SUSE-SU-2014:0531-1: important: Security update for Linux kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Apr 15 17:05:12 MDT 2014


   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0531-1
Rating:             important
References:         #599263 #827670 #833968 #844513 #846790 #847672 
                    #852488 #852967 #853162 #853166 #853455 #854025 
                    #854445 #855825 #856848 #857358 #857643 #858604 
                    #859225 #859342 #861093 #862796 #862957 #863178 
                    #863526 #864025 #864058 #864833 #864880 #865342 
                    #865783 #866253 #866428 #870801 
Cross-References:   CVE-2013-4470 CVE-2013-6885 CVE-2013-7263
                    CVE-2013-7264 CVE-2013-7265 CVE-2014-0069
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise High Availability Extension 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 28 fixes is
   now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
   updated to fix  various bugs and security issues.

   ------------------------------------------------------------
   ------------ WARNING: If you are running KVM with PCI
   pass-through on a system with one  of the following Intel
   chipsets: 5500 (revision 0x13), 5520 (revision 0x13)  or
   X58 (revisions 0x12, 0x13, 0x22), please make sure to read
   the following  support document before installing this
   update:

   https://www.suse.com/support/kb/doc.php?id=7014344
   <https://www.suse.com/support/kb/doc.php?id=7014344>

   You will have to update your KVM setup to no longer make
   use of PCI  pass-through before rebooting to the updated
   kernel.

   ------------------------------------------------------------
   ------------

   The following security bugs have been fixed:

   *

   CVE-2013-4470: The Linux kernel before 3.12, when UDP
   Fragmentation Offload (UFO) is enabled, does not properly
   initialize certain data structures, which allows local
   users to cause a denial of service (memory corruption and
   system crash) or possibly gain privileges via a crafted
   application that uses the UDP_CORK option in a setsockopt
   system call and sends both short and long packets, related
   to the ip_ufo_append_data function in net/ipv4/ip_output.c
   and the ip6_ufo_append_data function in
   net/ipv6/ip6_output.c. (bnc#847672)

   *

   CVE-2013-6885: The microcode on AMD 16h 00h through
   0Fh processors does not properly handle the interaction
   between locked instructions and write-combined memory
   types, which allows local users to cause a denial of
   service (system hang) via a crafted application, aka the
   errata 793 issue. (bnc#852967)

   *

   CVE-2013-7263: The Linux kernel before 3.12.4 updates
   certain length values before ensuring that associated data
   structures have been initialized, which allows local users
   to obtain sensitive information from kernel stack memory
   via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
   call, related to net/ipv4/ping.c, net/ipv4/raw.c,
   net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
   (bnc#857643)

   *

   CVE-2013-7264: The l2tp_ip_recvmsg function in
   net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4
   updates a certain length value before ensuring that an
   associated data structure has been initialized, which
   allows local users to obtain sensitive information from
   kernel stack memory via a (1) recvfrom, (2) recvmmsg, or
   (3) recvmsg system call. (bnc#857643)

   *

   CVE-2013-7265: The pn_recvmsg function in
   net/phonet/datagram.c in the Linux kernel before 3.12.4
   updates a certain length value before ensuring that an
   associated data structure has been initialized, which
   allows local users to obtain sensitive information from
   kernel stack memory via a (1) recvfrom, (2) recvmmsg, or
   (3) recvmsg system call. (bnc#857643)

   *

   CVE-2014-0069: The cifs_iovec_write function in
   fs/cifs/file.c in the Linux kernel through 3.13.5 does not
   properly handle uncached write operations that copy fewer
   than the requested number of bytes, which allows local
   users to obtain sensitive information from kernel memory,
   cause a denial of service (memory corruption and system
   crash), or possibly gain privileges via a writev system
   call with a crafted pointer. (bnc#864025)

   Also the following non-security bugs have been fixed:

   * kabi: protect symbols modified by bnc#864833 fix
   (bnc#864833).
   * mm: mempolicy: fix mbind_range() && vma_adjust()
   interaction (VM Functionality (bnc#866428)).
   * mm: merging memory blocks resets mempolicy (VM
   Functionality (bnc#866428)).
   * mm/page-writeback.c: do not count anon pages as
   dirtyable memory (High memory utilisation performance
   (bnc#859225)).
   * mm: vmscan: Do not force reclaim file pages until it
   exceeds anon (High memory utilisation performance
   (bnc#859225)).
   * mm: vmscan: fix endless loop in kswapd balancing
   (High memory utilisation performance (bnc#859225)).
   * mm: vmscan: Update rotated and scanned when force
   reclaimed (High memory utilisation performance
   (bnc#859225)).
   * mm: exclude memory less nodes from zone_reclaim
   (bnc#863526).
   * mm: fix return type for functions nr_free_*_pages
   kabi fixup (bnc#864058).
   * mm: fix return type for functions nr_free_*_pages
   (bnc#864058).
   * mm: swap: Use swapfiles in priority order (Use swap
   files in priority order (bnc#862957)).
   * x86: Save cr2 in NMI in case NMIs take a page fault
   (follow-up for
   patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch).
   * powerpc: Add VDSO version of getcpu (fate#316816,
   bnc#854445).
   * vmscan: change type of vm_total_pages to unsigned
   long (bnc#864058).
   * audit: dynamically allocate audit_names when not
   enough space is in the names array (bnc#857358).
   * audit: make filetype matching consistent with other
   filters (bnc#857358).
   * arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing
   SLIT (bnc#863178).
   * hwmon: (coretemp) Fix truncated name of alarm
   attributes.
   * privcmd: allow preempting long running user-mode
   originating hypercalls (bnc#861093).
   * nohz: Check for nohz active instead of nohz enabled
   (bnc#846790).
   * nohz: Fix another inconsistency between
   CONFIG_NO_HZ=n and nohz=off (bnc#846790).
   * iommu/vt-d: add quirk for broken interrupt remapping
   on 55XX chipsets (bnc#844513)
   *

   balloon: do not crash in HVM-with-PoD guests.

   *

   crypto: s390 - fix des and des3_ede ctr concurrency
   issue (bnc#862796, LTC#103744).

   * crypto: s390 - fix des and des3_ede cbc concurrency
   issue (bnc#862796, LTC#103743).
   * kernel: oops due to linkage stack instructions
   (bnc#862796, LTC#103860).
   * crypto: s390 - fix concurrency issue in aes-ctr mode
   (bnc#862796, LTC#103742).
   *

   dump: Fix dump memory detection
   (bnc#862796,LTC#103575).

   *

   net: change type of virtio_chan->p9_max_pages
   (bnc#864058).

   * inet: handle rt{,6}_bind_peer() failure correctly
   (bnc#870801).
   * inet: Avoid potential NULL peer dereference
   (bnc#864833).
   * inet: Hide route peer accesses behind helpers
   (bnc#864833).
   * inet: Pass inetpeer root into inet_getpeer*()
   interfaces (bnc#864833).
   * tcp: syncookies: reduce cookie lifetime to 128
   seconds (bnc#833968).
   * tcp: syncookies: reduce mss table to four values
   (bnc#833968).
   * ipv6 routing, NLM_F_* flag support: REPLACE and EXCL
   flags support, warn about missing CREATE flag (bnc#865783).
   * ipv6: send router reachability probe if route has an
   unreachable gateway (bnc#853162).
   * sctp: Implement quick failover draft from tsvwg
   (bnc#827670).
   *

   ipvs: fix AF assignment in ip_vs_conn_new()
   (bnc#856848).

   *

   NFSD/sunrpc: avoid deadlock on TCP connection due to
   memory pressure (bnc#853455).

   * btrfs: bugfix collection
   * fs/nfsd: change type of max_delegations,
   nfsd_drc_max_mem and nfsd_drc_mem_used (bnc#864058).
   * fs/buffer.c: change type of max_buffer_heads to
   unsigned long (bnc#864058).
   *

   ncpfs: fix rmdir returns Device or resource busy
   (bnc#864880).

   *

   scsi_dh_alua: fixup RTPG retry delay miscalculation
   (bnc#854025).

