openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2015:0714-1
Rating:             important
References:         #903640 #904899 #907988 #909078 #910150 #911325 
                    #911326 #912202 #912654 #912705 #913059 #913695 
                    #914175 #915322 #917839 #920901 
Cross-References:   CVE-2014-7822 CVE-2014-8134 CVE-2014-8160
                    CVE-2014-8173 CVE-2014-8559 CVE-2014-9419
                    CVE-2014-9420 CVE-2014-9529 CVE-2014-9584
                    CVE-2014-9585 CVE-2015-1593
Affected Products:
                    openSUSE 13.1
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 5 fixes is
   now available.

Description:


   The Linux kernel was updated to fix various bugs and security issues.

   Following security issues were fixed:
   - CVE-2014-8173: A NULL pointer dereference flaw was found in the way the
     Linux kernels madvise MADV_WILLNEED functionality handled page table
     locking. A local, unprivileged user could have used this flaw to crash
     the system.

   - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack
     randomization on 64-bit systems.

   - CVE-2014-7822: A flaw was found in the way the Linux kernels splice()
     system call validated its parameters. On certain file systems, a local,
     unprivileged user could have used this flaw to write past the maximum
     file size, and thus crash the system.

   - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c
     in the Linux kernel did not ensure that Thread Local Storage (TLS)
     descriptors are loaded before proceeding with other steps, which made it
     easier for local users to bypass the ASLR protection mechanism via a
     crafted application that reads a TLS base address.

   - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c
     in the Linux kernel used an improper paravirt_enabled setting for KVM
     guest kernels, which made it easier for guest OS users to bypass the
     ASLR protection mechanism via a crafted application that reads a 16-bit
     value.

   - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux
     kernel generated incorrect conntrack entries during handling of certain
     iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
     which allowed remote attackers to bypass intended access restrictions
     via packets with disallowed port numbers.

   - CVE-2014-9529: Race condition in the key_gc_unused_keys function in
     security/keys/gc.c in the Linux kernel allowed local users to cause a
     denial of service (memory corruption or panic) or possibly have
     unspecified other impact via keyctl commands that trigger access to a
     key structure member during garbage collection of a key.

   - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel
     through did not properly maintain the semantics of rename_lock, which
     allowed local users to cause a denial of service (deadlock and system
     hang) via a crafted application.

   - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
     Linux kernel did not restrict the number of Rock Ridge continuation
     entries, which allowed local users to cause a denial of service
     (infinite loop, and system crash or hang) via a crafted iso9660 image.

   - CVE-2014-9584: The parse_rock_ridge_inode_internal function in
     fs/isofs/rock.c in the Linux kernel did not validate a length value in
     the Extensions Reference (ER) System Use Field, which allowed local
     users to obtain sensitive information from kernel memory via a crafted
     iso9660 image.

   - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
     Linux kernel did not properly choose memory locations for the vDSO area,
     which made it easier for local users to bypass the ASLR protection
     mechanism by guessing a location at the end of a PMD.

   Following bugs were fixed:
   - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103
     (bnc#920901).
   - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f
     (bnc#920901).
   - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b
     (bnc#920901).
   - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#920901).
   - HID: usbhid: fix PIXART optical mouse (bnc#920901).
   - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#920901).
   - HID: usbhid: add always-poll quirk (bnc#920901).

   - storvsc: ring buffer failures may result in I/O freeze (bnc#914175).

   - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process
     being killed (VM Functionality bnc#910150).

   - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).

   - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by
     mount (bsc#907988).

   - DocBook: Do not exceed argument list limit.
   - DocBook: Make mandocs parallel-safe.

   - mm: free compound page with correct order (bnc#913695).

   - udf: Check component length before reading it.
   - udf: Check path length when reading symlink.
   - udf: Verify symlink size before loading it.
   - udf: Verify i_size when loading inode.

