SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-3 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Real Time 11 SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues. The following security issues have been fixed: * CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. * CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. * A kernel information leak via tkill/tgkill was fixed. The following bugs have been fixed: * reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). * libfc: do not exch_done() on invalid sequence ptr (bnc#810722). * netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). * hyperv: use 3.4 as LIC version string (bnc#822431). * virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). * xen/netback: do not disconnect frontend when seeing oversize packet. * xen/netfront: reduce gso_max_size to account for max TCP header. * xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". * xfs: Fix kABI due to change in xfs_buf (bnc#815356). * xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). * xfs: Serialize file-extending direct IO (bnc#818371). * xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). * bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). * s390/ftrace: fix mcount adjustment (bnc#809895). * mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). * patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). * mm: compaction: Restart compaction from near where it left off * mm: compaction: cache if a pageblock was scanned and no pages were isolated * mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity * mm: compaction: Scan PFN caching KABI workaround * mm: page_allocator: Remove first_pass guard * mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) * qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). * SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). * SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). * SUNRPC: Fix a UDP transport regression (bnc#800907). * SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). * SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). * SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). * md: cannot re-add disks after recovery (bnc#808647). * fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). * fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). * virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). * usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). * patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). * usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). * xhci: Fix TD size for isochronous URBs (bnc#818514). * ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). * ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). * xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). * xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). * xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). * xHCI: store rings type. * xhci: Fix hang on back-to-back Set TR Deq Ptr commands. * xHCI: check enqueue pointer advance into dequeue seg. * xHCI: store rings last segment and segment numbers. * xHCI: Allocate 2 segments for transfer ring. * xHCI: count free TRBs on transfer ring. * xHCI: factor out segments allocation and free function. * xHCI: update sg tablesize. * xHCI: set cycle state when allocate rings. * xhci: Reserve one command for USB3 LPM disable. * xHCI: dynamic ring expansion. * xhci: Do not warn on empty ring for suspended devices. * md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). * rpm/mkspec: Stop generating the get_release_number.sh file. * rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. * rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. * rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "<RELEASE>" string in specfiles. * mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * bonding: only use primary address for ARP (bnc#815444). * bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). * mm: speedup in __early_pfn_to_nid (bnc#810624). * TTY: fix atime/mtime regression (bnc#815745). * sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). * sched: harden rq rt usage accounting (bnc#769685, bnc#788590). * rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). * rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). * rcu: Fix detection of abruptly-ending stall (bnc#816586). * rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). * Update Xen patches to 3.0.74. * btrfs: do not re-enter when allocating a chunk. * btrfs: save us a read_lock. * btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. * btrfs: remove unused fs_info from btrfs_decode_error(). * btrfs: handle null fs_info in btrfs_panic(). * btrfs: fix varargs in __btrfs_std_error. * btrfs: fix the race between bio and btrfs_stop_workers. * btrfs: fix NULL pointer after aborting a transaction. * btrfs: fix infinite loop when we abort on mount. * xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). * xfs: fix buffer lookup race on allocation failure (bnc#763968). Security Issue references: * CVE-2013-0160 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160
* CVE-2013-3076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3076
* CVE-2013-3222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222
* CVE-2013-3223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223
* CVE-2013-3224 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224
* CVE-2013-3225 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3225
* CVE-2013-3227 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3227
* CVE-2013-3228 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228
* CVE-2013-3229 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229
* CVE-2013-3231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231
* CVE-2013-3232 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232
* CVE-2013-3234 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234
* CVE-2013-3235 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235
* CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979
Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-kernel-7828 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.80.rt108]: cluster-network-kmp-rt-1.4_3.0.80_rt108_0.5-2.18.47 cluster-network-kmp-rt_trace-1.4_3.0.80_rt108_0.5-2.18.47 drbd-kmp-rt-8.4.2_3.0.80_rt108_0.5-0.6.6.38 drbd-kmp-rt_trace-8.4.2_3.0.80_rt108_0.5-0.6.6.38 iscsitarget-kmp-rt-1.4.20_3.0.80_rt108_0.5-0.23.44 iscsitarget-kmp-rt_trace-1.4.20_3.0.80_rt108_0.5-0.23.44 kernel-rt-3.0.80.rt108-0.5.1 kernel-rt-base-3.0.80.rt108-0.5.1 kernel-rt-devel-3.0.80.rt108-0.5.1 kernel-rt_trace-3.0.80.rt108-0.5.1 kernel-rt_trace-base-3.0.80.rt108-0.5.1 kernel-rt_trace-devel-3.0.80.rt108-0.5.1 kernel-source-rt-3.0.80.rt108-0.5.1 kernel-syms-rt-3.0.80.rt108-0.5.1 lttng-modules-kmp-rt-2.0.4_3.0.80_rt108_0.5-0.7.35 lttng-modules-kmp-rt_trace-2.0.4_3.0.80_rt108_0.5-0.7.35 ocfs2-kmp-rt-1.6_3.0.80_rt108_0.5-0.11.46 ocfs2-kmp-rt_trace-1.6_3.0.80_rt108_0.5-0.11.46 ofed-kmp-rt-1.5.2_3.0.80_rt108_0.5-0.28.28.18 ofed-kmp-rt_trace-1.5.2_3.0.80_rt108_0.5-0.28.28.18 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=0a3106322709c3a3f920332f0f... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org