Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] openSUSE-SU-2013:1005-1: critical: kernel

Recommended Posts

openSUSE Security Update: kernel

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2013:1005-1

Rating: critical

References: #790920 #821560 #822722

Cross-References: CVE-2013-2850

Affected Products:

openSUSE 12.1

______________________________________________________________________________

 

An update that solves one vulnerability and has two fixes

is now available.

 

Description:

 

 

The openSUSE 12.1 kernel was updated to fix a critical

security issue and also some reiserfs bugs.

 

CVE-2013-2850: Incorrect strncpy usage in the network

listening part of the iscsi target driver could have been

used by remote attackers to crash the kernel or execute

code.

 

This required the iscsi target running on the machine and

the attacker able to make a network connection to it (aka

not filtered by firewalls).

 

 

Bugs:

- reiserfs: fix spurious multiple-fill in

reiserfs_readdir_dentry (bnc#822722).

 

- reiserfs: fix problems with chowning setuid file w/

xattrs (bnc#790920).

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 12.1:

 

zypper in -t patch openSUSE-2013-483

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 12.1 (i586 x86_64):

 

kernel-debug-3.1.10-1.29.1

kernel-debug-base-3.1.10-1.29.1

kernel-debug-base-debuginfo-3.1.10-1.29.1

kernel-debug-debuginfo-3.1.10-1.29.1

kernel-debug-debugsource-3.1.10-1.29.1

kernel-debug-devel-3.1.10-1.29.1

kernel-debug-devel-debuginfo-3.1.10-1.29.1

kernel-default-3.1.10-1.29.1

kernel-default-base-3.1.10-1.29.1

kernel-default-base-debuginfo-3.1.10-1.29.1

kernel-default-debuginfo-3.1.10-1.29.1

kernel-default-debugsource-3.1.10-1.29.1

kernel-default-devel-3.1.10-1.29.1

kernel-default-devel-debuginfo-3.1.10-1.29.1

kernel-desktop-3.1.10-1.29.1

kernel-desktop-base-3.1.10-1.29.1

kernel-desktop-base-debuginfo-3.1.10-1.29.1

kernel-desktop-debuginfo-3.1.10-1.29.1

kernel-desktop-debugsource-3.1.10-1.29.1

kernel-desktop-devel-3.1.10-1.29.1

kernel-desktop-devel-debuginfo-3.1.10-1.29.1

kernel-ec2-3.1.10-1.29.1

kernel-ec2-base-3.1.10-1.29.1

kernel-ec2-base-debuginfo-3.1.10-1.29.1

kernel-ec2-debuginfo-3.1.10-1.29.1

kernel-ec2-debugsource-3.1.10-1.29.1

kernel-ec2-devel-3.1.10-1.29.1

kernel-ec2-devel-debuginfo-3.1.10-1.29.1

kernel-ec2-extra-3.1.10-1.29.1

kernel-ec2-extra-debuginfo-3.1.10-1.29.1

kernel-syms-3.1.10-1.29.1

kernel-trace-3.1.10-1.29.1

kernel-trace-base-3.1.10-1.29.1

kernel-trace-base-debuginfo-3.1.10-1.29.1

kernel-trace-debuginfo-3.1.10-1.29.1

kernel-trace-debugsource-3.1.10-1.29.1

kernel-trace-devel-3.1.10-1.29.1

kernel-trace-devel-debuginfo-3.1.10-1.29.1

kernel-vanilla-3.1.10-1.29.1

kernel-vanilla-base-3.1.10-1.29.1

kernel-vanilla-base-debuginfo-3.1.10-1.29.1

kernel-vanilla-debuginfo-3.1.10-1.29.1

kernel-vanilla-debugsource-3.1.10-1.29.1

kernel-vanilla-devel-3.1.10-1.29.1

kernel-vanilla-devel-debuginfo-3.1.10-1.29.1

kernel-xen-3.1.10-1.29.1

kernel-xen-base-3.1.10-1.29.1

kernel-xen-base-debuginfo-3.1.10-1.29.1

kernel-xen-debuginfo-3.1.10-1.29.1

kernel-xen-debugsource-3.1.10-1.29.1

kernel-xen-devel-3.1.10-1.29.1

kernel-xen-devel-debuginfo-3.1.10-1.29.1

 

- openSUSE 12.1 (noarch):

 

kernel-devel-3.1.10-1.29.1

kernel-docs-3.1.10-1.29.2

kernel-source-3.1.10-1.29.1

kernel-source-vanilla-3.1.10-1.29.1

 

- openSUSE 12.1 (i586):

 

kernel-pae-3.1.10-1.29.1

kernel-pae-base-3.1.10-1.29.1

kernel-pae-base-debuginfo-3.1.10-1.29.1

kernel-pae-debuginfo-3.1.10-1.29.1

kernel-pae-debugsource-3.1.10-1.29.1

kernel-pae-devel-3.1.10-1.29.1

kernel-pae-devel-debuginfo-3.1.10-1.29.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2013-2850.html

https://bugzilla.novell.com/790920

https://bugzilla.novell.com/821560

https://bugzilla.novell.com/822722

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×