SUSE-SU-2014:0807-1: important: Security update for Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jun 17 17:04:35 MDT 2014


   SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0807-1
Rating:             important
References:         #630970 #661605 #663516 #761774 #792407 #852553 
                    #852967 #854634 #854743 #856756 #857643 #863335 
                    #865310 #866102 #868049 #868488 #868653 #869563 
                    #871561 #873070 #874108 #875690 #875798 #876102 
                    #878289 #880892 
Cross-References:   CVE-2012-6647 CVE-2013-6382 CVE-2013-6885
                    CVE-2013-7027 CVE-2013-7263 CVE-2013-7264
                    CVE-2013-7265 CVE-2013-7339 CVE-2014-0101
                    CVE-2014-0196 CVE-2014-1737 CVE-2014-1738
                    CVE-2014-1874 CVE-2014-2523 CVE-2014-2678
                    CVE-2014-3122 CVE-2014-3153
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 LTSS
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has 9 fixes is
   now available. It includes one version update.

Description:


   The SUSE Linux Enterprise Server 11 SP1 LTSS kernel received a roll-up
   update to fix security and non-security issues.

   The following security issues have been fixed:

       *

         CVE-2014-3153: The futex acquisition code in kernel/futex.c can be
   used to gain ring0 access via the futex syscall. This could be used for
   privilege escalation for non root users. (bnc#880892)

       *

         CVE-2012-6647: The futex_wait_requeue_pi function in kernel/futex.c
   in the Linux kernel before 3.5.1 does not ensure that calls have two
   different futex addresses, which allows local users to cause a denial
         of service (NULL pointer dereference and system crash) or possibly
   have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.
   (bnc#878289)

       *

         CVE-2013-6382: Multiple buffer underflows in the XFS implementation
   in the Linux kernel through 3.12.1 allow local users to cause a denial of
   service (memory corruption) or possibly have unspecified
         other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
   XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call
   with a crafted length value, related to the xfs_attrlist_by_handle
   function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
   function in fs/xfs/xfs_ioctl32.c. (bnc#852553)

       *

         CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors
   does not properly handle the interaction between locked instructions and
   write-combined memory types, which allows local users to cause a denial of
   service (system hang) via a crafted application, aka the errata 793 issue.
   (bnc#852967)

       *

         CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length
   values before ensuring that associated data structures have been
   initialized, which allows local users to obtain sensitive information from
   kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg
   system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
   net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)

       *

         CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in
   the Linux kernel before 3.12.4 updates a certain length value before
   ensuring that an associated data structure has been initialized, which
   allows local users to obtain sensitive information from kernel stack
   memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
   (bnc#857643)

       *

         CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in
   the Linux kernel before 3.12.4 updates a certain length value before
   ensuring that an associated data structure has been initialized, which
   allows local users to obtain sensitive information from kernel stack
   memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
   (bnc#857643)

       *

         CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in
   the Linux kernel before 3.12.8 allows local users to cause a denial of
   service (NULL pointer dereference and system crash) or possibly have
   unspecified other impact via a bind system call for an RDS socket on a
   system that lacks RDS transports. (bnc#869563)

       *

         CVE-2014-0101: The sctp_sf_do_5_1D_ce function in
   net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not
   validate certain auth_enable and auth_capable fields before making an
   sctp_sf_authenticate call, which allows remote attackers to cause a denial
   of service (NULL pointer dereference and system crash) via an SCTP
   handshake with a modified INIT chunk and a crafted AUTH chunk before a
   COOKIE_ECHO chunk. (bnc#866102)

       *

         CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in
   the Linux kernel through 3.14.3 does not properly manage tty driver access
   in the "LECHO & !OPOST" case, which allows local users to cause a denial
   of service (memory corruption and system crash) or gain privileges by
   triggering a race condition involving read and write operations with long
   strings. (bnc#875690)

       *

         CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
   in the Linux kernel through 3.14.3 does not properly handle error
   conditions during processing of an FDRAWCMD ioctl call, which allows local
   users to trigger kfree operations and gain privileges by leveraging write
   access to a /dev/fd device. (bnc#875798)

       *

         CVE-2014-1738: The raw_cmd_copyout function in
   drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
   properly restrict access to certain pointers during processing of an
   FDRAWCMD ioctl call, which allows local users to obtain sensitive
   information from kernel heap memory by leveraging write access to a
   /dev/fd device. (bnc#875798)

       *

         CVE-2014-1874: The security_context_to_sid_core function in
   security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows
   local users to cause a denial of service (system crash) by leveraging the
   CAP_MAC_ADMIN capability to set a zero-length security context.
   (bnc#863335)

       *

         CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux
   kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows
   remote attackers to cause a denial of service (system crash)
         or possibly execute arbitrary code via a DCCP packet that triggers a
   call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
   (bnc#868653)

       *

         CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in
   the Linux kernel through 3.14 allows local users to cause a denial of
   service (NULL pointer dereference and system crash) or possibly have
   unspecified other impact via a bind system call for an RDS socket on a
   system that lacks RDS transports. (bnc#871561)

       *

         CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the
   Linux kernel before 3.14.3 does not properly consider which pages must be
   locked, which allows local users to cause a denial of service (system
   crash) by triggering a memory-usage pattern that requires removal of
   page-table mappings. (bnc#876102)

       *

         CVE-2013-7027: The ieee80211_radiotap_iterator_init function in
   net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check
   whether a frame contains any data outside of the header, which might allow
   attackers to cause a denial of service (buffer over-read) via a crafted
   header. (bnc#854634)

   The following non-security issues have been fixed:

       * sched: protect scale_rt_power() from clock aberations (bnc#630970,
         bnc#661605, bnc#865310).
       * sched: fix divide by zero at {thread_group,task}_times (bnc#761774,
         bnc#873070).
       * clocksource: avoid unnecessary overflow in cyclecounter_cyc2ns()
         (bnc#865310).
       * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)
         (bnc#874108).
       * block: Wait for queue cleanup until the queue is empty before queue
         cleanup (bnc#792407).
       * fs: do_add_mount()/umount -l races (bnc#663516).
       * vfs,proc: guarantee unique inodes in /proc (bnc#868049).
       * nfs: Allow nfsdv4 to work when fips=1 (bnc#868488).
       * inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state
         (bnc#854743).
       * bonding: send unsolicited NA for all addresses (bnc#856756).
       * bonding: send unsolicited neighbour advertisements to all-nodes
         (bnc#856756).

   Security Issues references:

       * CVE-2012-6647
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647>
       * CVE-2013-6382
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382>
       * CVE-2013-6885
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885>
       * CVE-2013-7027
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7027>
       * CVE-2013-7263
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263>
       * CVE-2013-7264
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264>
       * CVE-2013-7265
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265>
       * CVE-2013-7339
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339>
       * CVE-2014-0101
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101>
       * CVE-2014-0196
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196>
       * CVE-2014-1737
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737>
       * CVE-2014-1738
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738>
       * CVE-2014-1874
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874>
       * CVE-2014-2523
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523>
       * CVE-2014-2678
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678>
       * CVE-2014-3122
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122>
       * CVE-2014-3153
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-kernel-9359 slessp1-kernel-9360 slessp1-kernel-9361

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-default-0_2.6.32.59_0.13-0.3.163
      ext4dev-kmp-default-0_2.6.32.59_0.13-7.9.130
      ext4dev-kmp-trace-0_2.6.32.59_0.13-7.9.130
      kernel-default-2.6.32.59-0.13.1
      kernel-default-base-2.6.32.59-0.13.1
      kernel-default-devel-2.6.32.59-0.13.1
      kernel-source-2.6.32.59-0.13.1
      kernel-syms-2.6.32.59-0.13.1
      kernel-trace-2.6.32.59-0.13.1
      kernel-trace-base-2.6.32.59-0.13.1
      kernel-trace-devel-2.6.32.59-0.13.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-xen-0_2.6.32.59_0.13-0.3.163
      ext4dev-kmp-xen-0_2.6.32.59_0.13-7.9.130
      hyper-v-kmp-default-0_2.6.32.59_0.13-0.18.39
      hyper-v-kmp-trace-0_2.6.32.59_0.13-0.18.39
      kernel-ec2-2.6.32.59-0.13.1
      kernel-ec2-base-2.6.32.59-0.13.1
      kernel-ec2-devel-2.6.32.59-0.13.1
      kernel-xen-2.6.32.59-0.13.1
      kernel-xen-base-2.6.32.59-0.13.1
      kernel-xen-devel-2.6.32.59-0.13.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x) [New Version: 2.6.32.59]:

      kernel-default-man-2.6.32.59-0.13.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586) [New Version: 2.6.32.59]:

      btrfs-kmp-pae-0_2.6.32.59_0.13-0.3.163
      ext4dev-kmp-pae-0_2.6.32.59_0.13-7.9.130
      hyper-v-kmp-pae-0_2.6.32.59_0.13-0.18.39
      kernel-pae-2.6.32.59-0.13.1
      kernel-pae-base-2.6.32.59-0.13.1
      kernel-pae-devel-2.6.32.59-0.13.1

   - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64):

      kernel-default-extra-2.6.32.59-0.13.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-2.6.32.59-0.13.1

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-2.6.32.59-0.13.1


References:

   http://support.novell.com/security/cve/CVE-2012-6647.html
   http://support.novell.com/security/cve/CVE-2013-6382.html
   http://support.novell.com/security/cve/CVE-2013-6885.html
   http://support.novell.com/security/cve/CVE-2013-7027.html
   http://support.novell.com/security/cve/CVE-2013-7263.html
   http://support.novell.com/security/cve/CVE-2013-7264.html
   http://support.novell.com/security/cve/CVE-2013-7265.html
   http://support.novell.com/security/cve/CVE-2013-7339.html
   http://support.novell.com/security/cve/CVE-2014-0101.html
   http://support.novell.com/security/cve/CVE-2014-0196.html
   http://support.novell.com/security/cve/CVE-2014-1737.html
   http://support.novell.com/security/cve/CVE-2014-1738.html
   http://support.novell.com/security/cve/CVE-2014-1874.html
   http://support.novell.com/security/cve/CVE-2014-2523.html
   http://support.novell.com/security/cve/CVE-2014-2678.html
   http://support.novell.com/security/cve/CVE-2014-3122.html
   http://support.novell.com/security/cve/CVE-2014-3153.html
   https://bugzilla.novell.com/630970
   https://bugzilla.novell.com/661605
   https://bugzilla.novell.com/663516
   https://bugzilla.novell.com/761774
   https://bugzilla.novell.com/792407
   https://bugzilla.novell.com/852553
   https://bugzilla.novell.com/852967
   https://bugzilla.novell.com/854634
   https://bugzilla.novell.com/854743
   https://bugzilla.novell.com/856756
   https://bugzilla.novell.com/857643
   https://bugzilla.novell.com/863335
   https://bugzilla.novell.com/865310
   https://bugzilla.novell.com/866102
   https://bugzilla.novell.com/868049
   https://bugzilla.novell.com/868488
   https://bugzilla.novell.com/868653
   https://bugzilla.novell.com/869563
   https://bugzilla.novell.com/871561
   https://bugzilla.novell.com/873070
   https://bugzilla.novell.com/874108
   https://bugzilla.novell.com/875690
   https://bugzilla.novell.com/875798
   https://bugzilla.novell.com/876102
   https://bugzilla.novell.com/878289
   https://bugzilla.novell.com/880892
   http://download.suse.com/patch/finder/?keywords=1f7d34dea2e5092125c31d9d0a405f5a
   http://download.suse.com/patch/finder/?keywords=518a51bcce5e0cc4e53c7e7bccd832c3
   http://download.suse.com/patch/finder/?keywords=9ef95d829298aaa37050f0a54e442fe4
   http://download.suse.com/patch/finder/?keywords=c146be129d24b739d74708b50d2cc532
   http://download.suse.com/patch/finder/?keywords=d036686eebebfe198fe470f1df9f08cb
   http://download.suse.com/patch/finder/?keywords=fdf0b5f57e08d67cb242abf486c62992



More information about the sle-security-updates mailing list