SUSE-SU-2014:0696-1: important: Security update for Linux kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed May 21 18:04:13 MDT 2014


   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0696-1
Rating:             important
References:         #708296 #736697 #746500 #814788 #819351 #831029 
                    #836347 #843185 #844513 #847672 #849364 #851426 
                    #852488 #852553 #852967 #853455 #854025 #855347 
                    #855885 #856083 #857499 #857643 #858280 #858534 
                    #858604 #858869 #858870 #858872 #862429 #863300 
                    #863335 #864025 #864833 #865307 #865310 #865330 
                    #865342 #865783 #866102 #867953 #868528 #868653 
                    #869033 #869563 #870801 #871325 #871561 #871861 
                    #873061 #874108 #875690 #875798 #876102 
Cross-References:   CVE-2013-4470 CVE-2013-4579 CVE-2013-6382
                    CVE-2013-6885 CVE-2013-7263 CVE-2013-7264
                    CVE-2013-7265 CVE-2013-7339 CVE-2014-0069
                    CVE-2014-0101 CVE-2014-0196 CVE-2014-1444
                    CVE-2014-1445 CVE-2014-1446 CVE-2014-1737
                    CVE-2014-1738 CVE-2014-1874 CVE-2014-2039
                    CVE-2014-2523 CVE-2014-2678 CVE-2014-3122
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 LTSS
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 21 vulnerabilities and has 32 fixes
   is now available. It includes one version update.

Description:


   The SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up
   update to fix security and non-security issues.

   The following security bugs have been fixed:

       *

         CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation
   Offload (UFO) is enabled, does not properly initialize certain data
   structures, which allows local users to cause a denial of service (memory
   corruption and system crash) or possibly gain privileges via a crafted
   application that uses the UDP_CORK option in a setsockopt system call and
   sends both short and long packets, related to the ip_ufo_append_data
   function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in
   net/ipv6/ip6_output.c. (bnc#847672)

       *

         CVE-2013-4579: The ath9k_htc_set_bssid_mask function in
   drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through
   3.12 uses a BSSID masking approach to determine the set of MAC addresses
   on which a Wi-Fi device is listening, which allows remote attackers to
   discover the original MAC address after spoofing by sending a series of
   packets to MAC addresses with certain bit manipulations. (bnc#851426)

       *

         CVE-2013-6382: Multiple buffer underflows in the XFS implementation
   in the Linux kernel through 3.12.1 allow local users to cause a denial of
   service (memory corruption) or possibly have unspecified
         other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
   XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call
   with a crafted length value, related to the xfs_attrlist_by_handle
   function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
   function in fs/xfs/xfs_ioctl32.c. (bnc#852553)

       *

         CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors
   does not properly handle the interaction between locked instructions and
   write-combined memory types, which allows local users to cause a denial of
   service (system hang) via a crafted application, aka the errata 793 issue.
   (bnc#852967)

       *

         CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length
   values before ensuring that associated data structures have been
   initialized, which allows local users to obtain sensitive information from
   kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg
   system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
   net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)

       *

         CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in
   the Linux kernel before 3.12.4 updates a certain length value before
   ensuring that an associated data structure has been initialized, which
   allows local users to obtain sensitive information from kernel stack
   memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
   (bnc#857643)

       *

         CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in
   the Linux kernel before 3.12.4 updates a certain length value before
   ensuring that an associated data structure has been initialized, which
   allows local users to obtain sensitive information from kernel stack
   memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
   (bnc#857643)

       *

         CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in
   the Linux kernel before 3.12.8 allows local users to cause a denial of
   service (NULL pointer dereference and system crash) or possibly have
   unspecified other impact via a bind system call for an RDS socket on a
   system that lacks RDS transports. (bnc#869563)

       *

         CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in
   the Linux kernel through 3.13.5 does not properly handle uncached write
         operations that copy fewer than the requested number of bytes, which
   allows local users to obtain sensitive information from kernel memory,
   cause a denial of service (memory corruption and system crash), or
   possibly gain privileges via a writev system call with a crafted pointer.
   (bnc#864025)

       *

         CVE-2014-0101: The sctp_sf_do_5_1D_ce function in
   net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not
   validate certain auth_enable and auth_capable fields before making an
   sctp_sf_authenticate call, which allows remote attackers to cause a denial
   of service (NULL pointer dereference and system crash) via an SCTP
   handshake with a modified INIT chunk and a crafted AUTH chunk before a
   COOKIE_ECHO chunk. (bnc#866102)

