openSUSE Security Update: kernel: security and bugfix update
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:0847-1
Rating:             important
References:         #806138 #806976 #806980 #808829 #809748 #813735 
                    #815745 #819519 #819789 
Cross-References:   CVE-2013-0913 CVE-2013-1767 CVE-2013-1774
                    CVE-2013-1796 CVE-2013-1797 CVE-2013-1798
                    CVE-2013-2094
Affected Products:
                    openSUSE 12.1
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has two fixes
   is now available.

Description:


   The openSUSE 12.1 kernel was updated to fix a severe
   secrutiy issue and various bugs.

   Security issues fixed: CVE-2013-2094: The perf_swevent_init
   function in kernel/events/core.c in the Linux kernel used
   an incorrect integer data type, which allowed local users   to gain privileges via a crafted perf_event_open system
   call.

   CVE-2013-1774: The chase_port function in
   drivers/usb/serial/io_ti.c in the Linux kernel allowed
   local users to cause a denial of service (NULL pointer
   dereference and system crash) via an attempted /dev/ttyUSB
   read or write operation on a disconnected Edgeport USB
   serial converter.

   CVE-2013-1928: The do_video_set_spu_palette function in
   fs/compat_ioctl.c in the Linux kernel lacked a certain
   error check, which might have allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb
   device.

   CVE-2013-1796: The kvm_set_msr_common function in
   arch/x86/kvm/x86.c in the Linux kernel did not ensure a
   required time_page alignment during an MSR_KVM_SYSTEM_TIME
   operation, which allowed guest OS users to cause a denial
   of service (buffer overflow and host OS memory corruption)
   or possibly have unspecified other impact via a crafted
   application.

   CVE-2013-1797: Use-after-free vulnerability in
   arch/x86/kvm/x86.c in the Linux kernel allowed guest OS
   users to cause a denial of service (host OS memory
   corruption) or possibly have unspecified other impact via a
   crafted application that triggers use of a guest physical
   address (GPA) in (1) movable or (2) removable memory during
   an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.

   CVE-2013-1798: The ioapic_read_indirect function in
   virt/kvm/ioapic.c in the Linux kernel did not properly
   handle a certain combination of invalid IOAPIC_REG_SELECT
   and IOAPIC_REG_WINDOW operations, which allowed guest OS
   users to obtain sensitive information from host OS memory
   or cause a denial of service (host OS OOPS) via a crafted
   application.

   CVE-2013-1767: Use-after-free vulnerability in the
   shmem_remount_fs function in mm/shmem.c in the Linux kernel
   allowed local users to gain privileges or cause a denial of
   service (system crash) by remounting a tmpfs filesystem
   without specifying a required mpol (aka mempolicy) mount
   option.

   CVE-2013-0913: Integer overflow in
   drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915
   driver in the Direct Rendering Manager (DRM) subsystem in
   the Linux kernel allowed local users to cause a denial of
   service (heap-based buffer overflow) or possibly have
   unspecified other impact via a crafted application that
   triggers many relocation copies, and potentially leads to a
   race condition.

   Bugs fixed:
   - qlge: fix dma map leak when the last chunk is not
   allocated (bnc#819519).

   - TTY: fix atime/mtime regression (bnc#815745).

   - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error
   check (bnc#813735).

   - USB: io_ti: Fix NULL dereference in chase_port()
   (bnc#806976, CVE-2013-1774).

   - KVM: Convert MSR_KVM_SYSTEM_TIME to use
   gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797).
   - KVM: Fix bounds checking in ioapic indirect register read
   (bnc#806980 CVE-2013-1798).
   - KVM: Fix for buffer overflow in handling of
   MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796).
   - kabi/severities: Allow kvm module abi changes - modules
   are self consistent

   - loopdev: fix a deadlock (bnc#809748).
   - block: use i_size_write() in bd_set_size() (bnc#809748).

   - drm/i915: bounds check execbuffer relocation count
   (bnc#808829,CVE-2013-0913).

   - tmpfs: fix use-after-free of mempolicy object
   (bnc#806138, CVE-2013-1767).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2013-454

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.1 (i586 x86_64):

