What Are You Looking For?

Sign Up
   openSUSE Security Update: kernel: security and bugfix update
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:0985-1
Rating:             important
References:         #768714 #851686 #855657 #866101 #867531 #867723 
                    #879071 #880484 #882189 #883518 #883724 #883795 
                    #884840 #885422 #885725 #886629 
Cross-References:   CVE-2014-0100 CVE-2014-0131 CVE-2014-2309
                    CVE-2014-3917 CVE-2014-4014 CVE-2014-4171
                    CVE-2014-4508 CVE-2014-4652 CVE-2014-4653
                    CVE-2014-4654 CVE-2014-4655 CVE-2014-4656
                    CVE-2014-4667 CVE-2014-4699
Affected Products:
                    openSUSE 13.1
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has two fixes
   is now available.

Description:


   The Linux kernel was updated to fix security issues and bugs:

   Security issues fixed: CVE-2014-4699: The Linux kernel on Intel processors   did not properly restrict use of a non-canonical value for the saved RIP
   address in the case of a system call that does not use IRET, which allowed
   local users to leverage a race condition and gain privileges, or cause a
   denial of service (double fault), via a crafted application that makes
   ptrace and fork system calls.

   CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c
   in the Linux kernel did not properly manage a certain backlog value, which
   allowed remote attackers to cause a denial of service (socket
   outage) via a crafted SCTP packet.

   CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement
   the interaction between range notification and hole punching, which
   allowed local users to cause a denial of service (i_mutex hold) by using
   the mmap system call to access a hole, as demonstrated by interfering with
   intended shmem activity by blocking completion of (1) an MADV_REMOVE
   madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.

   CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit
   x86 platforms, when syscall auditing is enabled and the sep CPU feature
   flag is set, allowed local users to cause a denial of service (OOPS and
   system crash) via an invalid syscall number, as demonstrated by number
   1000.

   CVE-2014-0100: Race condition in the inet_frag_intern function in
   net/ipv4/inet_fragment.c in the Linux kernel allowed remote attackers to
   cause a denial of service (use-after-free error) or possibly have
   unspecified other impact via a large series of fragmented ICMP Echo
   Request packets to a system with a heavy CPU load.

   CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the
   ALSA control implementation in the Linux kernel allowed local users to
   cause a denial of service by leveraging /dev/snd/controlCX access, related
   to (1) index values in the snd_ctl_add function and (2) numid values in
   the snd_ctl_remove_numid_conflict function.

   CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in
   the ALSA control implementation in the Linux kernel did not properly
   maintain the user_ctl_count value, which allowed local users to cause a
   denial of service (integer overflow and limit bypass) by leveraging
   /dev/snd/controlCX access for a large number of
   SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.

   CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in
   the ALSA control implementation in the Linux kernel did not check
   authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed
   local users to remove kernel controls and cause a denial of service
   (use-after-free and system crash) by leveraging /dev/snd/controlCX access
   for an ioctl call.

   CVE-2014-4653: sound/core/control.c in the ALSA control implementation in
   the Linux kernel did not ensure possession of a read/write lock, which
   allowed local users to cause a denial of service (use-after-free) and
   obtain sensitive information from kernel memory by leveraging
   /dev/snd/controlCX access.

   CVE-2014-4652: Race condition in the tlv handler functionality in the
   snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control
   implementation in the Linux kernel allowed local users to obtain sensitive
   information from kernel memory by leveraging /dev/snd/controlCX access.

   CVE-2014-4014: The capabilities implementation in the Linux kernel did not
   properly consider that namespaces are inapplicable to inodes, which
   allowed local users to bypass intended chmod restrictions by first
   creating a user namespace, as demonstrated by setting the setgid bit on a
   file with group ownership of root.

   CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux
   kernel did not properly count the addition of routes, which allowed remote
   attackers to cause a denial of service (memory consumption) via a flood of
   ICMPv6 Router Advertisement packets.

   CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
   CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local
   users to obtain potentially sensitive single-bit values from kernel memory
   or cause a denial of service (OOPS) via a large value of a syscall number.

   CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in
   net/core/skbuff.c in the Linux kernel allowed attackers to obtain
   sensitive information from kernel memory by leveraging the absence of a
   certain orphaning operation.

   Bugs fixed:
   - Don't trigger congestion wait on dirty-but-not-writeout pages
     (bnc#879071).

   - via-velocity: fix netif_receive_skb use in irq disabled section
     (bnc#851686).

   - HID: logitech-dj: Fix USB 3.0 issue (bnc#886629).

   - tg3: Change nvram command timeout value to 50ms (bnc#768714 bnc#855657).

