openSUSE: 2013:1187-1: important: 3.0.80 kernel update
Description
The kernel was updated to Linux kernel 3.0.80, fixing
various bugs and security issues.
Following security issues were fixed: CVE-2013-0160:
Timing side channel on attacks were possible on /dev/ptmx
that could allow local attackers to predict keypresses like
e.g. passwords. This has been fixed again by updating
accessed/modified time on the pty devices in resolution of
8 seconds, so that idle time detection can still work.
CVE-2013-3222: The vcc_recvmsg function in
net/atm/common.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom
system call.
CVE-2013-3225: The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3227: The caif_seqpkt_recvmsg function in
net/caif/caif_socket.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3235: net/tipc/socket.c in the Linux kernel did
not initialize a certain data structure and a certain
length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
CVE-2013-3076: The crypto API in the Linux kernel did
not initialize certain length variables, which allowed
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call,
related to the hash_recvmsg function in crypto/algif_hash.c
and the skcipher_recvmsg function in
crypto/algif_skcipher.c.
CVE-2013-1979: The scm_set_cred function in
include/net/scm.h in the Linux kernel used incorrect uid
and gid values during credentials passing, which allowed
local users to gain privileges via a crafted application.
A kernel information leak via tkill/tgkill was fixed.
Following bugs were fixed:
- reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry (bnc#822722).
- libfc: do not exch_done() on invalid sequence ptr
(bnc#810722).
- netfilter: ip6t_LOG: fix logging of packet mark
(bnc#821930).
- hyperv: use 3.4 as LIC version string (bnc#822431).
- virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
(bnc#819655).
- xen/netback: do not disconnect frontend when seeing
oversize packet.
- xen/netfront: reduce gso_max_size to account for max
TCP header.
- xen/netfront: fix kABI after "reduce gso_max_size to
account for max TCP header".
- xfs: Fix kABI due to change in xfs_buf (bnc#815356).
- xfs: fix race while discarding buffers [V4]
(bnc#815356 (comment 36)).
- xfs: Serialize file-extending direct IO (bnc#818371).
- xhci: Do not switch webcams in some HP ProBooks to
XHCI (bnc#805804).
- bluetooth: Do not switch BT on HP ProBook 4340
(bnc#812281).
- s390/ftrace: fix mcount adjustment (bnc#809895).
- mm: memory_dev_init make sure nmi watchdog does not
trigger while registering memory sections (bnc#804609,
bnc#820434).
- patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid
pathological backwards allocation (bnc#805945).
- mm: compaction: Restart compaction from near where it
left off
- mm: compaction: cache if a pageblock was scanned and
no pages were isolated
- mm: compaction: clear PG_migrate_skip based on
compaction and reclaim activity
- mm: compaction: Scan PFN caching KABI workaround
- mm: page_allocator: Remove first_pass guard
- mm: vmscan: do not stall on writeback during memory
compaction Cache compaction restart points for faster
compaction cycles (bnc#816451)
- qlge: fix dma map leak when the last chunk is not
allocated (bnc#819519).
- SUNRPC: Get rid of the redundant xprt->shutdown bit
field (bnc#800907).
- SUNRPC: Ensure that we grab the XPRT_LOCK before
calling xprt_alloc_slot (bnc#800907).
- SUNRPC: Fix a UDP transport regression (bnc#800907).
- SUNRPC: Allow caller of rpc_sleep_on() to select
priority levels (bnc#800907).
- SUNRPC: Replace xprt->resend and xprt->sending with a
priority queue (bnc#800907).
- SUNRPC: Fix potential races in xprt_lock_write_next()
(bnc#800907).
- md: cannot re-add disks after recovery (bnc#808647).
- fs/xattr.c:getxattr(): improve handling of allocation
failures (bnc#818053).
- fs/xattr.c:listxattr(): fall back to vmalloc() if
kmalloc() failed (bnc#818053).
- fs/xattr.c:setxattr(): improve handling of allocation
failures (bnc#818053).
