SUSE-SU-2014:0772-1: Security update for Linux Kernel

Tue Jun 10 12:04:12 MDT 2014

   SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0772-1
Rating:             low
References:         #797175 #833968 #852553 #857643 #874108 #875798 

Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been
   updated to fix various security issues and several bugs.

   The following security issues have been addressed:

       *

         CVE-2013-6382: Multiple buffer underflows in the XFS implementation
   in the Linux kernel through 3.12.1 allow local users to cause a denial of
   service (memory corruption) or possibly have unspecified
         other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
   XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call
   with a crafted length value, related to the xfs_attrlist_by_handle
   function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
   function in fs/xfs/xfs_ioctl32.c. (bnc#852553)

       *

         CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length
   values before ensuring that associated data structures have been
   initialized, which allows local users to obtain sensitive information from
   kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg
   system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
   net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)

       *

         CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in
   the Linux kernel before 3.12.4 updates a certain length value before
   ensuring that an associated data structure has been initialized, which
   allows local users to obtain sensitive information from kernel stack
   memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
   (bnc#857643)

       *

         CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in
   the Linux kernel before 3.12.4 updates a certain length value before
   ensuring that an associated data structure has been initialized, which
   allows local users to obtain sensitive information from kernel stack
   memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
   (bnc#857643)

       *

         CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
   in the Linux kernel through 3.14.3 does not properly handle error
   conditions during processing of an FDRAWCMD ioctl call, which allows local
   users to trigger kfree operations and gain privileges by leveraging write
   access to a /dev/fd device. (bnc#875798)

       *

         CVE-2014-1738: The raw_cmd_copyout function in
   drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
   properly restrict access to certain pointers during processing of an
   FDRAWCMD ioctl call, which allows local users to obtain sensitive
   information from kernel heap memory by leveraging write access to a
   /dev/fd device. (bnc#875798)

   Additionally, the following non-security bugs have been fixed:

       * tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).
       * tcp: syncookies: reduce mss table to four values (bnc#833968).
       * ia64: Change default PSR.ac from '1' to '0' (Fix erratum #237)
         (bnc#874108).
       * tty: fix up atime/mtime mess, take three (bnc#797175).

   Security Issues references:

       * CVE-2013-6382
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382>
       * CVE-2013-7263
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263>
       * CVE-2013-7264
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264>
       * CVE-2013-7265
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265>
       * CVE-2014-1737
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737>
       * CVE-2014-1738
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738>

Indications:

   Everyone using the Linux Kernel on x86 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

      kernel-bigsmp-2.6.16.60-0.107.1
      kernel-debug-2.6.16.60-0.107.1
      kernel-default-2.6.16.60-0.107.1
      kernel-kdump-2.6.16.60-0.107.1
      kernel-kdumppae-2.6.16.60-0.107.1
      kernel-smp-2.6.16.60-0.107.1
      kernel-source-2.6.16.60-0.107.1
      kernel-syms-2.6.16.60-0.107.1
      kernel-vmi-2.6.16.60-0.107.1
      kernel-vmipae-2.6.16.60-0.107.1
      kernel-xen-2.6.16.60-0.107.1
      kernel-xenpae-2.6.16.60-0.107.1

References:

   https://bugzilla.novell.com/797175
   https://bugzilla.novell.com/833968
   https://bugzilla.novell.com/852553
   https://bugzilla.novell.com/857643
   https://bugzilla.novell.com/874108
   https://bugzilla.novell.com/875798
   http://download.suse.com/patch/finder/?keywords=00bbe32fc40478b12864bce2c72e300b