommit logic to be based on the
total size (bnc#801427).
- btrfs: steal from global reserve if we are cleaning up
orphans (bnc#801427).
- btrfs: clear chunk_alloc flag on retryable failure
(bnc#801427).
- btrfs: use reserved space for creating a snapshot
(bnc#801427).
- btrfs: cleanup to make the function
btrfs_delalloc_reserve_metadata more logic (bnc#801427).
- btrfs: fix space leak when we fail to reserve metadata
space (bnc#801427).
- btrfs: fix space accounting for unlink and rename
(bnc#801427).
- btrfs: allocate new chunks if the space is not enough for
global rsv (bnc#801427).
- btrfs: various abort cleanups (bnc#812526 bnc#801427).
- btrfs: simplify unlink reservations (bnc#801427).
XFS:
- xfs: Move allocation stack switch up to xfs_bmapi
(bnc#815356).
- xfs: introduce XFS_BMAPI_STACK_SWITCH (bnc#815356).
- xfs: zero allocation_args on the kernel stack
(bnc#815356).
- xfs: fix debug_object WARN at xfs_alloc_vextent()
(bnc#815356).
- xfs: do not defer metadata allocation to the workqueue
(bnc#815356).
- xfs: introduce an allocation workqueue (bnc#815356).
- xfs: fix race while discarding buffers [V4] (bnc#815356
(comment 36)).
- xfs: Serialize file-extending direct IO (bnc#818371).
- xfs: Do not allocate new buffers on every call to
_xfs_buf_find (bnc#763968).
- xfs: fix buffer lookup race on allocation failure
(bnc#763968).
ALSA:
- Fix VT1708 jack detection on SLEPOS machines (bnc#813922).
- ALSA: hda - Avoid choose same converter for unused pins
(bnc#826186).
- ALSA: hda - Cache the MUX selection for generic HDMI
(bnc#826186).
- ALSA: hda - Haswell converter power state D0 verify
(bnc#826186).
- ALSA: hda - Do not take unresponsive D3 transition too
serious (bnc#823597).
- ALSA: hda - Introduce bit flags to
snd_hda_codec_read/write() (bnc#823597).
- ALSA: hda - Check CORB overflow (bnc#823597).
- ALSA: hda - Check validity of CORB/RIRB WP reads
(bnc#823597).
- ALSA: hda - Fix system panic when DMA > 40 bits for
Nvidia audio controllers (bnc#818465).
- ALSA: hda - Add hint for suppressing lower cap for IDT
codecs (bnc#812332).
- ALSA: hda - Enable mic-mute LED on more HP laptops
(bnc#821859).
Direct Rendering Manager (DRM):
- drm/i915: Add wait_for in init_ring_common (bnc#813604).
- drm/i915: Mark the ringbuffers as being in the GTT domain
(bnc#813604).
- drm/edid: Do not print messages regarding stereo or csync
by default (bnc #821235).
- drm/i915: force full modeset if the connector is in DPMS
OFF mode (bnc #809975).
- drm/i915/sdvo: Use &intel_sdvo->ddc instead of
intel_sdvo->i2c for DDC (bnc #808855).
- drm/mm: fix dump table BUG. (bnc#808837)
- drm/i915: Clear the stolen fb before enabling
(bnc#808015).
XEN:
- xen/netback: Update references (bnc#823342).
- xen: Check for insane amounts of requests on the ring.
- Update Xen patches to 3.0.82.
- netback: do not disconnect frontend when seeing oversize
packet.
- netfront: reduce gso_max_size to account for max TCP
header.
- netfront: fix kABI after "reduce gso_max_size to account
for max TCP header".
Other:
- x86, efi: retry ExitBootServices() on failure
(bnc#823386).
- x86/efi: Fix dummy variable buffer allocation
(bnc#822080).
- ext4: avoid hang when mounting non-journal filesystems
with orphan list (bnc#817377).
- mm: compaction: Scan PFN caching KABI workaround (Fix
KABI breakage (bnc#825657)).
- autofs4 - fix get_next_positive_subdir() (bnc#819523).
- ocfs2: Add bits_wanted while calculating credits in
ocfs2_calc_extend_credits (bnc#822077).
- writeback: Avoid needless scanning of b_dirty list
(bnc#819018).
- writeback: Do not sort b_io list only because of block
device inode (bnc#819018).
- re-enable io tracing (bnc#785901).
- pciehp: Corrected the old mismatching DMI strings.
- SUNRPC: Prevent an rpc_task wakeup race (bnc#825591).
- tg3: Prevent system hang during repeated EEH errors
(bnc#822066).
- scsi_dh_alua: multipath failover fails with error 15
(bnc#825696).
- Do not switch camera on HP EB 8780 (bnc#797090).
- Do not switch webcam for HP EB 8580w (bnc#797090).
- mm: fixup compilation error due to an asm write through a
const pointer. (bnc#823795)
- do not switch cam port on HP EliteBook 840 (bnc#822164).
- net/sunrpc: xpt_auth_cache should be ignored when expired
(bnc#803320).
- sunrpc/cache: ensure items removed from cache do not have
pending upcalls (bnc#803320).
- sunrpc/cache: remove races with queuing an upcall
(bnc#803320).
- sunrpc/cache: use cache_fresh_unlocked consistently and
correctly (bnc#803320).
- KVM: x86: emulate movdqa (bnc#821070).
- KVM: x86: emulator: add support for vector alignment
(bnc#821070).
- KVM: x86: emulator: expand decode flags to 64 bits
(bnc#821070).
- xhci - correct comp_mode_recovery_timer on return from
hibernate (bnc#808136).
- md/raid10 enough fixes (bnc#773837).
- lib/Makefile: Fix oid_registry build dependency
(bnc#823223).
- Update config files: disable IP_PNP (bnc#822825)
- Fix kABI breakage for addition of
snd_hda_bus.no_response_fallback (bnc#823597).
- Disable efi pstore by default (bnc#804482 bnc#820172).
- md: Fix problem with GET_BITMAP_FILE returning wrong
status (bnc#812974).
- bnx2x: Fix bridged GSO for 57710/57711 chips (bnc#819610).
- USB: xHCI: override bogus bulk wMaxPacketSize values
(bnc#823082).
