[security-announce] openSUSE-SU-2013:1187-1: important: 3.0.80 kernel update

[news 28]

openSUSE Security Update: 3.0.80 kernel update

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2013:1187-1

Rating: important

References: #763968 #769685 #788590 #789359 #792584 #797175

#800907 #802642 #804609 #804656 #805804 #805945

#806238 #806980 #808358 #808647 #808827 #809122

#809895 #809902 #809903 #810473 #810580 #810624

#810722 #812281 #814719 #815356 #815444 #815745

#816443 #816451 #816586 #817010 #817339 #818053

#818327 #818371 #818514 #818516 #818798 #819295

#819519 #819655 #820434 #821930 #822431 #822722

 

Cross-References: CVE-2012-6548 CVE-2012-6549 CVE-2013-0160

CVE-2013-0268 CVE-2013-0311 CVE-2013-0914

CVE-2013-1772 CVE-2013-1792 CVE-2013-1796

CVE-2013-1797 CVE-2013-1798 CVE-2013-2634

CVE-2013-2635

Affected Products:

openSUSE 11.4

______________________________________________________________________________

 

An update that solves 13 vulnerabilities and has 35 fixes

is now available.

 

Description:

 

The kernel was updated to Linux kernel 3.0.80, fixing

various bugs and security issues.

 

Following security issues were fixed: CVE-2013-0160:

Timing side channel on attacks were possible on /dev/ptmx

that could allow local attackers to predict keypresses like

e.g. passwords. This has been fixed again by up[censored]

accessed/modified time on the pty devices in resolution of

8 seconds, so that idle time detection can still work.

 

CVE-2013-3222: The vcc_recvmsg function in

net/atm/common.c in the Linux kernel did not initialize a

certain length variable, which allowed local users to

obtain sensitive information from kernel stack memory via a

crafted recvmsg or recvfrom system call.

 

CVE-2013-3223: The ax25_recvmsg function in

net/ax25/af_ax25.c in the Linux kernel did not initialize a

certain data structure, which allowed local users to obtain

sensitive information from kernel stack memory via a

crafted recvmsg or recvfrom system call.

 

CVE-2013-3224: The bt_sock_recvmsg function in

net/bluetooth/af_bluetooth.c in the Linux kernel did not

properly initialize a certain length variable, which

allowed local users to obtain sensitive information from

kernel stack memory via a crafted recvmsg or recvfrom

system call.

 

CVE-2013-3225: The rfcomm_sock_recvmsg function in

net/bluetooth/rfcomm/sock.c in the Linux kernel did not

initialize a certain length variable, which allowed local

users to obtain sensitive information from kernel stack

memory via a crafted recvmsg or recvfrom system call.

 

CVE-2013-3227: The caif_seqpkt_recvmsg function in

net/caif/caif_socket.c in the Linux kernel did not

initialize a certain length variable, which allowed local

users to obtain sensitive information from kernel stack

memory via a crafted recvmsg or recvfrom system call.

 

CVE-2013-3228: The irda_recvmsg_dgram function in

net/irda/af_irda.c in the Linux kernel did not initialize a

certain length variable, which allowed local users to

obtain sensitive information from kernel stack memory via a

crafted recvmsg or recvfrom system call.

 

CVE-2013-3229: The iucv_sock_recvmsg function in

net/iucv/af_iucv.c in the Linux kernel did not initialize a

certain length variable, which allowed local users to

obtain sensitive information from kernel stack memory via a

crafted recvmsg or recvfrom system call.

 

CVE-2013-3231: The llc_ui_recvmsg function in

net/llc/af_llc.c in the Linux kernel did not initialize a

certain length variable, which allowed local users to

obtain sensitive information from kernel stack memory via a

crafted recvmsg or recvfrom system call.

 

CVE-2013-3232: The nr_recvmsg function in

net/netrom/af_netrom.c in the Linux kernel did not

initialize a certain data structure, which allowed local

users to obtain sensitive information from kernel stack

memory via a crafted recvmsg or recvfrom system call.