- fs/xattr.c: suppress page allocation failure warnings
from sys_listxattr() (bnc#818053).
- virtio-blk: Call revalidate_disk() upon online disk
resize (bnc#817339).
- usb-storage: CY7C68300A chips do not support Cypress
ATACB (bnc#819295).
- patches.kernel.org/patch-3.0.60-61: Update references
(add bnc#810580).
- usb: Using correct way to clear usb3.0 devices remote
wakeup feature (bnc#818516).
- xhci: Fix TD size for isochronous URBs (bnc#818514).
- ALSA: hda - fixup D3 pin and right channel mute on
Haswell HDMI audio (bnc#818798).
- ALSA: hda - Apply pin-enablement workaround to all
Haswell HDMI codecs (bnc#818798).
- xfs: fallback to vmalloc for large buffers in
xfs_attrmulti_attr_get (bnc#818053).
- xfs: fallback to vmalloc for large buffers in
xfs_attrlist_by_handle (bnc#818053).
- xfs: xfs: fallback to vmalloc for large buffers in
xfs_compat_attrlist_by_handle (bnc#818053).
- xHCI: store rings type.
- xhci: Fix hang on back-to-back Set TR Deq Ptr commands.
- xHCI: check enqueue pointer advance into dequeue seg.
- xHCI: store rings last segment and segment numbers.
- xHCI: Allocate 2 segments for transfer ring.
- xHCI: count free TRBs on transfer ring.
- xHCI: factor out segments allocation and free function.
- xHCI: update sg tablesize.
- xHCI: set cycle state when allocate rings.
- xhci: Reserve one command for USB3 LPM disable.
- xHCI: dynamic ring expansion.
- xhci: Do not warn on empty ring for suspended devices.
- md/raid1: Do not release reference to device while
handling read error (bnc#809122, bnc#814719).
- rpm/mkspec: Stop generating the get_release_number.sh
file.
- rpm/kernel-spec-macros: Properly handle KOTD release
numbers with .g
Patch
Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-109 To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 11.4 (i586 x86_64): kernel-debug-3.0.80-52.1 kernel-debug-base-3.0.80-52.1 kernel-debug-base-debuginfo-3.0.80-52.1 kernel-debug-debuginfo-3.0.80-52.1 kernel-debug-debugsource-3.0.80-52.1 kernel-debug-devel-3.0.80-52.1 kernel-debug-devel-debuginfo-3.0.80-52.1 kernel-debug-hmac-3.0.80-52.1 kernel-default-3.0.80-52.1 kernel-default-base-3.0.80-52.1 kernel-default-base-debuginfo-3.0.80-52.1 kernel-default-debuginfo-3.0.80-52.1 kernel-default-debugsource-3.0.80-52.1 kernel-default-devel-3.0.80-52.1 kernel-default-devel-debuginfo-3.0.80-52.1 kernel-default-hmac-3.0.80-52.1 kernel-desktop-3.0.80-52.1 kernel-desktop-base-3.0.80-52.1 kernel-desktop-base-debuginfo-3.0.80-52.1 kernel-desktop-debuginfo-3.0.80-52.1 kernel-desktop-debugsource-3.0.80-52.1 kernel-desktop-devel-3.0.80-52.1 kernel-desktop-devel-debuginfo-3.0.80-52.1 kernel-desktop-hmac-3.0.80-52.1 kernel-ec2-3.0.80-52.1 kernel-ec2-base-3.0.80-52.1 kernel-ec2-base-debuginfo-3.0.80-52.1 kernel-ec2-debuginfo-3.0.80-52.1 kernel-ec2-debugsource-3.0.80-52.1 kernel-ec2-devel-3.0.80-52.1 kernel-ec2-devel-debuginfo-3.0.80-52.1 kernel-ec2-extra-3.0.80-52.1 kernel-ec2-extra-debuginfo-3.0.80-52.1 