Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] openSUSE-SU-2013:1005-1: critical: kernel

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

openSUSE Security Update: kernel

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2013:1005-1

Rating: critical

References: #790920 #821560 #822722

Cross-References: CVE-2013-2850

Affected Products:

openSUSE 12.1

______________________________________________________________________________

 

An update that solves one vulnerability and has two fixes

is now available.

 

Description:

 

 

The openSUSE 12.1 kernel was updated to fix a critical

security issue and also some reiserfs bugs.

 

CVE-2013-2850: Incorrect strncpy usage in the network

listening part of the iscsi target driver could have been

used by remote attackers to crash the kernel or execute

code.

 

This required the iscsi target running on the machine and

the attacker able to make a network connection to it (aka

not filtered by firewalls).

 

 

Bugs:

- reiserfs: fix spurious multiple-fill in

reiserfs_readdir_dentry (bnc#822722).

 

- reiserfs: fix problems with chowning setuid file w/

xattrs (bnc#790920).

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 12.1:

 

zypper in -t patch openSUSE-2013-483

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 12.1 (i586 x86_64):

 

kernel-debug-3.1.10-1.29.1

kernel-debug-base-3.1.10-1.29.1

kernel-debug-base-debuginfo-3.1.10-1.29.1

kernel-debug-debuginfo-3.1.10-1.29.1

kernel-debug-debugsource-3.1.10-1.29.1

kernel-debug-devel-3.1.10-1.29.1

kernel-debug-devel-debuginfo-3.1.10-1.29.1

kernel-default-3.1.10-1.29.1

kernel-default-base-3.1.10-1.29.1

kernel-default-base-debuginfo-3.1.10-1.29.1

kernel-default-debuginfo-3.1.10-1.29.1

kernel-default-debugsource-3.1.10-1.29.1

kernel-default-devel-3.1.10-1.29.1

kernel-default-devel-debuginfo-3.1.10-1.29.1

kernel-desktop-3.1.10-1.29.1

kernel-desktop-base-3.1.10-1.29.1

kernel-desktop-base-debuginfo-3.1.10-1.29.1

kernel-desktop-debuginfo-3.1.10-1.29.1

kernel-desktop-debugsource-3.1.10-1.29.1

kernel-desktop-devel-3.1.10-1.29.1

kernel-desktop-devel-debuginfo-3.1.10-1.29.1

kernel-ec2-3.1.10-1.29.1

kernel-ec2-base-3.1.10-1.29.1

kernel-ec2-base-debuginfo-3.1.10-1.29.1

kernel-ec2-debuginfo-3.1.10-1.29.1

kernel-ec2-debugsource-3.1.10-1.29.1

kernel-ec2-devel-3.1.10-1.29.1

kernel-ec2-devel-debuginfo-3.1.10-1.29.1

kernel-ec2-extra-3.1.10-1.29.1

kernel-ec2-extra-debuginfo-3.1.10-1.29.1

kernel-syms-3.1.10-1.29.1

kernel-trace-3.1.10-1.29.1

kernel-trace-base-3.1.10-1.29.1

kernel-trace-base-debuginfo-3.1.10-1.29.1

kernel-trace-debuginfo-3.1.10-1.29.1

kernel-trace-debugsource-3.1.10-1.29.1

kernel-trace-devel-3.1.10-1.29.1

kernel-trace-devel-debuginfo-3.1.10-1.29.1

kernel-vanilla-3.1.10-1.29.1

kernel-vanilla-base-3.1.10-1.29.1

kernel-vanilla-base-debuginfo-3.1.10-1.29.1

kernel-vanilla-debuginfo-3.1.10-1.29.1

kernel-vanilla-debugsource-3.1.10-1.29.1

kernel-vanilla-devel-3.1.10-1.29.1

kernel-vanilla-devel-debuginfo-3.1.10-1.29.1

kernel-xen-3.1.10-1.29.1

kernel-xen-base-3.1.10-1.29.1

kernel-xen-base-debuginfo-3.1.10-1.29.1

kernel-xen-debuginfo-3.1.10-1.29.1

kernel-xen-debugsource-3.1.10-1.29.1

kernel-xen-devel-3.1.10-1.29.1

kernel-xen-devel-debuginfo-3.1.10-1.29.1

 

- openSUSE 12.1 (noarch):

 

kernel-devel-3.1.10-1.29.1

kernel-docs-3.1.10-1.29.2

kernel-source-3.1.10-1.29.1

kernel-source-vanilla-3.1.10-1.29.1

 

- openSUSE 12.1 (i586):

 

kernel-pae-3.1.10-1.29.1

kernel-pae-base-3.1.10-1.29.1

kernel-pae-base-debuginfo-3.1.10-1.29.1

kernel-pae-debuginfo-3.1.10-1.29.1

kernel-pae-debugsource-3.1.10-1.29.1

kernel-pae-devel-3.1.10-1.29.1

kernel-pae-devel-debuginfo-3.1.10-1.29.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2013-2850.html

https://bugzilla.novell.com/790920

https://bugzilla.novell.com/821560

https://bugzilla.novell.com/822722

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×