   - xfs: remote attribute overwrite causes transaction overrun.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2015-301=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.1 (i686 x86_64):

      kernel-debug-3.11.10-29.1
      kernel-debug-base-3.11.10-29.1
      kernel-debug-base-debuginfo-3.11.10-29.1
      kernel-debug-debuginfo-3.11.10-29.1
      kernel-debug-debugsource-3.11.10-29.1
      kernel-debug-devel-3.11.10-29.1
      kernel-debug-devel-debuginfo-3.11.10-29.1
      kernel-desktop-3.11.10-29.1
      kernel-desktop-base-3.11.10-29.1
      kernel-desktop-base-debuginfo-3.11.10-29.1
      kernel-desktop-debuginfo-3.11.10-29.1
      kernel-desktop-debugsource-3.11.10-29.1
      kernel-desktop-devel-3.11.10-29.1
      kernel-desktop-devel-debuginfo-3.11.10-29.1
      kernel-ec2-3.11.10-29.1
      kernel-ec2-base-3.11.10-29.1
      kernel-ec2-base-debuginfo-3.11.10-29.1
      kernel-ec2-debuginfo-3.11.10-29.1
      kernel-ec2-debugsource-3.11.10-29.1
      kernel-ec2-devel-3.11.10-29.1
      kernel-ec2-devel-debuginfo-3.11.10-29.1
      kernel-trace-3.11.10-29.1
      kernel-trace-base-3.11.10-29.1
      kernel-trace-base-debuginfo-3.11.10-29.1
      kernel-trace-debuginfo-3.11.10-29.1
      kernel-trace-debugsource-3.11.10-29.1
      kernel-trace-devel-3.11.10-29.1
      kernel-trace-devel-debuginfo-3.11.10-29.1
      kernel-vanilla-3.11.10-29.1
      kernel-vanilla-debuginfo-3.11.10-29.1
      kernel-vanilla-debugsource-3.11.10-29.1
      kernel-vanilla-devel-3.11.10-29.1
      kernel-vanilla-devel-debuginfo-3.11.10-29.1
      kernel-xen-3.11.10-29.1
      kernel-xen-base-3.11.10-29.1
      kernel-xen-base-debuginfo-3.11.10-29.1
      kernel-xen-debuginfo-3.11.10-29.1
      kernel-xen-debugsource-3.11.10-29.1
      kernel-xen-devel-3.11.10-29.1
      kernel-xen-devel-debuginfo-3.11.10-29.1

   - openSUSE 13.1 (i586 x86_64):