   * scsi_dh_alua: Simplify state machine (bnc#854025).
   * xhci: Fix resume issues on Renesas chips in Samsung
   laptops (bnc#866253).
   * bonding: disallow enslaving a bond to itself
   (bnc#599263).
   * USB: hub: handle -ETIMEDOUT during enumeration
   (bnc#855825).
   * dm-multipath: Do not stall on invalid ioctls
   (bnc#865342).
   * scsi_dh_alua: endless STPG retries for a failed LUN
   (bnc#865342).
   * net/mlx4_en: Fix pages never dma unmapped on rx
   (bnc#858604).
   * dlm: remove get_comm (bnc#827670).
   * dlm: Avoid LVB truncation (bnc#827670).
   * dlm: disable nagle for SCTP (bnc#827670).
   * dlm: retry failed SCTP sends (bnc#827670).
   * dlm: try other IPs when sctp init assoc fails
   (bnc#827670).
   * dlm: clear correct bit during sctp init failure
   handling (bnc#827670).
   * dlm: set sctp assoc id during setup (bnc#827670).
   * dlm: clear correct init bit during sctp setup
   (bnc#827670).
   * dlm: fix deadlock between dlm_send and dlm_controld
   (bnc#827670).
   * dlm: Fix return value from lockspace_busy()
   (bnc#827670).
   * Avoid occasional hang with NFS (bnc#852488).
   * mpt2sas: Fix unsafe using smp_processor_id() in
   preemptible (bnc#853166).
   * lockd: send correct lock when granting a delayed lock
   (bnc#859342).

   Security Issue references:

   * CVE-2013-4470
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
   >
   * CVE-2013-6885
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885
   >
   * CVE-2013-7263
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
   >
   * CVE-2013-7264
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264
   >
   * CVE-2013-7265
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265
   >
   * CVE-2014-0069
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069
   >

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-kernel-9102 slessp3-kernel-9105

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-kernel-9102 slessp3-kernel-9103 slessp3-kernel-9104 slessp3-kernel-9105 slessp3-kernel-9113

   - SUSE Linux Enterprise High Availability Extension 11 SP3:

      zypper in -t patch slehasp3-kernel-9102 slehasp3-kernel-9103 slehasp3-kernel-9104 slehasp3-kernel-9105 slehasp3-kernel-9113

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-kernel-9102 sledsp3-kernel-9105

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.21.1
      kernel-default-base-3.0.101-0.21.1
      kernel-default-devel-3.0.101-0.21.1
      kernel-source-3.0.101-0.21.1
      kernel-syms-3.0.101-0.21.1
      kernel-trace-3.0.101-0.21.1
      kernel-trace-base-3.0.101-0.21.1
      kernel-trace-devel-3.0.101-0.21.1
      kernel-xen-devel-3.0.101-0.21.1

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.21.1
      kernel-pae-base-3.0.101-0.21.1
      kernel-pae-devel-3.0.101-0.21.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.21.1
      kernel-default-base-3.0.101-0.21.1
      kernel-default-devel-3.0.101-0.21.1
      kernel-source-3.0.101-0.21.1
      kernel-syms-3.0.101-0.21.1
      kernel-trace-3.0.101-0.21.1
      kernel-trace-base-3.0.101-0.21.1
      kernel-trace-devel-3.0.101-0.21.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

      kernel-ec2-3.0.101-0.21.1
      kernel-ec2-base-3.0.101-0.21.1
      kernel-ec2-devel-3.0.101-0.21.1
      kernel-xen-3.0.101-0.21.1
      kernel-xen-base-3.0.101-0.21.1
      kernel-xen-devel-3.0.101-0.21.1
      xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12

   - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:

      kernel-default-man-3.0.101-0.21.1

   - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:

      kernel-ppc64-3.0.101-0.21.1
      kernel-ppc64-base-3.0.101-0.21.1
      kernel-ppc64-devel-3.0.101-0.21.1

   - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.21.1
      kernel-pae-base-3.0.101-0.21.1
      kernel-pae-devel-3.0.101-0.21.1
      xen-kmp-pae-4.2.4_02_3.0.101_0.21-0.7.12

   - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_3.0.101_0.21-2.27.54
      cluster-network-kmp-trace-1.4_3.0.101_0.21-2.27.54
      gfs2-kmp-default-2_3.0.101_0.21-0.16.60
      gfs2-kmp-trace-2_3.0.101_0.21-0.16.60
      ocfs2-kmp-default-1.6_3.0.101_0.21-0.20.54
      ocfs2-kmp-trace-1.6_3.0.101_0.21-0.20.54

   - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.101_0.21-2.27.54
      gfs2-kmp-xen-2_3.0.101_0.21-0.16.60
      ocfs2-kmp-xen-1.6_3.0.101_0.21-0.20.54

   - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):

      cluster-network-kmp-ppc64-1.4_3.0.101_0.21-2.27.54
      gfs2-kmp-ppc64-2_3.0.101_0.21-0.16.60
      ocfs2-kmp-ppc64-1.6_3.0.101_0.21-0.20.54

   - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):

      cluster-network-kmp-pae-1.4_3.0.101_0.21-2.27.54
      gfs2-kmp-pae-2_3.0.101_0.21-0.16.60
      ocfs2-kmp-pae-1.6_3.0.101_0.21-0.20.54

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.21.1
      kernel-default-base-3.0.101-0.21.1
      kernel-default-devel-3.0.101-0.21.1
      kernel-default-extra-3.0.101-0.21.1
      kernel-source-3.0.101-0.21.1
      kernel-syms-3.0.101-0.21.1
      kernel-trace-devel-3.0.101-0.21.1
      kernel-xen-3.0.101-0.21.1
      kernel-xen-base-3.0.101-0.21.1
      kernel-xen-devel-3.0.101-0.21.1
      kernel-xen-extra-3.0.101-0.21.1
      xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12

   - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.21.1
      kernel-pae-base-3.0.101-0.21.1
      kernel-pae-devel-3.0.101-0.21.1
      kernel-pae-extra-3.0.101-0.21.1
      xen-kmp-pae-4.2.4_02_3.0.101_0.21-0.7.12

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.21.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-3.0.101-0.21.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      kernel-ppc64-extra-3.0.101-0.21.1

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-3.0.101-0.21.1


References:

   http://support.novell.com/security/cve/CVE-2013-4470.html
   http://support.novell.com/security/cve/CVE-2013-6885.html
   http://support.novell.com/security/cve/CVE-2013-7263.html
   http://support.novell.com/security/cve/CVE-2013-7264.html
   http://support.novell.com/security/cve/CVE-2013-7265.html
   http://support.novell.com/security/cve/CVE-2014-0069.html
   https://bugzilla.novell.com/599263
   https://bugzilla.novell.com/827670
   https://bugzilla.novell.com/833968
   https://bugzilla.novell.com/844513
   https://bugzilla.novell.com/846790
   https://bugzilla.novell.com/847672
   https://bugzilla.novell.com/852488
   https://bugzilla.novell.com/852967
   https://bugzilla.novell.com/853162
   https://bugzilla.novell.com/853166
   https://bugzilla.novell.com/853455
   https://bugzilla.novell.com/854025
   https://bugzilla.novell.com/854445
   https://bugzilla.novell.com/855825
   https://bugzilla.novell.com/856848
   https://bugzilla.novell.com/857358
   https://bugzilla.novell.com/857643
   https://bugzilla.novell.com/858604
   https://bugzilla.novell.com/859225
   https://bugzilla.novell.com/859342
   https://bugzilla.novell.com/861093
   https://bugzilla.novell.com/862796
   https://bugzilla.novell.com/862957
   https://bugzilla.novell.com/863178
   https://bugzilla.novell.com/863526
   https://bugzilla.novell.com/864025
   https://bugzilla.novell.com/864058
   https://bugzilla.novell.com/864833
   https://bugzilla.novell.com/864880
   https://bugzilla.novell.com/865342
   https://bugzilla.novell.com/865783
   https://bugzilla.novell.com/866253
   https://bugzilla.novell.com/866428
   https://bugzilla.novell.com/870801
   http://download.suse.com/patch/finder/?keywords=16687a9fa96ac20af4faa8cdfc9e65af
   http://download.suse.com/patch/finder/?keywords=22dc1e8af18524473cafffecb4b4b14d
   http://download.suse.com/patch/finder/?keywords=2386e6a1a3b32a7da85c7d674d4bc6fc
   http://download.suse.com/patch/finder/?keywords=3d3bd3e381acb377bb739c05c5a6297c
   http://download.suse.com/patch/finder/?keywords=54f3c63bee2dc088c0d6761885a45959
   http://download.suse.com/patch/finder/?keywords=b4a3caafceac4ecd970b8cf2ee7138bb
   http://download.suse.com/patch/finder/?keywords=c09969470032946e130c305f40d89cf3
   http://download.suse.com/patch/finder/?keywords=c62554b736bb29d4bea099174846749f
   http://download.suse.com/patch/finder/?keywords=e622300e3c415568cc6d36c257c6da37
   http://download.suse.com/patch/finder/?keywords=e91b14a6ab1b56e7248783a199bbc01c



More information about the sle-security-updates mailing list