   - tg3: Override clock, link aware and link idle mode during NVRAM dump
     (bnc#768714 bnc#855657).

   - tg3: Set the MAC clock to the fastest speed during boot code load
     (bnc#768714 bnc#855657).

   - ALSA: usb-audio: Fix deadlocks at resuming (bnc#884840).
   - ALSA: usb-audio: Save mixer status only once at suspend (bnc#884840).
   - ALSA: usb-audio: Resume mixer values properly (bnc#884840).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2014-493

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.1 (i686 x86_64):

      kernel-debug-3.11.10-21.1
      kernel-debug-base-3.11.10-21.1
      kernel-debug-base-debuginfo-3.11.10-21.1
      kernel-debug-debuginfo-3.11.10-21.1
      kernel-debug-debugsource-3.11.10-21.1
      kernel-debug-devel-3.11.10-21.1
      kernel-debug-devel-debuginfo-3.11.10-21.1
      kernel-desktop-3.11.10-21.1
      kernel-desktop-base-3.11.10-21.1
      kernel-desktop-base-debuginfo-3.11.10-21.1
      kernel-desktop-debuginfo-3.11.10-21.1
      kernel-desktop-debugsource-3.11.10-21.1
      kernel-desktop-devel-3.11.10-21.1
      kernel-desktop-devel-debuginfo-3.11.10-21.1
      kernel-ec2-3.11.10-21.1
      kernel-ec2-base-3.11.10-21.1
      kernel-ec2-base-debuginfo-3.11.10-21.1
      kernel-ec2-debuginfo-3.11.10-21.1
      kernel-ec2-debugsource-3.11.10-21.1
      kernel-ec2-devel-3.11.10-21.1
      kernel-ec2-devel-debuginfo-3.11.10-21.1
      kernel-trace-3.11.10-21.1
      kernel-trace-base-3.11.10-21.1
      kernel-trace-base-debuginfo-3.11.10-21.1
      kernel-trace-debuginfo-3.11.10-21.1
      kernel-trace-debugsource-3.11.10-21.1
      kernel-trace-devel-3.11.10-21.1
      kernel-trace-devel-debuginfo-3.11.10-21.1
      kernel-vanilla-3.11.10-21.1
      kernel-vanilla-debuginfo-3.11.10-21.1
      kernel-vanilla-debugsource-3.11.10-21.1
      kernel-vanilla-devel-3.11.10-21.1
      kernel-vanilla-devel-debuginfo-3.11.10-21.1
      kernel-xen-3.11.10-21.1
      kernel-xen-base-3.11.10-21.1
      kernel-xen-base-debuginfo-3.11.10-21.1
      kernel-xen-debuginfo-3.11.10-21.1
      kernel-xen-debugsource-3.11.10-21.1
      kernel-xen-devel-3.11.10-21.1
      kernel-xen-devel-debuginfo-3.11.10-21.1

   - openSUSE 13.1 (i586 x86_64):