      kernel-debug-3.1.10-1.23.1.g8645a72
      kernel-debug-base-3.1.10-1.23.1.g8645a72
      kernel-debug-base-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-debug-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-debug-debugsource-3.1.10-1.23.1.g8645a72
      kernel-debug-devel-3.1.10-1.23.1.g8645a72
      kernel-debug-devel-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-default-3.1.10-1.23.1.g8645a72
      kernel-default-base-3.1.10-1.23.1.g8645a72
      kernel-default-base-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-default-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-default-debugsource-3.1.10-1.23.1.g8645a72
      kernel-default-devel-3.1.10-1.23.1.g8645a72
      kernel-default-devel-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-desktop-3.1.10-1.23.1.g8645a72
      kernel-desktop-base-3.1.10-1.23.1.g8645a72
      kernel-desktop-base-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-desktop-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-desktop-debugsource-3.1.10-1.23.1.g8645a72
      kernel-desktop-devel-3.1.10-1.23.1.g8645a72
      kernel-desktop-devel-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-ec2-3.1.10-1.23.1.g8645a72
      kernel-ec2-base-3.1.10-1.23.1.g8645a72
      kernel-ec2-base-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-ec2-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-ec2-debugsource-3.1.10-1.23.1.g8645a72
      kernel-ec2-devel-3.1.10-1.23.1.g8645a72
      kernel-ec2-devel-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-ec2-extra-3.1.10-1.23.1.g8645a72
      kernel-ec2-extra-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-syms-3.1.10-1.23.1.g8645a72
      kernel-trace-3.1.10-1.23.1.g8645a72
      kernel-trace-base-3.1.10-1.23.1.g8645a72
      kernel-trace-base-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-trace-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-trace-debugsource-3.1.10-1.23.1.g8645a72
      kernel-trace-devel-3.1.10-1.23.1.g8645a72
      kernel-trace-devel-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-vanilla-3.1.10-1.23.1.g8645a72
      kernel-vanilla-base-3.1.10-1.23.1.g8645a72
      kernel-vanilla-base-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-vanilla-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-vanilla-debugsource-3.1.10-1.23.1.g8645a72
      kernel-vanilla-devel-3.1.10-1.23.1.g8645a72
      kernel-vanilla-devel-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-xen-3.1.10-1.23.1.g8645a72
      kernel-xen-base-3.1.10-1.23.1.g8645a72
      kernel-xen-base-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-xen-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-xen-debugsource-3.1.10-1.23.1.g8645a72
      kernel-xen-devel-3.1.10-1.23.1.g8645a72
      kernel-xen-devel-debuginfo-3.1.10-1.23.1.g8645a72

   - openSUSE 12.1 (noarch):

      kernel-devel-3.1.10-1.23.1.g8645a72
      kernel-docs-3.1.10-1.23.2.g8645a72
      kernel-source-3.1.10-1.23.1.g8645a72
      kernel-source-vanilla-3.1.10-1.23.1.g8645a72

   - openSUSE 12.1 (i586):

      kernel-pae-3.1.10-1.23.1.g8645a72
      kernel-pae-base-3.1.10-1.23.1.g8645a72
      kernel-pae-base-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-pae-debuginfo-3.1.10-1.23.1.g8645a72
      kernel-pae-debugsource-3.1.10-1.23.1.g8645a72
      kernel-pae-devel-3.1.10-1.23.1.g8645a72
      kernel-pae-devel-debuginfo-3.1.10-1.23.1.g8645a72


References:

   https://www.suse.com/security/cve/CVE-2013-0913.html
   https://www.suse.com/security/cve/CVE-2013-1767.html
   https://www.suse.com/security/cve/CVE-2013-1774.html
   https://www.suse.com/security/cve/CVE-2013-1796.html
   https://www.suse.com/security/cve/CVE-2013-1797.html
   https://www.suse.com/security/cve/CVE-2013-1798.html
   https://www.suse.com/security/cve/CVE-2013-2094.html
   https://bugzilla.novell.com/806138
   https://bugzilla.novell.com/806976
   https://bugzilla.novell.com/806980
   https://bugzilla.novell.com/808829
   https://bugzilla.novell.com/809748
   https://bugzilla.novell.com/813735
   https://bugzilla.novell.com/815745
   https://bugzilla.novell.com/819519
   https://bugzilla.novell.com/819789

--

openSUSE: 2013:0847-1: important: kernel

May 31, 2013
An update that solves 7 vulnerabilities and has two fixes is now available.

Description

The openSUSE 12.1 kernel was updated to fix a severe secrutiy issue and various bugs. Security issues fixed: CVE-2013-2094: The perf_swevent_init function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_event_open system call. CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel did not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allowed guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel allowed guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel did not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allowed guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. CVE-2013-0913: Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel allowed local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. Bugs fixed: - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - TTY: fix atime/mtime regression (bnc#815745). - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (bnc#813735). - USB: io_ti: Fix NULL dereference in chase_port() (bnc#806976, CVE-2013-1774). - KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797). - KVM: Fix bounds checking in ioapic indirect register read (bnc#806980 CVE-2013-1798). - KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796). - kabi/severities: Allow kvm module abi changes - modules are self consistent - loopdev: fix a deadlock (bnc#809748). - block: use i_size_write() in bd_set_size() (bnc#809748). - drm/i915: bounds check execbuffer relocation count (bnc#808829,CVE-2013-0913). - tmpfs: fix use-after-free of mempolicy object (bnc#806138, CVE-2013-1767).