- BTUSB: Add MediaTek bluetooth MT76x0E support (bnc#797727
bnc#822340).
- qlge: Update version to 1.00.00.32 (bnc#819195).
- qlge: Fix ethtool autoneg advertising (bnc#819195).
- qlge: Fix receive path to drop error frames (bnc#819195).
- qlge: remove NETIF_F_TSO6 flag (bnc#819195).
- remove init of dev->perm_addr in drivers (bnc#819195).
- drivers/net: fix up function prototypes after __dev*
removals (bnc#819195).
- qlge: remove __dev* attributes (bnc#819195).
- drivers: ethernet: qlogic: qlge_dbg.c: Fixed a coding
style issue (bnc#819195).
- cxgb4: Force uninitialized state if FW_ON_ADAPTER is <
FW_VERSION and we are the MASTER_PF (bnc#809130).
- USB: UHCI: fix for suspend of virtual HP controller
(bnc#817035).
- timer_list: Convert timer list to be a proper seq_file
(bnc#818047).
- timer_list: Split timer_list_show_tickdevices
(bnc#818047).
- sched: Fix /proc/sched_debug failure on very very large
systems (bnc#818047).
- sched: Fix /proc/sched_stat failure on very very large
systems (bnc#818047).
- reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry (bnc#822722).
- libfc: do not exch_done() on invalid sequence ptr
(bnc#810722).
- netfilter: ip6t_LOG: fix logging of packet mark
(bnc#821930).
- virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
(bnc#819655).
- HWPOISON: fix misjudgement of page_action() for errors on
mlocked pages (Memory failure RAS (bnc#821799)).
- HWPOISON: check dirty flag to match against clean page
(Memory failure RAS (bnc#821799)).
- HWPOISON: change order of error_states elements (Memory
failure RAS (bnc#821799)).
- mm: hwpoison: fix action_result() to print out
dirty/clean (Memory failure RAS (bnc#821799)).
- mm: mmu_notifier: re-fix freed page still mapped in
secondary MMU (bnc#821052).
- Do not switch webcams in some HP ProBooks to XHCI
(bnc#805804).
- Do not switch BT on HP ProBook 4340 (bnc#812281).
- mm: memory_dev_init make sure nmi watchdog does not
trigger while registering memory sections (bnc#804609,
bnc#820434).
- mm: compaction: Restart compaction from near where it
left off
- mm: compaction: cache if a pageblock was scanned and no
pages were isolated
- mm: compaction: clear PG_migrate_skip based on compaction
and reclaim activity
- mm: compaction: Scan PFN caching KABI workaround
- mm: page_allocator: Remove first_pass guard
- mm: vmscan: do not stall on writeback during memory
compaction Cache compaction restart points for faster
compaction cycles (bnc#816451)
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SLE 11 SERVER Unsupported Extras (ppc64 s390x x86_64):
kernel-default-extra-3.0.82-0.7.9
- SLE 11 SERVER Unsupported Extras (x86_64):
kernel-xen-extra-3.0.82-0.7.9
- SLE 11 SERVER Unsupported Extras (ppc64):
kernel-ppc64-extra-3.0.82-0.7.9
References:
http://support.novell.com/security/cve/CVE-2013-0160.html
http://support.novell.com/security/cve/CVE-2013-1774.html
http://support.novell.com/security/cve/CVE-2013-1979.html
http://support.novell.com/security/cve/CVE-2013-3076.html
http://support.novell.com/security/cve/CVE-2013-3222.html
http://support.novell.com/security/cve/CVE-2013-3223.html
http://support.novell.com/security/cve/CVE-2013-3224.html
http://support.novell.com/security/cve/CVE-2013-3225.html
http://support.novell.com/security/cve/CVE-2013-3227.html
http://support.novell.com/security/cve/CVE-2013-3228.html
http://support.novell.com/security/cve/CVE-2013-3229.html
http://support.novell.com/security/cve/CVE-2013-3231.html
http://support.novell.com/security/cve/CVE-2013-3232.html
http://support.novell.com/security/cve/CVE-2013-3234.html
http://support.novell.com/security/cve/CVE-2013-3235.html
https://bugzilla.novell.com/763968
https://bugzilla.novell.com/773837
https://bugzilla.novell.com/785901
https://bugzilla.novell.com/797090
https://bugzilla.novell.com/797727
https://bugzilla.novell.com/801427
https://bugzilla.novell.com/803320
https://bugzilla.novell.com/804482
https://bugzilla.novell.com/804609
https://bugzilla.novell.com/805804
https://bugzilla.novell.com/806976
https://bugzilla.novell.com/808015
https://bugzilla.novell.com/808136
https://bugzilla.novell.com/808837
https://bugzilla.novell.com/808855
https://bugzilla.novell.com/809130
https://bugzilla.novell.com/809895
https://bugzilla.novell.com/809975
https://bugzilla.novell.com/810722
https://bugzilla.novell.com/812281
https://bugzilla.novell.com/812332
https://bugzilla.novell.com/812526
https://bugzilla.novell.com/812974
https://bugzilla.novell.com/813604
https://bugzilla.novell.com/813922
https://bugzilla.novell.com/815356
https://bugzilla.novell.com/816451
https://bugzilla.novell.com/817035
https://bugzilla.novell.com/817377
https://bugzilla.novell.com/818047
https://bugzilla.novell.com/818371
https://bugzilla.novell.com/818465
https://bugzilla.novell.com/819018
https://bugzilla.novell.com/819195
https://bugzilla.novell.com/819523
https://bugzilla.novell.com/819610
https://bugzilla.novell.com/819655
https://bugzilla.novell.com/820172
https://bugzilla.novell.com/820434
https://bugzilla.novell.com/821052
https://bugzilla.novell.com/821070
https://bugzilla.novell.com/821235
https://bugzilla.novell.com/821799
https://bugzilla.novell.com/821859
https://bugzilla.novell.com/821930
https://bugzilla.novell.com/822066
https://bugzilla.novell.com/822077
https://bugzilla.novell.com/822080
https://bugzilla.novell.com/822164
https://bugzilla.novell.com/822340
https://bugzilla.novell.com/822431
https://bugzilla.novell.com/822722
https://bugzilla.novell.com/822825
https://bugzilla.novell.com/823082
https://bugzilla.novell.com/823223
https://bugzilla.novell.com/823342
https://bugzilla.novell.com/823386
https://bugzilla.novell.com/823597
https://bugzilla.novell.com/823795
https://bugzilla.novell.com/824159
https://bugzilla.novell.com/825037
https://bugzilla.novell.com/825591
https://bugzilla.novell.com/825657
https://bugzilla.novell.com/825696
https://bugzilla.novell.com/826186
http://download.novell.com/patch/finder/?keywords=9deafe882b5e3b5f0df9f5075…
http://download.novell.com/patch/finder/?keywords=bdd1cc737ed1a109b28b07718…
http://download.novell.com/patch/finder/?keywords=ddd472e1f756fe2a224c4a247…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
--
DE-CIX Management GmbH
Lindleystr. 12, 60314 Frankfurt
Geschaeftsfuehrer Harald A. Summa
Registergericht AG Koeln, HRB 51135
Zentrale: Lichtstr. 43i, 50825 Koeln
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
1
0
[opensuse-security] [DE-CIX-RT #89532] AutoReply: [security-announce] SUSE-SU-2013:1182-1: important: kernel update for SLE11 SP3
by The default queue via RT 11 Jul '13
by The default queue via RT 11 Jul '13
11 Jul '13
Greetings,
This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"[security-announce] SUSE-SU-2013:1182-1: important: kernel update for SLE11 SP3",
a summary of which appears below.
