- Detalji os-a: LSU
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LSU
openSUSE Security Update: kernel: security and bugfix update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0204-1
Rating: important
References: #804950 #805226 #808358 #811746 #825006 #831836
#838024 #840226 #840656 #844513 #848079 #848255
#849021 #849023 #849029 #849034 #849362 #852373
#852558 #852559 #853050 #853051 #853052 #853053
#854173 #854634 #854722 #860993
Cross-References: CVE-2013-0343 CVE-2013-1792 CVE-2013-4348
CVE-2013-4511 CVE-2013-4513 CVE-2013-4514
CVE-2013-4515 CVE-2013-4587 CVE-2013-6367
CVE-2013-6368 CVE-2013-6376 CVE-2013-6378
CVE-2013-6380 CVE-2013-6431 CVE-2013-7027
CVE-2014-0038
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that solves 16 vulnerabilities and has 12 fixes
is now available.
Description:
The Linux kernel was updated to fix various bugs and
security issues:
– mm/page-writeback.c: do not count anon pages as dirtyable
memory (reclaim stalls).
– mm/page-writeback.c: fix dirty_balance_reserve
subtraction from dirtyable memory (reclaim stalls).
– compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).
– hwmon: (coretemp) Fix truncated name of alarm attributes
– net: fib: fib6_add: fix potential NULL pointer
dereference (bnc#854173 CVE-2013-6431).
– keys: fix race with concurrent install_user_keyrings()
(bnc#808358)(CVE-2013-1792).
– KVM: x86: Convert vapic synchronization to _cached
functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).
– wireless: radiotap: fix parsing buffer overrun
(bnc#854634 CVE-2013-7027).
– KVM: x86: fix guest-initiated crash with x2apic
(CVE-2013-6376) (bnc#853053 CVE-2013-6376).
– KVM: x86: Fix potential divide by 0 in lapic
(CVE-2013-6367) (bnc#853051 CVE-2013-6367).
– KVM: Improve create VCPU parameter (CVE-2013-4587)
(bnc#853050 CVE-2013-4587).
– staging: ozwpan: prevent overflow in oz_cdev_write()
(bnc#849023 CVE-2013-4513).
– perf/x86: Fix offcore_rsp valid mask for SNB/IVB
(bnc#825006).
– perf/x86: Add Intel IvyBridge event scheduling
constraints (bnc#825006).
– libertas: potential oops in debugfs (bnc#852559
CVE-2013-6378).
– aacraid: prevent invalid pointer dereference (bnc#852373
CVE-2013-6380).
– staging: wlags49_h2: buffer overflow setting station name
(bnc#849029 CVE-2013-4514).
– net: flow_dissector: fail on evil iph->ihl (bnc#848079
CVE-2013-4348).
– Staging: bcm: info leak in ioctl (bnc#849034
CVE-2013-4515).
– Refresh
patches.fixes/net-rework-recvmsg-handler-msg_name-and-msg_na
melen-logic.patch.
– ipv6: remove max_addresses check from
ipv6_create_tempaddr (bnc#805226, CVE-2013-0343).
– net: rework recvmsg handler msg_name and msg_namelen
logic (bnc#854722).
– crypto: ansi_cprng – Fix off by one error in non-block
size request (bnc#840226).
– x6: Fix reserve_initrd so that acpi_initrd_override is
reached (bnc#831836).
– Refresh other Xen patches.
– aacraid: missing capable() check in compat ioctl
(bnc#852558).
–
patches.fixes/gpio-ich-fix-ichx_gpio_check_available-return.
patch: Update upstream reference
– perf/ftrace: Fix paranoid level for enabling function
tracer (bnc#849362).
– xhci: fix null pointer dereference on
ring_doorbell_for_active_rings (bnc#848255).
– xhci: Fix oops happening after address device timeout
(bnc#848255).
– xhci: Ensure a command structure points to the correct
trb on the command ring (bnc#848255).
–
patches.arch/iommu-vt-d-remove-stack-trace-from-broken-irq-r
emapping-warning.patch: Update upstream reference.
