SUSE-SU-2014:0169-1: moderate: Security update for Real Time Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Jan 31 08:38:57 MST 2014


   SUSE Security Update: Security update for Real Time Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0169-1
Rating:             moderate
References:         #708296 #769644 #787843 #789359 #806988 #810323 
                    #813245 #818545 #819979 #820102 #820338 #821980 
                    #823618 #825696 #825896 #826602 #826756 #827767 
                    #828236 #831168 #834473 #834708 #834808 #835074 
                    #835186 #836718 #837739 #838623 #839407 #840226 
                    #841445 #842239 #843419 #843429 #843445 #843642 
                    #843645 #845621 #845729 #846036 #846984 #847261 
                    #848321 #848336 #848544 #849021 #849029 #849034 
                    #849404 #849675 #849809 #849848 #849950 #850640 
                    #851066 #851101 #851314 #852373 #852558 #852559 
                    #853050 #853051 #853052 #854546 #854634 #854722 
                    #855037 
Cross-References:   CVE-2013-4345 CVE-2013-4483 CVE-2013-4511
                    CVE-2013-4514 CVE-2013-4515 CVE-2013-4587
                    CVE-2013-4592 CVE-2013-6367 CVE-2013-6368
                    CVE-2013-6378 CVE-2013-6380 CVE-2013-6383
                    CVE-2013-6463 CVE-2013-7027
Affected Products:
                    SUSE Linux Enterprise Real Time 11 SP2
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 53 fixes
   is now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 2 kernel for
   RealTime was updated  to version 3.0.101 and also includes
   various other bug and security fixes.

   The following feature has been added:

   * supported.conf: Mark net/netfilter/xt_set as
   supported. (bnc#851066, FATE#313309)

   The following security issues have been fixed:

   *

   CVE-2013-7027: The ieee80211_radiotap_iterator_init
   function in net/wireless/radiotap.c in the Linux kernel
   before 3.11.7 does not check whether a frame contains any
   data outside of the header, which might allow attackers to
   cause a denial of service (buffer over-read) via a crafted
   header. (bnc#854634)

   *

   CVE-2013-6378: The lbs_debugfs_write function in
   drivers/net/wireless/libertas/debugfs.c in the Linux kernel
   through 3.12.1 allows local users to cause a denial of
   service (OOPS) by leveraging root privileges for a
   zero-length write operation. (bnc#852559)

   *

   CVE-2013-6380: The aac_send_raw_srb function in
   drivers/scsi/aacraid/commctrl.c in the Linux kernel through
   3.12.1 does not properly validate a certain size value,
   which allows local users to cause a denial of service
   (invalid pointer dereference) or possibly have unspecified
   other impact via an FSACTL_SEND_RAW_SRB ioctl call that
   triggers a crafted SRB command. (bnc#852373)

   *

   CVE-2013-4514: Multiple buffer overflows in
   drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
   before 3.12 allow local users to cause a denial of service
   or possibly have unspecified other impact by leveraging the
   CAP_NET_ADMIN capability and providing a long station-name
   string, related to the (1) wvlan_uil_put_info and (2)
   wvlan_set_station_nickname functions. (bnc#849029)

   *

   CVE-2013-4515: The bcm_char_ioctl function in
   drivers/staging/bcm/Bcmchar.c in the Linux kernel before
   3.12 does not initialize a certain data structure, which
   allows local users to obtain sensitive information from
   kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
   call. (bnc#849034)

   *

   CVE-2013-4592: Memory leak in the
   __kvm_set_memory_region function in virt/kvm/kvm_main.c in
   the Linux kernel before 3.9 allows local users to cause a
   denial of service (memory consumption) by leveraging
   certain device access to trigger movement of memory slots.
   (bnc#851101)

   *

   CVE-2013-4587: Array index error in the
   kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in
   the KVM subsystem in the Linux kernel through 3.12.5 allows
   local users to gain privileges via a large id value.
   (bnc#853050)

   *

   CVE-2013-6367: The apic_get_tmcct function in
   arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
   kernel through 3.12.5 allows guest OS users to cause a
   denial of service (divide-by-zero error and host OS crash)
   via crafted modifications of the TMICT value. (bnc#853051)

   *

   CVE-2013-6368: The KVM subsystem in the Linux kernel
   through 3.12.5 allows local users to gain privileges or
   cause a denial of service (system crash) via a VAPIC
   synchronization operation involving a page-end address.
   (bnc#853052)