       *

         CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in
   the Linux kernel through 3.14.3 does not properly manage tty driver access
   in the "LECHO & !OPOST" case, which allows local users to cause a denial
   of service (memory corruption and system crash) or gain privileges by
   triggering a race condition involving read and write operations with long
   strings. (bnc#875690)

       *

         CVE-2014-1444: The fst_get_iface function in
   drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not
   properly initialize a certain data structure, which allows local users to
   obtain sensitive information from kernel memory by leveraging the
   CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)

       *

         CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c
   in the Linux kernel before 3.11.7 does not properly initialize a certain
   data structure, which allows local users to obtain sensitive information
   from kernel memory via an ioctl call. (bnc#858870)

       *

         CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c
   in the Linux kernel before 3.12.8 does not initialize a certain structure
   member, which allows local users to obtain sensitive information from
   kernel memory by leveraging the CAP_NET_ADMIN capability for an
   SIOCYAMGCFG ioctl call. (bnc#858872)

       *

         CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
   in the Linux kernel through 3.14.3 does not properly handle error
   conditions during processing of an FDRAWCMD ioctl call, which allows local
   users to trigger kfree operations and gain privileges by leveraging write
   access to a /dev/fd device. (bnc#875798)

       *

         CVE-2014-1738: The raw_cmd_copyout function in
   drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
   properly restrict access to certain pointers during processing of an
   FDRAWCMD ioctl call, which allows local users to obtain sensitive
   information from kernel heap memory by leveraging write access to a
   /dev/fd device. (bnc#875798)

       *

         CVE-2014-1874: The security_context_to_sid_core function in
   security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows
   local users to cause a denial of service (system crash) by leveraging the
   CAP_MAC_ADMIN capability to set a zero-length security context.
   (bnc#863335)

       *

         CVE-2014-2039: arch/s390/kernel/head64.S in the Linux kernel before
   3.13.5 on the s390 platform does not properly handle attempted use of the
   linkage stack, which allows local users to cause a denial of service
   (system crash) by executing a crafted instruction. (bnc#865307)

       *

         CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux
   kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows
   remote attackers to cause a denial of service (system crash)
         or possibly execute arbitrary code via a DCCP packet that triggers a
   call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
   (bnc#868653)

       *

         CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in
   the Linux kernel through 3.14 allows local users to cause a denial of
   service (NULL pointer dereference and system crash) or possibly have
   unspecified other impact via a bind system call for an RDS socket on a
   system that lacks RDS transports. (bnc#871561)

       *

         CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the
   Linux kernel before 3.14.3 does not properly consider which pages must be
   locked, which allows local users to cause a denial of service (system
   crash) by triggering a memory-usage pattern that requires removal of
   page-table mappings. (bnc#876102)

   Also the following non-security bugs have been fixed:

       * kabi: protect symbols modified by bnc#864833 fix (bnc#864833).
       * arch: Fix incorrect config symbol in #ifdef (bnc#844513).
       * ACPICA: Add a lock to the internal object reference count mechanism
         (bnc#857499).
       * x86/PCI: reduce severity of host bridge window conflict warnings
         (bnc#858534).
       * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)
         (bnc#874108).
       * timer: Prevent overflow in apply_slack (bnc#873061).
       * xen: Close a race condition in Xen nested spinlock (bnc#858280,
         bnc#819351).
       * storvsc: NULL pointer dereference fix (bnc#865330).
       * sched: Make scale_rt_power() deal with backward clocks (bnc#865310).
       * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri
         check (bnc#871861).
       *

         sched: update_rq_clock() must skip ONE update (bnc#868528,
   bnc#869033).

       *

         md: Change handling of save_raid_disk and metadata update during
   recovery (bnc#849364).

       * dm-mpath: Fixup race condition in activate_path() (bnc#708296).
       * dm-mpath: do not detach stale hardware handler (bnc#708296).
       * dm-multipath: Improve logging (bnc#708296).
       * scsi_dh_alua: Simplify state machine (bnc#854025).
       * scsi_dh_alua: endless STPG retries for a failed LUN (bnc#865342).
       *

         scsi_dh_alua: fixup RTPG retry delay miscalculation (bnc#854025).

       *

         vfs,proc: guarantee unique inodes in /proc.

       * FS-Cache: Handle removal of unadded object to the
         fscache_object_list rb tree (bnc#855885).
       * NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure
         (bnc#853455).
       * NFS: Avoid occasional hang with NFS (bnc#852488).
       * NFS: do not try to use lock state when we hold a delegation
         (bnc#831029) - add to series.conf
       * btrfs: do not loop on large offsets in readdir (bnc#863300).
       * btrfs: restrict snapshotting to own subvolumes (bnc#736697).
       * btrfs: fix extent boundary check in bio_readpage_error.
       *

         btrfs: fix extent_map block_len after merging.

