openSUSE Security Update: kernel to 3.11.10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0205-1 Rating: important References: #733022 #773058 #838024 #844513 #845621 #846529 #848042 #849021 #850072 #852652 #852656 #852931 #853050 #853051 #853052 #853053 #854175 #854722 #856294 #859804 #860993 Cross-References: CVE-2013-4511 CVE-2013-4563 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6432 CVE-2014-0038 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 13 fixes is now available. Description: The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs: - floppy: bail out in open() if drive is not responding to block0 read (bnc#773058). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - HID: usbhid: fix sis quirk (bnc#859804). - hwmon: (coretemp) Fix truncated name of alarm attributes - HID: usbhid: quirk for Synaptics Quad HD touchscreen (bnc#859804). - HID: usbhid: quirk for Synaptics HD touchscreen (bnc#859804). - HID: usbhid: merge the sis quirk (bnc#859804). - HID: hid-multitouch: add support for SiS panels (bnc#859804). - HID: usbhid: quirk for SiS Touchscreen (bnc#859804). - HID: usbhid: quirk for Synaptics Large Touchccreen (bnc#859804). - drivers: net: cpsw: fix dt probe for one port ethernet. - drivers: net: cpsw: fix for cpsw crash when build as modules. - dma: edma: Remove limits on number of slots. - dma: edma: Leave linked to Null slot instead of DUMMY slot. - dma: edma: Find missed events and issue them. - dma: edma: Write out and handle MAX_NR_SG at a given time. - dma: edma: Setup parameters to DMA MAX_NR_SG at a time. - ARM: edma: Add function to manually trigger an EDMA channel. - ARM: edma: Fix clearing of unused list for DT DMA resources. - ACPI: Add Toshiba NB100 to Vista _OSI blacklist. - ACPI: add missing win8 OSI comment to blacklist (bnc#856294). - ACPI: update win8 OSI blacklist. - ACPI: blacklist win8 OSI for buggy laptops. - ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A (bnc#856294). - ACPI: Blacklist Win8 OSI for some HP laptop 2013 models (bnc#856294). - floppy: bail out in open() if drive is not responding to block0 read (bnc#773058). - ping: prevent NULL pointer dereference on write to msg_name (bnc#854175 CVE-2013-6432). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). - Refresh patches.suse/stack-unwind. - Refresh patches.xen/xen-x86_64-dump-user-pgt. - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - Build the KOTD against openSUSE:13.1:Update - xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). - Update Xen patches to 3.11.10. - Rename patches.xen/xen-pcpu-hotplug to patches.xen/xen-pcpu. - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - ipv6: fix headroom calculation in udp6_ufo_fragment (bnc#848042 CVE-2013-4563). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - patches.drivers/gpio-ucb1400-add-module_alias.patch: Update upstream reference - patches.drivers/gpio-ucb1400-can-be-built-as-a-module.patch: Update upstream reference - Delete patches.suse/ida-remove-warning-dump-stack.patch. Already included in kernel 3.11 (WARN calls dump_stack.) - xhci: Limit the spurious wakeup fix only to HP machines (bnc#852931). - iscsi_target: race condition on shutdown (bnc#850072). - Linux 3.11.10. - Refresh patches.xen/xen3-patch-2.6.29. - Delete patches.suse/btrfs-relocate-csums-properly-with-prealloc-ext ents.patch. - patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Haswel l.patch: (bnc#852931). - Build mei and mei_me as modules (bnc#852656) - Linux 3.11.9. - Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021). - Delete patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ. - Delete patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pfn_ra nge-ca.patch. - Add USB PHY support (needed to get USB and Ethernet working on beagle and panda boards) Add CONFIG_PINCTRL_SINGLE=y to be able to use Device tree (at least for beagle and panda boards) Add ARM SoC sound support Add SPI bus support Add user-space access to I2C and SPI - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-irq-r emapping-warning.patch: Fix forward porting, sorry. - iommu: Remove stack trace from broken