   *

   CVE-2013-4483: The ipc_rcu_putref function in
   ipc/util.c in the Linux kernel before 3.10 does not
   properly manage a reference count, which allows local users
   to cause a denial of service (memory consumption or system
   crash) via a crafted application. (bnc#848321)

   *

   CVE-2013-4511: Multiple integer overflows in Alchemy
   LCD frame-buffer drivers in the Linux kernel before 3.12
   allow local users to create a read-write memory mapping for
   the entirety of kernel memory, and consequently gain
   privileges, via crafted mmap operations, related to the (1)
   au1100fb_fb_mmap function in drivers/video/au1100fb.c and
   the (2) au1200fb_fb_mmap function in
   drivers/video/au1200fb.c. (bnc#849021)

   *

   CVE-2013-6463: Linux kernel built with the networking
   support(CONFIG_NET) is vulnerable to an information leakage
   flaw in the socket layer. It could occur while doing
   recvmsg(2), recvfrom(2) socket calls. It occurs due to
   improperly initialised msg_name & msg_namelen message
   header parameters. (bnc#854722)

   *

   CVE-2013-6383: The aac_compat_ioctl function in
   drivers/scsi/aacraid/linit.c in the Linux kernel before
   3.11.8 does not require the CAP_SYS_RAWIO capability, which
   allows local users to bypass intended access restrictions
   via a crafted ioctl call. (bnc#852558)

   *

   CVE-2013-4345: Off-by-one error in the get_prng_bytes
   function in crypto/ansi_cprng.c in the Linux kernel through
   3.11.4 makes it easier for context-dependent attackers to
   defeat cryptographic protection mechanisms via multiple
   requests for small amounts of data, leading to improper
   management of the state of the consumed data. (bnc#840226)

   The following non-security issues have been fixed:

   * kabi: protect bind_conflict callback in struct
   inet_connection_sock_af_ops (bnc#823618).
   * printk: forcibly flush nmi ringbuffer if oops is in
   progress (bnc#849675).
   * blktrace: Send BLK_TN_PROCESS events to all running
   traces (bnc#838623).
   * x86/dumpstack: Fix printk_address for direct
   addresses (bnc#845621).
   * futex: fix handling of read-only-mapped hugepages (VM
   Functionality).
   * random: fix accounting race condition with lockless
   irq entropy_count update (bnc#789359).
   * Provide realtime priority kthread and workqueue boot
   options (bnc#836718).
   * sched: Fix several races in CFS_BANDWIDTH
   (bnc#848336).
   * sched: Fix cfs_bandwidth misuse of
   hrtimer_expires_remaining (bnc#848336).
   * sched: Fix hrtimer_cancel()/rq->lock deadlock
   (bnc#848336).
   * sched: Fix race on toggling cfs_bandwidth_used
   (bnc#848336).
   * sched: Fix buglet in return_cfs_rq_runtime().
   * sched: Guarantee new group-entities always have
   weight (bnc#848336).
   * sched: Use jump labels to reduce overhead when
   bandwidth control is inactive (bnc#848336).
   * watchdog: Get rid of MODULE_ALIAS_MISCDEV statements
   (bnc#827767).
   * tcp: bind() fix autoselection to share ports
   (bnc#823618).
   * tcp: bind() use stronger condition for bind_conflict
   (bnc#823618).
   * tcp: ipv6: bind() use stronger condition for
   bind_conflict (bnc#823618).
   * macvlan: disable LRO on lower device instead of
   macvlan (bnc#846984).
   * macvlan: introduce IFF_MACVLAN flag and helper
   function (bnc#846984).
   * macvlan: introduce macvlan_dev_real_dev() helper
   function (bnc#846984).
   * xen: netback: bump tx queue length (bnc#849404).
   * netxen: fix off by one bug in
   netxen_release_tx_buffer() (bnc#845729).
   * xfrm: invalidate dst on policy insertion/deletion
   (bnc#842239).
   * xfrm: prevent ipcomp scratch buffer race condition
   (bnc#842239).
   * crypto: Fix aes-xts parameter corruption (bnc#854546,
   LTC#100718).
   * crypto: gf128mul - fix call to memset() (obvious fix).
   * autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
   race (bnc#851314).
   * autofs4: catatonic_mode vs. notify_daemon race
   (bnc#851314).
   * autofs4: close the races around
   autofs4_notify_daemon() (bnc#851314).
   * autofs4: deal with autofs4_write/autofs4_write races
   (bnc#851314).
   * autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on
   rootless mount (bnc#851314).
   * autofs4 - fix deal with autofs4_write races
   (bnc#851314).
   * autofs4 - use simple_empty() for empty directory
   check (bnc#851314).
   * blkdev_max_block: make private to fs/buffer.c
   (bnc#820338).
   * Avoid softlockup in shrink_dcache_for_umount_subtree
   (bnc#834473).
   * dlm: set zero linger time on sctp socket (bnc#787843).
   * SUNRPC: Fix a data corruption issue when
   retransmitting RPC calls (bnc#855037)
   * nfs: Change NFSv4 to not recover locks after they are
   lost (bnc#828236).
   * nfs: Adapt readdirplus to application usage patterns
   (bnc#834708).
   * xfs: improve ioend error handling (bnc#846036).
   * xfs: reduce ioend latency (bnc#846036).
   * xfs: use per-filesystem I/O completion workqueues
   (bnc#846036).
   * xfs: Hide additional entries in struct xfs_mount
   (bnc#846036 bnc#848544).
   * xfs: Account log unmount transaction correctly
   (bnc#849950).
   * vfs: avoid "attempt to access beyond end of device"
   warnings (bnc#820338).
   * vfs: fix O_DIRECT read past end of block device
   (bnc#820338).
   * cifs: Improve performance of browsing directories
   with several files (bnc#810323).
   * cifs: Ensure cifs directories don't show up as files
   (bnc#826602).
   * sd: avoid deadlocks when running under multipath
   (bnc#818545).
   * sd: fix crash when UA received on DIF enabled device
   (bnc#841445).
   * sg: fix blk_get_queue usage (bnc#834808).
   * block: factor out vector mergeable decision to a
   helper function (bnc#769644).
   * block: modify __bio_add_page check to accept pages
   that don't start a new segment (bnc#769644).
   * scsi_dh: invoke callback if ->activate is not present
   (bnc#708296).
   * scsi_dh: return individual errors in
   scsi_dh_activate() (bnc#708296).
   * scsi_dh_alua: Decode EMC Clariion extended inquiry
   (bnc#708296).
   * scsi_dh_alua: Decode HP EVA array identifier
   (bnc#708296).
   * scsi_dh_alua: Evaluate state for all port groups
   (bnc#708296).
   * scsi_dh_alua: Fix missing close brace in
   alua_check_sense (bnc#843642).
   * scsi_dh_alua: Make stpg synchronous (bnc#708296).
   * scsi_dh_alua: Pass buffer as function argument
   (bnc#708296).
   * scsi_dh_alua: Re-evaluate port group states after
   STPG (bnc#708296).
   * scsi_dh_alua: Recheck state on transitioning
   (bnc#708296).
   * scsi_dh_alua: Rework rtpg workqueue (bnc#708296).
   * scsi_dh_alua: Use separate alua_port_group structure
   (bnc#708296).
   * scsi_dh_alua: Allow get_alua_data() to return NULL
   (bnc#839407).
   * scsi_dh_alua: asynchronous RTPG (bnc#708296).
   * scsi_dh_alua: correctly terminate target port strings
   (bnc#708296).
   * scsi_dh_alua: defer I/O while workqueue item is
   pending (bnc#708296).
   * scsi_dh_alua: Do not attach to RAID or enclosure
   devices (bnc#819979).
   * scsi_dh_alua: Do not attach to well-known LUNs
   (bnc#821980).
   * scsi_dh_alua: fine-grained locking in
   alua_rtpg_work() (bnc#708296).
   * scsi_dh_alua: invalid state information for
   'optimized' paths (bnc#843445).
   * scsi_dh_alua: move RTPG to workqueue (bnc#708296).
   * scsi_dh_alua: move 'expiry' into PG structure
   (bnc#708296).
   * scsi_dh_alua: move some sense code handling into
   generic code (bnc#813245).
   * scsi_dh_alua: multipath failover fails with error 15
   (bnc#825696).
   * scsi_dh_alua: parse target device id (bnc#708296).
   * scsi_dh_alua: protect accesses to struct
   alua_port_group (bnc#708296).
   * scsi_dh_alua: put sense buffer on stack (bnc#708296).
   * scsi_dh_alua: reattaching device handler fails with
   'Error 15' (bnc#843429).
   * scsi_dh_alua: remove locking when checking state
   (bnc#708296).
   * scsi_dh_alua: remove stale variable (bnc#708296).
   * scsi_dh_alua: retry RTPG on UNIT ATTENTION
   (bnc#708296).
   * scsi_dh_alua: retry command on 'mode parameter
   changed' sense code (bnc#843645).
   * scsi_dh_alua: simplify alua_check_sense()
   (bnc#843642).
   * scsi_dh_alua: simplify state update (bnc#708296).
   * scsi_dh_alua: use delayed_work (bnc#708296).
   * scsi_dh_alua: use flag for RTPG extended header
   (bnc#708296).
   * scsi_dh_alua: use local buffer for VPD inquiry
   (bnc#708296).
   * scsi_dh_alua: use spin_lock_irqsave for port group
   (bnc#708296).
   * lpfc: Do not free original IOCB whenever ABTS fails
   (bnc#806988).
   * lpfc: Fix kernel warning on spinlock usage
   (bnc#806988).
   * lpfc: Fixed system panic due to midlayer abort
   (bnc#806988).
   * qla2xxx: Add module parameter to override the default
   request queue size (bnc#826756).
   * qla2xxx: Module parameter 'ql2xasynclogin'
   (bnc#825896).
   * bna: do not register ndo_set_rx_mode callback
   (bnc#847261).
   * hv: handle more than just WS2008 in KVP negotiation
   (bnc#850640).
   * drm: don't add inferred modes for monitors that don't
   support them (bnc #849809).
   * pci/quirks: Modify reset method for Chelsio T4
   (bnc#831168).
   * pci: fix truncation of resource size to 32 bits
   (bnc#843419).
   * pci: pciehp: Retrieve link speed after link is
   trained (bnc#820102).
   * pci: Separate pci_bus_read_dev_vendor_id from
   pci_scan_device (bnc#820102).
   * pci: pciehp: replace unconditional sleep with config
   space access check (bnc#820102).
   * pci: pciehp: make check_link_active more helpful
   (bnc#820102).
   * pci: pciehp: Add pcie_wait_link_not_active()
   (bnc#820102).
   * pci: pciehp: Add Disable/enable link functions
   (bnc#820102).
   * pci: pciehp: Disable/enable link during slot power
   off/on (bnc#820102).
   * mlx4: allocate just enough pages instead of always 4
   pages (bnc#835186 bnc#835074).
   * mlx4: allow order-0 memory allocations in RX path
   (bnc#835186 bnc#835074).
   * net/mlx4: use one page fragment per incoming frame
   (bnc#835186 bnc#835074).
   * qeth: request length checking in snmp ioctl
   (bnc#849848, LTC#99511).
   * cio: add message for timeouts on internal I/O
   (bnc#837739,LTC#97047).
   * s390/cio: dont abort verification after missing irq
   (bnc#837739,LTC#97047).
   * s390/cio: skip broken paths (bnc#837739,LTC#97047).
   * s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).
   * s390/cio: handle unknown pgroup state
   (bnc#837739,LTC#97047).