Please note that this ticket has been opened outside office hours.
Office hours are:
Monday to Friday, 09:00 - 17:00 MET (= 07:00 - 15:00 UTC)
If you need immediate help, please call our 24/7 hotline
+49 69 1730 902 11
There is no need to reply to this message right now. Your ticket has been
assigned an ID of [DE-CIX-RT #89532].
Please include the string:
[DE-CIX-RT #89532]
in the subject line of all future correspondence about this issue. To do so,
you may reply to this message.
Thank you,
-------------------------------------------------------------------------
SUSE Security Update: kernel update for SLE11 SP3
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1182-1
Rating: important
References: #763968 #773837 #785901 #797090 #797727 #801427
#803320 #804482 #804609 #805804 #806976 #808015
#808136 #808837 #808855 #809130 #809895 #809975
#810722 #812281 #812332 #812526 #812974 #813604
#813922 #815356 #816451 #817035 #817377 #818047
#818371 #818465 #819018 #819195 #819523 #819610
#819655 #820172 #820434 #821052 #821070 #821235
#821799 #821859 #821930 #822066 #822077 #822080
#822164 #822340 #822431 #822722 #822825 #823082
#823223 #823342 #823386 #823597 #823795 #824159
#825037 #825591 #825657 #825696 #826186
Cross-References: CVE-2013-0160 CVE-2013-1774 CVE-2013-1979
CVE-2013-3076 CVE-2013-3222 CVE-2013-3223
CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
CVE-2013-3228 CVE-2013-3229 CVE-2013-3231
CVE-2013-3232 CVE-2013-3234 CVE-2013-3235
Affected Products:
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves 15 vulnerabilities and has 50 fixes
is now available.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to 3.0.82 and to fix various bugs and security
issues.
Following security issues were fixed: CVE-2013-1774: The
chase_port function in drivers/usb/serial/io_ti.c in the
Linux kernel allowed local users to cause a denial of
service (NULL pointer dereference and system crash) via an
attempted /dev/ttyUSB read or write operation on a
disconnected Edgeport USB serial converter.
CVE-2013-0160: Timing side channel on attacks were possible
on /dev/ptmx that could allow local attackers to predict
keypresses like e.g. passwords. This has been fixed again
by updating accessed/modified time on the pty devices in
resolution of 8 seconds, so that idle time detection can
still work.
CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
in the Linux kernel did not initialize a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call.
CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom
system call.
CVE-2013-3225: The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3227: The caif_seqpkt_recvmsg function in
net/caif/caif_socket.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3235: net/tipc/socket.c in the Linux kernel did
not initialize a certain data structure and a certain
length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3076: The crypto API in the Linux kernel did not
initialize certain length variables, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call,
related to the hash_recvmsg function in crypto/algif_hash.c
and the skcipher_recvmsg function in
crypto/algif_skcipher.c.
CVE-2013-1979: The scm_set_cred function in
include/net/scm.h in the Linux kernel used incorrect uid
and gid values during credentials passing, which allowed
local users to gain privileges via a crafted application.
A kernel information leak via tkill/tgkill was fixed.
Following non security bugs were fixed: S/390:
- af_iucv: Missing man page (bnc#825037, LTC#94825).
- iucv: fix kernel panic at reboot (bnc#825037, LTC#93803).
- kernel: lost IPIs on CPU hotplug (bnc#825037, LTC#94784).
- dasd: Add missing descriptions for dasd timeout messages
(bnc#825037, LTC#94762).
- dasd: Fix hanging device after resume with internal error
13 (bnc#825037, LTC#94554).
- cio: Suppress 2nd path verification during resume
(bnc#825037, LTC#94554).
- vmcp: Missing man page (bnc#825037, LTC#94453).
- kernel: 3215 console crash (bnc#825037, LTC#94302).
- netiucv: Hold rtnl between name allocation and device
registration (bnc#824159).
- s390/ftrace: fix mcount adjustment (bnc#809895).
HyperV:
- Drivers: hv: Fix a bug in get_vp_index().
- hyperv: Fix a compiler warning in netvsc_send().
- Tools: hv: Fix a checkpatch warning.
- tools: hv: skip iso9660 mounts in hv_vss_daemon.
- tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon.
- tools: hv: use getmntent in hv_vss_daemon.
- Tools: hv: Fix a checkpatch warning.
- tools: hv: fix checks for origin of netlink message in
hv_vss_daemon.
- Tools: hv: fix warnings in hv_vss_daemon.
- x86, hyperv: Handle Xen emulation of Hyper-V more
gracefully.
- hyperv: Fix a kernel warning from
netvsc_linkstatus_callback().
- Drivers: hv: balloon: make local functions static.
- tools: hv: daemon should check type of received Netlink
msg.
- tools: hv: daemon setsockopt should use options macros.
- tools: hv: daemon should subscribe only to CN_KVP_IDX
group.
