Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE 12.1: 2013:1005-1 Critical: iscsi Code Execution Risk

opensuse
Calendar Grey June 13, 2013
Dist Opensuse Esm H88
A vital openSUSE Security Patch tackles kernel weaknesses and an iSCSI flaw affecting overall system stability.
An update that solves one vulnerability and has two fixes is now available.

Description

The openSUSE 12.1 kernel was updated to fix a critical

security issue and also some reiserfs bugs.

CVE-2013-2850: Incorrect strncpy usage in the network

listening part of the iscsi target driver could have been

used by remote attackers to crash the kernel or execute

code.

This required the iscsi target running on the machine and

the attacker able to make a network connection to it (aka

not filtered by firewalls).

Bugs:

- reiserfs: fix spurious multiple-fill in

reiserfs_readdir_dentry (bnc#822722).

- reiserfs: fix problems with chowning setuid file w/

xattrs (bnc#790920).

Topics%20covered

Topics Covered

security advisory critical kernel system integrity patches openSUSE iscsi

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-483

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.1 (i586 x86_64):

kernel-debug-3.1.10-1.29.1

kernel-debug-base-3.1.10-1.29.1

kernel-debug-base-debuginfo-3.1.10-1.29.1

kernel-debug-debuginfo-3.1.10-1.29.1

kernel-debug-debugsource-3.1.10-1.29.1

kernel-debug-devel-3.1.10-1.29.1

kernel-debug-devel-debuginfo-3.1.10-1.29.1

kernel-default-3.1.10-1.29.1

kernel-default-base-3.1.10-1.29.1

kernel-default-base-debuginfo-3.1.10-1.29.1

kernel-default-debuginfo-3.1.10-1.29.1

kernel-default-debugsource-3.1.10-1.29.1

kernel-default-devel-3.1.10-1.29.1

kernel-default-devel-debuginfo-3.1.10-1.29.1

kernel-desktop-3.1.10-1.29.1

kernel-desktop-base-3.1.10-1.29.1

kernel-desktop-base-debuginfo-3.1.10-1.29.1

kernel-desktop-debuginfo-3.1.10-1.29.1

kernel-desktop-debugsource-3.1.10-1.29.1

kernel-desktop-devel-3.1.10-1.29.1

kernel-desktop-devel-debuginfo-3.1.10-1.29.1

kernel-ec2-3.1.10-1.29.1

kernel-ec2-base-3.1.10-1.29.1

kernel-ec2-base-debuginfo-3.1.10-1.29.1

kernel-ec2-debuginfo-3.1.10-1.29.1

kernel-ec2-debugsource-3.1.10-1.29.1

kernel-ec2-devel-3.1.10-1.29.1

kernel-ec2-d...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2013-2850.html

--

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:1005-1
Rating: critical
Affected Products: openSUSE 12.1 le.

Topics%20covered

Topics Covered

security advisory critical kernel system integrity patches openSUSE iscsi

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here