Jump to content


Photo

[security-announce] openSUSE-SU-2013:1005-1: critical: kernel


  • Please log in to reply
No replies to this topic

#1 News

News

    stranger

  • Members
  • 67005 posts

Posted 13 June 2013 - 10:07 AM

openSUSE Security Update: kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1005-1
Rating: critical
References: #790920 #821560 #822722
Cross-References: CVE-2013-2850
Affected Products:
openSUSE 12.1
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:


The openSUSE 12.1 kernel was updated to fix a critical
security issue and also some reiserfs bugs.

CVE-2013-2850: Incorrect strncpy usage in the network
listening part of the iscsi target driver could have been
used by remote attackers to crash the kernel or execute
code.

This required the iscsi target running on the machine and
the attacker able to make a network connection to it (aka
not filtered by firewalls).


Bugs:
- reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry (bnc#822722).

- reiserfs: fix problems with chowning setuid file w/
xattrs (bnc#790920).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-483

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (i586 x86_64):

kernel-debug-3.1.10-1.29.1
kernel-debug-base-3.1.10-1.29.1
kernel-debug-base-debuginfo-3.1.10-1.29.1
kernel-debug-debuginfo-3.1.10-1.29.1
kernel-debug-debugsource-3.1.10-1.29.1
kernel-debug-devel-3.1.10-1.29.1
kernel-debug-devel-debuginfo-3.1.10-1.29.1
kernel-default-3.1.10-1.29.1
kernel-default-base-3.1.10-1.29.1
kernel-default-base-debuginfo-3.1.10-1.29.1
kernel-default-debuginfo-3.1.10-1.29.1
kernel-default-debugsource-3.1.10-1.29.1
kernel-default-devel-3.1.10-1.29.1
kernel-default-devel-debuginfo-3.1.10-1.29.1
kernel-desktop-3.1.10-1.29.1
kernel-desktop-base-3.1.10-1.29.1
kernel-desktop-base-debuginfo-3.1.10-1.29.1
kernel-desktop-debuginfo-3.1.10-1.29.1
kernel-desktop-debugsource-3.1.10-1.29.1
kernel-desktop-devel-3.1.10-1.29.1
kernel-desktop-devel-debuginfo-3.1.10-1.29.1
kernel-ec2-3.1.10-1.29.1
kernel-ec2-base-3.1.10-1.29.1
kernel-ec2-base-debuginfo-3.1.10-1.29.1
kernel-ec2-debuginfo-3.1.10-1.29.1
kernel-ec2-debugsource-3.1.10-1.29.1
kernel-ec2-devel-3.1.10-1.29.1
kernel-ec2-devel-debuginfo-3.1.10-1.29.1
kernel-ec2-extra-3.1.10-1.29.1
kernel-ec2-extra-debuginfo-3.1.10-1.29.1
kernel-syms-3.1.10-1.29.1
kernel-trace-3.1.10-1.29.1
kernel-trace-base-3.1.10-1.29.1
kernel-trace-base-debuginfo-3.1.10-1.29.1
kernel-trace-debuginfo-3.1.10-1.29.1
kernel-trace-debugsource-3.1.10-1.29.1
kernel-trace-devel-3.1.10-1.29.1
kernel-trace-devel-debuginfo-3.1.10-1.29.1
kernel-vanilla-3.1.10-1.29.1
kernel-vanilla-base-3.1.10-1.29.1
kernel-vanilla-base-debuginfo-3.1.10-1.29.1
kernel-vanilla-debuginfo-3.1.10-1.29.1
kernel-vanilla-debugsource-3.1.10-1.29.1
kernel-vanilla-devel-3.1.10-1.29.1
kernel-vanilla-devel-debuginfo-3.1.10-1.29.1
kernel-xen-3.1.10-1.29.1
kernel-xen-base-3.1.10-1.29.1
kernel-xen-base-debuginfo-3.1.10-1.29.1
kernel-xen-debuginfo-3.1.10-1.29.1
kernel-xen-debugsource-3.1.10-1.29.1
kernel-xen-devel-3.1.10-1.29.1
kernel-xen-devel-debuginfo-3.1.10-1.29.1

- openSUSE 12.1 (noarch):

kernel-devel-3.1.10-1.29.1
kernel-docs-3.1.10-1.29.2
kernel-source-3.1.10-1.29.1
kernel-source-vanilla-3.1.10-1.29.1

- openSUSE 12.1 (i586):

kernel-pae-3.1.10-1.29.1
kernel-pae-base-3.1.10-1.29.1
kernel-pae-base-debuginfo-3.1.10-1.29.1
kernel-pae-debuginfo-3.1.10-1.29.1
kernel-pae-debugsource-3.1.10-1.29.1
kernel-pae-devel-3.1.10-1.29.1
kernel-pae-devel-debuginfo-3.1.10-1.29.1


References:

http://support.novel...-2013-2850.html
https://bugzilla.novell.com/790920
https://bugzilla.novell.com/821560
https://bugzilla.novell.com/822722

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org
For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

IPB Skin By Virteq