– Allow NFSv4 username mapping to work properly
(bnc#838024).
– Refresh btrfs attribute publishing patchset to match
openSUSE-13.1 No user-visible changes, but uses
kobj_sysfs_ops and better kobject lifetime management.
– Fix a few incorrectly checked [io_]remap_pfn_range()
calls (bnc#849021, CVE-2013-4511).
– drm/radeon: don’t set hpd, afmt interrupts when
interrupts are disabled.
–
patches.fixes/cifs-fill-TRANS2_QUERY_FILE_INFO-ByteCount-fie
lds.patch: Fix TRANS2_QUERY_FILE_INFO ByteCount fields
(bnc#804950).
– iommu: Remove stack trace from broken irq remapping
warning (bnc#844513).
– Disable patches related to bnc#840656
patches.suse/btrfs-cleanup-don-t-check-the-same-thing-twice
patches.suse/btrfs-0220-fix-for-patch-cleanup-don-t-check-th
e-same-thi.patch
– btrfs: use feature attribute names to print better error
messages.
– btrfs: add ability to change features via sysfs.
– btrfs: add publishing of unknown features in sysfs.
– btrfs: publish per-super features to sysfs.
– btrfs: add per-super attributes to sysfs.
– btrfs: export supported featured to sysfs.
– kobject: introduce kobj_completion.
– btrfs: add ioctls to query/change feature bits online.
– btrfs: use btrfs_commit_transaction when setting fslabel.
– x86/iommu/vt-d: Expand interrupt remapping quirk to cover
x58 chipset (bnc#844513).
– NFSv4: Fix issues in nfs4_discover_server_trunking
(bnc#811746).
– iommu/vt-d: add quirk for broken interrupt remapping on
55XX chipsets (bnc#844513).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE 12.3:
zypper in -t patch openSUSE-2014-113
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE 12.3 (i586 x86_64):
kernel-default-3.7.10-1.28.1
kernel-default-base-3.7.10-1.28.1
kernel-default-base-debuginfo-3.7.10-1.28.1
kernel-default-debuginfo-3.7.10-1.28.1
kernel-default-debugsource-3.7.10-1.28.1
kernel-default-devel-3.7.10-1.28.1
kernel-default-devel-debuginfo-3.7.10-1.28.1
kernel-syms-3.7.10-1.28.1
– openSUSE 12.3 (i686 x86_64):
kernel-debug-3.7.10-1.28.1
kernel-debug-base-3.7.10-1.28.1
kernel-debug-base-debuginfo-3.7.10-1.28.1
kernel-debug-debuginfo-3.7.10-1.28.1
kernel-debug-debugsource-3.7.10-1.28.1
kernel-debug-devel-3.7.10-1.28.1
kernel-debug-devel-debuginfo-3.7.10-1.28.1
kernel-desktop-3.7.10-1.28.1
kernel-desktop-base-3.7.10-1.28.1
kernel-desktop-base-debuginfo-3.7.10-1.28.1
kernel-desktop-debuginfo-3.7.10-1.28.1
kernel-desktop-debugsource-3.7.10-1.28.1
kernel-desktop-devel-3.7.10-1.28.1
kernel-desktop-devel-debuginfo-3.7.10-1.28.1
kernel-ec2-3.7.10-1.28.1
kernel-ec2-base-3.7.10-1.28.1
kernel-ec2-base-debuginfo-3.7.10-1.28.1
kernel-ec2-debuginfo-3.7.10-1.28.1
kernel-ec2-debugsource-3.7.10-1.28.1
kernel-ec2-devel-3.7.10-1.28.1
kernel-ec2-devel-debuginfo-3.7.10-1.28.1
kernel-trace-3.7.10-1.28.1
kernel-trace-base-3.7.10-1.28.1
kernel-trace-base-debuginfo-3.7.10-1.28.1
kernel-trace-debuginfo-3.7.10-1.28.1
kernel-trace-debugsource-3.7.10-1.28.1
kernel-trace-devel-3.7.10-1.28.1
kernel-trace-devel-debuginfo-3.7.10-1.28.1
kernel-vanilla-3.7.10-1.28.1
kernel-vanilla-debuginfo-3.7.10-1.28.1