      cloop-2.639-11.19.1
      cloop-debuginfo-2.639-11.19.1
      cloop-debugsource-2.639-11.19.1
      cloop-kmp-default-2.639_k3.11.10_29-11.19.1
      cloop-kmp-default-debuginfo-2.639_k3.11.10_29-11.19.1
      cloop-kmp-desktop-2.639_k3.11.10_29-11.19.1
      cloop-kmp-desktop-debuginfo-2.639_k3.11.10_29-11.19.1
      cloop-kmp-xen-2.639_k3.11.10_29-11.19.1
      cloop-kmp-xen-debuginfo-2.639_k3.11.10_29-11.19.1
      crash-7.0.2-2.19.1
      crash-debuginfo-7.0.2-2.19.1
      crash-debugsource-7.0.2-2.19.1
      crash-devel-7.0.2-2.19.1
      crash-doc-7.0.2-2.19.1
      crash-eppic-7.0.2-2.19.1
      crash-eppic-debuginfo-7.0.2-2.19.1
      crash-gcore-7.0.2-2.19.1
      crash-gcore-debuginfo-7.0.2-2.19.1
      crash-kmp-default-7.0.2_k3.11.10_29-2.19.1
      crash-kmp-default-debuginfo-7.0.2_k3.11.10_29-2.19.1
      crash-kmp-desktop-7.0.2_k3.11.10_29-2.19.1
      crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_29-2.19.1
      crash-kmp-xen-7.0.2_k3.11.10_29-2.19.1
      crash-kmp-xen-debuginfo-7.0.2_k3.11.10_29-2.19.1
      hdjmod-debugsource-1.28-16.19.1
      hdjmod-kmp-default-1.28_k3.11.10_29-16.19.1
      hdjmod-kmp-default-debuginfo-1.28_k3.11.10_29-16.19.1
      hdjmod-kmp-desktop-1.28_k3.11.10_29-16.19.1
      hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_29-16.19.1
      hdjmod-kmp-xen-1.28_k3.11.10_29-16.19.1
      hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_29-16.19.1
      ipset-6.21.1-2.23.1
      ipset-debuginfo-6.21.1-2.23.1
      ipset-debugsource-6.21.1-2.23.1
      ipset-devel-6.21.1-2.23.1
      ipset-kmp-default-6.21.1_k3.11.10_29-2.23.1
      ipset-kmp-default-debuginfo-6.21.1_k3.11.10_29-2.23.1
      ipset-kmp-desktop-6.21.1_k3.11.10_29-2.23.1
      ipset-kmp-desktop-debuginfo-6.21.1_k3.11.10_29-2.23.1
      ipset-kmp-xen-6.21.1_k3.11.10_29-2.23.1
      ipset-kmp-xen-debuginfo-6.21.1_k3.11.10_29-2.23.1
      iscsitarget-1.4.20.3-13.19.1
      iscsitarget-debuginfo-1.4.20.3-13.19.1
      iscsitarget-debugsource-1.4.20.3-13.19.1
      iscsitarget-kmp-default-1.4.20.3_k3.11.10_29-13.19.1
      iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_29-13.19.1
      iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_29-13.19.1
      iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_29-13.19.1
      iscsitarget-kmp-xen-1.4.20.3_k3.11.10_29-13.19.1
      iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_29-13.19.1
      kernel-default-3.11.10-29.1
      kernel-default-base-3.11.10-29.1
      kernel-default-base-debuginfo-3.11.10-29.1
      kernel-default-debuginfo-3.11.10-29.1
      kernel-default-debugsource-3.11.10-29.1
      kernel-default-devel-3.11.10-29.1
      kernel-default-devel-debuginfo-3.11.10-29.1
      kernel-syms-3.11.10-29.1
      libipset3-6.21.1-2.23.1
      libipset3-debuginfo-6.21.1-2.23.1
      ndiswrapper-1.58-19.1
      ndiswrapper-debuginfo-1.58-19.1
      ndiswrapper-debugsource-1.58-19.1
      ndiswrapper-kmp-default-1.58_k3.11.10_29-19.1
      ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_29-19.1
      ndiswrapper-kmp-desktop-1.58_k3.11.10_29-19.1
      ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_29-19.1
      pcfclock-0.44-258.19.1
      pcfclock-debuginfo-0.44-258.19.1
      pcfclock-debugsource-0.44-258.19.1
      pcfclock-kmp-default-0.44_k3.11.10_29-258.19.1
      pcfclock-kmp-default-debuginfo-0.44_k3.11.10_29-258.19.1
      pcfclock-kmp-desktop-0.44_k3.11.10_29-258.19.1
      pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_29-258.19.1
      python-virtualbox-4.2.28-2.28.1
      python-virtualbox-debuginfo-4.2.28-2.28.1
      vhba-kmp-debugsource-20130607-2.20.1
      vhba-kmp-default-20130607_k3.11.10_29-2.20.1
      vhba-kmp-default-debuginfo-20130607_k3.11.10_29-2.20.1
      vhba-kmp-desktop-20130607_k3.11.10_29-2.20.1
      vhba-kmp-desktop-debuginfo-20130607_k3.11.10_29-2.20.1
      vhba-kmp-xen-20130607_k3.11.10_29-2.20.1
      vhba-kmp-xen-debuginfo-20130607_k3.11.10_29-2.20.1
      virtualbox-4.2.28-2.28.1
      virtualbox-debuginfo-4.2.28-2.28.1
      virtualbox-debugsource-4.2.28-2.28.1
      virtualbox-devel-4.2.28-2.28.1
      virtualbox-guest-kmp-default-4.2.28_k3.11.10_29-2.28.1
      virtualbox-guest-kmp-default-debuginfo-4.2.28_k3.11.10_29-2.28.1
      virtualbox-guest-kmp-desktop-4.2.28_k3.11.10_29-2.28.1
      virtualbox-guest-kmp-desktop-debuginfo-4.2.28_k3.11.10_29-2.28.1
      virtualbox-guest-tools-4.2.28-2.28.1
      virtualbox-guest-tools-debuginfo-4.2.28-2.28.1
      virtualbox-guest-x11-4.2.28-2.28.1
      virtualbox-guest-x11-debuginfo-4.2.28-2.28.1
      virtualbox-host-kmp-default-4.2.28_k3.11.10_29-2.28.1
      virtualbox-host-kmp-default-debuginfo-4.2.28_k3.11.10_29-2.28.1
      virtualbox-host-kmp-desktop-4.2.28_k3.11.10_29-2.28.1
      virtualbox-host-kmp-desktop-debuginfo-4.2.28_k3.11.10_29-2.28.1
      virtualbox-qt-4.2.28-2.28.1
      virtualbox-qt-debuginfo-4.2.28-2.28.1
      virtualbox-websrv-4.2.28-2.28.1
      virtualbox-websrv-debuginfo-4.2.28-2.28.1
      xen-debugsource-4.3.3_04-37.1
      xen-devel-4.3.3_04-37.1
      xen-kmp-default-4.3.3_04_k3.11.10_29-37.1
      xen-kmp-default-debuginfo-4.3.3_04_k3.11.10_29-37.1
      xen-kmp-desktop-4.3.3_04_k3.11.10_29-37.1
      xen-kmp-desktop-debuginfo-4.3.3_04_k3.11.10_29-37.1
      xen-libs-4.3.3_04-37.1
      xen-libs-debuginfo-4.3.3_04-37.1
      xen-tools-domU-4.3.3_04-37.1
      xen-tools-domU-debuginfo-4.3.3_04-37.1
      xtables-addons-2.3-2.19.1
      xtables-addons-debuginfo-2.3-2.19.1
      xtables-addons-debugsource-2.3-2.19.1
      xtables-addons-kmp-default-2.3_k3.11.10_29-2.19.1
      xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_29-2.19.1
      xtables-addons-kmp-desktop-2.3_k3.11.10_29-2.19.1
      xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_29-2.19.1
      xtables-addons-kmp-xen-2.3_k3.11.10_29-2.19.1
      xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_29-2.19.1

