SUSE-SU-2013:1022-1: important: kernel update for SLE11 SP2

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jun 17 07:04:11 MDT 2013


   SUSE Security Update: kernel update for SLE11 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1022-1
Rating:             important
References:         #763968 #764209 #768052 #769685 #788590 #792584 
                    #793139 #797042 #797175 #800907 #802153 #804154 
                    #804609 #805804 #805945 #806431 #806980 #808647 
                    #809122 #809155 #809748 #809895 #810580 #810624 
                    #810722 #812281 #814719 #815356 #815444 #815745 
                    #816443 #816451 #816586 #816668 #816708 #817010 
                    #817339 #818053 #818327 #818371 #818514 #818516 
                    #818798 #819295 #819519 #819655 #819789 #820434 
                    #821560 #821930 #822431 #822722 
Cross-References:   CVE-2013-0160 CVE-2013-1979 CVE-2013-3076
                    CVE-2013-3222 CVE-2013-3223 CVE-2013-3224
                    CVE-2013-3225 CVE-2013-3227 CVE-2013-3228
                    CVE-2013-3229 CVE-2013-3231 CVE-2013-3232
                    CVE-2013-3234 CVE-2013-3235
Affected Products:
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 38 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 11 Service Pack 2 kernel was
   updated to Linux kernel 3.0.80, fixing various bugs and
   security issues.

   Following security issues were fixed: CVE-2013-0160: Timing
   side channel on attacks were possible on /dev/ptmx that
   could allow local attackers to predict keypresses like e.g.
   passwords. This has been fixed again by updating
   accessed/modified time on the pty devices in resolution of
   8 seconds, so that idle time detection can still work.

   CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
   in the Linux kernel did not initialize a certain length
   variable, which allowed local users to obtain sensitive
   information from kernel stack memory via a crafted recvmsg
   or recvfrom system call.

   CVE-2013-3223: The ax25_recvmsg function in
   net/ax25/af_ax25.c in the Linux kernel did not initialize a
   certain data structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3224: The bt_sock_recvmsg function in
   net/bluetooth/af_bluetooth.c in the Linux kernel did not
   properly initialize a certain length variable, which
   allowed local users to obtain sensitive information from
   kernel stack memory via a crafted recvmsg or recvfrom
   system call.

   CVE-2013-3225: The rfcomm_sock_recvmsg function in
   net/bluetooth/rfcomm/sock.c in the Linux kernel did not
   initialize a certain length variable, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   CVE-2013-3227: The caif_seqpkt_recvmsg function in
   net/caif/caif_socket.c in the Linux kernel did not
   initialize a certain length variable, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   CVE-2013-3228: The irda_recvmsg_dgram function in
   net/irda/af_irda.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3229: The iucv_sock_recvmsg function in
   net/iucv/af_iucv.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3231: The llc_ui_recvmsg function in
   net/llc/af_llc.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3232: The nr_recvmsg function in
   net/netrom/af_netrom.c in the Linux kernel did not
   initialize a certain data structure, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   CVE-2013-3234: The rose_recvmsg function in
   net/rose/af_rose.c in the Linux kernel did not initialize a
   certain data structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3235: net/tipc/socket.c in the Linux kernel did
   not initialize a certain data structure and a certain
   length variable, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3076: The crypto API in the Linux kernel did not
   initialize certain length variables, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call,
   related to the hash_recvmsg function in crypto/algif_hash.c
   and the skcipher_recvmsg function in
   crypto/algif_skcipher.c.

   CVE-2013-1979: The scm_set_cred function in
   include/net/scm.h in the Linux kernel used incorrect uid
   and gid values during credentials passing, which allowed
   local users to gain privileges via a crafted application.

   A kernel information leak via tkill/tgkill was fixed.


   Following bugs were fixed:
   - reiserfs: fix spurious multiple-fill in
   reiserfs_readdir_dentry (bnc#822722).

   - libfc: do not exch_done() on invalid sequence ptr
   (bnc#810722).

   - netfilter: ip6t_LOG: fix logging of packet mark
   (bnc#821930).

   - hyperv: use 3.4 as LIC version string (bnc#822431).

   - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
   (bnc#819655).

   - xen/netback: do not disconnect frontend when seeing
   oversize packet.
   - xen/netfront: reduce gso_max_size to account for max TCP
   header.
   - xen/netfront: fix kABI after "reduce gso_max_size to
   account for max TCP header".

   - xfs: Fix kABI due to change in xfs_buf (bnc#815356).

   - xfs: fix race while discarding buffers [V4] (bnc#815356
   (comment 36)).

   - xfs: Serialize file-extending direct IO (bnc#818371).

   - xhci: Do not switch webcams in some HP ProBooks to XHCI
   (bnc#805804).
   - bluetooth: Do not switch BT on HP ProBook 4340
   (bnc#812281).

   - s390/ftrace: fix mcount adjustment (bnc#809895).

   - mm: memory_dev_init make sure nmi watchdog does not
   trigger while registering memory sections (bnc#804609,
   bnc#820434).

   - patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid
   pathological backwards allocation (bnc#805945).