kernel-ec2-hmac-3.0.80-52.1 kernel-source-3.0.80-52.1 kernel-source-vanilla-3.0.80-52.1 kernel-syms-3.0.80-52.1 kernel-trace-3.0.80-52.1 kernel-trace-base-3.0.80-52.1 kernel-trace-base-debuginfo-3.0.80-52.1 kernel-trace-debuginfo-3.0.80-52.1 kernel-trace-debugsource-3.0.80-52.1 kernel-trace-devel-3.0.80-52.1 kernel-trace-devel-debuginfo-3.0.80-52.1 kernel-trace-hmac-3.0.80-52.1 kernel-vanilla-3.0.80-52.1 kernel-vanilla-base-3.0.80-52.1 kernel-vanilla-base-debuginfo-3.0.80-52.1 kernel-vanilla-debuginfo-3.0.80-52.1 kernel-vanilla-debugsource-3.0.80-52.1 kernel-vanilla-devel-3.0.80-52.1 kernel-vanilla-devel-debuginfo-3.0.80-52.1 kernel-vanilla-hmac-3.0.80-52.1 kernel-xen-3.0.80-52.1 kernel-xen-base-3.0.80-52.1 kernel-xen-base-debuginfo-3.0.80-52.1 kernel-xen-debuginfo-3.0.80-52.1 kernel-xen-debugsource-3.0.80-52.1 kernel-xen-devel-3.0.80-52.1 kernel-xen-devel-debuginfo-3.0.80-52.1 kernel-xen-hmac-3.0.80-52.1 preload-1.2-6.35.1 preload-debuginfo-1.2-6.35.1 preload-debugsource-1.2-6.35.1 preload-kmp-default-1.2_3.0.80_52-6.35.1 preload-kmp-default-debuginfo-1.2_3.0.80_52-6.35.1 preload-kmp-desktop-1.2_3.0.80_52-6.35.1 preload-kmp-desktop-debuginfo-1.2_3.0.80_52-6.35.1 - openSUSE 11.4 (noarch): kernel-docs-3.0.80-52.2 - openSUSE 11.4 (i586): kernel-pae-3.0.80-52.1 kernel-pae-base-3.0.80-52.1 kernel-pae-base-debuginfo-3.0.80-52.1 kernel-pae-debuginfo-3.0.80-52.1 kernel-pae-debugsource-3.0.80-52.1 kernel-pae-devel-3.0.80-52.1 kernel-pae-devel-debuginfo-3.0.80-52.1 kernel-pae-hmac-3.0.80-52.1 kernel-vmi-3.0.80-52.1 kernel-vmi-base-3.0.80-52.1 kernel-vmi-base-debuginfo-3.0.80-52.1 kernel-vmi-debuginfo-3.0.80-52.1 kernel-vmi-debugsource-3.0.80-52.1 kernel-vmi-devel-3.0.80-52.1 kernel-vmi-devel-debuginfo-3.0.80-52.1 kernel-vmi-hmac-3.0.80-52.1
References
https://www.suse.com/security/cve/CVE-2012-6548.html https://www.suse.com/security/cve/CVE-2012-6549.html https://www.suse.com/security/cve/CVE-2013-0160.html https://www.suse.com/security/cve/CVE-2013-0268.html https://www.suse.com/security/cve/CVE-2013-0311.html https://www.suse.com/security/cve/CVE-2013-0914.html https://www.suse.com/security/cve/CVE-2013-1772.html https://www.suse.com/security/cve/CVE-2013-1792.html https://www.suse.com/security/cve/CVE-2013-1796.html https://www.suse.com/security/cve/CVE-2013-1797.html https://www.suse.com/security/cve/CVE-2013-1798.html https://www.suse.com/security/cve/CVE-2013-2634.html https://www.suse.com/security/cve/CVE-2013-2635.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802642 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/804656 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806238 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808358 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/808827 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/809902 https://bugzilla.novell.com/809903 https://bugzilla.novell.com/810473 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722