 

CVE-2013-3234: The rose_recvmsg function in

net/rose/af_rose.c in the Linux kernel did not initialize a

certain data structure, which allowed local users to obtain

sensitive information from kernel stack memory via a

crafted recvmsg or recvfrom system call.

 

CVE-2013-3235: net/tipc/socket.c in the Linux kernel did

not initialize a certain data structure and a certain

length variable, which allowed local users to obtain

sensitive information from kernel stack memory via a

crafted recvmsg or recvfrom system call.

 

CVE-2013-3076: The crypto API in the Linux kernel did

not initialize certain length variables, which allowed

local users to obtain sensitive information from kernel

stack memory via a crafted recvmsg or recvfrom system call,

related to the hash_recvmsg function in crypto/algif_hash.c

and the skcipher_recvmsg function in

crypto/algif_skcipher.c.

 

CVE-2013-1979: The scm_set_cred function in

include/net/scm.h in the Linux kernel used incorrect uid

and gid values during credentials passing, which allowed

local users to gain privileges via a crafted application.

 

A kernel information leak via tkill/tgkill was fixed.

 

 

Following bugs were fixed:

- reiserfs: fix spurious multiple-fill in

reiserfs_readdir_dentry (bnc#822722).

 

- libfc: do not exch_done() on invalid sequence ptr

(bnc#810722).

 

- netfilter: ip6t_LOG: fix logging of packet mark

(bnc#821930).

 

- hyperv: use 3.4 as LIC version string (bnc#822431).

 

- virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID

(bnc#819655).

 

- xen/netback: do not disconnect frontend when seeing

oversize packet.

- xen/netfront: reduce gso_max_size to account for max

TCP header.

- xen/netfront: fix kABI after "reduce gso_max_size to

account for max TCP header".

 

- xfs: Fix kABI due to change in xfs_buf (bnc#815356).

 

- xfs: fix race while discarding buffers [V4]

(bnc#815356 (comment 36)).

 

- xfs: Serialize file-extending direct IO (bnc#818371).

 

- xhci: Do not switch webcams in some HP ProBooks to

XHCI (bnc#805804).

- bluetooth: Do not switch BT on HP ProBook 4340

(bnc#812281).

 

- s390/ftrace: fix mcount adjustment (bnc#809895).

 

- mm: memory_dev_init make sure nmi watchdog does not

trigger while registering memory sections (bnc#804609,

bnc#820434).

 

- patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid

pathological backwards allocation (bnc#805945).

 

- mm: compaction: Restart compaction from near where it

left off

- mm: compaction: cache if a pageblock was scanned and

no pages were isolated

- mm: compaction: clear PG_migrate_skip based on

compaction and reclaim activity

- mm: compaction: Scan PFN caching KABI workaround

- mm: page_allocator: Remove first_pass guard

- mm: vmscan: do not stall on writeback during memory

compaction Cache compaction restart points for faster

compaction cycles (bnc#816451)

 

- qlge: fix dma map leak when the last chunk is not

allocated (bnc#819519).

 

- SUNRPC: Get rid of the redundant xprt->shutdown bit

field (bnc#800907).

- SUNRPC: Ensure that we grab the XPRT_LOCK before

calling xprt_alloc_slot (bnc#800907).

- SUNRPC: Fix a UDP transport regression (bnc#800907).

- SUNRPC: Allow caller of rpc_sleep_on() to select

priority levels (bnc#800907).

- SUNRPC: Replace xprt->resend and xprt->sending with a

priority queue (bnc#800907).

- SUNRPC: Fix potential races in xprt_lock_write_next()

(bnc#800907).

 

- md: cannot re-add disks after recovery (bnc#808647).

 

- fs/xattr.c:getxattr(): improve handling of allocation

failures (bnc#818053).

- fs/xattr.c:listxattr(): fall back to vmalloc() if

kmalloc() failed (bnc#818053).

- fs/xattr.c:setxattr(): improve handling of allocation

failures (bnc#818053).