   Security Issues:

   * CVE-2013-4345
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4345
   >
   * CVE-2013-4483
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483
   >
   * CVE-2013-4511
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4511
   >
   * CVE-2013-4514
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4514
   >
   * CVE-2013-4515
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4515
   >
   * CVE-2013-4587
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4587
   >
   * CVE-2013-4592
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4592
   >
   * CVE-2013-6367
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
   >
   * CVE-2013-6368
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
   >
   * CVE-2013-6378
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6378
   >
   * CVE-2013-6380
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6380
   >
   * CVE-2013-6383
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
   >
   * CVE-2013-6463
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6463
   >
   * CVE-2013-7027
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7027
   >

Indications:

   Everyone using the Real Time Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time 11 SP2:

      zypper in -t patch slertesp2-kernel-8790

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.101.rt130]:

      cluster-network-kmp-rt-1.4_3.0.101_rt130_0.7.9-2.18.79
      cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.7.9-2.18.79
      drbd-kmp-rt-8.4.2_3.0.101_rt130_0.7.9-0.6.6.70
      drbd-kmp-rt_trace-8.4.2_3.0.101_rt130_0.7.9-0.6.6.70
      iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.7.9-0.25.25.18
      iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.7.9-0.25.25.18
      kernel-rt-3.0.101.rt130-0.7.9.1
      kernel-rt-base-3.0.101.rt130-0.7.9.1
      kernel-rt-devel-3.0.101.rt130-0.7.9.1
      kernel-rt_trace-3.0.101.rt130-0.7.9.1
      kernel-rt_trace-base-3.0.101.rt130-0.7.9.1
      kernel-rt_trace-devel-3.0.101.rt130-0.7.9.1
      kernel-source-rt-3.0.101.rt130-0.7.9.1
      kernel-syms-rt-3.0.101.rt130-0.7.9.1
      lttng-modules-kmp-rt-2.0.4_3.0.101_rt130_0.7.9-0.9.9.6
      lttng-modules-kmp-rt_trace-2.0.4_3.0.101_rt130_0.7.9-0.9.9.6
      ocfs2-kmp-rt-1.6_3.0.101_rt130_0.7.9-0.11.78
      ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.7.9-0.11.78
      ofed-kmp-rt-1.5.2_3.0.101_rt130_0.7.9-0.28.28.50
      ofed-kmp-rt_trace-1.5.2_3.0.101_rt130_0.7.9-0.28.28.50