   - openSUSE 13.1 (noarch):

      kernel-devel-3.11.10-29.1
      kernel-docs-3.11.10-29.2
      kernel-source-3.11.10-29.1
      kernel-source-vanilla-3.11.10-29.1

   - openSUSE 13.1 (x86_64):

      xen-4.3.3_04-37.1
      xen-doc-html-4.3.3_04-37.1
      xen-libs-32bit-4.3.3_04-37.1
      xen-libs-debuginfo-32bit-4.3.3_04-37.1
      xen-tools-4.3.3_04-37.1
      xen-tools-debuginfo-4.3.3_04-37.1
      xen-xend-tools-4.3.3_04-37.1
      xen-xend-tools-debuginfo-4.3.3_04-37.1

   - openSUSE 13.1 (i686):

      kernel-pae-3.11.10-29.1
      kernel-pae-base-3.11.10-29.1
      kernel-pae-base-debuginfo-3.11.10-29.1
      kernel-pae-debuginfo-3.11.10-29.1
      kernel-pae-debugsource-3.11.10-29.1
      kernel-pae-devel-3.11.10-29.1
      kernel-pae-devel-debuginfo-3.11.10-29.1

   - openSUSE 13.1 (i586):

      cloop-kmp-pae-2.639_k3.11.10_29-11.19.1
      cloop-kmp-pae-debuginfo-2.639_k3.11.10_29-11.19.1
      crash-kmp-pae-7.0.2_k3.11.10_29-2.19.1
      crash-kmp-pae-debuginfo-7.0.2_k3.11.10_29-2.19.1
      hdjmod-kmp-pae-1.28_k3.11.10_29-16.19.1
      hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_29-16.19.1
      ipset-kmp-pae-6.21.1_k3.11.10_29-2.23.1
      ipset-kmp-pae-debuginfo-6.21.1_k3.11.10_29-2.23.1
      iscsitarget-kmp-pae-1.4.20.3_k3.11.10_29-13.19.1
      iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_29-13.19.1
      ndiswrapper-kmp-pae-1.58_k3.11.10_29-19.1
      ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_29-19.1
      pcfclock-kmp-pae-0.44_k3.11.10_29-258.19.1
      pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_29-258.19.1
      vhba-kmp-pae-20130607_k3.11.10_29-2.20.1
      vhba-kmp-pae-debuginfo-20130607_k3.11.10_29-2.20.1
      virtualbox-guest-kmp-pae-4.2.28_k3.11.10_29-2.28.1
      virtualbox-guest-kmp-pae-debuginfo-4.2.28_k3.11.10_29-2.28.1
      virtualbox-host-kmp-pae-4.2.28_k3.11.10_29-2.28.1
      virtualbox-host-kmp-pae-debuginfo-4.2.28_k3.11.10_29-2.28.1
      xen-kmp-pae-4.3.3_04_k3.11.10_29-37.1
      xen-kmp-pae-debuginfo-4.3.3_04_k3.11.10_29-37.1
      xtables-addons-kmp-pae-2.3_k3.11.10_29-2.19.1
      xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_29-2.19.1