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-454 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 12.1 (i586 x86_64): kernel-debug-3.1.10-1.23.1.g8645a72 kernel-debug-base-3.1.10-1.23.1.g8645a72 kernel-debug-base-debuginfo-3.1.10-1.23.1.g8645a72 kernel-debug-debuginfo-3.1.10-1.23.1.g8645a72 kernel-debug-debugsource-3.1.10-1.23.1.g8645a72 kernel-debug-devel-3.1.10-1.23.1.g8645a72 kernel-debug-devel-debuginfo-3.1.10-1.23.1.g8645a72 kernel-default-3.1.10-1.23.1.g8645a72 kernel-default-base-3.1.10-1.23.1.g8645a72 kernel-default-base-debuginfo-3.1.10-1.23.1.g8645a72 kernel-default-debuginfo-3.1.10-1.23.1.g8645a72 kernel-default-debugsource-3.1.10-1.23.1.g8645a72 kernel-default-devel-3.1.10-1.23.1.g8645a72 kernel-default-devel-debuginfo-3.1.10-1.23.1.g8645a72 kernel-desktop-3.1.10-1.23.1.g8645a72 kernel-desktop-base-3.1.10-1.23.1.g8645a72 kernel-desktop-base-debuginfo-3.1.10-1.23.1.g8645a72 kernel-desktop-debuginfo-3.1.10-1.23.1.g8645a72 kernel-desktop-debugsource-3.1.10-1.23.1.g8645a72 kernel-desktop-devel-3.1.10-1.23.1.g8645a72 kernel-desktop-devel-debuginfo-3.1.10-1.23.1.g8645a72 kernel-ec2-3.1.10-1.23.1.g8645a72 kernel-ec2-base-3.1.10-1.23.1.g8645a72 kernel-ec2-base-debuginfo-3.1.10-1.23.1.g8645a72 kernel-ec2-debuginfo-3.1.10-1.23.1.g8645a72 kernel-ec2-debugsource-3.1.10-1.23.1.g8645a72 kernel-ec2-devel-3.1.10-1.23.1.g8645a72 kernel-ec2-devel-debuginfo-3.1.10-1.23.1.g8645a72 kernel-ec2-extra-3.1.10-1.23.1.g8645a72 kernel-ec2-extra-debuginfo-3.1.10-1.23.1.g8645a72 kernel-syms-3.1.10-1.23.1.g8645a72 kernel-trace-3.1.10-1.23.1.g8645a72 kernel-trace-base-3.1.10-1.23.1.g8645a72 kernel-trace-base-debuginfo-3.1.10-1.23.1.g8645a72 kernel-trace-debuginfo-3.1.10-1.23.1.g8645a72 kernel-trace-debugsource-3.1.10-1.23.1.g8645a72 kernel-trace-devel-3.1.10-1.23.1.g8645a72 kernel-trace-devel-debuginfo-3.1.10-1.23.1.g8645a72 kernel-vanilla-3.1.10-1.23.1.g8645a72 kernel-vanilla-base-3.1.10-1.23.1.g8645a72 kernel-vanilla-base-debuginfo-3.1.10-1.23.1.g8645a72 kernel-vanilla-debuginfo-3.1.10-1.23.1.g8645a72 kernel-vanilla-debugsource-3.1.10-1.23.1.g8645a72 kernel-vanilla-devel-3.1.10-1.23.1.g8645a72 kernel-vanilla-devel-debuginfo-3.1.10-1.23.1.g8645a72 kernel-xen-3.1.10-1.23.1.g8645a72 kernel-xen-base-3.1.10-1.23.1.g8645a72 kernel-xen-base-debuginfo-3.1.10-1.23.1.g8645a72 kernel-xen-debuginfo-3.1.10-1.23.1.g8645a72 kernel-xen-debugsource-3.1.10-1.23.1.g8645a72 kernel-xen-devel-3.1.10-1.23.1.g8645a72 kernel-xen-devel-debuginfo-3.1.10-1.23.1.g8645a72 - openSUSE 12.1 (noarch): kernel-devel-3.1.10-1.23.1.g8645a72 kernel-docs-3.1.10-1.23.2.g8645a72 kernel-source-3.1.10-1.23.1.g8645a72 kernel-source-vanilla-3.1.10-1.23.1.g8645a72 - openSUSE 12.1 (i586): kernel-pae-3.1.10-1.23.1.g8645a72 kernel-pae-base-3.1.10-1.23.1.g8645a72 kernel-pae-base-debuginfo-3.1.10-1.23.1.g8645a72 kernel-pae-debuginfo-3.1.10-1.23.1.g8645a72 kernel-pae-debugsource-3.1.10-1.23.1.g8645a72 kernel-pae-devel-3.1.10-1.23.1.g8645a72 kernel-pae-devel-debuginfo-3.1.10-1.23.1.g8645a72


References

https://www.suse.com/security/cve/CVE-2013-0913.html https://www.suse.com/security/cve/CVE-2013-1767.html https://www.suse.com/security/cve/CVE-2013-1774.html https://www.suse.com/security/cve/CVE-2013-1796.html https://www.suse.com/security/cve/CVE-2013-1797.html https://www.suse.com/security/cve/CVE-2013-1798.html https://www.suse.com/security/cve/CVE-2013-2094.html https://bugzilla.novell.com/806138 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808829 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/813735 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819789--


Severity
Announcement ID: openSUSE-SU-2013:0847-1
Rating: important
Affected Products: openSUSE 12.1 le.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved