Ranjivosti jezgre operacijskog sustava

Preporuke

by ncert - 16. svibnja 2014.16. svibnja 2014.0

Detalji os-a: LSU
Važnost: IMP
Operativni sustavi: L
Kategorije: LSU

SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:0667-1
Rating: important
References: #875690 #875798
Cross-References: CVE-2014-0196 CVE-2014-1737 CVE-2014-1738

Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise High Availability Extension 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

An update that fixes three vulnerabilities is now
available. It includes one version update.

Description:

The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the
following severe security issues:

CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
in the Linux kernel through 3.14.3 does not properly handle error
conditions during processing of an FDRAWCMD ioctl call, which allows local
users to trigger kfree operations and gain privileges by leveraging write
access to a /dev/fd device. (bnc#875798)

CVE-2014-1738: The raw_cmd_copyout function in
drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
properly restrict access to certain pointers during processing of an
FDRAWCMD ioctl call, which allows local users to obtain sensitive
information from kernel heap memory by leveraging write access to a
/dev/fd device. (bnc#875798)

CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in
the Linux kernel through 3.14.3 does not properly manage tty driver access
in the “LECHO & !OPOST” case, which allows local users to cause a denial
of service (memory corruption and system crash) or gain privileges by
triggering a race condition involving read and write operations with long
strings. (bnc#875690)

Security Issues references:

* CVE-2014-0196
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196>
* CVE-2014-1737
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737>
* CVE-2014-1738
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11 SP3 for VMware:

zypper in -t patch slessp3-kernel-9233 slessp3-kernel-9237

– SUSE Linux Enterprise Server 11 SP3:

zypper in -t patch slessp3-kernel-9233 slessp3-kernel-9234 slessp3-kernel-9235 slessp3-kernel-9236 slessp3-kernel-9237

– SUSE Linux Enterprise High Availability Extension 11 SP3:

zypper in -t patch slehasp3-kernel-9233 slehasp3-kernel-9234 slehasp3-kernel-9235 slehasp3-kernel-9236 slehasp3-kernel-9237

– SUSE Linux Enterprise Desktop 11 SP3:

zypper in -t patch sledsp3-kernel-9233 sledsp3-kernel-9237

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]:

kernel-default-3.0.101-0.29.1
kernel-default-base-3.0.101-0.29.1
kernel-default-devel-3.0.101-0.29.1
kernel-source-3.0.101-0.29.1
kernel-syms-3.0.101-0.29.1
kernel-trace-3.0.101-0.29.1
kernel-trace-base-3.0.101-0.29.1
kernel-trace-devel-3.0.101-0.29.1
kernel-xen-devel-3.0.101-0.29.1

– SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]:

kernel-pae-3.0.101-0.29.1
kernel-pae-base-3.0.101-0.29.1
kernel-pae-devel-3.0.101-0.29.1

– SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:

– SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

kernel-ec2-3.0.101-0.29.1
kernel-ec2-base-3.0.101-0.29.1
kernel-ec2-devel-3.0.101-0.29.1
kernel-xen-3.0.101-0.29.1
kernel-xen-base-3.0.101-0.29.1
kernel-xen-devel-3.0.101-0.29.1
xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24

– SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:

kernel-default-man-3.0.101-0.29.1

– SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:

kernel-ppc64-3.0.101-0.29.1
kernel-ppc64-base-3.0.101-0.29.1
kernel-ppc64-devel-3.0.101-0.29.1

– SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:

kernel-pae-3.0.101-0.29.1
kernel-pae-base-3.0.101-0.29.1
kernel-pae-devel-3.0.101-0.29.1
xen-kmp-pae-4.2.4_02_3.0.101_0.29-0.7.24

– SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):

cluster-network-kmp-default-1.4_3.0.101_0.29-2.27.63
cluster-network-kmp-trace-1.4_3.0.101_0.29-2.27.63
gfs2-kmp-default-2_3.0.101_0.29-0.16.69
gfs2-kmp-trace-2_3.0.101_0.29-0.16.69
ocfs2-kmp-default-1.6_3.0.101_0.29-0.20.63
ocfs2-kmp-trace-1.6_3.0.101_0.29-0.20.63

– SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):

cluster-network-kmp-xen-1.4_3.0.101_0.29-2.27.63
gfs2-kmp-xen-2_3.0.101_0.29-0.16.69
ocfs2-kmp-xen-1.6_3.0.101_0.29-0.20.63

– SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):

cluster-network-kmp-ppc64-1.4_3.0.101_0.29-2.27.63
gfs2-kmp-ppc64-2_3.0.101_0.29-0.16.69
ocfs2-kmp-ppc64-1.6_3.0.101_0.29-0.20.63

– SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):

cluster-network-kmp-pae-1.4_3.0.101_0.29-2.27.63
gfs2-kmp-pae-2_3.0.101_0.29-0.16.69
ocfs2-kmp-pae-1.6_3.0.101_0.29-0.20.63

– SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

kernel-default-3.0.101-0.29.1
kernel-default-base-3.0.101-0.29.1
kernel-default-devel-3.0.101-0.29.1
kernel-default-extra-3.0.101-0.29.1
kernel-source-3.0.101-0.29.1
kernel-syms-3.0.101-0.29.1
kernel-trace-devel-3.0.101-0.29.1
kernel-xen-3.0.101-0.29.1
kernel-xen-base-3.0.101-0.29.1
kernel-xen-devel-3.0.101-0.29.1
kernel-xen-extra-3.0.101-0.29.1
xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24

– SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:

kernel-pae-3.0.101-0.29.1
kernel-pae-base-3.0.101-0.29.1
kernel-pae-devel-3.0.101-0.29.1
kernel-pae-extra-3.0.101-0.29.1
xen-kmp-pae-4.2.4_02_3.0.101_0.29-0.7.24

– SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-0.29.1

– SLE 11 SERVER Unsupported Extras (i586 x86_64):

kernel-xen-extra-3.0.101-0.29.1

– SLE 11 SERVER Unsupported Extras (ppc64):

kernel-ppc64-extra-3.0.101-0.29.1

– SLE 11 SERVER Unsupported Extras (i586):

kernel-pae-extra-3.0.101-0.29.1

References:

http://support.novell.com/security/cve/CVE-2014-0196.html
http://support.novell.com/security/cve/CVE-2014-1737.html
http://support.novell.com/security/cve/CVE-2014-1738.html
https://bugzilla.novell.com/875690
https://bugzilla.novell.com/875798
http://download.suse.com/patch/finder/?keywords=0a2dcb948e608bd43076195098633c81
http://download.suse.com/patch/finder/?keywords=274275aae87b7f5717f22fbbcefc8d6c
http://download.suse.com/patch/finder/?keywords=74a759a760793246603bb46c1f236d66
http://download.suse.com/patch/finder/?keywords=843a01b2e875a9432b273760df408cf6
http://download.suse.com/patch/finder/?keywords=92be4af46975d1cbad507b6d3ff3a1b0
http://download.suse.com/patch/finder/?keywords=9a4b69a3f37b4e66442334473595bfb3
http://download.suse.com/patch/finder/?keywords=e8725e10de339002adb8d4cccd0ec112
http://download.suse.com/patch/finder/?keywords=f07cfd49365f51f26faddaf62d0a2652
http://download.suse.com/patch/finder/?keywords=f83b1e3a46f672548bf90e07d1b9554b
http://download.suse.com/patch/finder/?keywords=fbbbacd1258eed8745c184e7d6e9eddb

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
7e

Autor	Tomislav Protega
Cert id	NCERT-REF-2014-05-0006-ADV
Cve	CVE-2014-0196 CVE-2014-1737 CVE-2014-1738
ID izvornika	SUSE-SU-2014:0667-1
Proizvod	Linux Kernel
Izvor	http://www.suse.com

Ranjivosti jezgre operacijskog sustava

Archives

More in Preporuke

Nadogradnja za iTunes