   - mm: compaction: Restart compaction from near where it
   left off
   - mm: compaction: cache if a pageblock was scanned and no
   pages were isolated
   - mm: compaction: clear PG_migrate_skip based on compaction
   and reclaim activity
   - mm: compaction: Scan PFN caching KABI workaround
   - mm: page_allocator: Remove first_pass guard
   - mm: vmscan: do not stall on writeback during memory
   compaction Cache compaction restart points for faster
   compaction cycles (bnc#816451)

   - qlge: fix dma map leak when the last chunk is not
   allocated (bnc#819519).

   - SUNRPC: Get rid of the redundant xprt->shutdown bit field
   (bnc#800907).
   - SUNRPC: Ensure that we grab the XPRT_LOCK before calling
   xprt_alloc_slot (bnc#800907).
   - SUNRPC: Fix a UDP transport regression (bnc#800907).
   - SUNRPC: Allow caller of rpc_sleep_on() to select priority
   levels (bnc#800907).
   - SUNRPC: Replace xprt->resend and xprt->sending with a
   priority queue (bnc#800907).
   - SUNRPC: Fix potential races in xprt_lock_write_next()
   (bnc#800907).

   - md: cannot re-add disks after recovery (bnc#808647).

   - fs/xattr.c:getxattr(): improve handling of allocation
   failures (bnc#818053).
   - fs/xattr.c:listxattr(): fall back to vmalloc() if
   kmalloc() failed (bnc#818053).
   - fs/xattr.c:setxattr(): improve handling of allocation
   failures (bnc#818053).
   - fs/xattr.c: suppress page allocation failure warnings
   from sys_listxattr() (bnc#818053).

   - virtio-blk: Call revalidate_disk() upon online disk
   resize (bnc#817339).

   - usb-storage: CY7C68300A chips do not support Cypress
   ATACB (bnc#819295).

   - patches.kernel.org/patch-3.0.60-61: Update references
   (add bnc#810580).

   - usb: Using correct way to clear usb3.0 devices remote
   wakeup feature (bnc#818516).

   - xhci: Fix TD size for isochronous URBs (bnc#818514).

   - ALSA: hda - fixup D3 pin and right channel mute on
   Haswell HDMI audio (bnc#818798).
   - ALSA: hda - Apply pin-enablement workaround to all
   Haswell HDMI codecs (bnc#818798).

   - xfs: fallback to vmalloc for large buffers in
   xfs_attrmulti_attr_get (bnc#818053).
   - xfs: fallback to vmalloc for large buffers in
   xfs_attrlist_by_handle (bnc#818053).
   - xfs: xfs: fallback to vmalloc for large buffers in
   xfs_compat_attrlist_by_handle (bnc#818053).

   - xHCI: store rings type.
   - xhci: Fix hang on back-to-back Set TR Deq Ptr commands.
   - xHCI: check enqueue pointer advance into dequeue seg.
   - xHCI: store rings last segment and segment numbers.
   - xHCI: Allocate 2 segments for transfer ring.
   - xHCI: count free TRBs on transfer ring.
   - xHCI: factor out segments allocation and free function.
   - xHCI: update sg tablesize.
   - xHCI: set cycle state when allocate rings.
   - xhci: Reserve one command for USB3 LPM disable.
   - xHCI: dynamic ring expansion.
   - xhci: Do not warn on empty ring for suspended devices.

   - md/raid1: Do not release reference to device while
   handling read error (bnc#809122, bnc#814719).

   - rpm/mkspec: Stop generating the get_release_number.sh
   file.

   - rpm/kernel-spec-macros: Properly handle KOTD release
   numbers with .g<commit> suffix.

   - rpm/kernel-spec-macros: Drop the %release_num macro We no
   longer put the -rcX tag into the release string.

   - rpm/kernel-*.spec.in, rpm/mkspec: Do not force the
   "<RELEASE>" string in specfiles.

   - mm/mmap: check for RLIMIT_AS before unmapping
   (bnc#818327).

   - mm: Fix add_page_wait_queue() to work for PG_Locked bit
   waiters (bnc#792584).

   - mm: Fix add_page_wait_queue() to work for PG_Locked bit
   waiters (bnc#792584).

   - bonding: only use primary address for ARP (bnc#815444).
   - bonding: remove entries for master_ip and vlan_ip and
   query devices instead (bnc#815444).


   - mm: speedup in __early_pfn_to_nid (bnc#810624).

   - TTY: fix atime/mtime regression (bnc#815745).

   - sd_dif: problem with verify of type 1 protection
   information (PI) (bnc#817010).

   - sched: harden rq rt usage accounting (bnc#769685,
   bnc#788590).

   - rcu: Avoid spurious RCU CPU stall warnings (bnc#816586).
   - rcu: Dump local stack if cannot dump all CPUs stacks
   (bnc#816586).
   - rcu: Fix detection of abruptly-ending stall (bnc#816586).
   - rcu: Suppress NMI backtraces when stall ends before dump
   (bnc#816586).

   - Update Xen patches to 3.0.74.

   - btrfs: do not re-enter when allocating a chunk.
   - btrfs: save us a read_lock.
   - btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS.
   - btrfs: remove unused fs_info from btrfs_decode_error().
   - btrfs: handle null fs_info in btrfs_panic().
   - btrfs: fix varargs in __btrfs_std_error.
   - btrfs: fix the race between bio and btrfs_stop_workers.
   - btrfs: fix NULL pointer after aborting a transaction.
   - btrfs: fix infinite loop when we abort on mount.

   - xfs: Do not allocate new buffers on every call to
   _xfs_buf_find (bnc#763968).
   - xfs: fix buffer lookup race on allocation failure
   (bnc#763968).


Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      ext4-writeable-kmp-default-0_3.0.80_0.5-0.14.57
      ext4-writeable-kmp-trace-0_3.0.80_0.5-0.14.57
      kernel-default-extra-3.0.80-0.5.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      ext4-writeable-kmp-xen-0_3.0.80_0.5-0.14.57
      kernel-xen-extra-3.0.80-0.5.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      ext4-writeable-kmp-ppc64-0_3.0.80_0.5-0.14.57
      kernel-ppc64-extra-3.0.80-0.5.1

   - SLE 11 SERVER Unsupported Extras (i586):

      ext4-writeable-kmp-pae-0_3.0.80_0.5-0.14.57
      kernel-pae-extra-3.0.80-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2013-0160.html
   http://support.novell.com/security/cve/CVE-2013-1979.html
   http://support.novell.com/security/cve/CVE-2013-3076.html
   http://support.novell.com/security/cve/CVE-2013-3222.html
   http://support.novell.com/security/cve/CVE-2013-3223.html
   http://support.novell.com/security/cve/CVE-2013-3224.html
   http://support.novell.com/security/cve/CVE-2013-3225.html
   http://support.novell.com/security/cve/CVE-2013-3227.html
   http://support.novell.com/security/cve/CVE-2013-3228.html
   http://support.novell.com/security/cve/CVE-2013-3229.html
   http://support.novell.com/security/cve/CVE-2013-3231.html
   http://support.novell.com/security/cve/CVE-2013-3232.html
   http://support.novell.com/security/cve/CVE-2013-3234.html
   http://support.novell.com/security/cve/CVE-2013-3235.html
   https://bugzilla.novell.com/763968
   https://bugzilla.novell.com/764209
   https://bugzilla.novell.com/768052
   https://bugzilla.novell.com/769685
   https://bugzilla.novell.com/788590
   https://bugzilla.novell.com/792584
   https://bugzilla.novell.com/793139
   https://bugzilla.novell.com/797042
   https://bugzilla.novell.com/797175
   https://bugzilla.novell.com/800907
   https://bugzilla.novell.com/802153
   https://bugzilla.novell.com/804154
   https://bugzilla.novell.com/804609
   https://bugzilla.novell.com/805804
   https://bugzilla.novell.com/805945
   https://bugzilla.novell.com/806431
   https://bugzilla.novell.com/806980
   https://bugzilla.novell.com/808647
   https://bugzilla.novell.com/809122
   https://bugzilla.novell.com/809155
   https://bugzilla.novell.com/809748
   https://bugzilla.novell.com/809895
   https://bugzilla.novell.com/810580
   https://bugzilla.novell.com/810624
   https://bugzilla.novell.com/810722
   https://bugzilla.novell.com/812281
   https://bugzilla.novell.com/814719
   https://bugzilla.novell.com/815356
   https://bugzilla.novell.com/815444
   https://bugzilla.novell.com/815745
   https://bugzilla.novell.com/816443
   https://bugzilla.novell.com/816451
   https://bugzilla.novell.com/816586
   https://bugzilla.novell.com/816668
   https://bugzilla.novell.com/816708
   https://bugzilla.novell.com/817010
   https://bugzilla.novell.com/817339
   https://bugzilla.novell.com/818053
   https://bugzilla.novell.com/818327
   https://bugzilla.novell.com/818371
   https://bugzilla.novell.com/818514
   https://bugzilla.novell.com/818516
   https://bugzilla.novell.com/818798
   https://bugzilla.novell.com/819295
   https://bugzilla.novell.com/819519
   https://bugzilla.novell.com/819655
   https://bugzilla.novell.com/819789
   https://bugzilla.novell.com/820434
   https://bugzilla.novell.com/821560
   https://bugzilla.novell.com/821930
   https://bugzilla.novell.com/822431
   https://bugzilla.novell.com/822722
   http://download.novell.com/patch/finder/?keywords=1018f7c366e9c225d36d59a46a715654
   http://download.novell.com/patch/finder/?keywords=194150572b66acba0bd2fe984ac1bb85
   http://download.novell.com/patch/finder/?keywords=4d1b612be3e99697ac75bce374505ffd
   http://download.novell.com/patch/finder/?keywords=ab0bba015edca85724d852aec52fcc83
   http://download.novell.com/patch/finder/?keywords=d0f1f96c578d70a2f51205abe68393b3



More information about the sle-security-updates mailing list