- driver: hv: remove cast for kmalloc return value.
- hyperv: use 3.4 as LIC version string (bnc#822431).
BTRFS:
- btrfs: flush delayed inodes if we are short on space
(bnc#801427).
- btrfs: rework shrink_delalloc (bnc#801427).
- btrfs: fix our overcommit math (bnc#801427).
- btrfs: delay block group item insertion (bnc#801427).
- btrfs: remove bytes argument from do_chunk_alloc
(bnc#801427).
- btrfs: run delayed refs first when out of space
(bnc#801427).
- btrfs: do not commit instead of overcommitting
(bnc#801427).
- btrfs: do not take inode delalloc mutex if we are a free
space inode (bnc#801427).
- btrfs: fix chunk allocation error handling (bnc#801427).
- btrfs: remove extent mapping if we fail to add chunk
(bnc#801427).
- btrfs: do not overcommit if we do not have enough space
for global rsv (bnc#801427).
- btrfs: rework the overcommit logic to be based on the
total size (bnc#801427).
- btrfs: steal from global reserve if we are cleaning up
orphans (bnc#801427).
- btrfs: clear chunk_alloc flag on retryable failure
(bnc#801427).
- btrfs: use reserved space for creating a snapshot
(bnc#801427).
- btrfs: cleanup to make the function
btrfs_delalloc_reserve_metadata more logic (bnc#801427).
- btrfs: fix space leak when we fail to reserve metadata
space (bnc#801427).
- btrfs: fix space accounting for unlink and rename
(bnc#801427).
- btrfs: allocate new chunks if the space is not enough for
global rsv (bnc#801427).
- btrfs: various abort cleanups (bnc#812526 bnc#801427).
- btrfs: simplify unlink reservations (bnc#801427).
XFS:
- xfs: Move allocation stack switch up to xfs_bmapi
(bnc#815356).
- xfs: introduce XFS_BMAPI_STACK_SWITCH (bnc#815356).
- xfs: zero allocation_args on the kernel stack
(bnc#815356).
- xfs: fix debug_object WARN at xfs_alloc_vextent()
(bnc#815356).
- xfs: do not defer metadata allocation to the workqueue
(bnc#815356).
- xfs: introduce an allocation workqueue (bnc#815356).
- xfs: fix race while discarding buffers [V4] (bnc#815356
(comment 36)).
- xfs: Serialize file-extending direct IO (bnc#818371).
- xfs: Do not allocate new buffers on every call to
_xfs_buf_find (bnc#763968).
- xfs: fix buffer lookup race on allocation failure
(bnc#763968).
ALSA:
- Fix VT1708 jack detection on SLEPOS machines (bnc#813922).
- ALSA: hda - Avoid choose same converter for unused pins
(bnc#826186).
- ALSA: hda - Cache the MUX selection for generic HDMI
(bnc#826186).
- ALSA: hda - Haswell converter power state D0 verify
(bnc#826186).
- ALSA: hda - Do not take unresponsive D3 transition too
serious (bnc#823597).
- ALSA: hda - Introduce bit flags to
snd_hda_codec_read/write() (bnc#823597).
- ALSA: hda - Check CORB overflow (bnc#823597).
- ALSA: hda - Check validity of CORB/RIRB WP reads
(bnc#823597).
- ALSA: hda - Fix system panic when DMA > 40 bits for
Nvidia audio controllers (bnc#818465).
- ALSA: hda - Add hint for suppressing lower cap for IDT
codecs (bnc#812332).
- ALSA: hda - Enable mic-mute LED on more HP laptops
(bnc#821859).
Direct Rendering Manager (DRM):
- drm/i915: Add wait_for in init_ring_common (bnc#813604).
- drm/i915: Mark the ringbuffers as being in the GTT domain
(bnc#813604).
- drm/edid: Do not print messages regarding stereo or csync
by default (bnc #821235).
- drm/i915: force full modeset if the connector is in DPMS
OFF mode (bnc #809975).
- drm/i915/sdvo: Use &intel_sdvo->ddc instead of
intel_sdvo->i2c for DDC (bnc #808855).
- drm/mm: fix dump table BUG. (bnc#808837)
- drm/i915: Clear the stolen fb before enabling
(bnc#808015).
XEN:
- xen/netback: Update references (bnc#823342).
- xen: Check for insane amounts of requests on the ring.
- Update Xen patches to 3.0.82.
- netback: do not disconnect frontend when seeing oversize
packet.
- netfront: reduce gso_max_size to account for max TCP
header.
- netfront: fix kABI after "reduce gso_max_size to account
for max TCP header".
Other:
- x86, efi: retry ExitBootServices() on failure
(bnc#823386).
- x86/efi: Fix dummy variable buffer allocation
(bnc#822080).
- ext4: avoid hang when mounting non-journal filesystems
with orphan list (bnc#817377).
- mm: compaction: Scan PFN caching KABI workaround (Fix
KABI breakage (bnc#825657)).
- autofs4 - fix get_next_positive_subdir() (bnc#819523).
- ocfs2: Add bits_wanted while calculating credits in
ocfs2_calc_extend_credits (bnc#822077).
- writeback: Avoid needless scanning of b_dirty list
(bnc#819018).
- writeback: Do not sort b_io list only because of block
device inode (bnc#819018).
- re-enable io tracing (bnc#785901).
- pciehp: Corrected the old mismatching DMI strings.
- SUNRPC: Prevent an rpc_task wakeup race (bnc#825591).
- tg3: Prevent system hang during repeated EEH errors
(bnc#822066).
- scsi_dh_alua: multipath failover fails with error 15
(bnc#825696).
- Do not switch camera on HP EB 8780 (bnc#797090).
- Do not switch webcam for HP EB 8580w (bnc#797090).
- mm: fixup compilation error due to an asm write through a
const pointer. (bnc#823795)
- do not switch cam port on HP EliteBook 840 (bnc#822164).
- net/sunrpc: xpt_auth_cache should be ignored when expired
(bnc#803320).
- sunrpc/cache: ensure items removed from cache do not have
pending upcalls (bnc#803320).
- sunrpc/cache: remove races with queuing an upcall
(bnc#803320).
- sunrpc/cache: use cache_fresh_unlocked consistently and
correctly (bnc#803320).