References:

   http://support.novell.com/security/cve/CVE-2013-4345.html
   http://support.novell.com/security/cve/CVE-2013-4483.html
   http://support.novell.com/security/cve/CVE-2013-4511.html
   http://support.novell.com/security/cve/CVE-2013-4514.html
   http://support.novell.com/security/cve/CVE-2013-4515.html
   http://support.novell.com/security/cve/CVE-2013-4587.html
   http://support.novell.com/security/cve/CVE-2013-4592.html
   http://support.novell.com/security/cve/CVE-2013-6367.html
   http://support.novell.com/security/cve/CVE-2013-6368.html
   http://support.novell.com/security/cve/CVE-2013-6378.html
   http://support.novell.com/security/cve/CVE-2013-6380.html
   http://support.novell.com/security/cve/CVE-2013-6383.html
   http://support.novell.com/security/cve/CVE-2013-6463.html
   http://support.novell.com/security/cve/CVE-2013-7027.html
   https://bugzilla.novell.com/708296
   https://bugzilla.novell.com/769644
   https://bugzilla.novell.com/787843
   https://bugzilla.novell.com/789359
   https://bugzilla.novell.com/806988
   https://bugzilla.novell.com/810323
   https://bugzilla.novell.com/813245
   https://bugzilla.novell.com/818545
   https://bugzilla.novell.com/819979
   https://bugzilla.novell.com/820102
   https://bugzilla.novell.com/820338
   https://bugzilla.novell.com/821980
   https://bugzilla.novell.com/823618
   https://bugzilla.novell.com/825696
   https://bugzilla.novell.com/825896
   https://bugzilla.novell.com/826602
   https://bugzilla.novell.com/826756
   https://bugzilla.novell.com/827767
   https://bugzilla.novell.com/828236
   https://bugzilla.novell.com/831168
   https://bugzilla.novell.com/834473
   https://bugzilla.novell.com/834708
   https://bugzilla.novell.com/834808
   https://bugzilla.novell.com/835074
   https://bugzilla.novell.com/835186
   https://bugzilla.novell.com/836718
   https://bugzilla.novell.com/837739
   https://bugzilla.novell.com/838623
   https://bugzilla.novell.com/839407
   https://bugzilla.novell.com/840226
   https://bugzilla.novell.com/841445
   https://bugzilla.novell.com/842239
   https://bugzilla.novell.com/843419
   https://bugzilla.novell.com/843429
   https://bugzilla.novell.com/843445
   https://bugzilla.novell.com/843642
   https://bugzilla.novell.com/843645
   https://bugzilla.novell.com/845621
   https://bugzilla.novell.com/845729
   https://bugzilla.novell.com/846036
   https://bugzilla.novell.com/846984
   https://bugzilla.novell.com/847261
   https://bugzilla.novell.com/848321
   https://bugzilla.novell.com/848336
   https://bugzilla.novell.com/848544
   https://bugzilla.novell.com/849021
   https://bugzilla.novell.com/849029
   https://bugzilla.novell.com/849034
   https://bugzilla.novell.com/849404
   https://bugzilla.novell.com/849675
   https://bugzilla.novell.com/849809
   https://bugzilla.novell.com/849848
   https://bugzilla.novell.com/849950
   https://bugzilla.novell.com/850640
   https://bugzilla.novell.com/851066
   https://bugzilla.novell.com/851101
   https://bugzilla.novell.com/851314
   https://bugzilla.novell.com/852373
   https://bugzilla.novell.com/852558
   https://bugzilla.novell.com/852559
   https://bugzilla.novell.com/853050
   https://bugzilla.novell.com/853051
   https://bugzilla.novell.com/853052
   https://bugzilla.novell.com/854546
   https://bugzilla.novell.com/854634
   https://bugzilla.novell.com/854722
   https://bugzilla.novell.com/855037
   http://download.novell.com/patch/finder/?keywords=0855fc56b50ab47ce7ab0cc80d988145



More information about the sle-security-updates mailing list