      cloop-2.639-11.13.1
      cloop-debuginfo-2.639-11.13.1
      cloop-debugsource-2.639-11.13.1
      cloop-kmp-default-2.639_k3.11.10_21-11.13.1
      cloop-kmp-default-debuginfo-2.639_k3.11.10_21-11.13.1
      cloop-kmp-desktop-2.639_k3.11.10_21-11.13.1
      cloop-kmp-desktop-debuginfo-2.639_k3.11.10_21-11.13.1
      cloop-kmp-xen-2.639_k3.11.10_21-11.13.1
      cloop-kmp-xen-debuginfo-2.639_k3.11.10_21-11.13.1
      crash-7.0.2-2.13.1
      crash-debuginfo-7.0.2-2.13.1
      crash-debugsource-7.0.2-2.13.1
      crash-devel-7.0.2-2.13.1
      crash-doc-7.0.2-2.13.1
      crash-eppic-7.0.2-2.13.1
      crash-eppic-debuginfo-7.0.2-2.13.1
      crash-gcore-7.0.2-2.13.1
      crash-gcore-debuginfo-7.0.2-2.13.1
      crash-kmp-default-7.0.2_k3.11.10_21-2.13.1
      crash-kmp-default-debuginfo-7.0.2_k3.11.10_21-2.13.1
      crash-kmp-desktop-7.0.2_k3.11.10_21-2.13.1
      crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_21-2.13.1
      crash-kmp-xen-7.0.2_k3.11.10_21-2.13.1
      crash-kmp-xen-debuginfo-7.0.2_k3.11.10_21-2.13.1
      hdjmod-debugsource-1.28-16.13.1
      hdjmod-kmp-default-1.28_k3.11.10_21-16.13.1
      hdjmod-kmp-default-debuginfo-1.28_k3.11.10_21-16.13.1
      hdjmod-kmp-desktop-1.28_k3.11.10_21-16.13.1
      hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_21-16.13.1
      hdjmod-kmp-xen-1.28_k3.11.10_21-16.13.1
      hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_21-16.13.1
      ipset-6.21.1-2.17.1
      ipset-debuginfo-6.21.1-2.17.1
      ipset-debugsource-6.21.1-2.17.1
      ipset-devel-6.21.1-2.17.1
      ipset-kmp-default-6.21.1_k3.11.10_21-2.17.1
      ipset-kmp-default-debuginfo-6.21.1_k3.11.10_21-2.17.1
      ipset-kmp-desktop-6.21.1_k3.11.10_21-2.17.1
      ipset-kmp-desktop-debuginfo-6.21.1_k3.11.10_21-2.17.1
      ipset-kmp-xen-6.21.1_k3.11.10_21-2.17.1
      ipset-kmp-xen-debuginfo-6.21.1_k3.11.10_21-2.17.1
      iscsitarget-1.4.20.3-13.13.1
      iscsitarget-debuginfo-1.4.20.3-13.13.1
      iscsitarget-debugsource-1.4.20.3-13.13.1
      iscsitarget-kmp-default-1.4.20.3_k3.11.10_21-13.13.1
      iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_21-13.13.1
      iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_21-13.13.1
      iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_21-13.13.1
      iscsitarget-kmp-xen-1.4.20.3_k3.11.10_21-13.13.1
      iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_21-13.13.1
      kernel-default-3.11.10-21.1
      kernel-default-base-3.11.10-21.1
      kernel-default-base-debuginfo-3.11.10-21.1
      kernel-default-debuginfo-3.11.10-21.1
      kernel-default-debugsource-3.11.10-21.1
      kernel-default-devel-3.11.10-21.1
      kernel-default-devel-debuginfo-3.11.10-21.1
      kernel-syms-3.11.10-21.1
      libipset3-6.21.1-2.17.1
      libipset3-debuginfo-6.21.1-2.17.1
      ndiswrapper-1.58-13.1
      ndiswrapper-debuginfo-1.58-13.1
      ndiswrapper-debugsource-1.58-13.1
      ndiswrapper-kmp-default-1.58_k3.11.10_21-13.1
      ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_21-13.1
      ndiswrapper-kmp-desktop-1.58_k3.11.10_21-13.1
      ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_21-13.1
      pcfclock-0.44-258.13.1
      pcfclock-debuginfo-0.44-258.13.1
      pcfclock-debugsource-0.44-258.13.1
      pcfclock-kmp-default-0.44_k3.11.10_21-258.13.1
      pcfclock-kmp-default-debuginfo-0.44_k3.11.10_21-258.13.1
      pcfclock-kmp-desktop-0.44_k3.11.10_21-258.13.1
      pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_21-258.13.1
      python-virtualbox-4.2.18-2.18.1
      python-virtualbox-debuginfo-4.2.18-2.18.1
      vhba-kmp-debugsource-20130607-2.14.1
      vhba-kmp-default-20130607_k3.11.10_21-2.14.1
      vhba-kmp-default-debuginfo-20130607_k3.11.10_21-2.14.1
      vhba-kmp-desktop-20130607_k3.11.10_21-2.14.1
      vhba-kmp-desktop-debuginfo-20130607_k3.11.10_21-2.14.1
      vhba-kmp-xen-20130607_k3.11.10_21-2.14.1
      vhba-kmp-xen-debuginfo-20130607_k3.11.10_21-2.14.1
      virtualbox-4.2.18-2.18.1
      virtualbox-debuginfo-4.2.18-2.18.1
      virtualbox-debugsource-4.2.18-2.18.1
      virtualbox-devel-4.2.18-2.18.1
      virtualbox-guest-kmp-default-4.2.18_k3.11.10_21-2.18.1
      virtualbox-guest-kmp-default-debuginfo-4.2.18_k3.11.10_21-2.18.1
      virtualbox-guest-kmp-desktop-4.2.18_k3.11.10_21-2.18.1
      virtualbox-guest-kmp-desktop-debuginfo-4.2.18_k3.11.10_21-2.18.1
      virtualbox-guest-tools-4.2.18-2.18.1
      virtualbox-guest-tools-debuginfo-4.2.18-2.18.1
      virtualbox-guest-x11-4.2.18-2.18.1
      virtualbox-guest-x11-debuginfo-4.2.18-2.18.1
      virtualbox-host-kmp-default-4.2.18_k3.11.10_21-2.18.1
      virtualbox-host-kmp-default-debuginfo-4.2.18_k3.11.10_21-2.18.1
      virtualbox-host-kmp-desktop-4.2.18_k3.11.10_21-2.18.1
      virtualbox-host-kmp-desktop-debuginfo-4.2.18_k3.11.10_21-2.18.1
      virtualbox-qt-4.2.18-2.18.1
      virtualbox-qt-debuginfo-4.2.18-2.18.1
      virtualbox-websrv-4.2.18-2.18.1
      virtualbox-websrv-debuginfo-4.2.18-2.18.1
      xen-debugsource-4.3.2_01-21.1
      xen-devel-4.3.2_01-21.1
      xen-kmp-default-4.3.2_01_k3.11.10_21-21.1
      xen-kmp-default-debuginfo-4.3.2_01_k3.11.10_21-21.1
      xen-kmp-desktop-4.3.2_01_k3.11.10_21-21.1
      xen-kmp-desktop-debuginfo-4.3.2_01_k3.11.10_21-21.1
      xen-libs-4.3.2_01-21.1
      xen-libs-debuginfo-4.3.2_01-21.1
      xen-tools-domU-4.3.2_01-21.1
      xen-tools-domU-debuginfo-4.3.2_01-21.1
      xtables-addons-2.3-2.13.1
      xtables-addons-debuginfo-2.3-2.13.1
      xtables-addons-debugsource-2.3-2.13.1
      xtables-addons-kmp-default-2.3_k3.11.10_21-2.13.1
      xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_21-2.13.1
      xtables-addons-kmp-desktop-2.3_k3.11.10_21-2.13.1
      xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_21-2.13.1
      xtables-addons-kmp-xen-2.3_k3.11.10_21-2.13.1
      xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_21-2.13.1