kernel-vanilla-debugsource-3.7.10-1.28.1
kernel-vanilla-devel-3.7.10-1.28.1
kernel-vanilla-devel-debuginfo-3.7.10-1.28.1
kernel-xen-3.7.10-1.28.1
kernel-xen-base-3.7.10-1.28.1
kernel-xen-base-debuginfo-3.7.10-1.28.1
kernel-xen-debuginfo-3.7.10-1.28.1
kernel-xen-debugsource-3.7.10-1.28.1
kernel-xen-devel-3.7.10-1.28.1
kernel-xen-devel-debuginfo-3.7.10-1.28.1
– openSUSE 12.3 (noarch):
kernel-devel-3.7.10-1.28.1
kernel-docs-3.7.10-1.28.2
kernel-source-3.7.10-1.28.1
kernel-source-vanilla-3.7.10-1.28.1
– openSUSE 12.3 (i686):
kernel-pae-3.7.10-1.28.1
kernel-pae-base-3.7.10-1.28.1
kernel-pae-base-debuginfo-3.7.10-1.28.1
kernel-pae-debuginfo-3.7.10-1.28.1
kernel-pae-debugsource-3.7.10-1.28.1
kernel-pae-devel-3.7.10-1.28.1
kernel-pae-devel-debuginfo-3.7.10-1.28.1
References:
http://support.novell.com/security/cve/CVE-2013-0343.html
http://support.novell.com/security/cve/CVE-2013-1792.html
http://support.novell.com/security/cve/CVE-2013-4348.html
http://support.novell.com/security/cve/CVE-2013-4511.html
http://support.novell.com/security/cve/CVE-2013-4513.html
http://support.novell.com/security/cve/CVE-2013-4514.html
http://support.novell.com/security/cve/CVE-2013-4515.html
http://support.novell.com/security/cve/CVE-2013-4587.html
http://support.novell.com/security/cve/CVE-2013-6367.html
http://support.novell.com/security/cve/CVE-2013-6368.html
http://support.novell.com/security/cve/CVE-2013-6376.html
http://support.novell.com/security/cve/CVE-2013-6378.html
http://support.novell.com/security/cve/CVE-2013-6380.html
http://support.novell.com/security/cve/CVE-2013-6431.html
http://support.novell.com/security/cve/CVE-2013-7027.html
http://support.novell.com/security/cve/CVE-2014-0038.html
https://bugzilla.novell.com/804950
https://bugzilla.novell.com/805226
https://bugzilla.novell.com/808358
https://bugzilla.novell.com/811746
https://bugzilla.novell.com/825006
https://bugzilla.novell.com/831836
https://bugzilla.novell.com/838024
https://bugzilla.novell.com/840226
https://bugzilla.novell.com/840656
https://bugzilla.novell.com/844513
https://bugzilla.novell.com/848079
https://bugzilla.novell.com/848255
https://bugzilla.novell.com/849021
https://bugzilla.novell.com/849023
https://bugzilla.novell.com/849029
https://bugzilla.novell.com/849034
https://bugzilla.novell.com/849362
https://bugzilla.novell.com/852373
https://bugzilla.novell.com/852558
https://bugzilla.novell.com/852559
https://bugzilla.novell.com/853050
https://bugzilla.novell.com/853051
https://bugzilla.novell.com/853052
https://bugzilla.novell.com/853053
https://bugzilla.novell.com/854173
https://bugzilla.novell.com/854634
https://bugzilla.novell.com/854722
https://bugzilla.novell.com/860993
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
7e
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2014-02-0003-ADV |
| Cve | CVE-2013-0343 CVE-2013-1792 CVE-2013-4348 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6378 CVE-2013-6380 CVE-2013-6431 CVE-2013-7027 CVE-2014-0038 |
| ID izvornika | openSUSE-SU-2014:0204-1 |
| Proizvod | kernel |
| Izvor | http://www.suse.com |