References:

   https://www.suse.com/security/cve/CVE-2014-7822.html
   https://www.suse.com/security/cve/CVE-2014-8134.html
   https://www.suse.com/security/cve/CVE-2014-8160.html
   https://www.suse.com/security/cve/CVE-2014-8173.html
   https://www.suse.com/security/cve/CVE-2014-8559.html
   https://www.suse.com/security/cve/CVE-2014-9419.html
   https://www.suse.com/security/cve/CVE-2014-9420.html
   https://www.suse.com/security/cve/CVE-2014-9529.html
   https://www.suse.com/security/cve/CVE-2014-9584.html
   https://www.suse.com/security/cve/CVE-2014-9585.html
   https://www.suse.com/security/cve/CVE-2015-1593.html
   https://bugzilla.suse.com/903640
   https://bugzilla.suse.com/904899
   https://bugzilla.suse.com/907988
   https://bugzilla.suse.com/909078
   https://bugzilla.suse.com/910150
   https://bugzilla.suse.com/911325
   https://bugzilla.suse.com/911326
   https://bugzilla.suse.com/912202
   https://bugzilla.suse.com/912654
   https://bugzilla.suse.com/912705
   https://bugzilla.suse.com/913059
   https://bugzilla.suse.com/913695
   https://bugzilla.suse.com/914175
   https://bugzilla.suse.com/915322
   https://bugzilla.suse.com/917839
   https://bugzilla.suse.com/920901

openSUSE: 2015:0714-1: important: the Linux Kernel

April 13, 2015
An update that solves 11 vulnerabilities and has 5 fixes is An update that solves 11 vulnerabilities and has 5 fixes is An update that solves 11 vulnerabilities and has 5 fixes is ...

Description

The Linux kernel was updated to fix various bugs and security issues. Following security issues were fixed: - CVE-2014-8173: A NULL pointer dereference flaw was found in the way the Linux kernels madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could have used this flaw to crash the system. - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack randomization on 64-bit systems. - CVE-2014-7822: A flaw was found in the way the Linux kernels splice() system call validated its parameters. On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system. - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel did not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel used an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel generated incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allowed remote attackers to bypass intended access restrictions via packets with disallowed port numbers. - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application. - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image. - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. Following bugs were fixed: - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#920901). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#920901). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#920901). - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#920901). - HID: usbhid: fix PIXART optical mouse (bnc#920901). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#920901). - HID: usbhid: add always-poll quirk (bnc#920901). - storvsc: ring buffer failures may result in I/O freeze (bnc#914175). - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (VM Functionality bnc#910150). - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899). - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount (bsc#907988). - DocBook: Do not exceed argument list limit. - DocBook: Make mandocs parallel-safe. - mm: free compound page with correct order (bnc#913695). - udf: Check component length before reading it. - udf: Check path length when reading symlink. - udf: Verify symlink size before loading it. - udf: Verify i_size when loading inode. - xfs: remote attribute overwrite causes transaction overrun.