   - openSUSE 13.1 (noarch):

      kernel-devel-3.11.10-21.1
      kernel-docs-3.11.10-21.3
      kernel-source-3.11.10-21.1
      kernel-source-vanilla-3.11.10-21.1

   - openSUSE 13.1 (x86_64):

      xen-4.3.2_01-21.1
      xen-doc-html-4.3.2_01-21.1
      xen-libs-32bit-4.3.2_01-21.1
      xen-libs-debuginfo-32bit-4.3.2_01-21.1
      xen-tools-4.3.2_01-21.1
      xen-tools-debuginfo-4.3.2_01-21.1
      xen-xend-tools-4.3.2_01-21.1
      xen-xend-tools-debuginfo-4.3.2_01-21.1

   - openSUSE 13.1 (i686):

      kernel-pae-3.11.10-21.1
      kernel-pae-base-3.11.10-21.1
      kernel-pae-base-debuginfo-3.11.10-21.1
      kernel-pae-debuginfo-3.11.10-21.1
      kernel-pae-debugsource-3.11.10-21.1
      kernel-pae-devel-3.11.10-21.1
      kernel-pae-devel-debuginfo-3.11.10-21.1

   - openSUSE 13.1 (i586):

      cloop-kmp-pae-2.639_k3.11.10_21-11.13.1
      cloop-kmp-pae-debuginfo-2.639_k3.11.10_21-11.13.1
      crash-kmp-pae-7.0.2_k3.11.10_21-2.13.1
      crash-kmp-pae-debuginfo-7.0.2_k3.11.10_21-2.13.1
      hdjmod-kmp-pae-1.28_k3.11.10_21-16.13.1
      hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_21-16.13.1
      ipset-kmp-pae-6.21.1_k3.11.10_21-2.17.1
      ipset-kmp-pae-debuginfo-6.21.1_k3.11.10_21-2.17.1
      iscsitarget-kmp-pae-1.4.20.3_k3.11.10_21-13.13.1
      iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_21-13.13.1
      ndiswrapper-kmp-pae-1.58_k3.11.10_21-13.1
      ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_21-13.1
      pcfclock-kmp-pae-0.44_k3.11.10_21-258.13.1
      pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_21-258.13.1
      vhba-kmp-pae-20130607_k3.11.10_21-2.14.1
      vhba-kmp-pae-debuginfo-20130607_k3.11.10_21-2.14.1
      virtualbox-guest-kmp-pae-4.2.18_k3.11.10_21-2.18.1
      virtualbox-guest-kmp-pae-debuginfo-4.2.18_k3.11.10_21-2.18.1
      virtualbox-host-kmp-pae-4.2.18_k3.11.10_21-2.18.1
      virtualbox-host-kmp-pae-debuginfo-4.2.18_k3.11.10_21-2.18.1
      xen-kmp-pae-4.3.2_01_k3.11.10_21-21.1
      xen-kmp-pae-debuginfo-4.3.2_01_k3.11.10_21-21.1
      xtables-addons-kmp-pae-2.3_k3.11.10_21-2.13.1
      xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_21-2.13.1