irq remapping warning (bnc#844513). - gpio: ucb1400: Add MODULE_ALIAS. - Allow NFSv4 username mapping to work properly (bnc#838024). - nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call. - sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check. - sunrpc: create a new dummy pipe for gssd to hold open. - Set CONFIG_GPIO_TWL4030 as built-in (instead of module) as a requirement to boot on SD card on beagleboard xM - armv6hl, armv7hl: Update config files. Set CONFIG_BATMAN_ADV_BLA=y as all other kernel configuration files have. - Update config files: * CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV options are all enabled so why not this one. * CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we support all other features of these pieces of hardware. * CONFIG_INTEL_POWERCLAMP=m, because this small driver might be useful in specific cases, and there's no obvious reason not to include it. - Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511). - Linux 3.11.7. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-114 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): kernel-default-3.11.10-7.1 kernel-default-base-3.11.10-7.1 kernel-default-base-debuginfo-3.11.10-7.1 kernel-default-debuginfo-3.11.10-7.1 kernel-default-debugsource-3.11.10-7.1 kernel-default-devel-3.11.10-7.1 kernel-default-devel-debuginfo-3.11.10-7.1 kernel-syms-3.11.10-7.1 - openSUSE 13.1 (i686 x86_64): kernel-debug-3.11.10-7.1 kernel-debug-base-3.11.10-7.1 kernel-debug-base-debuginfo-3.11.10-7.1 kernel-debug-debuginfo-3.11.10-7.1 kernel-debug-debugsource-3.11.10-7.1 kernel-debug-devel-3.11.10-7.1 kernel-debug-devel-debuginfo-3.11.10-7.1 kernel-desktop-3.11.10-7.1 kernel-desktop-base-3.11.10-7.1 kernel-desktop-base-debuginfo-3.11.10-7.1 kernel-desktop-debuginfo-3.11.10-7.1 kernel-desktop-debugsource-3.11.10-7.1 kernel-desktop-devel-3.11.10-7.1 kernel-desktop-devel-debuginfo-3.11.10-7.1 kernel-ec2-3.11.10-7.1 kernel-ec2-base-3.11.10-7.1 kernel-ec2-base-debuginfo-3.11.10-7.1 kernel-ec2-debuginfo-3.11.10-7.1 kernel-ec2-debugsource-3.11.10-7.1 kernel-ec2-devel-3.11.10-7.1 kernel-ec2-devel-debuginfo-3.11.10-7.1 kernel-trace-3.11.10-7.1 kernel-trace-base-3.11.10-7.1 kernel-trace-base-debuginfo-3.11.10-7.1 kernel-trace-debuginfo-3.11.10-7.1 kernel-trace-debugsource-3.11.10-7.1 kernel-trace-devel-3.11.10-7.1 kernel-trace-devel-debuginfo-3.11.10-7.1 kernel-vanilla-3.11.10-7.1 kernel-vanilla-debuginfo-3.11.10-7.1 kernel-vanilla-debugsource-3.11.10-7.1 kernel-vanilla-devel-3.11.10-7.1 kernel-vanilla-devel-debuginfo-3.11.10-7.1 kernel-xen-3.11.10-7.1 kernel-xen-base-3.11.10-7.1 kernel-xen-base-debuginfo-3.11.10-7.1 kernel-xen-debuginfo-3.11.10-7.1 kernel-xen-debugsource-3.11.10-7.1 kernel-xen-devel-3.11.10-7.1 kernel-xen-devel-debuginfo-3.11.10-7.1 - openSUSE 13.1 (noarch): kernel-devel-3.11.10-7.1 kernel-docs-3.11.10-7.3 kernel-source-3.11.10-7.1 kernel-source-vanilla-3.11.10-7.1 - openSUSE 13.1 (i686): kernel-pae-3.11.10-7.1 kernel-pae-base-3.11.10-7.1 kernel-pae-base-debuginfo-3.11.10-7.1 kernel-pae-debuginfo-3.11.10-7.1 kernel-pae-debugsource-3.11.10-7.1 kernel-pae-devel-3.11.10-7.1 kernel-pae-devel-debuginfo-3.11.10-7.1 References: http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4563.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6368.html http://support.novell.com/security/cve/CVE-2013-6376.html http://support.novell.com/security/cve/CVE-2013-6432.html http://support.novell.com/security/cve/CVE-2014-0038.html https://bugzilla.novell.com/733022 https://bugzilla.novell.com/773058 https://bugzilla.novell.com/838024 https://bugzilla.novell.com/844513 https://bugzilla.novell.com/845621 https://bugzilla.novell.com/846529 https://bugzilla.novell.com/848042 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/850072 https://bugzilla.novell.com/852652 https://bugzilla.novell.com/852656 https://bugzilla.novell.com/852931 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853052 https://bugzilla.novell.com/853053 https://bugzilla.novell.com/854175 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/856294 https://bugzilla.novell.com/859804 https://bugzilla.novell.com/860993