- KVM: x86: emulate movdqa (bnc#821070).
- KVM: x86: emulator: add support for vector alignment
(bnc#821070).
- KVM: x86: emulator: expand decode flags to 64 bits
(bnc#821070).
- xhci - correct comp_mode_recovery_timer on return from
hibernate (bnc#808136).
- md/raid10 enough fixes (bnc#773837).
- lib/Makefile: Fix oid_registry build dependency
(bnc#823223).
- Update config files: disable IP_PNP (bnc#822825)
- Fix kABI breakage for addition of
snd_hda_bus.no_response_fallback (bnc#823597).
- Disable efi pstore by default (bnc#804482 bnc#820172).
- md: Fix problem with GET_BITMAP_FILE returning wrong
status (bnc#812974).
- bnx2x: Fix bridged GSO for 57710/57711 chips (bnc#819610).
- USB: xHCI: override bogus bulk wMaxPacketSize values
(bnc#823082).
- BTUSB: Add MediaTek bluetooth MT76x0E support (bnc#797727
bnc#822340).
- qlge: Update version to 1.00.00.32 (bnc#819195).
- qlge: Fix ethtool autoneg advertising (bnc#819195).
- qlge: Fix receive path to drop error frames (bnc#819195).
- qlge: remove NETIF_F_TSO6 flag (bnc#819195).
- remove init of dev->perm_addr in drivers (bnc#819195).
- drivers/net: fix up function prototypes after __dev*
removals (bnc#819195).
- qlge: remove __dev* attributes (bnc#819195).
- drivers: ethernet: qlogic: qlge_dbg.c: Fixed a coding
style issue (bnc#819195).
- cxgb4: Force uninitialized state if FW_ON_ADAPTER is <
FW_VERSION and we are the MASTER_PF (bnc#809130).
- USB: UHCI: fix for suspend of virtual HP controller
(bnc#817035).
- timer_list: Convert timer list to be a proper seq_file
(bnc#818047).
- timer_list: Split timer_list_show_tickdevices
(bnc#818047).
- sched: Fix /proc/sched_debug failure on very very large
systems (bnc#818047).
- sched: Fix /proc/sched_stat failure on very very large
systems (bnc#818047).
- reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry (bnc#822722).
- libfc: do not exch_done() on invalid sequence ptr
(bnc#810722).
- netfilter: ip6t_LOG: fix logging of packet mark
(bnc#821930).
- virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
(bnc#819655).
- HWPOISON: fix misjudgement of page_action() for errors on
mlocked pages (Memory failure RAS (bnc#821799)).
- HWPOISON: check dirty flag to match against clean page
(Memory failure RAS (bnc#821799)).
- HWPOISON: change order of error_states elements (Memory
failure RAS (bnc#821799)).
- mm: hwpoison: fix action_result() to print out
dirty/clean (Memory failure RAS (bnc#821799)).
- mm: mmu_notifier: re-fix freed page still mapped in
secondary MMU (bnc#821052).
- Do not switch webcams in some HP ProBooks to XHCI
(bnc#805804).
- Do not switch BT on HP ProBook 4340 (bnc#812281).
- mm: memory_dev_init make sure nmi watchdog does not
trigger while registering memory sections (bnc#804609,
bnc#820434).
- mm: compaction: Restart compaction from near where it
left off
- mm: compaction: cache if a pageblock was scanned and no
pages were isolated
- mm: compaction: clear PG_migrate_skip based on compaction
and reclaim activity
- mm: compaction: Scan PFN caching KABI workaround
- mm: page_allocator: Remove first_pass guard
- mm: vmscan: do not stall on writeback during memory
compaction Cache compaction restart points for faster
compaction cycles (bnc#816451)
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SLE 11 SERVER Unsupported Extras (ppc64 s390x x86_64):
kernel-default-extra-3.0.82-0.7.9
- SLE 11 SERVER Unsupported Extras (x86_64):
kernel-xen-extra-3.0.82-0.7.9
- SLE 11 SERVER Unsupported Extras (ppc64):
kernel-ppc64-extra-3.0.82-0.7.9
References:
http://support.novell.com/security/cve/CVE-2013-0160.html
http://support.novell.com/security/cve/CVE-2013-1774.html
http://support.novell.com/security/cve/CVE-2013-1979.html
http://support.novell.com/security/cve/CVE-2013-3076.html
http://support.novell.com/security/cve/CVE-2013-3222.html
http://support.novell.com/security/cve/CVE-2013-3223.html
http://support.novell.com/security/cve/CVE-2013-3224.html
http://support.novell.com/security/cve/CVE-2013-3225.html
http://support.novell.com/security/cve/CVE-2013-3227.html
http://support.novell.com/security/cve/CVE-2013-3228.html
http://support.novell.com/security/cve/CVE-2013-3229.html
http://support.novell.com/security/cve/CVE-2013-3231.html
http://support.novell.com/security/cve/CVE-2013-3232.html
http://support.novell.com/security/cve/CVE-2013-3234.html
http://support.novell.com/security/cve/CVE-2013-3235.html
https://bugzilla.novell.com/763968
https://bugzilla.novell.com/773837
https://bugzilla.novell.com/785901
https://bugzilla.novell.com/797090
https://bugzilla.novell.com/797727
https://bugzilla.novell.com/801427
https://bugzilla.novell.com/803320
https://bugzilla.novell.com/804482
https://bugzilla.novell.com/804609
https://bugzilla.novell.com/805804
https://bugzilla.novell.com/806976
https://bugzilla.novell.com/808015
https://bugzilla.novell.com/808136
https://bugzilla.novell.com/808837
https://bugzilla.novell.com/808855
https://bugzilla.novell.com/809130
https://bugzilla.novell.com/809895
https://bugzilla.novell.com/809975
https://bugzilla.novell.com/810722
https://bugzilla.novell.com/812281
https://bugzilla.novell.com/812332
https://bugzilla.novell.com/812526
https://bugzilla.novell.com/812974
https://bugzilla.novell.com/813604
https://bugzilla.novell.com/813922
https://bugzilla.novell.com/815356
https://bugzilla.novell.com/816451
https://bugzilla.novell.com/817035
https://bugzilla.novell.com/817377
https://bugzilla.novell.com/818047
https://bugzilla.novell.com/818371
https://bugzilla.novell.com/818465
https://bugzilla.novell.com/819018
https://bugzilla.novell.com/819195
https://bugzilla.novell.com/819523