References:

   https://support.novell.com/security/cve/CVE-2014-0100.html
   https://support.novell.com/security/cve/CVE-2014-0131.html
   https://support.novell.com/security/cve/CVE-2014-2309.html
   https://support.novell.com/security/cve/CVE-2014-3917.html
   https://support.novell.com/security/cve/CVE-2014-4014.html
   https://support.novell.com/security/cve/CVE-2014-4171.html
   https://support.novell.com/security/cve/CVE-2014-4508.html
   https://support.novell.com/security/cve/CVE-2014-4652.html
   https://support.novell.com/security/cve/CVE-2014-4653.html
   https://support.novell.com/security/cve/CVE-2014-4654.html
   https://support.novell.com/security/cve/CVE-2014-4655.html
   https://support.novell.com/security/cve/CVE-2014-4656.html
   https://support.novell.com/security/cve/CVE-2014-4667.html
   https://support.novell.com/security/cve/CVE-2014-4699.html
   https://bugzilla.novell.com/768714
   https://bugzilla.novell.com/851686
   https://bugzilla.novell.com/855657
   https://bugzilla.novell.com/866101
   https://bugzilla.novell.com/867531
   https://bugzilla.novell.com/867723
   https://bugzilla.novell.com/879071
   https://bugzilla.novell.com/880484
   https://bugzilla.novell.com/882189
   https://bugzilla.novell.com/883518
   https://bugzilla.novell.com/883724
   https://bugzilla.novell.com/883795
   https://bugzilla.novell.com/884840
   https://bugzilla.novell.com/885422
   https://bugzilla.novell.com/885725
   https://bugzilla.novell.com/886629

openSUSE: 2014:0985-1: important: kernel

August 11, 2014
An update that solves 14 vulnerabilities and has two fixes An update that solves 14 vulnerabilities and has two fixes An update that solves 14 vulnerabilities and has two fixes is ...

Description

The Linux kernel was updated to fix security issues and bugs: Security issues fixed: CVE-2014-4699: The Linux kernel on Intel processors did not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allowed local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement the interaction between range notification and hole punching, which allowed local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-0100: Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load. CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not properly maintain the user_ctl_count value, which allowed local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel did not ensure possession of a read/write lock, which allowed local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. CVE-2014-4014: The capabilities implementation in the Linux kernel did not properly consider that namespaces are inapplicable to inodes, which allowed local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. Bugs fixed: - Don't trigger congestion wait on dirty-but-not-writeout pages (bnc#879071). - via-velocity: fix netif_receive_skb use in irq disabled section (bnc#851686). - HID: logitech-dj: Fix USB 3.0 issue (bnc#886629). - tg3: Change nvram command timeout value to 50ms (bnc#768714 bnc#855657). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#768714 bnc#855657). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#768714 bnc#855657). - ALSA: usb-audio: Fix deadlocks at resuming (bnc#884840). - ALSA: usb-audio: Save mixer status only once at suspend (bnc#884840). - ALSA: usb-audio: Resume mixer values properly (bnc#884840).

