openSUSE: 2013:0951-1: critical: kernel
Description
The openSUSE 12.3 kernel was updated to fix a critical
security issue, other security issues and several bugs.
Security issues fixed: CVE-2013-2094: The perf_swevent_init
function in kernel/events/core.c in the Linux kernel used
an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_event_open system
call.
CVE-2013-0290: The __skb_recv_datagram function in
net/core/datagram.c in the Linux kernel did not properly
handle the MSG_PEEK flag with zero-length data, which
allowed local users to cause a denial of service (infinite
loop and system hang) via a crafted application.
Bugs fixed:
- qlge: fix dma map leak when the last chunk is not
allocated (bnc#819519).
- ACPI / thermal: do not always return
THERMAL_TREND_RAISING for active trip points (bnc#820048).
- perf: Treat attr.config as u64 in perf_swevent_init()
(bnc#819789, CVE-2013-2094).
- cxgb4: fix error recovery when t4_fw_hello returns a
positive value (bnc#818497).
- kabi/severities: Ignore drivers/mfd/ucb1400_core It
provides internal exports to UCB1400 drivers, that we
have just disabled.
- Fix -devel package for armv7hl armv7hl kernel flavors in
the non-multiplatform configuration (which is the default
for our openSUSE 12.3 release), needs more header files
from the machine specific directories to be included in
kernel-devel.
- Update config files: disable UCB1400 on all but ARM
Currently UCB1400 is only used on ARM OMAP systems, and
part of the code is dead code that can't even be
modularized.
- CONFIG_UCB1400_CORE=n
- CONFIG_TOUCHSCREEN_UCB1400=n
- CONFIG_GPIO_UCB1400=n
- rpm/config.sh: Drop the ARM repository, the KOTD will
build against the "ports" repository of openSUSE:12.3
- mm/mmap: check for RLIMIT_AS before unmapping
(bnc#818327).
- rpm/kernel-spec-macros: Properly handle KOTD release
numbers with .g
Patch
Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-452 To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 12.3 (i586 x86_64): kernel-default-3.7.10-1.11.1 kernel-default-base-3.7.10-1.11.1 kernel-default-devel-3.7.10-1.11.1 kernel-syms-3.7.10-1.11.1 - openSUSE 12.3 (i686 x86_64): kernel-debug-3.7.10-1.11.1 kernel-debug-base-3.7.10-1.11.1 kernel-debug-devel-3.7.10-1.11.1 kernel-desktop-3.7.10-1.11.1 kernel-desktop-base-3.7.10-1.11.1 kernel-desktop-devel-3.7.10-1.11.1 kernel-ec2-3.7.10-1.11.1 kernel-ec2-base-3.7.10-1.11.1 kernel-ec2-base-debuginfo-3.7.10-1.11.1 kernel-ec2-debuginfo-3.7.10-1.11.1 kernel-ec2-debugsource-3.7.10-1.11.1 kernel-ec2-devel-3.7.10-1.11.1 kernel-ec2-devel-debuginfo-3.7.10-1.11.1 kernel-trace-3.7.10-1.11.1 kernel-trace-base-3.7.10-1.11.1 kernel-trace-devel-3.7.10-1.11.1 kernel-vanilla-3.7.10-1.11.1 kernel-vanilla-devel-3.7.10-1.11.1 kernel-xen-3.7.10-1.11.1 kernel-xen-base-3.7.10-1.11.1 kernel-xen-devel-3.7.10-1.11.1 - openSUSE 12.3 (noarch): kernel-devel-3.7.10-1.11.1 kernel-docs-3.7.10-1.11.1 kernel-source-3.7.10-1.11.1 kernel-source-vanilla-3.7.10-1.11.1 - openSUSE 12.3 (i686): kernel-debug-base-debuginfo-3.7.10-1.11.1 kernel-debug-debuginfo-3.7.10-1.11.1 kernel-debug-debugsource-3.7.10-1.11.1 kernel-debug-devel-debuginfo-3.7.10-1.11.1 kernel-desktop-base-debuginfo-3.7.10-1.11.1 kernel-desktop-debuginfo-3.7.10-1.11.1 kernel-desktop-debugsource-3.7.10-1.11.1 kernel-desktop-devel-debuginfo-3.7.10-1.11.1 kernel-pae-3.7.10-1.11.1 kernel-pae-base-3.7.10-1.11.1 kernel-pae-base-debuginfo-3.7.10-1.11.1 kernel-pae-debuginfo-3.7.10-1.11.1 kernel-pae-debugsource-3.7.10-1.11.1 kernel-pae-devel-3.7.10-1.11.1 kernel-pae-devel-debuginfo-3.7.10-1.11.1 kernel-trace-base-debuginfo-3.7.10-1.11.1 kernel-trace-debuginfo-3.7.10-1.11.1 kernel-trace-debugsource-3.7.10-1.11.1 kernel-trace-devel-debuginfo-3.7.10-1.11.1 kernel-vanilla-debuginfo-3.7.10-1.11.1 kernel-vanilla-debugsource-3.7.10-1.11.1 kernel-vanilla-devel-debuginfo-3.7.10-1.11.1 kernel-xen-base-debuginfo-3.7.10-1.11.1 kernel-xen-debuginfo-3.7.10-1.11.1 kernel-xen-debugsource-3.7.10-1.11.1 kernel-xen-devel-debuginfo-3.7.10-1.11.1 - openSUSE 12.3 (i586): kernel-default-base-debuginfo-3.7.10-1.11.1 kernel-default-debuginfo-3.7.10-1.11.1 kernel-default-debugsource-3.7.10-1.11.1 kernel-default-devel-debuginfo-3.7.10-1.11.1
References
https://www.suse.com/security/cve/CVE-2013-0290.html https://www.suse.com/security/cve/CVE-2013-2094.html https://bugzilla.novell.com/803931 https://bugzilla.novell.com/813889 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818497 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820048--