https://bugzilla.novell.com/819610
https://bugzilla.novell.com/819655
https://bugzilla.novell.com/820172
https://bugzilla.novell.com/820434
https://bugzilla.novell.com/821052
https://bugzilla.novell.com/821070
https://bugzilla.novell.com/821235
https://bugzilla.novell.com/821799
https://bugzilla.novell.com/821859
https://bugzilla.novell.com/821930
https://bugzilla.novell.com/822066
https://bugzilla.novell.com/822077
https://bugzilla.novell.com/822080
https://bugzilla.novell.com/822164
https://bugzilla.novell.com/822340
https://bugzilla.novell.com/822431
https://bugzilla.novell.com/822722
https://bugzilla.novell.com/822825
https://bugzilla.novell.com/823082
https://bugzilla.novell.com/823223
https://bugzilla.novell.com/823342
https://bugzilla.novell.com/823386
https://bugzilla.novell.com/823597
https://bugzilla.novell.com/823795
https://bugzilla.novell.com/824159
https://bugzilla.novell.com/825037
https://bugzilla.novell.com/825591
https://bugzilla.novell.com/825657
https://bugzilla.novell.com/825696
https://bugzilla.novell.com/826186
http://download.novell.com/patch/finder/?keywords=9deafe882b5e3b5f0df9f5075…
http://download.novell.com/patch/finder/?keywords=bdd1cc737ed1a109b28b07718…
http://download.novell.com/patch/finder/?keywords=ddd472e1f756fe2a224c4a247…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
--
DE-CIX Management GmbH
Lindleystr. 12, 60314 Frankfurt
Geschaeftsfuehrer Harald A. Summa
Registergericht AG Koeln, HRB 51135
Zentrale: Lichtstr. 43i, 50825 Koeln
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
1
0
[opensuse-security] Re: [security-announce] SUSE-SU-2013:1152-1: important: Security update for Mozilla Firefox
by Susanna Maurer 08 Jul '13
by Susanna Maurer 08 Jul '13
08 Jul '13
Ddddd
Von meinem iPad gesendet
Am 05.07.2013 um 22:04 schrieb opensuse-security(a)opensuse.org:
> SUSE Security Update: Security update for Mozilla Firefox
> ______________________________________________________________________________
>
> Announcement ID: SUSE-SU-2013:1152-1
> Rating: important
> References: #792432 #813026 #819204 #825935
> Cross-References: CVE-2013-1682 CVE-2013-1684 CVE-2013-1685
> CVE-2013-1686 CVE-2013-1687 CVE-2013-1690
> CVE-2013-1692 CVE-2013-1693 CVE-2013-1697
>
> Affected Products:
> SUSE Linux Enterprise Software Development Kit 11 SP3
> SUSE Linux Enterprise Server 11 SP3 for VMware
> SUSE Linux Enterprise Server 11 SP3
> SUSE Linux Enterprise Desktop 11 SP3
> ______________________________________________________________________________
>
> An update that fixes 9 vulnerabilities is now available. It
> includes one version update.
>
> Description:
>
>
> Mozilla Firefox has been updated to the 17.0.7 ESR version,
> which fixes bugs and security fixes.
>
> *
>
> MFSA 2013-49: Mozilla developers identified and fixed
> several memory safety bugs in the browser engine used in
> Firefox and other Mozilla-based products. Some of these
> bugs showed evidence of memory corruption under certain
> circumstances, and we presume that with enough effort at
> least some of these could be exploited to run arbitrary
> code.
>
> Gary Kwong, Jesse Ruderman, and Andrew McCreight
> reported memory safety problems and crashes that affect
> Firefox ESR 17, and Firefox 21. (CVE-2013-1682)
>
> *
>
> MFSA 2013-50: Security researcher Abhishek Arya
> (Inferno) of the Google Chrome Security Team used the
> Address Sanitizer tool to discover a series of
> use-after-free problems rated critical as security issues
> in shipped software. Some of these issues are potentially
> exploitable, allowing for remote code execution. We would
> also like to thank Abhishek for reporting additional
> use-after-free and buffer overflow flaws in code introduced
> during Firefox development. These were fixed before general
> release.
>
> o Heap-use-after-free in
> mozilla::dom::HTMLMediaElement::LookupMediaElementURITable
> (CVE-2013-1684) o Heap-use-after-free in
> nsIDocument::GetRootElement (CVE-2013-1685) o
> Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686)
> *
>
> MFSA 2013-51 / CVE-2013-1687: Security researcher
> Mariusz Mlynski reported that it is possible to compile a
> user-defined function in the XBL scope of a specific
> element and then trigger an event within this scope to run
> code. In some circumstances, when this code is run, it can
> access content protected by System Only Wrappers (SOW) and
> chrome-privileged pages. This could potentially lead to
> arbitrary code execution. Additionally, Chrome Object
> Wrappers (COW) can be bypassed by web content to access
> privileged methods, leading to a cross-site scripting (XSS)
> attack from privileged pages.
>
> *
>
> MFSA 2013-53 / CVE-2013-1690: Security researcher
> Nils reported that specially crafted web content using the
> onreadystatechange event and reloading of pages could
> sometimes cause a crash when unmapped memory is executed.
> This crash is potentially exploitable.
>
> *
>
> MFSA 2013-54 / CVE-2013-1692: Security researcher
> Johnathan Kuskos reported that Firefox is sending data in
> the body of XMLHttpRequest (XHR) HEAD requests, which goes
> agains the XHR specification. This can potentially be used
> for Cross-Site Request Forgery (CSRF) attacks against sites
> which do not distinguish between HEAD and POST requests.
>
> *
>
> MFSA 2013-55 / CVE-2013-1693: Security researcher
> Paul Stone of Context Information Security discovered that
> timing differences in the processing of SVG format images
> with filters could allow for pixel values to be read. This
> could potentially allow for text values to be read across
> domains, leading to information disclosure.