- fs/xattr.c: suppress page allocation failure warnings

from sys_listxattr() (bnc#818053).

 

- virtio-blk: Call revalidate_disk() upon online disk

resize (bnc#817339).

 

- usb-storage: CY7C68300A chips do not support Cypress

ATACB (bnc#819295).

 

- patches.kernel.org/patch-3.0.60-61: Update references

(add bnc#810580).

 

- usb: Using correct way to clear usb3.0 devices remote

wakeup feature (bnc#818516).

 

- xhci: Fix TD size for isochronous URBs (bnc#818514).

 

- ALSA: hda - fixup D3 pin and right channel mute on

Haswell HDMI audio (bnc#818798).

- ALSA: hda - Apply pin-enablement workaround to all

Haswell HDMI codecs (bnc#818798).

 

- xfs: fallback to vmalloc for large buffers in

xfs_attrmulti_attr_get (bnc#818053).

- xfs: fallback to vmalloc for large buffers in

xfs_attrlist_by_handle (bnc#818053).

- xfs: xfs: fallback to vmalloc for large buffers in

xfs_compat_attrlist_by_handle (bnc#818053).

 

- xHCI: store rings type.

- xhci: Fix hang on back-to-back Set TR Deq Ptr commands.

- xHCI: check enqueue pointer advance into dequeue seg.

- xHCI: store rings last segment and segment numbers.

- xHCI: Allocate 2 segments for transfer ring.

- xHCI: count free TRBs on transfer ring.

- xHCI: factor out segments allocation and free function.

- xHCI: update sg tablesize.

- xHCI: set cycle state when allocate rings.

- xhci: Reserve one command for USB3 LPM disable.

- xHCI: dynamic ring expansion.

- xhci: Do not warn on empty ring for suspended devices.

 

- md/raid1: Do not release reference to device while

handling read error (bnc#809122, bnc#814719).

 

- rpm/mkspec: Stop generating the get_release_number.sh

file.

 

- rpm/kernel-spec-macros: Properly handle KOTD release

numbers with .g suffix.

 

- rpm/kernel-spec-macros: Drop the %release_num macro We

no longer put the -rcX tag into the release string.

 

- rpm/kernel-*.spec.in, rpm/mkspec: Do not force the

"" string in specfiles.

 

- mm/mmap: check for RLIMIT_AS before unmapping

(bnc#818327).

 

- mm: Fix add_page_wait_queue() to work for PG_Locked

bit waiters (bnc#792584).

 

- mm: Fix add_page_wait_queue() to work for PG_Locked

bit waiters (bnc#792584).

 

- bonding: only use primary address for ARP (bnc#815444).

- bonding: remove entries for master_ip and vlan_ip and

query devices instead (bnc#815444).

 

 

- mm: speedup in __early_pfn_to_nid (bnc#810624).

 

- TTY: fix atime/mtime regression (bnc#815745).

 

- sd_dif: problem with verify of type 1 protection

information (PI) (bnc#817010).

 

- sched: harden rq rt usage accounting (bnc#769685,

bnc#788590).

 

- rcu: Avoid spurious RCU CPU stall warnings

(bnc#816586).

- rcu: Dump local stack if cannot dump all CPUs stacks

(bnc#816586).

- rcu: Fix detection of abruptly-ending stall

(bnc#816586).

- rcu: Suppress NMI backtraces when stall ends before

dump (bnc#816586).

 

- Update Xen patches to 3.0.74.

 

- btrfs: do not re-enter when allocating a chunk.

- btrfs: save us a read_lock.

- btrfs: Check CAP_DAC_READ_SEARCH for

BTRFS_IOC_INO_PATHS.

- btrfs: remove unused fs_info from btrfs_decode_error().

- btrfs: handle null fs_info in btrfs_panic().

- btrfs: fix varargs in __btrfs_std_error.

- btrfs: fix the race between bio and btrfs_stop_workers.

- btrfs: fix NULL pointer after aborting a transaction.

