openSUSE: 2013:1042-1: critical: kernel

   openSUSE Security Update: kernel: security and bugfix update
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:1042-1
Rating:             critical
References:         #790920 #803931 #815745 #818327 #819519 #819789 
                    #821560 #822722 
Cross-References:   CVE-2013-0290 CVE-2013-2094 CVE-2013-2850
                   
Affected Products:
                    openSUSE 12.2
______________________________________________________________________________

   An update that solves three vulnerabilities and has 5 fixes
   is now available.

Description:


   The openSUSE 12.2 kernel was updated to fix security issue
   and other bugs.

   Security issues fixed: CVE-2013-2850: Incorrect strncpy
   usage in the network listening part of the iscsi target
   driver could have been used by remote attackers to crash
   the kernel or execute code.

   This required the iscsi target running on the machine and
   the attacker able to make a network connection to it (aka
   not filtered by firewalls).

   CVE-2013-2094: The perf_swevent_init function in
   kernel/events/core.c in the Linux kernel used an incorrect
   integer data type, which allowed local users to gain
   privileges via a crafted perf_event_open system call.

   CVE-2013-0290: The __skb_recv_datagram function in
   net/core/datagram.c in the Linux kernel did not properly
   handle the MSG_PEEK flag with zero-length data, which
   allowed local users to cause a denial of service (infinite
   loop and system hang) via a crafted application.

   Bugs fixed:
   - reiserfs: fix spurious multiple-fill in
   reiserfs_readdir_dentry (bnc#822722).

   - reiserfs: fix problems with chowning setuid file w/
   xattrs (bnc#790920).

   - qlge: fix dma map leak when the last chunk is not
   allocated (bnc#819519).

   - Update config files: disable UCB1400 on all but ARM
   Currently UCB1400 is only used on ARM OMAP systems, and
   part of the code is dead code that can't even be
   modularized.
   - CONFIG_UCB1400_CORE=n
   - CONFIG_TOUCHSCREEN_UCB1400=n
   - CONFIG_GPIO_UCB1400=n

   - mm/mmap: check for RLIMIT_AS before unmapping
   (bnc#818327).
   - unix/stream: fix peeking with an offset larger than data
   in queue (bnc#803931 CVE-2013-0290).
   - unix/dgram: fix peeking with an offset larger than data
   in queue (bnc#803931 CVE-2013-0290).
   - unix/dgram: peek beyond 0-sized skbs (bnc#803931
   CVE-2013-0290).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.2:

      zypper in -t patch openSUSE-2013-512

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.2 (i586 x86_64):

      kernel-default-3.4.47-2.38.1
      kernel-default-base-3.4.47-2.38.1
      kernel-default-base-debuginfo-3.4.47-2.38.1
      kernel-default-debuginfo-3.4.47-2.38.1
      kernel-default-debugsource-3.4.47-2.38.1
      kernel-default-devel-3.4.47-2.38.1
      kernel-default-devel-debuginfo-3.4.47-2.38.1
      kernel-syms-3.4.47-2.38.1

   - openSUSE 12.2 (i686 x86_64):

      kernel-debug-3.4.47-2.38.1
      kernel-debug-base-3.4.47-2.38.1
      kernel-debug-base-debuginfo-3.4.47-2.38.1
      kernel-debug-debuginfo-3.4.47-2.38.1
      kernel-debug-debugsource-3.4.47-2.38.1
      kernel-debug-devel-3.4.47-2.38.1
      kernel-debug-devel-debuginfo-3.4.47-2.38.1
      kernel-desktop-3.4.47-2.38.1
      kernel-desktop-base-3.4.47-2.38.1
      kernel-desktop-base-debuginfo-3.4.47-2.38.1
      kernel-desktop-debuginfo-3.4.47-2.38.1
      kernel-desktop-debugsource-3.4.47-2.38.1
      kernel-desktop-devel-3.4.47-2.38.1
      kernel-desktop-devel-debuginfo-3.4.47-2.38.1
      kernel-ec2-3.4.47-2.38.1
      kernel-ec2-base-3.4.47-2.38.1
      kernel-ec2-base-debuginfo-3.4.47-2.38.1
      kernel-ec2-debuginfo-3.4.47-2.38.1
      kernel-ec2-debugsource-3.4.47-2.38.1
      kernel-ec2-devel-3.4.47-2.38.1
      kernel-ec2-devel-debuginfo-3.4.47-2.38.1
      kernel-ec2-extra-3.4.47-2.38.1
      kernel-ec2-extra-debuginfo-3.4.47-2.38.1
      kernel-trace-3.4.47-2.38.1
      kernel-trace-base-3.4.47-2.38.1
      kernel-trace-base-debuginfo-3.4.47-2.38.1
      kernel-trace-debuginfo-3.4.47-2.38.1
      kernel-trace-debugsource-3.4.47-2.38.1
      kernel-trace-devel-3.4.47-2.38.1
      kernel-trace-devel-debuginfo-3.4.47-2.38.1
      kernel-vanilla-3.4.47-2.38.1
      kernel-vanilla-debuginfo-3.4.47-2.38.1
      kernel-vanilla-debugsource-3.4.47-2.38.1
      kernel-vanilla-devel-3.4.47-2.38.1
      kernel-vanilla-devel-debuginfo-3.4.47-2.38.1
      kernel-xen-3.4.47-2.38.1
      kernel-xen-base-3.4.47-2.38.1
      kernel-xen-base-debuginfo-3.4.47-2.38.1
      kernel-xen-debuginfo-3.4.47-2.38.1
      kernel-xen-debugsource-3.4.47-2.38.1
      kernel-xen-devel-3.4.47-2.38.1
      kernel-xen-devel-debuginfo-3.4.47-2.38.1

   - openSUSE 12.2 (noarch):

      kernel-devel-3.4.47-2.38.1
      kernel-docs-3.4.47-2.38.2
      kernel-source-3.4.47-2.38.1
      kernel-source-vanilla-3.4.47-2.38.1

   - openSUSE 12.2 (i686):

      kernel-pae-3.4.47-2.38.1
      kernel-pae-base-3.4.47-2.38.1
      kernel-pae-base-debuginfo-3.4.47-2.38.1
      kernel-pae-debuginfo-3.4.47-2.38.1
      kernel-pae-debugsource-3.4.47-2.38.1
      kernel-pae-devel-3.4.47-2.38.1
      kernel-pae-devel-debuginfo-3.4.47-2.38.1


References:

   https://www.suse.com/security/cve/CVE-2013-0290.html
   https://www.suse.com/security/cve/CVE-2013-2094.html
   https://www.suse.com/security/cve/CVE-2013-2850.html
   https://bugzilla.novell.com/790920
   https://bugzilla.novell.com/803931
   https://bugzilla.novell.com/815745
   https://bugzilla.novell.com/818327
   https://bugzilla.novell.com/819519
   https://bugzilla.novell.com/819789
   https://bugzilla.novell.com/821560
   https://bugzilla.novell.com/822722

--
openSUSE: 2013:1042-1: critical: kernel

Description

Patch

Package List

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