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2015-301=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 13.1 (i686 x86_64): kernel-debug-3.11.10-29.1 kernel-debug-base-3.11.10-29.1 kernel-debug-base-debuginfo-3.11.10-29.1 kernel-debug-debuginfo-3.11.10-29.1 kernel-debug-debugsource-3.11.10-29.1 kernel-debug-devel-3.11.10-29.1 kernel-debug-devel-debuginfo-3.11.10-29.1 kernel-desktop-3.11.10-29.1 kernel-desktop-base-3.11.10-29.1 kernel-desktop-base-debuginfo-3.11.10-29.1 kernel-desktop-debuginfo-3.11.10-29.1 kernel-desktop-debugsource-3.11.10-29.1 kernel-desktop-devel-3.11.10-29.1 kernel-desktop-devel-debuginfo-3.11.10-29.1 kernel-ec2-3.11.10-29.1 kernel-ec2-base-3.11.10-29.1 kernel-ec2-base-debuginfo-3.11.10-29.1 kernel-ec2-debuginfo-3.11.10-29.1 kernel-ec2-debugsource-3.11.10-29.1 kernel-ec2-devel-3.11.10-29.1 kernel-ec2-devel-debuginfo-3.11.10-29.1 kernel-trace-3.11.10-29.1 kernel-trace-base-3.11.10-29.1 kernel-trace-base-debuginfo-3.11.10-29.1 kernel-trace-debuginfo-3.11.10-29.1 kernel-trace-debugsource-3.11.10-29.1 kernel-trace-devel-3.11.10-29.1 kernel-trace-devel-debuginfo-3.11.10-29.1 kernel-vanilla-3.11.10-29.1 kernel-vanilla-debuginfo-3.11.10-29.1 kernel-vanilla-debugsource-3.11.10-29.1 kernel-vanilla-devel-3.11.10-29.1 kernel-vanilla-devel-debuginfo-3.11.10-29.1 kernel-xen-3.11.10-29.1 kernel-xen-base-3.11.10-29.1 kernel-xen-base-debuginfo-3.11.10-29.1 kernel-xen-debuginfo-3.11.10-29.1 kernel-xen-debugsource-3.11.10-29.1 kernel-xen-devel-3.11.10-29.1 kernel-xen-devel-debuginfo-3.11.10-29.1 - openSUSE 13.1 (i586 x86_64): cloop-2.639-11.19.1 cloop-debuginfo-2.639-11.19.1 cloop-debugsource-2.639-11.19.1 cloop-kmp-default-2.639_k3.11.10_29-11.19.1 cloop-kmp-default-debuginfo-2.639_k3.11.10_29-11.19.1 cloop-kmp-desktop-2.639_k3.11.10_29-11.19.1 cloop-kmp-desktop-debuginfo-2.639_k3.11.10_29-11.19.1 cloop-kmp-xen-2.639_k3.11.10_29-11.19.1 cloop-kmp-xen-debuginfo-2.639_k3.11.10_29-11.19.1 crash-7.0.2-2.19.1 crash-debuginfo-7.0.2-2.19.1 crash-debugsource-7.0.2-2.19.1 crash-devel-7.0.2-2.19.1 crash-doc-7.0.2-2.19.1 crash-eppic-7.0.2-2.19.1 crash-eppic-debuginfo-7.0.2-2.19.1 crash-gcore-7.0.2-2.19.1 crash-gcore-debuginfo-7.0.2-2.19.1 crash-kmp-default-7.0.2_k3.11.10_29-2.19.1 crash-kmp-default-debuginfo-7.0.2_k3.11.10_29-2.19.1 crash-kmp-desktop-7.0.2_k3.11.10_29-2.19.1 crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_29-2.19.1 crash-kmp-xen-7.0.2_k3.11.10_29-2.19.1 crash-kmp-xen-debuginfo-7.0.2_k3.11.10_29-2.19.1 hdjmod-debugsource-1.28-16.19.1 hdjmod-kmp-default-1.28_k3.11.10_29-16.19.1 hdjmod-kmp-default-debuginfo-1.28_k3.11.10_29-16.19.1 hdjmod-kmp-desktop-1.28_k3.11.10_29-16.19.1 hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_29-16.19.1 hdjmod-kmp-xen-1.28_k3.11.10_29-16.19.1 hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_29-16.19.1 ipset-6.21.1-2.23.1 ipset-debuginfo-6.21.1-2.23.1 ipset-debugsource-6.21.1-2.23.1 ipset-devel-6.21.1-2.23.1 ipset-kmp-default-6.21.1_k3.11.10_29-2.23.1 ipset-kmp-default-debuginfo-6.21.1_k3.11.10_29-2.23.1 ipset-kmp-desktop-6.21.1_k3.11.10_29-2.23.1 ipset-kmp-desktop-debuginfo-6.21.1_k3.11.10_29-2.23.1 ipset-kmp-xen-6.21.1_k3.11.10_29-2.23.1 ipset-kmp-xen-debuginfo-6.21.1_k3.11.10_29-2.23.1 iscsitarget-1.4.20.3-13.19.1 iscsitarget-debuginfo-1.4.20.3-13.19.1 iscsitarget-debugsource-1.4.20.3-13.19.1 iscsitarget-kmp-default-1.4.20.3_k3.11.10_29-13.19.1 iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_29-13.19.1 iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_29-13.19.1 iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_29-13.19.1 iscsitarget-kmp-xen-1.4.20.3_k3.11.10_29-13.19.1 iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_29-13.19.1 kernel-default-3.11.10-29.1 kernel-default-base-3.11.10-29.1 kernel-default-base-debuginfo-3.11.10-29.1 kernel-default-debuginfo-3.11.10-29.1 kernel-default-debugsource-3.11.10-29.1 kernel-default-devel-3.11.10-29.1 kernel-default-devel-debuginfo-3.11.10-29.1 kernel-syms-3.11.10-29.1 libipset3-6.21.1-2.23.1 libipset3-debuginfo-6.21.1-2.23.1 ndiswrapper-1.58-19.1 ndiswrapper-debuginfo-1.58-19.1 ndiswrapper-debugsource-1.58-19.1 ndiswrapper-kmp-default-1.58_k3.11.10_29-19.1 ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_29-19.1 ndiswrapper-kmp-desktop-1.58_k3.11.10_29-19.1 ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_29-19.1 