[opensuse-security] Re: openSUSE-SU-2014:0856-1: important: kernel: security and bugfix release
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Could I get Subscribed from this list, as there is nothing in headers? or on the bottom? on How to Subscriber Nothing! I keep asking and get no help in replay's On 01/07/14 20:04, opensuse-security@opensuse.org wrote:
openSUSE Security Update: kernel: security and bugfix release ______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0856-1 Rating: important References: #869563 #870173 #870576 #871561 #873374 #876102 #878274 #880892 Cross-References: CVE-2013-7339 CVE-2014-0055 CVE-2014-0077 CVE-2014-2678 CVE-2014-2851 CVE-2014-3122 CVE-2014-3153 Affected Products: openSUSE 12.3 ______________________________________________________________________________
An update that solves 7 vulnerabilities and has one errata is now available.
Description:
The Linux kernel was updated to fix security issues and bugs:
Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors.
CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel did not properly consider which pages must be locked, which allowed local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.
Bugs fixed: - memcg: deprecate memory.force_empty knob (bnc#878274).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-451
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
kernel-default-3.7.10-1.36.1 kernel-default-base-3.7.10-1.36.1 kernel-default-base-debuginfo-3.7.10-1.36.1 kernel-default-debuginfo-3.7.10-1.36.1 kernel-default-debugsource-3.7.10-1.36.1 kernel-default-devel-3.7.10-1.36.1 kernel-default-devel-debuginfo-3.7.10-1.36.1 kernel-syms-3.7.10-1.36.1
- openSUSE 12.3 (i686 x86_64):
kernel-debug-3.7.10-1.36.1 kernel-debug-base-3.7.10-1.36.1 kernel-debug-base-debuginfo-3.7.10-1.36.1 kernel-debug-debuginfo-3.7.10-1.36.1 kernel-debug-debugsource-3.7.10-1.36.1 kernel-debug-devel-3.7.10-1.36.1 kernel-debug-devel-debuginfo-3.7.10-1.36.1 kernel-desktop-3.7.10-1.36.1 kernel-desktop-base-3.7.10-1.36.1 kernel-desktop-base-debuginfo-3.7.10-1.36.1 kernel-desktop-debuginfo-3.7.10-1.36.1 kernel-desktop-debugsource-3.7.10-1.36.1 kernel-desktop-devel-3.7.10-1.36.1 kernel-desktop-devel-debuginfo-3.7.10-1.36.1 kernel-ec2-3.7.10-1.36.1 kernel-ec2-base-3.7.10-1.36.1 kernel-ec2-base-debuginfo-3.7.10-1.36.1 kernel-ec2-debuginfo-3.7.10-1.36.1 kernel-ec2-debugsource-3.7.10-1.36.1 kernel-ec2-devel-3.7.10-1.36.1 kernel-ec2-devel-debuginfo-3.7.10-1.36.1 kernel-trace-3.7.10-1.36.1 kernel-trace-base-3.7.10-1.36.1 kernel-trace-base-debuginfo-3.7.10-1.36.1 kernel-trace-debuginfo-3.7.10-1.36.1 kernel-trace-debugsource-3.7.10-1.36.1 kernel-trace-devel-3.7.10-1.36.1 kernel-trace-devel-debuginfo-3.7.10-1.36.1 kernel-vanilla-3.7.10-1.36.1 kernel-vanilla-debuginfo-3.7.10-1.36.1 kernel-vanilla-debugsource-3.7.10-1.36.1 kernel-vanilla-devel-3.7.10-1.36.1 kernel-vanilla-devel-debuginfo-3.7.10-1.36.1 kernel-xen-3.7.10-1.36.1 kernel-xen-base-3.7.10-1.36.1 kernel-xen-base-debuginfo-3.7.10-1.36.1 kernel-xen-debuginfo-3.7.10-1.36.1 kernel-xen-debugsource-3.7.10-1.36.1 kernel-xen-devel-3.7.10-1.36.1 kernel-xen-devel-debuginfo-3.7.10-1.36.1
- openSUSE 12.3 (noarch):
kernel-devel-3.7.10-1.36.1 kernel-docs-3.7.10-1.36.2 kernel-source-3.7.10-1.36.1 kernel-source-vanilla-3.7.10-1.36.1
- openSUSE 12.3 (i686):
kernel-pae-3.7.10-1.36.1 kernel-pae-base-3.7.10-1.36.1 kernel-pae-base-debuginfo-3.7.10-1.36.1 kernel-pae-debuginfo-3.7.10-1.36.1 kernel-pae-debugsource-3.7.10-1.36.1 kernel-pae-devel-3.7.10-1.36.1 kernel-pae-devel-debuginfo-3.7.10-1.36.1
References:
http://support.novell.com/security/cve/CVE-2013-7339.html http://support.novell.com/security/cve/CVE-2014-0055.html http://support.novell.com/security/cve/CVE-2014-0077.html http://support.novell.com/security/cve/CVE-2014-2678.html http://support.novell.com/security/cve/CVE-2014-2851.html http://support.novell.com/security/cve/CVE-2014-3122.html http://support.novell.com/security/cve/CVE-2014-3153.html https://bugzilla.novell.com/869563 https://bugzilla.novell.com/870173 https://bugzilla.novell.com/870576 https://bugzilla.novell.com/871561 https://bugzilla.novell.com/873374 https://bugzilla.novell.com/876102 https://bugzilla.novell.com/878274 https://bugzilla.novell.com/880892
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTs3wRAAoJEAIlXR9XEAejjGUH/A72RMaOle/KkZ+JSGDeCesC MwpLDLz5LSxdj4nKp/Y2j2eZgzxwMyxhtEyjiSLzP6jmZe6LBqslqsq5dS1j7ynY uUvGeInRX7+zJ1beAtFZQfTwhacHist2kxE3b0BaYcsaJFJoeXkwckDnM+4Of7yy srfcy5Q8kppiS2F00yiDC62PxOGl32UoNx5civoAzwiAlH65OB1dJphc8dLxOxzd 7rrJWfDiw3CFs74Y7EbieY2H7rJBWc6khjCXUn6KCbfiMpaRaMV+kwVIxgao/dk3 eM851+otzxUdL8WzTTBqwMrFFz4WHEdhiPnTGS+SMksfnbRCWSlr4LIdK6Bm10Y= =LwlR -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Wed, Jul 02, 2014 at 01:29:09PM +1000, splatflys wrote:
Could I get Subscribed from this list, as there is nothing in headers? or on the bottom? on How to Subscriber Nothing! I keep asking and get no help in replay's
The footer of every mail says: To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org But I will also cc the list admin to unsubscribe you. Ciao, Marcus
On 01/07/14 20:04, opensuse-security@opensuse.org wrote:
openSUSE Security Update: kernel: security and bugfix release ______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0856-1 Rating: important References: #869563 #870173 #870576 #871561 #873374 #876102 #878274 #880892 Cross-References: CVE-2013-7339 CVE-2014-0055 CVE-2014-0077 CVE-2014-2678 CVE-2014-2851 CVE-2014-3122 CVE-2014-3153 Affected Products: openSUSE 12.3 ______________________________________________________________________________
An update that solves 7 vulnerabilities and has one errata is now available.
Description:
The Linux kernel was updated to fix security issues and bugs:
Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors.
CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel did not properly consider which pages must be locked, which allowed local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.
Bugs fixed: - memcg: deprecate memory.force_empty knob (bnc#878274).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-451
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
kernel-default-3.7.10-1.36.1 kernel-default-base-3.7.10-1.36.1 kernel-default-base-debuginfo-3.7.10-1.36.1 kernel-default-debuginfo-3.7.10-1.36.1 kernel-default-debugsource-3.7.10-1.36.1 kernel-default-devel-3.7.10-1.36.1 kernel-default-devel-debuginfo-3.7.10-1.36.1 kernel-syms-3.7.10-1.36.1
- openSUSE 12.3 (i686 x86_64):
kernel-debug-3.7.10-1.36.1 kernel-debug-base-3.7.10-1.36.1 kernel-debug-base-debuginfo-3.7.10-1.36.1 kernel-debug-debuginfo-3.7.10-1.36.1 kernel-debug-debugsource-3.7.10-1.36.1 kernel-debug-devel-3.7.10-1.36.1 kernel-debug-devel-debuginfo-3.7.10-1.36.1 kernel-desktop-3.7.10-1.36.1 kernel-desktop-base-3.7.10-1.36.1 kernel-desktop-base-debuginfo-3.7.10-1.36.1 kernel-desktop-debuginfo-3.7.10-1.36.1 kernel-desktop-debugsource-3.7.10-1.36.1 kernel-desktop-devel-3.7.10-1.36.1 kernel-desktop-devel-debuginfo-3.7.10-1.36.1 kernel-ec2-3.7.10-1.36.1 kernel-ec2-base-3.7.10-1.36.1 kernel-ec2-base-debuginfo-3.7.10-1.36.1 kernel-ec2-debuginfo-3.7.10-1.36.1 kernel-ec2-debugsource-3.7.10-1.36.1 kernel-ec2-devel-3.7.10-1.36.1 kernel-ec2-devel-debuginfo-3.7.10-1.36.1 kernel-trace-3.7.10-1.36.1 kernel-trace-base-3.7.10-1.36.1 kernel-trace-base-debuginfo-3.7.10-1.36.1 kernel-trace-debuginfo-3.7.10-1.36.1 kernel-trace-debugsource-3.7.10-1.36.1 kernel-trace-devel-3.7.10-1.36.1 kernel-trace-devel-debuginfo-3.7.10-1.36.1 kernel-vanilla-3.7.10-1.36.1 kernel-vanilla-debuginfo-3.7.10-1.36.1 kernel-vanilla-debugsource-3.7.10-1.36.1 kernel-vanilla-devel-3.7.10-1.36.1 kernel-vanilla-devel-debuginfo-3.7.10-1.36.1 kernel-xen-3.7.10-1.36.1 kernel-xen-base-3.7.10-1.36.1 kernel-xen-base-debuginfo-3.7.10-1.36.1 kernel-xen-debuginfo-3.7.10-1.36.1 kernel-xen-debugsource-3.7.10-1.36.1 kernel-xen-devel-3.7.10-1.36.1 kernel-xen-devel-debuginfo-3.7.10-1.36.1
- openSUSE 12.3 (noarch):
kernel-devel-3.7.10-1.36.1 kernel-docs-3.7.10-1.36.2 kernel-source-3.7.10-1.36.1 kernel-source-vanilla-3.7.10-1.36.1
- openSUSE 12.3 (i686):
kernel-pae-3.7.10-1.36.1 kernel-pae-base-3.7.10-1.36.1 kernel-pae-base-debuginfo-3.7.10-1.36.1 kernel-pae-debuginfo-3.7.10-1.36.1 kernel-pae-debugsource-3.7.10-1.36.1 kernel-pae-devel-3.7.10-1.36.1 kernel-pae-devel-debuginfo-3.7.10-1.36.1
References:
http://support.novell.com/security/cve/CVE-2013-7339.html http://support.novell.com/security/cve/CVE-2014-0055.html http://support.novell.com/security/cve/CVE-2014-0077.html http://support.novell.com/security/cve/CVE-2014-2678.html http://support.novell.com/security/cve/CVE-2014-2851.html http://support.novell.com/security/cve/CVE-2014-3122.html http://support.novell.com/security/cve/CVE-2014-3153.html https://bugzilla.novell.com/869563 https://bugzilla.novell.com/870173 https://bugzilla.novell.com/870576 https://bugzilla.novell.com/871561 https://bugzilla.novell.com/873374 https://bugzilla.novell.com/876102 https://bugzilla.novell.com/878274 https://bugzilla.novell.com/880892
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On 02/07/14 13:29, splatflys wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Could I get Subscribed from this list, as there is nothing in headers? or on the bottom? on How to Subscriber Nothing! I keep asking and get no help in replay's
You are using Thunderbird so there is no reason why you cannot see the signature line at the bottom of each message in this, or any other openSUSE, list where one is "told" how to unsubscribe from a list. But just in case you keep not seeing that line here it is: To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org BC -- Using openSUSE 13.1, KDE 4.13.2 & kernel 3.15.2-1 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On 2014-07-02 05:29, splatflys wrote:
Could I get Subscribed from this list, as there is nothing in headers? or on the bottom? on How to Subscriber Nothing! I keep asking and get no help in replay's
Then something is broken on your side. The headers say (as taken from your own email posted here): X-Mailinglist: opensuse-security List-Post: <mailto:opensuse-security@opensuse.org> List-Help: <mailto:opensuse-security+help@opensuse.org> List-Subscribe: <mailto:opensuse-security+subscribe@opensuse.org> List-Unsubscribe: <mailto:opensuse-security+unsubscribe@opensuse.org> And the bottom says: To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org However, the list you are getting those announcements from is "opensuse-security-announce@opensuse.org" (a read-only mail list), which has these other entries: X-Mailinglist: opensuse-security-announce List-Post: <mailto:opensuse-security-announce@opensuse.org> List-Help: <mailto:opensuse-security-announce+help@opensuse.org> List-Subscribe: <mailto:opensuse-security-announce+subscribe@opensuse.org> List-Unsubscribe: <mailto:opensuse-security-announce+unsubscribe@opensuse.org> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
participants (4)
-
Basil Chupin -
Carlos E. R. -
Marcus Meissner -
splatflys