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-493 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 13.1 (i686 x86_64): kernel-debug-3.11.10-21.1 kernel-debug-base-3.11.10-21.1 kernel-debug-base-debuginfo-3.11.10-21.1 kernel-debug-debuginfo-3.11.10-21.1 kernel-debug-debugsource-3.11.10-21.1 kernel-debug-devel-3.11.10-21.1 kernel-debug-devel-debuginfo-3.11.10-21.1 kernel-desktop-3.11.10-21.1 kernel-desktop-base-3.11.10-21.1 kernel-desktop-base-debuginfo-3.11.10-21.1 kernel-desktop-debuginfo-3.11.10-21.1 kernel-desktop-debugsource-3.11.10-21.1 kernel-desktop-devel-3.11.10-21.1 kernel-desktop-devel-debuginfo-3.11.10-21.1 kernel-ec2-3.11.10-21.1 kernel-ec2-base-3.11.10-21.1 kernel-ec2-base-debuginfo-3.11.10-21.1 kernel-ec2-debuginfo-3.11.10-21.1 kernel-ec2-debugsource-3.11.10-21.1 kernel-ec2-devel-3.11.10-21.1 kernel-ec2-devel-debuginfo-3.11.10-21.1 kernel-trace-3.11.10-21.1 kernel-trace-base-3.11.10-21.1 kernel-trace-base-debuginfo-3.11.10-21.1 kernel-trace-debuginfo-3.11.10-21.1 kernel-trace-debugsource-3.11.10-21.1 kernel-trace-devel-3.11.10-21.1 kernel-trace-devel-debuginfo-3.11.10-21.1 kernel-vanilla-3.11.10-21.1 kernel-vanilla-debuginfo-3.11.10-21.1 kernel-vanilla-debugsource-3.11.10-21.1 kernel-vanilla-devel-3.11.10-21.1 kernel-vanilla-devel-debuginfo-3.11.10-21.1 kernel-xen-3.11.10-21.1 kernel-xen-base-3.11.10-21.1 kernel-xen-base-debuginfo-3.11.10-21.1 kernel-xen-debuginfo-3.11.10-21.1 kernel-xen-debugsource-3.11.10-21.1 kernel-xen-devel-3.11.10-21.1 kernel-xen-devel-debuginfo-3.11.10-21.1 - openSUSE 13.1 (i586 x86_64): cloop-2.639-11.13.1 cloop-debuginfo-2.639-11.13.1 cloop-debugsource-2.639-11.13.1 cloop-kmp-default-2.639_k3.11.10_21-11.13.1 cloop-kmp-default-debuginfo-2.639_k3.11.10_21-11.13.1 cloop-kmp-desktop-2.639_k3.11.10_21-11.13.1 cloop-kmp-desktop-debuginfo-2.639_k3.11.10_21-11.13.1 cloop-kmp-xen-2.639_k3.11.10_21-11.13.1 cloop-kmp-xen-debuginfo-2.639_k3.11.10_21-11.13.1 crash-7.0.2-2.13.1 crash-debuginfo-7.0.2-2.13.1 crash-debugsource-7.0.2-2.13.1 crash-devel-7.0.2-2.13.1 crash-doc-7.0.2-2.13.1 crash-eppic-7.0.2-2.13.1 crash-eppic-debuginfo-7.0.2-2.13.1 crash-gcore-7.0.2-2.13.1 crash-gcore-debuginfo-7.0.2-2.13.1 crash-kmp-default-7.0.2_k3.11.10_21-2.13.1 crash-kmp-default-debuginfo-7.0.2_k3.11.10_21-2.13.1 crash-kmp-desktop-7.0.2_k3.11.10_21-2.13.1 crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_21-2.13.1 crash-kmp-xen-7.0.2_k3.11.10_21-2.13.1 crash-kmp-xen-debuginfo-7.0.2_k3.11.10_21-2.13.1 hdjmod-debugsource-1.28-16.13.1 hdjmod-kmp-default-1.28_k3.11.10_21-16.13.1 hdjmod-kmp-default-debuginfo-1.28_k3.11.10_21-16.13.1 hdjmod-kmp-desktop-1.28_k3.11.10_21-16.13.1 hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_21-16.13.1 hdjmod-kmp-xen-1.28_k3.11.10_21-16.13.1 hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_21-16.13.1 ipset-6.21.1-2.17.1 ipset-debuginfo-6.21.1-2.17.1 ipset-debugsource-6.21.1-2.17.1 ipset-devel-6.21.1-2.17.1 ipset-kmp-default-6.21.1_k3.11.10_21-2.17.1 ipset-kmp-default-debuginfo-6.21.1_k3.11.10_21-2.17.1 ipset-kmp-desktop-6.21.1_k3.11.10_21-2.17.1 ipset-kmp-desktop-debuginfo-6.21.1_k3.11.10_21-2.17.1 ipset-kmp-xen-6.21.1_k3.11.10_21-2.17.1 ipset-kmp-xen-debuginfo-6.21.1_k3.11.10_21-2.17.1 iscsitarget-1.4.20.3-13.13.1 iscsitarget-debuginfo-1.4.20.3-13.13.1 iscsitarget-debugsource-1.4.20.3-13.13.1 iscsitarget-kmp-default-1.4.20.3_k3.11.10_21-13.13.1 iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_21-13.13.1 iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_21-13.13.1 iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_21-13.13.1 iscsitarget-kmp-xen-1.4.20.3_k3.11.10_21-13.13.1 iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_21-13.13.1 kernel-default-3.11.10-21.1 kernel-default-base-3.11.10-21.1 kernel-default-base-debuginfo-3.11.10-21.1 kernel-default-debuginfo-3.11.10-21.1 kernel-default-debugsource-3.11.10-21.1 kernel-default-devel-3.11.10-21.1 kernel-default-devel-debuginfo-3.11.10-21.1 kernel-syms-3.11.10-21.1 libipset3-6.21.1-2.17.1 libipset3-debuginfo-6.21.1-2.17.1 ndiswrapper-1.58-13.1 ndiswrapper-debuginfo-1.58-13.1 ndiswrapper-debugsource-1.58-13.1 ndiswrapper-kmp-default-1.58_k3.11.10_21-13.1 ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_21-13.1 ndiswrapper-kmp-desktop-1.58_k3.11.10_21-13.1 ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_21-13.1 