pcfclock-0.44-258.19.1 pcfclock-debuginfo-0.44-258.19.1 pcfclock-debugsource-0.44-258.19.1 pcfclock-kmp-default-0.44_k3.11.10_29-258.19.1 pcfclock-kmp-default-debuginfo-0.44_k3.11.10_29-258.19.1 pcfclock-kmp-desktop-0.44_k3.11.10_29-258.19.1 pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_29-258.19.1 python-virtualbox-4.2.28-2.28.1 python-virtualbox-debuginfo-4.2.28-2.28.1 vhba-kmp-debugsource-20130607-2.20.1 vhba-kmp-default-20130607_k3.11.10_29-2.20.1 vhba-kmp-default-debuginfo-20130607_k3.11.10_29-2.20.1 vhba-kmp-desktop-20130607_k3.11.10_29-2.20.1 vhba-kmp-desktop-debuginfo-20130607_k3.11.10_29-2.20.1 vhba-kmp-xen-20130607_k3.11.10_29-2.20.1 vhba-kmp-xen-debuginfo-20130607_k3.11.10_29-2.20.1 virtualbox-4.2.28-2.28.1 virtualbox-debuginfo-4.2.28-2.28.1 virtualbox-debugsource-4.2.28-2.28.1 virtualbox-devel-4.2.28-2.28.1 virtualbox-guest-kmp-default-4.2.28_k3.11.10_29-2.28.1 virtualbox-guest-kmp-default-debuginfo-4.2.28_k3.11.10_29-2.28.1 virtualbox-guest-kmp-desktop-4.2.28_k3.11.10_29-2.28.1 virtualbox-guest-kmp-desktop-debuginfo-4.2.28_k3.11.10_29-2.28.1 virtualbox-guest-tools-4.2.28-2.28.1 virtualbox-guest-tools-debuginfo-4.2.28-2.28.1 virtualbox-guest-x11-4.2.28-2.28.1 virtualbox-guest-x11-debuginfo-4.2.28-2.28.1 virtualbox-host-kmp-default-4.2.28_k3.11.10_29-2.28.1 virtualbox-host-kmp-default-debuginfo-4.2.28_k3.11.10_29-2.28.1 virtualbox-host-kmp-desktop-4.2.28_k3.11.10_29-2.28.1 virtualbox-host-kmp-desktop-debuginfo-4.2.28_k3.11.10_29-2.28.1 virtualbox-qt-4.2.28-2.28.1 virtualbox-qt-debuginfo-4.2.28-2.28.1 virtualbox-websrv-4.2.28-2.28.1 virtualbox-websrv-debuginfo-4.2.28-2.28.1 xen-debugsource-4.3.3_04-37.1 xen-devel-4.3.3_04-37.1 xen-kmp-default-4.3.3_04_k3.11.10_29-37.1 xen-kmp-default-debuginfo-4.3.3_04_k3.11.10_29-37.1 xen-kmp-desktop-4.3.3_04_k3.11.10_29-37.1 xen-kmp-desktop-debuginfo-4.3.3_04_k3.11.10_29-37.1 xen-libs-4.3.3_04-37.1 xen-libs-debuginfo-4.3.3_04-37.1 xen-tools-domU-4.3.3_04-37.1 xen-tools-domU-debuginfo-4.3.3_04-37.1 xtables-addons-2.3-2.19.1 xtables-addons-debuginfo-2.3-2.19.1 xtables-addons-debugsource-2.3-2.19.1 xtables-addons-kmp-default-2.3_k3.11.10_29-2.19.1 xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_29-2.19.1 xtables-addons-kmp-desktop-2.3_k3.11.10_29-2.19.1 xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_29-2.19.1 xtables-addons-kmp-xen-2.3_k3.11.10_29-2.19.1 xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_29-2.19.1 - openSUSE 13.1 (noarch): kernel-devel-3.11.10-29.1 kernel-docs-3.11.10-29.2 kernel-source-3.11.10-29.1 kernel-source-vanilla-3.11.10-29.1 - openSUSE 13.1 (x86_64): xen-4.3.3_04-37.1 xen-doc-html-4.3.3_04-37.1 xen-libs-32bit-4.3.3_04-37.1 xen-libs-debuginfo-32bit-4.3.3_04-37.1 xen-tools-4.3.3_04-37.1 xen-tools-debuginfo-4.3.3_04-37.1 xen-xend-tools-4.3.3_04-37.1 xen-xend-tools-debuginfo-4.3.3_04-37.1 - openSUSE 13.1 (i686): kernel-pae-3.11.10-29.1 kernel-pae-base-3.11.10-29.1 kernel-pae-base-debuginfo-3.11.10-29.1 kernel-pae-debuginfo-3.11.10-29.1 kernel-pae-debugsource-3.11.10-29.1 kernel-pae-devel-3.11.10-29.1 kernel-pae-devel-debuginfo-3.11.10-29.1 - openSUSE 13.1 (i586): cloop-kmp-pae-2.639_k3.11.10_29-11.19.1 cloop-kmp-pae-debuginfo-2.639_k3.11.10_29-11.19.1 crash-kmp-pae-7.0.2_k3.11.10_29-2.19.1 crash-kmp-pae-debuginfo-7.0.2_k3.11.10_29-2.19.1 hdjmod-kmp-pae-1.28_k3.11.10_29-16.19.1 hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_29-16.19.1 ipset-kmp-pae-6.21.1_k3.11.10_29-2.23.1 ipset-kmp-pae-debuginfo-6.21.1_k3.11.10_29-2.23.1 iscsitarget-kmp-pae-1.4.20.3_k3.11.10_29-13.19.1 iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_29-13.19.1 ndiswrapper-kmp-pae-1.58_k3.11.10_29-19.1 ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_29-19.1 pcfclock-kmp-pae-0.44_k3.11.10_29-258.19.1 pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_29-258.19.1 vhba-kmp-pae-20130607_k3.11.10_29-2.20.1 vhba-kmp-pae-debuginfo-20130607_k3.11.10_29-2.20.1 virtualbox-guest-kmp-pae-4.2.28_k3.11.10_29-2.28.1 virtualbox-guest-kmp-pae-debuginfo-4.2.28_k3.11.10_29-2.28.1 virtualbox-host-kmp-pae-4.2.28_k3.11.10_29-2.28.1 virtualbox-host-kmp-pae-debuginfo-4.2.28_k3.11.10_29-2.28.1 xen-kmp-pae-4.3.3_04_k3.11.10_29-37.1 xen-kmp-pae-debuginfo-4.3.3_04_k3.11.10_29-37.1 xtables-addons-kmp-pae-2.3_k3.11.10_29-2.19.1 xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_29-2.19.1


