Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE 12.3: 2013:0951-1 Critical: Kernel Privilege Escalation

opensuse
Calendar Grey June 10, 2013
Dist Opensuse Esm H88
openSUSE Security Update for kernel fixes critical issues and important bugs enhancing overall system security and stability.
An update that solves two vulnerabilities and has 6 fixes is now available.

Description

The openSUSE 12.3 kernel was updated to fix a critical

security issue, other security issues and several bugs.

Security issues fixed: CVE-2013-2094: The perf_swevent_init

function in kernel/events/core.c in the Linux kernel used

an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_event_open system

call.

CVE-2013-0290: The __skb_recv_datagram function in

net/core/datagram.c in the Linux kernel did not properly

handle the MSG_PEEK flag with zero-length data, which

allowed local users to cause a denial of service (infinite

loop and system hang) via a crafted application.

Bugs fixed:

- qlge: fix dma map leak when the last chunk is not

allocated (bnc#819519).

- ACPI / thermal: do not always return

THERMAL_TREND_RAISING for active trip points (bnc#820048).

- perf: Treat attr.config as u64 in perf_swevent_init()

(bnc#819789, CVE-2013-2094).

- cxgb4: fix error recovery when...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue critical update kernel system patch openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-452

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.3 (i586 x86_64):

kernel-default-3.7.10-1.11.1

kernel-default-base-3.7.10-1.11.1

kernel-default-devel-3.7.10-1.11.1

kernel-syms-3.7.10-1.11.1

- openSUSE 12.3 (i686 x86_64):

kernel-debug-3.7.10-1.11.1

kernel-debug-base-3.7.10-1.11.1

kernel-debug-devel-3.7.10-1.11.1

kernel-desktop-3.7.10-1.11.1

kernel-desktop-base-3.7.10-1.11.1

kernel-desktop-devel-3.7.10-1.11.1

kernel-ec2-3.7.10-1.11.1

kernel-ec2-base-3.7.10-1.11.1

kernel-ec2-base-debuginfo-3.7.10-1.11.1

kernel-ec2-debuginfo-3.7.10-1.11.1

kernel-ec2-debugsource-3.7.10-1.11.1

kernel-ec2-devel-3.7.10-1.11.1

kernel-ec2-devel-debuginfo-3.7.10-1.11.1

kernel-trace-3.7.10-1.11.1

kernel-trace-base-3.7.10-1.11.1

kernel-trace-devel-3.7.10-1.11.1

kernel-vanilla-3.7.10-1.11.1

kernel-vanilla-devel-3.7.10-1.11.1

kernel-xen-3.7.10-1.11.1

kernel-xen-base-3.7.10-1.11.1

kernel-xen-devel-3.7.10-1.11.1

- openSUSE 12.3 (noarch):

kernel-devel-3.7.10-1.11.1

kernel-docs-3.7.10-1.11.1

kernel-source-3.7.10-1.11.1

kernel-source-vanilla-3.7.10-1.11.1

- openSUSE 12.3 (i686):

kernel-de...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2013-0290.html

https://www.suse.com/security/cve/CVE-2013-2094.html

--

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:0951-1
Rating: critical
Affected Products: openSUSE 12.3 le.

Topics%20covered

Topics Covered

security advisory security issue critical update kernel system patch openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here