pcfclock-0.44-258.13.1 pcfclock-debuginfo-0.44-258.13.1 pcfclock-debugsource-0.44-258.13.1 pcfclock-kmp-default-0.44_k3.11.10_21-258.13.1 pcfclock-kmp-default-debuginfo-0.44_k3.11.10_21-258.13.1 pcfclock-kmp-desktop-0.44_k3.11.10_21-258.13.1 pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_21-258.13.1 python-virtualbox-4.2.18-2.18.1 python-virtualbox-debuginfo-4.2.18-2.18.1 vhba-kmp-debugsource-20130607-2.14.1 vhba-kmp-default-20130607_k3.11.10_21-2.14.1 vhba-kmp-default-debuginfo-20130607_k3.11.10_21-2.14.1 vhba-kmp-desktop-20130607_k3.11.10_21-2.14.1 vhba-kmp-desktop-debuginfo-20130607_k3.11.10_21-2.14.1 vhba-kmp-xen-20130607_k3.11.10_21-2.14.1 vhba-kmp-xen-debuginfo-20130607_k3.11.10_21-2.14.1 virtualbox-4.2.18-2.18.1 virtualbox-debuginfo-4.2.18-2.18.1 virtualbox-debugsource-4.2.18-2.18.1 virtualbox-devel-4.2.18-2.18.1 virtualbox-guest-kmp-default-4.2.18_k3.11.10_21-2.18.1 virtualbox-guest-kmp-default-debuginfo-4.2.18_k3.11.10_21-2.18.1 virtualbox-guest-kmp-desktop-4.2.18_k3.11.10_21-2.18.1 virtualbox-guest-kmp-desktop-debuginfo-4.2.18_k3.11.10_21-2.18.1 virtualbox-guest-tools-4.2.18-2.18.1 virtualbox-guest-tools-debuginfo-4.2.18-2.18.1 virtualbox-guest-x11-4.2.18-2.18.1 virtualbox-guest-x11-debuginfo-4.2.18-2.18.1 virtualbox-host-kmp-default-4.2.18_k3.11.10_21-2.18.1 virtualbox-host-kmp-default-debuginfo-4.2.18_k3.11.10_21-2.18.1 virtualbox-host-kmp-desktop-4.2.18_k3.11.10_21-2.18.1 virtualbox-host-kmp-desktop-debuginfo-4.2.18_k3.11.10_21-2.18.1 virtualbox-qt-4.2.18-2.18.1 virtualbox-qt-debuginfo-4.2.18-2.18.1 virtualbox-websrv-4.2.18-2.18.1 virtualbox-websrv-debuginfo-4.2.18-2.18.1 xen-debugsource-4.3.2_01-21.1 xen-devel-4.3.2_01-21.1 xen-kmp-default-4.3.2_01_k3.11.10_21-21.1 xen-kmp-default-debuginfo-4.3.2_01_k3.11.10_21-21.1 xen-kmp-desktop-4.3.2_01_k3.11.10_21-21.1 xen-kmp-desktop-debuginfo-4.3.2_01_k3.11.10_21-21.1 xen-libs-4.3.2_01-21.1 xen-libs-debuginfo-4.3.2_01-21.1 xen-tools-domU-4.3.2_01-21.1 xen-tools-domU-debuginfo-4.3.2_01-21.1 xtables-addons-2.3-2.13.1 xtables-addons-debuginfo-2.3-2.13.1 xtables-addons-debugsource-2.3-2.13.1 xtables-addons-kmp-default-2.3_k3.11.10_21-2.13.1 xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_21-2.13.1 xtables-addons-kmp-desktop-2.3_k3.11.10_21-2.13.1 xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_21-2.13.1 xtables-addons-kmp-xen-2.3_k3.11.10_21-2.13.1 xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_21-2.13.1 - openSUSE 13.1 (noarch): kernel-devel-3.11.10-21.1 kernel-docs-3.11.10-21.3 kernel-source-3.11.10-21.1 kernel-source-vanilla-3.11.10-21.1 - openSUSE 13.1 (x86_64): xen-4.3.2_01-21.1 xen-doc-html-4.3.2_01-21.1 xen-libs-32bit-4.3.2_01-21.1 xen-libs-debuginfo-32bit-4.3.2_01-21.1 xen-tools-4.3.2_01-21.1 xen-tools-debuginfo-4.3.2_01-21.1 xen-xend-tools-4.3.2_01-21.1 xen-xend-tools-debuginfo-4.3.2_01-21.1 - openSUSE 13.1 (i686): kernel-pae-3.11.10-21.1 kernel-pae-base-3.11.10-21.1 kernel-pae-base-debuginfo-3.11.10-21.1 kernel-pae-debuginfo-3.11.10-21.1 kernel-pae-debugsource-3.11.10-21.1 kernel-pae-devel-3.11.10-21.1 kernel-pae-devel-debuginfo-3.11.10-21.1 - openSUSE 13.1 (i586): cloop-kmp-pae-2.639_k3.11.10_21-11.13.1 cloop-kmp-pae-debuginfo-2.639_k3.11.10_21-11.13.1 crash-kmp-pae-7.0.2_k3.11.10_21-2.13.1 crash-kmp-pae-debuginfo-7.0.2_k3.11.10_21-2.13.1 hdjmod-kmp-pae-1.28_k3.11.10_21-16.13.1 hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_21-16.13.1 ipset-kmp-pae-6.21.1_k3.11.10_21-2.17.1 ipset-kmp-pae-debuginfo-6.21.1_k3.11.10_21-2.17.1 iscsitarget-kmp-pae-1.4.20.3_k3.11.10_21-13.13.1 iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_21-13.13.1 ndiswrapper-kmp-pae-1.58_k3.11.10_21-13.1 ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_21-13.1 pcfclock-kmp-pae-0.44_k3.11.10_21-258.13.1 pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_21-258.13.1 vhba-kmp-pae-20130607_k3.11.10_21-2.14.1 vhba-kmp-pae-debuginfo-20130607_k3.11.10_21-2.14.1 virtualbox-guest-kmp-pae-4.2.18_k3.11.10_21-2.18.1 virtualbox-guest-kmp-pae-debuginfo-4.2.18_k3.11.10_21-2.18.1 virtualbox-host-kmp-pae-4.2.18_k3.11.10_21-2.18.1 virtualbox-host-kmp-pae-debuginfo-4.2.18_k3.11.10_21-2.18.1 xen-kmp-pae-4.3.2_01_k3.11.10_21-21.1 xen-kmp-pae-debuginfo-4.3.2_01_k3.11.10_21-21.1 xtables-addons-kmp-pae-2.3_k3.11.10_21-2.13.1 xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_21-2.13.1