>
> *
>
> MFSA 2013-59 / CVE-2013-1697: Mozilla security
> researcher moz_bug_r_a4 reported that XrayWrappers can be
> bypassed to call content-defined toString and valueOf
> methods through DefaultValue. This can lead to unexpected
> behavior when privileged code acts on the incorrect values.
>
> *
>
> MFSA 2013-30: Mozilla developers identified and fixed
> several memory safety bugs in the browser engine used in
> Firefox and other Mozilla-based products. Some of these
> bugs showed evidence of memory corruption under certain
> circumstances, and we presume that with enough effort at
> least some of these could be exploited to run arbitrary
> code.
>
> Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian
> Holler, Milan Sreckovic, and Joe Drew reported memory
> safety problems and crashes that affect Firefox ESR 17, and
> Firefox 19. (CVE-2013-0788)
>
> *
>
> MFSA 2013-31 / CVE-2013-0800: Security researcher
> Abhishek Arya (Inferno) of the Google Chrome Security Team
> used the Address Sanitizer tool to discover an
> out-of-bounds write in Cairo graphics library. When certain
> values are passed to it during rendering, Cairo attempts to
> use negative boundaries or sizes for boxes, leading to a
> potentially exploitable crash in some instances.
>
> *
>
> MFSA 2013-32 / CVE-2013-0799: Security researcher
> Frederic Hoguin discovered that the Mozilla Maintenance
> Service on Windows was vulnerable to a buffer overflow.
> This system is used to update software without invoking the
> User Account Control (UAC) prompt. The Mozilla Maintenance
> Service is configured to allow unprivileged users to start
> it with arbitrary arguments. By manipulating the data
> passed in these arguments, an attacker can execute
> arbitrary code with the system privileges used by the
> service. This issue requires local file system access to be
> exploitable.
>
> *
>
> MFSA 2013-34 / CVE-2013-0797: Security researcher Ash
> reported an issue with the Mozilla Updater. The Mozilla
> Updater can be made to load a malicious local DLL file in a
> privileged context through either the Mozilla Maintenance
> Service or independently on systems that do not use the
> service. This occurs when the DLL file is placed in a
> specific location on the local system before the Mozilla
> Updater is run. Local file system access is necessary in
> order for this issue to be exploitable.
>
> *
>
> MFSA 2013-35 / CVE-2013-0796: Security researcher
> miaubiz used the Address Sanitizer tool to discover a crash
> in WebGL rendering when memory is freed that has not
> previously been allocated. This issue only affects Linux
> users who have Intel Mesa graphics drivers. The resulting
> crash could be potentially exploitable.
>
> *
>
> MFSA 2013-36 / CVE-2013-0795: Security researcher
> Cody Crews reported a mechanism to use the cloneNode method
> to bypass System Only Wrappers (SOW) and clone a protected
> node. This allows violation of the browser's same origin
> policy and could also lead to privilege escalation and the
> execution of arbitrary code.
>
> *
>
> MFSA 2013-37 / CVE-2013-0794: Security researcher
> shutdown reported a method for removing the origin
> indication on tab-modal dialog boxes in combination with
> browser navigation. This could allow an attacker's dialog
> to overlay a page and show another site's content. This can
> be used for phishing by allowing users to enter data into a
> modal prompt dialog on an attacking, site while appearing
> to be from the displayed site.
>
> *
>
> MFSA 2013-38 / CVE-2013-0793: Security researcher
> Mariusz Mlynski reported a method to use browser
> navigations through history to load an arbitrary website
> with that page's baseURI property pointing to another site
> instead of the seemingly loaded one. The user will continue
> to see the incorrect site in the addressbar of the browser.
> This allows for a cross-site scripting (XSS) attack or the
> theft of data through a phishing attack.
>
> *
>
> MFSA 2013-39 / CVE-2013-0792: Mozilla community
> member Tobias Schula reported that if
> gfx.color_management.enablev4 preference is enabled
> manually in about:config, some grayscale PNG images will be
> rendered incorrectly and cause memory corruption during PNG
> decoding when certain color profiles are in use. A crafted
> PNG image could use this flaw to leak data through rendered
> images drawing from random memory. By default, this
> preference is not enabled.
>
> *
>
> MFSA 2013-40 / CVE-2013-0791: Mozilla community
> member Ambroz Bizjak reported an out-of-bounds array read
> in the CERT_DecodeCertPackage function of the Network
> Security Services (NSS) libary when decoding a certificate.
> When this occurs, it will lead to memory corruption and a
> non-exploitable crash.
>
> *
>
> MFSA 2013-41: Mozilla developers identified and fixed
> several memory safety bugs in the browser engine used in
> Firefox and other Mozilla-based products. Some of these
> bugs showed evidence of memory corruption under certain
> circumstances, and we presume that with enough effort at
> least some of these could be exploited to run arbitrary
> code.
>
> References
>
> o Christoph Diehl, Christian Holler, Jesse
> Ruderman, Timothy Nikkel, and Jeff Walden reported memory
> safety problems and crashes that affect Firefox ESR 17, and
> Firefox 20. o Bob Clary, Ben Turner, Benoit Jacob, Bobby
> Holley, Christoph Diehl, Christian Holler, Andrew
> McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman,
> Matt Wobensmith, and Mats Palmgren reported memory safety
> problems and crashes that affect Firefox 20.
> *
>
> MFSA 2013-42 / CVE-2013-1670: Security researcher
> Cody Crews reported a method to call a content level
> constructor that allows for this constructor to have chrome
> privileged accesss. This affects chrome object wrappers
> (COW) and allows for write actions on objects when only
> read actions should be allowed. This can lead to cross-site
> scripting (XSS) attacks.
>
> *
>
> MFSA 2013-43 / CVE-2013-1671: Mozilla security
> researcher moz_bug_r_a4 reported a mechanism to exploit the
> control when set to the file type in order to get the full
> path. This can lead to information leakage and could be
> combined with other exploits to target attacks on the local
> file system.
>
> *
>
> MFSA 2013-44 / CVE-2013-1672: Security researcher Seb
> Patane reported an issue with the Mozilla Maintenance
> Service on Windows. This issue allows unprivileged users to
> local privilege escalation through the system privileges
> used by the service when interacting with local malicious
> software. This allows the user to bypass integrity checks
> leading to local privilege escalation. Local file system
> access is necessary in order for this issue to be
> exploitable and it cannot be triggered through web content.
