SUSE-SU-2014:0832-1: moderate: Security update for Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jun 23 12:04:14 MDT 2014


   SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0832-1
Rating:             moderate
References:         #758813 #805226 #820338 #830344 #833968 #835839 
                    #847672 #848321 #851095 #852553 #852558 #853501 
                    #857643 #858869 #858870 #858872 #860304 #874108 
                    #875798 
Cross-References:   CVE-2013-0343 CVE-2013-2888 CVE-2013-2893
                    CVE-2013-2897 CVE-2013-4470 CVE-2013-4483
                    CVE-2013-4588 CVE-2013-6382 CVE-2013-6383
                    CVE-2013-7263 CVE-2013-7264 CVE-2013-7265
                    CVE-2014-1444 CVE-2014-1445 CVE-2014-1446
                    CVE-2014-1737 CVE-2014-1738
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has two fixes
   is now available.

Description:


   The SUSE Linux Enterprise Server 10 SP3 LTSS received a roll up update to
   fix several security and non-security issues.

   The following security issues have been fixed:

       *

         CVE-2013-0343: The ipv6_create_tempaddr function in
   net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly
   handle problems with the generation of IPv6 temporary addresses, which
   allows remote attackers to cause a denial of service (excessive retries
   and address-generation outage), and consequently obtain sensitive
   information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226)

       *

         CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c
   in the Human Interface Device (HID) subsystem in the Linux kernel through
   3.11 allow physically proximate attackers to execute arbitrary code or
   cause a denial of service (heap memory corruption) via a crafted device
   that provides an invalid Report ID. (bnc#835839)

       *

         CVE-2013-2893: The Human Interface Device (HID) subsystem in the
   Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or
   CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to
   cause a denial of service (heap-based out-of-bounds write) via a crafted
   device, related to (1) drivers/hid/hid-lgff.c, (2)
   drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839)

       *

         CVE-2013-2897: Multiple array index errors in
   drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem
   in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled,
   allow physically proximate attackers to cause a denial of service (heap
   memory corruption, or NULL pointer dereference and OOPS) via a crafted
   device. (bnc#835839)

       *

         CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation
   Offload (UFO) is enabled, does not properly initialize certain data
   structures, which allows local users to cause a denial of service (memory
   corruption and system crash) or possibly gain privileges via a crafted
   application that uses the UDP_CORK option in a setsockopt system call and
   sends both short and long packets, related to the ip_ufo_append_data
   function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in
   net/ipv6/ip6_output.c. (bnc#847672)

       *

         CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the
   Linux kernel before 3.10 does not properly manage a reference count, which
   allows local users to cause a denial of service (memory consumption
         or system crash) via a crafted application. (bnc#848321)

       *

         CVE-2013-4588: Multiple stack-based buffer overflows in
   net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when
   CONFIG_IP_VS is used, allow local users to gain privileges by leveraging
   the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to
   the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to
   the do_ip_vs_set_ctl function. (bnc#851095)

       *

         CVE-2013-6382: Multiple buffer underflows in the XFS implementation
   in the Linux kernel through 3.12.1 allow local users to cause a denial of
   service (memory corruption) or possibly have unspecified
         other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
   XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call
   with a crafted length value, related to the xfs_attrlist_by_handle
   function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
   function in fs/xfs/xfs_ioctl32.c. (bnc#852553)

       *

         CVE-2013-6383: The aac_compat_ioctl function in
   drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not
   require the CAP_SYS_RAWIO capability, which allows local users to bypass
   intended access restrictions via a crafted ioctl call. (bnc#852558)

       *

         CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length
   values before ensuring that associated data structures have been
   initialized, which allows local users to obtain sensitive information from
   kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg
   system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
   net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)

       *

         CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in
   the Linux kernel before 3.12.4 updates a certain length value before
   ensuring that an associated data structure has been initialized, which
   allows local users to obtain sensitive information from kernel stack
   memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
   (bnc#857643)

       *

         CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in
   the Linux kernel before 3.12.4 updates a certain length value before
   ensuring that an associated data structure has been initialized, which
   allows local users to obtain sensitive information from kernel stack
   memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
   (bnc#857643)

       *

         CVE-2014-1444: The fst_get_iface function in
   drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not
   properly initialize a certain data structure, which allows local users to
   obtain sensitive information from kernel memory by leveraging the
   CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)

       *

         CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c
   in the Linux kernel before 3.11.7 does not properly initialize a certain
   data structure, which allows local users to obtain sensitive information
   from kernel memory via an ioctl call. (bnc#858870)

       *

         CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c
   in the Linux kernel before 3.12.8 does not initialize a certain structure
   member, which allows local users to obtain sensitive information from
   kernel memory by leveraging the CAP_NET_ADMIN capability for an
   SIOCYAMGCFG ioctl call. (bnc#858872)

       *

         CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
   in the Linux kernel through 3.14.3 does not properly handle error
   conditions during processing of an FDRAWCMD ioctl call, which allows local
   users to trigger kfree operations and gain privileges by leveraging write
   access to a /dev/fd device. (bnc#875798)

       *

         CVE-2014-1738: The raw_cmd_copyout function in
   drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
   properly restrict access to certain pointers during processing of an
   FDRAWCMD ioctl call, which allows local users to obtain sensitive
   information from kernel heap memory by leveraging write access to a
   /dev/fd device. (bnc#875798)

   The following bugs have been fixed:

       * kernel: sclp console hangs (bnc#830344, LTC#95711, bnc#860304).
       * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)
         (bnc#874108).
       * net: Uninline kfree_skb and allow NULL argument (bnc#853501).
       * tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).
       * tcp: syncookies: reduce mss table to four values (bnc#833968).
       * udp: Fix bogus UFO packet generation (bnc#847672).
       * blkdev_max_block: make private to fs/buffer.c (bnc#820338).
       * vfs: avoid "attempt to access beyond end of device" warnings
         (bnc#820338).
       * vfs: fix O_DIRECT read past end of block device (bnc#820338).
       * HID: check for NULL field when setting values (bnc#835839).
       * HID: provide a helper for validating hid reports (bnc#835839).
       * dl2k: Tighten ioctl permissions (bnc#758813).

   Security Issues references:

       * CVE-2013-0343
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0343>
       * CVE-2013-2888
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2888>
       * CVE-2013-2893
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893>
       * CVE-2013-2897
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897>
       * CVE-2013-4470
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470>
       * CVE-2013-4483
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483>
       * CVE-2013-4588
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4588>
       * CVE-2013-6382
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382>
       * CVE-2013-6383
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383>
       * CVE-2013-7263
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263>
       * CVE-2013-7264
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264>
       * CVE-2013-7265
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265>
       * CVE-2014-1444
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444>
       * CVE-2014-1445
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445>
       * CVE-2014-1446
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446>
       * CVE-2014-1737
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737>
       * CVE-2014-1738
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738>

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):

      kernel-default-2.6.16.60-0.123.1
      kernel-source-2.6.16.60-0.123.1
      kernel-syms-2.6.16.60-0.123.1

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64):

      kernel-debug-2.6.16.60-0.123.1
      kernel-kdump-2.6.16.60-0.123.1
      kernel-smp-2.6.16.60-0.123.1
      kernel-xen-2.6.16.60-0.123.1

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586):

      kernel-bigsmp-2.6.16.60-0.123.1
      kernel-kdumppae-2.6.16.60-0.123.1
      kernel-vmi-2.6.16.60-0.123.1
      kernel-vmipae-2.6.16.60-0.123.1
      kernel-xenpae-2.6.16.60-0.123.1


References:

   http://support.novell.com/security/cve/CVE-2013-0343.html
   http://support.novell.com/security/cve/CVE-2013-2888.html
   http://support.novell.com/security/cve/CVE-2013-2893.html
   http://support.novell.com/security/cve/CVE-2013-2897.html
   http://support.novell.com/security/cve/CVE-2013-4470.html
   http://support.novell.com/security/cve/CVE-2013-4483.html
   http://support.novell.com/security/cve/CVE-2013-4588.html
   http://support.novell.com/security/cve/CVE-2013-6382.html
   http://support.novell.com/security/cve/CVE-2013-6383.html
   http://support.novell.com/security/cve/CVE-2013-7263.html
   http://support.novell.com/security/cve/CVE-2013-7264.html
   http://support.novell.com/security/cve/CVE-2013-7265.html
   http://support.novell.com/security/cve/CVE-2014-1444.html
   http://support.novell.com/security/cve/CVE-2014-1445.html
   http://support.novell.com/security/cve/CVE-2014-1446.html
   http://support.novell.com/security/cve/CVE-2014-1737.html
   http://support.novell.com/security/cve/CVE-2014-1738.html
   https://bugzilla.novell.com/758813
   https://bugzilla.novell.com/805226
   https://bugzilla.novell.com/820338
   https://bugzilla.novell.com/830344
   https://bugzilla.novell.com/833968
   https://bugzilla.novell.com/835839
   https://bugzilla.novell.com/847672
   https://bugzilla.novell.com/848321
   https://bugzilla.novell.com/851095
   https://bugzilla.novell.com/852553
   https://bugzilla.novell.com/852558
   https://bugzilla.novell.com/853501
   https://bugzilla.novell.com/857643
   https://bugzilla.novell.com/858869
   https://bugzilla.novell.com/858870
   https://bugzilla.novell.com/858872
   https://bugzilla.novell.com/860304
   https://bugzilla.novell.com/874108
   https://bugzilla.novell.com/875798
   http://download.suse.com/patch/finder/?keywords=17ddf66eae63aab3af8b2b3bec742669
   http://download.suse.com/patch/finder/?keywords=26314f5d51311e1fdece27b8fcdf804a
   http://download.suse.com/patch/finder/?keywords=9914353b490102922bc3d08bdf30bacc



More information about the sle-security-updates mailing list