openSUSE Security Update: kernel: security and bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0923-1 Rating: moderate References: #800686 #802812 #806966 #806980 #806990 #807850 #808829 #809155 #809330 #809748 #811417 #812113 Cross-References: CVE-2013-0913 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1848 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 7 fixes is now available. Description: The openSUSE 12.3 kernel was updated to fix various security issues and bugs: - config.conf: Disable armv7hl/u8500 until it builds again - patches.fixes/ocfs2-Fix-oops-in-ocfs2_fast_symlink_readpage: ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path - drm/nouveau: Fix typo in init_idx_addr_latched() (bnc#800686). - rtl28xxu: Add USB ID for MaxMedia HU394-T (bnc#812113). - rtl28xxu: Add USB IDs for Compro VideoMate U620F (bnc#812113). - Support Digivox Mini HD (rtl2832) (bnc#812113). - rtl28xxu: correct some device names (bnc#812113). - rtl28xxu: add Gigabyte U7300 DVB-T Dongle (bnc#812113). - rtl28xxu: [1b80:d3a8] ASUS My Cinema-U3100Mini Plus V2 (bnc#812113). - rtl28xxu: add NOXON DAB/DAB+ USB dongle rev 2 (bnc#812113). - drm: correctly restore mappings if drm_open fails (bnc#807850). - Drivers: hv: vmbus: Fix a bug in hv_need_to_signal() (bnc#811417). - svcrpc: fix rpc server shutdown races (bnc#802812). - Update patches to what was accepted upstream. - Refresh patches.arch/kvm-convert-msr_kvm_system_time-to-use-gfn_to_h va_cache_init.patch. - Refresh patches.arch/kvm-fix-for-buffer-overflow-in-handling-of-msr_ kvm_system_time.patch. - KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797). - KVM: Fix bounds checking in ioapic indirect register read (bnc#806980 CVE-2013-1798). - KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796). - kabi/severities: Allow kvm abi changes - kvm modules are self consistent - loopdev: fix a deadlock (bnc#809748). - block: use i_size_write() in bd_set_size() (bnc#809748). - drm/i915: bounds check execbuffer relocation count (bnc#808829,CVE-2013-0913). - TTY: do not reset master's packet mode (bnc#809330). - Update patches.fixes/ext3-Fix-format-string-issues.patch (bnc#809155 CVE-2013-1848). - ext3: Fix format string issues (bnc#809155). - Drivers: hv: balloon: Do not request completion notification (fate#314663). - e1000e: fix runtime power management transitions (bnc#806966). - e1000e: fix pci-device enable-counter balance (bnc#806966). - e1000e: fix accessing to suspended device (bnc#806966). - gpio-ich: Fix ichx_gpio_check_available() return what callers expect. - gpio/ich: Add missing spinlock init. - Refresh patches.suse/SUSE-bootsplash-mgadrmfb-workaround. Add the same w/a for ast and cirrus KMS, too (bnc#806990). - Fix broken VT1 output with mgadrmfb (bnc#806990). - PCI/PM: Clear state_saved during suspend (bnc#806966). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-398 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): kernel-default-3.7.10-1.4.1 kernel-default-base-3.7.10-1.4.1 kernel-default-devel-3.7.10-1.4.1 kernel-syms-3.7.10-1.4.1 - openSUSE 12.3 (i686 x86_64): kernel-debug-3.7.10-1.4.1 kernel-debug-base-3.7.10-1.4.1 kernel-debug-devel-3.7.10-1.4.1 kernel-desktop-3.7.10-1.4.1 kernel-desktop-base-3.7.10-1.4.1 kernel-desktop-devel-3.7.10-1.4.1 kernel-ec2-3.7.10-1.4.1 kernel-ec2-base-3.7.10-1.4.1 kernel-ec2-base-debuginfo-3.7.10-1.4.1 kernel-ec2-debuginfo-3.7.10-1.4.1 kernel-ec2-debugsource-3.7.10-1.4.1 kernel-ec2-devel-3.7.10-1.4.1 kernel-ec2-devel-debuginfo-3.7.10-1.4.1 kernel-trace-3.7.10-1.4.1 kernel-trace-base-3.7.10-1.4.1 kernel-trace-devel-3.7.10-1.4.1 kernel-vanilla-3.7.10-1.4.1 kernel-vanilla-devel-3.7.10-1.4.1 kernel-xen-3.7.10-1.4.1 kernel-xen-base-3.7.10-1.4.1 kernel-xen-devel-3.7.10-1.4.1 - openSUSE 12.3 (noarch): kernel-devel-3.7.10-1.4.1 kernel-docs-3.7.10-1.4.3 kernel-source-3.7.10-1.4.1 kernel-source-vanilla-3.7.10-1.4.1 - openSUSE 12.3 (i686): kernel-debug-base-debuginfo-3.7.10-1.4.1 kernel-debug-debuginfo-3.7.10-1.4.1 kernel-debug-debugsource-3.7.10-1.4.1 kernel-debug-devel-debuginfo-3.7.10-1.4.1 kernel-desktop-base-debuginfo-3.7.10-1.4.1 kernel-desktop-debuginfo-3.7.10-1.4.1 kernel-desktop-debugsource-3.7.10-1.4.1 kernel-desktop-devel-debuginfo-3.7.10-1.4.1 kernel-pae-3.7.10-1.4.1 kernel-pae-base-3.7.10-1.4.1 kernel-pae-base-debuginfo-3.7.10-1.4.1 kernel-pae-debuginfo-3.7.10-1.4.1 kernel-pae-debugsource-3.7.10-1.4.1 kernel-pae-devel-3.7.10-1.4.1 kernel-pae-devel-debuginfo-3.7.10-1.4.1 kernel-trace-base-debuginfo-3.7.10-1.4.1 kernel-trace-debuginfo-3.7.10-1.4.1 kernel-trace-debugsource-3.7.10-1.4.1 kernel-trace-devel-debuginfo-3.7.10-1.4.1 kernel-vanilla-debuginfo-3.7.10-1.4.1 kernel-vanilla-debugsource-3.7.10-1.4.1 kernel-vanilla-devel-debuginfo-3.7.10-1.4.1 kernel-xen-base-debuginfo-3.7.10-1.4.1 kernel-xen-debuginfo-3.7.10-1.4.1 kernel-xen-debugsource-3.7.10-1.4.1 kernel-xen-devel-debuginfo-3.7.10-1.4.1 - openSUSE 12.3 (i586): kernel-default-base-debuginfo-3.7.10-1.4.1 kernel-default-debuginfo-3.7.10-1.4.1 kernel-default-debugsource-3.7.10-1.4.1 kernel-default-devel-debuginfo-3.7.10-1.4.1 References: http://support.novell.com/security/cve/CVE-2013-0913.html http://support.novell.com/security/cve/CVE-2013-1796.html http://support.novell.com/security/cve/CVE-2013-1797.html http://support.novell.com/security/cve/CVE-2013-1798.html http://support.novell.com/security/cve/CVE-2013-1848.html https://bugzilla.novell.com/800686 https://bugzilla.novell.com/802812 https://bugzilla.novell.com/806966 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/806990 https://bugzilla.novell.com/807850 https://bugzilla.novell.com/808829 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809330 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/811417 https://bugzilla.novell.com/812113