>
> *
>
> MFSA 2013-45: Security researcher Robert Kugler
> discovered that in some instances the Mozilla Maintenance
> Service on Windows will be vulnerable to some previously
> fixed privilege escalation attacks that allowed for local
> privilege escalation. This was caused by the Mozilla
> Updater not updating Windows Registry entries for the
> Mozilla Maintenance Service, which fixed the earlier issues
> present if Firefox 12 had been installed. New installations
> of Firefox after version 12 are not affected by this issue.
> Local file system access is necessary in order for this
> issue to be exploitable and it cannot be triggered through
> web content. References: - old MozillaMaintenance Service
> registry entry not updated leading to Trusted Path
> Privilege Escalation (CVE-2013-1673) - Possible Arbitrary
> Code Execution by Update Service (CVE-2012-1942)
>
> *
>
> MFSA 2013-46 / CVE-2013-1674: Security researcher
> Nils reported a use-after-free when resizing video while
> playing. This could allow for arbitrary code execution.
>
> *
>
> MFSA 2013-47 / CVE-2013-1675: Mozilla community
> member Ms2ger discovered that some DOMSVGZoomEvent
> functions are used without being properly initialized,
> causing uninitialized memory to be used when they are
> called by web content. This could lead to a information
> leakage to sites depending on the contents of this
> uninitialized memory.
>
> *
>
> MFSA 2013-48: Security researcher Abhishek Arya
> (Inferno) of the Google Chrome Security Team used the
> Address Sanitizer tool to discover a series of
> use-after-free, out of bounds read, and invalid write
> problems rated as moderate to critical as security issues
> in shipped software. Some of these issues are potentially
> exploitable, allowing for remote code execution. We would
> also like to thank Abhishek for reporting additional
> use-after-free flaws in dir=auto code introduced during
> Firefox development. These were fixed before general
> release.
>
> References
>
> o Out of Bounds Read in
> SelectionIterator::GetNextSegment (CVE-2013-1676) o
> Out-of-bound read in gfxSkipCharsIterator::SetOffsets
> (CVE-2013-1677)) o Invalid write in
> _cairo_xlib_surface_add_glyph (CVE-2013-1678) o
> Heap-use-after-free in
> mozilla::plugins::child::_geturlnotify (CVE-2013-1679) o
> Heap-use-after-free in nsFrameList::FirstChild
> (CVE-2013-1680) o Heap-use-after-free in
> nsContentUtils::RemoveScriptBlocker (CVE-2013-1681)
> *
>
> CVE-2012-1942
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942
>
> * CVE-2013-0788
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
> * CVE-2013-0791
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791
> * CVE-2013-0792
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792
> * CVE-2013-0793
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793
> * CVE-2013-0794
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794
> * CVE-2013-0795
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795
> * CVE-2013-0796
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796
> * CVE-2013-0797
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797
> * CVE-2013-0798
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798
> * CVE-2013-0799
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799
> * CVE-2013-0800
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800
> * CVE-2013-0801
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801
> * CVE-2013-1669
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1669
> * CVE-2013-1670
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670
> * CVE-2013-1671
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1671
> * CVE-2013-1672
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672
> * CVE-2013-1673
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1673
> * CVE-2013-1674
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674
> * CVE-2013-1675
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675
> * CVE-2013-1676
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676
> * CVE-2013-1677
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677
> * CVE-2013-1678
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678
> * CVE-2013-1679
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679
> * CVE-2013-1680
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680
> * CVE-2013-1681
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681
> * CVE-2013-1682
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
> * CVE-2013-1684
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
> * CVE-2013-1685
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
> * CVE-2013-1686
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
> * CVE-2013-1687
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
> * CVE-2013-1690
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
> * CVE-2013-1692
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
> * CVE-2013-1693
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
> * CVE-2013-1697
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697
>
>
> Patch Instructions:
>
> To install this SUSE Security Update use YaST online_update.
> Alternatively you can run the command listed for your product:
>
> - SUSE Linux Enterprise Software Development Kit 11 SP3:
>
> zypper in -t patch sdksp3-firefox-20130628-8001
>
> - SUSE Linux Enterprise Server 11 SP3 for VMware:
>
> zypper in -t patch slessp3-firefox-20130628-8001
>
> - SUSE Linux Enterprise Server 11 SP3:
>
> zypper in -t patch slessp3-firefox-20130628-8001
>
> - SUSE Linux Enterprise Desktop 11 SP3:
>
> zypper in -t patch sledsp3-firefox-20130628-8001
>
> To bring your system up-to-date, use "zypper patch".
>
>
> Package List:
>
> - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
>
> MozillaFirefox-devel-17.0.7esr-0.8.1
>
> - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 17.0.7esr]:
>
> MozillaFirefox-17.0.7esr-0.8.1
> MozillaFirefox-translations-17.0.7esr-0.8.1
>
> - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.7esr]:
>
> MozillaFirefox-17.0.7esr-0.8.1
> MozillaFirefox-branding-SLED-7-0.12.1
> MozillaFirefox-translations-17.0.7esr-0.8.1
>
> - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 17.0.7esr]:
>
> MozillaFirefox-17.0.7esr-0.8.1
> MozillaFirefox-branding-SLED-7-0.12.1
> MozillaFirefox-translations-17.0.7esr-0.8.1
>
>
> References:
>
> http://support.novell.com/security/cve/CVE-2013-1682.html
> http://support.novell.com/security/cve/CVE-2013-1684.html
> http://support.novell.com/security/cve/CVE-2013-1685.html
> http://support.novell.com/security/cve/CVE-2013-1686.html
> http://support.novell.com/security/cve/CVE-2013-1687.html
> http://support.novell.com/security/cve/CVE-2013-1690.html
> http://support.novell.com/security/cve/CVE-2013-1692.html
> http://support.novell.com/security/cve/CVE-2013-1693.html
> http://support.novell.com/security/cve/CVE-2013-1697.html
> https://bugzilla.novell.com/792432
> https://bugzilla.novell.com/813026
> https://bugzilla.novell.com/819204
> https://bugzilla.novell.com/825935
> http://download.novell.com/patch/finder/?keywords=2c55ef365e2022c62abed41b2…
>
> --
> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
> For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
>
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
1
0