Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE 12.3: 2013:1043-1 Critical: Kernel Network Issue

opensuse
Calendar Grey June 19, 2013
Dist Opensuse Esm H88
Ubuntu's latest patch addresses urgent kernel vulnerabilities and bugs. Improve your system's protection now!
An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now...

Description

The openSUSE 12.3 kernel was updated to fix a critical

security issue and two reiserfs bugs.

CVE-2013-2850: Incorrect strncpy usage in the network

listening part of the iscsi target driver could have been

used by remote attackers to crash the kernel or execute

code.

This required the iscsi target running on the machine and

the attacker able to make a network connection to it (aka

not filtered by firewalls).

Bugs fixed:

- reiserfs: fix spurious multiple-fill in

reiserfs_readdir_dentry (bnc#822722).

- reiserfs: fix problems with chowning setuid file w/

xattrs (bnc#790920).

- iscsi-target: fix heap buffer overflow on error

(CVE-2013-2850, bnc#821560).

Topics%20covered

Topics Covered

security advisory update critical kernel network issue openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-513

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.3 (i586 x86_64):

kernel-default-3.7.10-1.16.1

kernel-default-base-3.7.10-1.16.1

kernel-default-devel-3.7.10-1.16.1

kernel-syms-3.7.10-1.16.1

- openSUSE 12.3 (i686 x86_64):

kernel-debug-3.7.10-1.16.1

kernel-debug-base-3.7.10-1.16.1

kernel-debug-devel-3.7.10-1.16.1

kernel-desktop-3.7.10-1.16.1

kernel-desktop-base-3.7.10-1.16.1

kernel-desktop-devel-3.7.10-1.16.1

kernel-ec2-3.7.10-1.16.1

kernel-ec2-base-3.7.10-1.16.1

kernel-ec2-base-debuginfo-3.7.10-1.16.1

kernel-ec2-debuginfo-3.7.10-1.16.1

kernel-ec2-debugsource-3.7.10-1.16.1

kernel-ec2-devel-3.7.10-1.16.1

kernel-ec2-devel-debuginfo-3.7.10-1.16.1

kernel-trace-3.7.10-1.16.1

kernel-trace-base-3.7.10-1.16.1

kernel-trace-devel-3.7.10-1.16.1

kernel-vanilla-3.7.10-1.16.1

kernel-vanilla-devel-3.7.10-1.16.1

kernel-xen-3.7.10-1.16.1

kernel-xen-base-3.7.10-1.16.1

kernel-xen-devel-3.7.10-1.16.1

- openSUSE 12.3 (noarch):

kernel-devel-3.7.10-1.16.1

kernel-docs-3.7.10-1.16.1

kernel-source-3.7.10-1.16.1

kernel-source-vanilla-3.7.10-1.16.1

- openSUSE 12.3 (i686):

kernel-de...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2013-2850.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:1043-1
Rating: critical
Affected Products: openSUSE 12.3

Topics%20covered

Topics Covered

security advisory update critical kernel network issue openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here