- btrfs: fix infinite loop when we abort on mount.

 

- xfs: Do not allocate new buffers on every call to

_xfs_buf_find (bnc#763968).

- xfs: fix buffer lookup race on allocation failure

(bnc#763968).

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 11.4:

 

zypper in -t patch 2013-109

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 11.4 (i586 x86_64):

 

kernel-debug-3.0.80-52.1

kernel-debug-base-3.0.80-52.1

kernel-debug-base-debuginfo-3.0.80-52.1

kernel-debug-debuginfo-3.0.80-52.1

kernel-debug-debugsource-3.0.80-52.1

kernel-debug-devel-3.0.80-52.1

kernel-debug-devel-debuginfo-3.0.80-52.1

kernel-debug-hmac-3.0.80-52.1

kernel-default-3.0.80-52.1

kernel-default-base-3.0.80-52.1

kernel-default-base-debuginfo-3.0.80-52.1

kernel-default-debuginfo-3.0.80-52.1

kernel-default-debugsource-3.0.80-52.1

kernel-default-devel-3.0.80-52.1

kernel-default-devel-debuginfo-3.0.80-52.1

kernel-default-hmac-3.0.80-52.1

kernel-desktop-3.0.80-52.1

kernel-desktop-base-3.0.80-52.1

kernel-desktop-base-debuginfo-3.0.80-52.1

kernel-desktop-debuginfo-3.0.80-52.1

kernel-desktop-debugsource-3.0.80-52.1

kernel-desktop-devel-3.0.80-52.1

kernel-desktop-devel-debuginfo-3.0.80-52.1

kernel-desktop-hmac-3.0.80-52.1

kernel-ec2-3.0.80-52.1

kernel-ec2-base-3.0.80-52.1

kernel-ec2-base-debuginfo-3.0.80-52.1

kernel-ec2-debuginfo-3.0.80-52.1

kernel-ec2-debugsource-3.0.80-52.1

kernel-ec2-devel-3.0.80-52.1

kernel-ec2-devel-debuginfo-3.0.80-52.1

kernel-ec2-extra-3.0.80-52.1

kernel-ec2-extra-debuginfo-3.0.80-52.1

kernel-ec2-hmac-3.0.80-52.1

kernel-source-3.0.80-52.1

kernel-source-vanilla-3.0.80-52.1

kernel-syms-3.0.80-52.1

kernel-trace-3.0.80-52.1

kernel-trace-base-3.0.80-52.1

kernel-trace-base-debuginfo-3.0.80-52.1

kernel-trace-debuginfo-3.0.80-52.1

kernel-trace-debugsource-3.0.80-52.1

kernel-trace-devel-3.0.80-52.1

kernel-trace-devel-debuginfo-3.0.80-52.1

kernel-trace-hmac-3.0.80-52.1

kernel-vanilla-3.0.80-52.1

kernel-vanilla-base-3.0.80-52.1

kernel-vanilla-base-debuginfo-3.0.80-52.1

kernel-vanilla-debuginfo-3.0.80-52.1

kernel-vanilla-debugsource-3.0.80-52.1

kernel-vanilla-devel-3.0.80-52.1

kernel-vanilla-devel-debuginfo-3.0.80-52.1

kernel-vanilla-hmac-3.0.80-52.1

kernel-xen-3.0.80-52.1

kernel-xen-base-3.0.80-52.1

kernel-xen-base-debuginfo-3.0.80-52.1

kernel-xen-debuginfo-3.0.80-52.1

kernel-xen-debugsource-3.0.80-52.1

kernel-xen-devel-3.0.80-52.1

kernel-xen-devel-debuginfo-3.0.80-52.1

kernel-xen-hmac-3.0.80-52.1

preload-1.2-6.35.1

preload-debuginfo-1.2-6.35.1

preload-debugsource-1.2-6.35.1

preload-kmp-default-1.2_3.0.80_52-6.35.1

preload-kmp-default-debuginfo-1.2_3.0.80_52-6.35.1

preload-kmp-desktop-1.2_3.0.80_52-6.35.1

preload-kmp-desktop-debuginfo-1.2_3.0.80_52-6.35.1

 