       *

         net: add missing bh_unlock_sock() calls (bnc#862429).

       * inet: Pass inetpeer root into inet_getpeer*() interfaces
         (bnc#864833).
       * inet: Hide route peer accesses behind helpers (bnc#864833).
       * inet: Avoid potential NULL peer dereference (bnc#864833).
       * inet: handle rt{,6}_bind_peer() failure correctly (bnc#870801).
       * inetpeer: prevent unlinking from unused list twice (bnc#867953).
       * net/mlx4_en: Fix pages never dma unmapped on rx (bnc#858604).
       * tcp: clear xmit timers in tcp_v4_syn_recv_sock() (bnc#862429).
       * ipv6: fix race condition regarding dst->expires and dst->from
         (bnc#843185).
       *

         ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support,
   warn about missing CREATE flag (bnc#865783).

       *

         mpt2sas: Do not check DIF for unwritten blocks (bnc#746500,
   bnc#836347).

       * mpt2sas: Add a module parameter that permits overriding protection
         capabilities (bnc#746500).
       *

         mpt2sas: Return the correct sense key for DIF errors (bnc#746500).

       *

         s390/cio: Delay scan for newly available I/O devices (bnc#855347,
   bnc#814788, bnc#856083).

       * s390/cio: More efficient handling of CHPID availability events
         (bnc#855347, bnc#814788, bnc#856083).
       * s390/cio: Relax subchannel scan loop (bnc#855347, bnc#814788,
         bnc#856083).
       *

         s390/css: stop stsch loop after cc 3 (bnc#855347, bnc#814788,
   bnc#856083).

       *

         supported.conf: Driver corgi_bl was renamed to generic_bl in kernel
   2.6.29.

       * supported.conf: Add drivers/of/of_mdio That was a missing dependency
         for mdio-gpio on ppc64.
       * supported.conf: Fix mdio-gpio module name Module mdio-ofgpio was
         renamed to mdio-gpio in kernel 2.6.29, this should have been
         reflected in supported.conf.
       * supported.conf: Adjust radio-si470x module names
       * Update config files: re-enable twofish crypto support. (bnc#871325)

   Security Issue references:

       * CVE-2013-4470
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470>
       * CVE-2013-4579
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4579>
       * CVE-2013-6382
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382>
       * CVE-2013-6885
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885>
       * CVE-2013-7263
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263>
       * CVE-2013-7264
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264>
       * CVE-2013-7265
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265>
       * CVE-2013-7339
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339>
       * CVE-2014-0069
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069>
       * CVE-2014-0101
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101>
       * CVE-2014-0196
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196>
       * CVE-2014-1444
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444>
       * CVE-2014-1445
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445>
       * CVE-2014-1446
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446>
       * CVE-2014-1737
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737>
       * CVE-2014-1738
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738>
       * CVE-2014-1874
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874>
       * CVE-2014-2039
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2039>
       * CVE-2014-2523
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523>
       * CVE-2014-2678
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678>
       * CVE-2014-3122
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122>

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 LTSS:

      zypper in -t patch slessp2-kernel-9248 slessp2-kernel-9249 slessp2-kernel-9254

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.7.19.1
      kernel-default-base-3.0.101-0.7.19.1
      kernel-default-devel-3.0.101-0.7.19.1
      kernel-source-3.0.101-0.7.19.1
      kernel-syms-3.0.101-0.7.19.1
      kernel-trace-3.0.101-0.7.19.1
      kernel-trace-base-3.0.101-0.7.19.1
      kernel-trace-devel-3.0.101-0.7.19.1

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64) [New Version: 3.0.101]:

      kernel-ec2-3.0.101-0.7.19.1
      kernel-ec2-base-3.0.101-0.7.19.1
      kernel-ec2-devel-3.0.101-0.7.19.1
      kernel-xen-3.0.101-0.7.19.1
      kernel-xen-base-3.0.101-0.7.19.1
      kernel-xen-devel-3.0.101-0.7.19.1

   - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x) [New Version: 3.0.101]:

      kernel-default-man-3.0.101-0.7.19.1

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.7.19.1
      kernel-pae-base-3.0.101-0.7.19.1
      kernel-pae-devel-3.0.101-0.7.19.1

   - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64):

      kernel-default-extra-3.0.101-0.7.19.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-3.0.101-0.7.19.1

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-3.0.101-0.7.19.1


References:

   http://support.novell.com/security/cve/CVE-2013-4470.html
   http://support.novell.com/security/cve/CVE-2013-4579.html
   http://support.novell.com/security/cve/CVE-2013-6382.html
   http://support.novell.com/security/cve/CVE-2013-6885.html
   http://support.novell.com/security/cve/CVE-2013-7263.html
   http://support.novell.com/security/cve/CVE-2013-7264.html
   http://support.novell.com/security/cve/CVE-2013-7265.html
   http://support.novell.com/security/cve/CVE-2013-7339.html
   http://support.novell.com/security/cve/CVE-2014-0069.html
   http://support.novell.com/security/cve/CVE-2014-0101.html
   http://support.novell.com/security/cve/CVE-2014-0196.html
   http://support.novell.com/security/cve/CVE-2014-1444.html
   http://support.novell.com/security/cve/CVE-2014-1445.html
   http://support.novell.com/security/cve/CVE-2014-1446.html
   http://support.novell.com/security/cve/CVE-2014-1737.html
   http://support.novell.com/security/cve/CVE-2014-1738.html
   http://support.novell.com/security/cve/CVE-2014-1874.html
   http://support.novell.com/security/cve/CVE-2014-2039.html
   http://support.novell.com/security/cve/CVE-2014-2523.html
   http://support.novell.com/security/cve/CVE-2014-2678.html
   http://support.novell.com/security/cve/CVE-2014-3122.html
   https://bugzilla.novell.com/708296
   https://bugzilla.novell.com/736697
   https://bugzilla.novell.com/746500
   https://bugzilla.novell.com/814788
   https://bugzilla.novell.com/819351
   https://bugzilla.novell.com/831029
   https://bugzilla.novell.com/836347
   https://bugzilla.novell.com/843185
   https://bugzilla.novell.com/844513
   https://bugzilla.novell.com/847672
   https://bugzilla.novell.com/849364
   https://bugzilla.novell.com/851426
   https://bugzilla.novell.com/852488
   https://bugzilla.novell.com/852553
   https://bugzilla.novell.com/852967
   https://bugzilla.novell.com/853455
   https://bugzilla.novell.com/854025
   https://bugzilla.novell.com/855347
   https://bugzilla.novell.com/855885
   https://bugzilla.novell.com/856083
   https://bugzilla.novell.com/857499
   https://bugzilla.novell.com/857643
   https://bugzilla.novell.com/858280
   https://bugzilla.novell.com/858534
   https://bugzilla.novell.com/858604
   https://bugzilla.novell.com/858869
   https://bugzilla.novell.com/858870
   https://bugzilla.novell.com/858872
   https://bugzilla.novell.com/862429
   https://bugzilla.novell.com/863300
   https://bugzilla.novell.com/863335
   https://bugzilla.novell.com/864025
   https://bugzilla.novell.com/864833
   https://bugzilla.novell.com/865307
   https://bugzilla.novell.com/865310
   https://bugzilla.novell.com/865330
   https://bugzilla.novell.com/865342
   https://bugzilla.novell.com/865783
   https://bugzilla.novell.com/866102
   https://bugzilla.novell.com/867953
   https://bugzilla.novell.com/868528
   https://bugzilla.novell.com/868653
   https://bugzilla.novell.com/869033
   https://bugzilla.novell.com/869563
   https://bugzilla.novell.com/870801
   https://bugzilla.novell.com/871325
   https://bugzilla.novell.com/871561
   https://bugzilla.novell.com/871861
   https://bugzilla.novell.com/873061
   https://bugzilla.novell.com/874108
   https://bugzilla.novell.com/875690
   https://bugzilla.novell.com/875798
   https://bugzilla.novell.com/876102
   http://download.suse.com/patch/finder/?keywords=787d82dbb16377714bc927d02557c4ee
   http://download.suse.com/patch/finder/?keywords=8e83fb23e69fc57ddd82e1ab0aa469b8
   http://download.suse.com/patch/finder/?keywords=be4d02e114cf7bfcc6687ae18820db1d
   http://download.suse.com/patch/finder/?keywords=d8a4989ab7c16d4dac2badacf2d0efa8
   http://download.suse.com/patch/finder/?keywords=da132fe457db88249d2db18bc5c22de5
   http://download.suse.com/patch/finder/?keywords=ffc3bcce4bbb0dc6b7c0acc2c40fba06



More information about the sle-security-updates mailing list