References

https://support.novell.com/security/cve/CVE-2014-0100.html https://support.novell.com/security/cve/CVE-2014-0131.html https://support.novell.com/security/cve/CVE-2014-2309.html https://support.novell.com/security/cve/CVE-2014-3917.html https://support.novell.com/security/cve/CVE-2014-4014.html https://support.novell.com/security/cve/CVE-2014-4171.html https://support.novell.com/security/cve/CVE-2014-4508.html https://support.novell.com/security/cve/CVE-2014-4652.html https://support.novell.com/security/cve/CVE-2014-4653.html https://support.novell.com/security/cve/CVE-2014-4654.html https://support.novell.com/security/cve/CVE-2014-4655.html https://support.novell.com/security/cve/CVE-2014-4656.html https://support.novell.com/security/cve/CVE-2014-4667.html https://support.novell.com/security/cve/CVE-2014-4699.html https://bugzilla.novell.com/768714 https://bugzilla.novell.com/851686 https://bugzilla.novell.com/855657 https://bugzilla.novell.com/866101 https://bugzilla.novell.com/867531 https://bugzilla.novell.com/867723 https://bugzilla.novell.com/879071 https://bugzilla.novell.com/880484 https://bugzilla.novell.com/882189 https://bugzilla.novell.com/883518 https://bugzilla.novell.com/883724 https://bugzilla.novell.com/883795 https://bugzilla.novell.com/884840 https://bugzilla.novell.com/885422 https://bugzilla.novell.com/885725 https://bugzilla.novell.com/886629


Severity
Announcement ID: openSUSE-SU-2014:0985-1
Rating: important
Affected Products: openSUSE 13.1

Related News

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

Linux 6.6 Brings New Scheduler, File Sharing and Security

Nov 2, 2023

Critical Exim RCE, Info Disclosure Bugs Fixed

Oct 8, 2023

News

Advisories

HOWTOs

Features

A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug
Cyber Law in the Realm of Open-Source Software Security

About Us

Powered By

Footer Logo