- openSUSE 11.4 (noarch):

 

kernel-docs-3.0.80-52.2

 

- openSUSE 11.4 (i586):

 

kernel-pae-3.0.80-52.1

kernel-pae-base-3.0.80-52.1

kernel-pae-base-debuginfo-3.0.80-52.1

kernel-pae-debuginfo-3.0.80-52.1

kernel-pae-debugsource-3.0.80-52.1

kernel-pae-devel-3.0.80-52.1

kernel-pae-devel-debuginfo-3.0.80-52.1

kernel-pae-hmac-3.0.80-52.1

kernel-vmi-3.0.80-52.1

kernel-vmi-base-3.0.80-52.1

kernel-vmi-base-debuginfo-3.0.80-52.1

kernel-vmi-debuginfo-3.0.80-52.1

kernel-vmi-debugsource-3.0.80-52.1

kernel-vmi-devel-3.0.80-52.1

kernel-vmi-devel-debuginfo-3.0.80-52.1

kernel-vmi-hmac-3.0.80-52.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2012-6548.html

http://support.novell.com/security/cve/CVE-2012-6549.html

http://support.novell.com/security/cve/CVE-2013-0160.html

http://support.novell.com/security/cve/CVE-2013-0268.html

http://support.novell.com/security/cve/CVE-2013-0311.html

http://support.novell.com/security/cve/CVE-2013-0914.html

http://support.novell.com/security/cve/CVE-2013-1772.html

http://support.novell.com/security/cve/CVE-2013-1792.html

http://support.novell.com/security/cve/CVE-2013-1796.html

http://support.novell.com/security/cve/CVE-2013-1797.html

http://support.novell.com/security/cve/CVE-2013-1798.html

http://support.novell.com/security/cve/CVE-2013-2634.html

http://support.novell.com/security/cve/CVE-2013-2635.html

https://bugzilla.novell.com/763968

https://bugzilla.novell.com/769685

https://bugzilla.novell.com/788590

https://bugzilla.novell.com/789359

https://bugzilla.novell.com/792584

https://bugzilla.novell.com/797175

https://bugzilla.novell.com/800907

https://bugzilla.novell.com/802642

https://bugzilla.novell.com/804609

https://bugzilla.novell.com/804656

https://bugzilla.novell.com/805804

https://bugzilla.novell.com/805945

https://bugzilla.novell.com/806238

https://bugzilla.novell.com/806980

https://bugzilla.novell.com/808358

https://bugzilla.novell.com/808647

https://bugzilla.novell.com/808827

https://bugzilla.novell.com/809122

https://bugzilla.novell.com/809895

https://bugzilla.novell.com/809902

https://bugzilla.novell.com/809903

https://bugzilla.novell.com/810473

https://bugzilla.novell.com/810580

https://bugzilla.novell.com/810624

https://bugzilla.novell.com/810722

https://bugzilla.novell.com/812281

https://bugzilla.novell.com/814719

https://bugzilla.novell.com/815356

https://bugzilla.novell.com/815444

https://bugzilla.novell.com/815745

https://bugzilla.novell.com/816443

https://bugzilla.novell.com/816451

https://bugzilla.novell.com/816586

https://bugzilla.novell.com/817010

https://bugzilla.novell.com/817339

https://bugzilla.novell.com/818053

https://bugzilla.novell.com/818327

https://bugzilla.novell.com/818371

https://bugzilla.novell.com/818514

https://bugzilla.novell.com/818516

https://bugzilla.novell.com/818798

https://bugzilla.novell.com/819295

https://bugzilla.novell.com/819519

https://bugzilla.novell.com/819655

https://bugzilla.novell.com/820434

https://bugzilla.novell.com/821930

https://bugzilla.novell.com/822431

https://bugzilla.novell.com/822722

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org