References

https://www.suse.com/security/cve/CVE-2014-7822.html https://www.suse.com/security/cve/CVE-2014-8134.html https://www.suse.com/security/cve/CVE-2014-8160.html https://www.suse.com/security/cve/CVE-2014-8173.html https://www.suse.com/security/cve/CVE-2014-8559.html https://www.suse.com/security/cve/CVE-2014-9419.html https://www.suse.com/security/cve/CVE-2014-9420.html https://www.suse.com/security/cve/CVE-2014-9529.html https://www.suse.com/security/cve/CVE-2014-9584.html https://www.suse.com/security/cve/CVE-2014-9585.html https://www.suse.com/security/cve/CVE-2015-1593.html https://bugzilla.suse.com/903640 https://bugzilla.suse.com/904899 https://bugzilla.suse.com/907988 https://bugzilla.suse.com/909078 https://bugzilla.suse.com/910150 https://bugzilla.suse.com/911325 https://bugzilla.suse.com/911326 https://bugzilla.suse.com/912202 https://bugzilla.suse.com/912654 https://bugzilla.suse.com/912705 https://bugzilla.suse.com/913059 https://bugzilla.suse.com/913695 https://bugzilla.suse.com/914175 https://bugzilla.suse.com/915322 https://bugzilla.suse.com/917839 https://bugzilla.suse.com/920901


Severity
Announcement ID: openSUSE-SU-2015:0714-1
Rating: important
Affected Products: openSUSE 13.1

Related News

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved