SUSE-SU-2014:0832-1: moderate: Security update for Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Jun 23 12:04:14 MDT 2014
SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0832-1
Rating: moderate
References: #758813 #805226 #820338 #830344 #833968 #835839
#847672 #848321 #851095 #852553 #852558 #853501
#857643 #858869 #858870 #858872 #860304 #874108
#875798
Cross-References: CVE-2013-0343 CVE-2013-2888 CVE-2013-2893
CVE-2013-2897 CVE-2013-4470 CVE-2013-4483
CVE-2013-4588 CVE-2013-6382 CVE-2013-6383
CVE-2013-7263 CVE-2013-7264 CVE-2013-7265
CVE-2014-1444 CVE-2014-1445 CVE-2014-1446
CVE-2014-1737 CVE-2014-1738
Affected Products:
SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________
An update that solves 17 vulnerabilities and has two fixes
is now available.
Description:
The SUSE Linux Enterprise Server 10 SP3 LTSS received a roll up update to
fix several security and non-security issues.
The following security issues have been fixed:
*
CVE-2013-0343: The ipv6_create_tempaddr function in
net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly
handle problems with the generation of IPv6 temporary addresses, which
allows remote attackers to cause a denial of service (excessive retries
and address-generation outage), and consequently obtain sensitive
information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226)
*
CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c
in the Human Interface Device (HID) subsystem in the Linux kernel through
3.11 allow physically proximate attackers to execute arbitrary code or
cause a denial of service (heap memory corruption) via a crafted device
that provides an invalid Report ID. (bnc#835839)
*
CVE-2013-2893: The Human Interface Device (HID) subsystem in the
Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or
CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to
cause a denial of service (heap-based out-of-bounds write) via a crafted
device, related to (1) drivers/hid/hid-lgff.c, (2)
drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839)
*
CVE-2013-2897: Multiple array index errors in
drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem
in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled,
allow physically proximate attackers to cause a denial of service (heap
memory corruption, or NULL pointer dereference and OOPS) via a crafted
device. (bnc#835839)
*
CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation
Offload (UFO) is enabled, does not properly initialize certain data
structures, which allows local users to cause a denial of service (memory
corruption and system crash) or possibly gain privileges via a crafted
application that uses the UDP_CORK option in a setsockopt system call and
sends both short and long packets, related to the ip_ufo_append_data
function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in
net/ipv6/ip6_output.c. (bnc#847672)
*
CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the
Linux kernel before 3.10 does not properly manage a reference count, which
allows local users to cause a denial of service (memory consumption
or system crash) via a crafted application. (bnc#848321)
*
CVE-2013-4588: Multiple stack-based buffer overflows in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when
CONFIG_IP_VS is used, allow local users to gain privileges by leveraging
the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to
the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to
the do_ip_vs_set_ctl function. (bnc#851095)
*
CVE-2013-6382: Multiple buffer underflows in the XFS implementation
in the Linux kernel through 3.12.1 allow local users to cause a denial of
service (memory corruption) or possibly have unspecified
other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call
with a crafted length value, related to the xfs_attrlist_by_handle
function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
function in fs/xfs/xfs_ioctl32.c. (bnc#852553)
*
CVE-2013-6383: The aac_compat_ioctl function in
drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not
require the CAP_SYS_RAWIO capability, which allows local users to bypass
intended access restrictions via a crafted ioctl call. (bnc#852558)
*
CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length
values before ensuring that associated data structures have been
initialized, which allows local users to obtain sensitive information from
kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg
system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)
*
CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in
the Linux kernel before 3.12.4 updates a certain length value before
ensuring that an associated data structure has been initialized, which
allows local users to obtain sensitive information from kernel stack
memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643)
*
CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in
the Linux kernel before 3.12.4 updates a certain length value before
ensuring that an associated data structure has been initialized, which
allows local users to obtain sensitive information from kernel stack
memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643)
*
CVE-2014-1444: The fst_get_iface function in
drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not
properly initialize a certain data structure, which allows local users to
obtain sensitive information from kernel memory by leveraging the
CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)
*
CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c
in the Linux kernel before 3.11.7 does not properly initialize a certain
data structure, which allows local users to obtain sensitive information
from kernel memory via an ioctl call. (bnc#858870)
*
CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c
in the Linux kernel before 3.12.8 does not initialize a certain structure
member, which allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability for an
SIOCYAMGCFG ioctl call. (bnc#858872)
*
CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
in the Linux kernel through 3.14.3 does not properly handle error
conditions during processing of an FDRAWCMD ioctl call, which allows local
users to trigger kfree operations and gain privileges by leveraging write
access to a /dev/fd device. (bnc#875798)
*
CVE-2014-1738: The raw_cmd_copyout function in
drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
properly restrict access to certain pointers during processing of an
FDRAWCMD ioctl call, which allows local users to obtain sensitive
information from kernel heap memory by leveraging write access to a
/dev/fd device. (bnc#875798)
The following bugs have been fixed:
* kernel: sclp console hangs (bnc#830344, LTC#95711, bnc#860304).
* ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)
(bnc#874108).
* net: Uninline kfree_skb and allow NULL argument (bnc#853501).
* tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).
* tcp: syncookies: reduce mss table to four values (bnc#833968).
* udp: Fix bogus UFO packet generation (bnc#847672).
* blkdev_max_block: make private to fs/buffer.c (bnc#820338).
* vfs: avoid "attempt to access beyond end of device" warnings
(bnc#820338).
* vfs: fix O_DIRECT read past end of block device (bnc#820338).
* HID: check for NULL field when setting values (bnc#835839).
* HID: provide a helper for validating hid reports (bnc#835839).
* dl2k: Tighten ioctl permissions (bnc#758813).
Security Issues references:
* CVE-2013-0343
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0343>
* CVE-2013-2888
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2888>
* CVE-2013-2893
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893>
* CVE-2013-2897
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897>
* CVE-2013-4470
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470>
* CVE-2013-4483
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483>
* CVE-2013-4588
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4588>
* CVE-2013-6382
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382>
* CVE-2013-6383
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383>
* CVE-2013-7263
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263>
* CVE-2013-7264
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264>
* CVE-2013-7265
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265>
* CVE-2014-1444
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444>
* CVE-2014-1445
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445>
* CVE-2014-1446
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446>
* CVE-2014-1737
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737>
* CVE-2014-1738
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738>
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
kernel-default-2.6.16.60-0.123.1
kernel-source-2.6.16.60-0.123.1
kernel-syms-2.6.16.60-0.123.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64):
kernel-debug-2.6.16.60-0.123.1
kernel-kdump-2.6.16.60-0.123.1
kernel-smp-2.6.16.60-0.123.1
kernel-xen-2.6.16.60-0.123.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586):
kernel-bigsmp-2.6.16.60-0.123.1
kernel-kdumppae-2.6.16.60-0.123.1
kernel-vmi-2.6.16.60-0.123.1
kernel-vmipae-2.6.16.60-0.123.1
kernel-xenpae-2.6.16.60-0.123.1
References:
http://support.novell.com/security/cve/CVE-2013-0343.html
http://support.novell.com/security/cve/CVE-2013-2888.html
http://support.novell.com/security/cve/CVE-2013-2893.html
http://support.novell.com/security/cve/CVE-2013-2897.html
http://support.novell.com/security/cve/CVE-2013-4470.html
http://support.novell.com/security/cve/CVE-2013-4483.html
http://support.novell.com/security/cve/CVE-2013-4588.html
http://support.novell.com/security/cve/CVE-2013-6382.html
http://support.novell.com/security/cve/CVE-2013-6383.html
http://support.novell.com/security/cve/CVE-2013-7263.html
http://support.novell.com/security/cve/CVE-2013-7264.html
http://support.novell.com/security/cve/CVE-2013-7265.html
http://support.novell.com/security/cve/CVE-2014-1444.html
http://support.novell.com/security/cve/CVE-2014-1445.html
http://support.novell.com/security/cve/CVE-2014-1446.html
http://support.novell.com/security/cve/CVE-2014-1737.html
http://support.novell.com/security/cve/CVE-2014-1738.html
https://bugzilla.novell.com/758813
https://bugzilla.novell.com/805226
https://bugzilla.novell.com/820338
https://bugzilla.novell.com/830344
https://bugzilla.novell.com/833968
https://bugzilla.novell.com/835839
https://bugzilla.novell.com/847672
https://bugzilla.novell.com/848321
https://bugzilla.novell.com/851095
https://bugzilla.novell.com/852553
https://bugzilla.novell.com/852558
https://bugzilla.novell.com/853501
https://bugzilla.novell.com/857643
https://bugzilla.novell.com/858869
https://bugzilla.novell.com/858870
https://bugzilla.novell.com/858872
https://bugzilla.novell.com/860304
https://bugzilla.novell.com/874108
https://bugzilla.novell.com/875798
http://download.suse.com/patch/finder/?keywords=17ddf66eae63aab3af8b2b3bec742669
http://download.suse.com/patch/finder/?keywords=26314f5d51311e1fdece27b8fcdf804a
http://download.suse.com/patch/finder/?keywords=9914353b490102922bc3d08bdf30bacc
More information about the sle-security-updates
mailing list