Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme im Kernel
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme im Kernel
ID: openSUSE-SU-2014:0957-1
Distribution: SUSE
Plattformen: openSUSE 12.3
Datum: Fr, 1. August 2014, 18:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699
Applikationen: Linux

Originalnachricht

 
   openSUSE Security Update: kernel: security and bugfix update
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:0957-1
Rating:             important
References:         #788080 #867531 #867723 #877257 #880484 #882189 
                    #883518 #883724 #883795 #885422 #885725 
Cross-References:   CVE-2014-0131 CVE-2014-2309 CVE-2014-3144
                    CVE-2014-3145 CVE-2014-3917 CVE-2014-4014
                    CVE-2014-4171 CVE-2014-4508 CVE-2014-4652
                    CVE-2014-4653 CVE-2014-4654 CVE-2014-4655
                    CVE-2014-4656 CVE-2014-4667 CVE-2014-4699
                   
Affected Products:
                    openSUSE 12.3
______________________________________________________________________________

   An update that fixes 15 vulnerabilities is now available.

Description:


   The Linux Kernel was updated to fix various bugs and security issues.

   CVE-2014-4699: The Linux kernel on Intel processors did not properly
   restrict use of a non-canonical value for the saved RIP address in the
   case of a system call that does not use IRET, which allowed local users to
   leverage a race condition and gain privileges, or cause a denial of
   service (double fault), via a crafted application that makes ptrace and
   fork system calls.

   CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c
   in the Linux kernel did not properly manage a certain backlog value, which
   allowed remote attackers to cause a denial of service (socket
   outage) via a crafted SCTP packet.

   CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement
   the interaction between range notification and hole punching, which
   allowed local users to cause a denial of service (i_mutex hold) by using
   the mmap system call to access a hole, as demonstrated by interfering with
   intended shmem activity by blocking completion of (1) an MADV_REMOVE
   madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.

   CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit
   x86 platforms, when syscall auditing is enabled and the sep CPU feature
   flag is set, allowed local users to cause a denial of service (OOPS and
   system crash) via an invalid syscall number, as demonstrated by number
   1000.

   CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the
   ALSA control implementation in the Linux kernel allowed local users to
   cause a denial of service by leveraging /dev/snd/controlCX access, related
   to (1) index values in the snd_ctl_add function and (2) numid values in
   the snd_ctl_remove_numid_conflict function.

   CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in
   the ALSA control implementation in the Linux kernel did not properly
   maintain the user_ctl_count value, which allowed local users to cause a
   denial of service (integer overflow and limit bypass) by leveraging
   /dev/snd/controlCX access for a large number of
   SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.

   CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in
   the ALSA control implementation in the Linux kernel did not check
   authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed
   local users to remove kernel controls and cause a denial of service
   (use-after-free and system crash) by leveraging /dev/snd/controlCX access
   for an ioctl call.

   CVE-2014-4653: sound/core/control.c in the ALSA control implementation in
   the Linux kernel did not ensure possession of a read/write lock, which
   allowed local users to cause a denial of service (use-after-free) and
   obtain sensitive information from kernel memory by leveraging
   /dev/snd/controlCX access.

   CVE-2014-4652: Race condition in the tlv handler functionality in the
   snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control
   implementation in the Linux kernel allowed local users to obtain sensitive
   information from kernel memory by leveraging /dev/snd/controlCX access.

   CVE-2014-4014: The capabilities implementation in the Linux kernel did not
   properly consider that namespaces are inapplicable to inodes, which
   allowed local users to bypass intended chmod restrictions by first
   creating a user namespace, as demonstrated by setting the setgid bit on a
   file with group ownership of root.

   CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux
   kernel did not properly count the addition of routes, which allowed remote
   attackers to cause a denial of service (memory consumption) via a flood of
   ICMPv6 Router Advertisement packets.

   CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
   CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local
   users to obtain potentially sensitive single-bit values from kernel memory
   or cause a denial of service (OOPS) via a large value of a syscall number.

   CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in
   net/core/skbuff.c in the Linux kernel allowed attackers to obtain
   sensitive information from kernel memory by leveraging the absence of a
   certain orphaning operation.

   CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST
   extension implementations in the sk_run_filter function in
   net/core/filter.c in the Linux kernel did not check whether a certain
   length value is sufficiently large, which allowed local users to cause a
   denial of service (integer underflow and system crash) via crafted BPF
   instructions.

   CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the
   sk_run_filter function in net/core/filter.c in the Linux kernel used the
   reverse order in a certain subtraction, which allowed local users to cause
   a denial of service (over-read and system crash) via crafted BPF
   instructions. NOTE: the affected code was moved to the
   __skb_get_nlattr_nest function before the vulnerability was announced.

   Additional Bug fixed:
   - HID: logitech-dj: Fix USB 3.0 issue (bnc#788080).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.3:

      zypper in -t patch openSUSE-2014-478

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.3 (i586 x86_64):

      kernel-default-3.7.10-1.40.1
      kernel-default-base-3.7.10-1.40.1
      kernel-default-base-debuginfo-3.7.10-1.40.1
      kernel-default-debuginfo-3.7.10-1.40.1
      kernel-default-debugsource-3.7.10-1.40.1
      kernel-default-devel-3.7.10-1.40.1
      kernel-default-devel-debuginfo-3.7.10-1.40.1
      kernel-syms-3.7.10-1.40.1

   - openSUSE 12.3 (i686 x86_64):

      kernel-debug-3.7.10-1.40.1
      kernel-debug-base-3.7.10-1.40.1
      kernel-debug-base-debuginfo-3.7.10-1.40.1
      kernel-debug-debuginfo-3.7.10-1.40.1
      kernel-debug-debugsource-3.7.10-1.40.1
      kernel-debug-devel-3.7.10-1.40.1
      kernel-debug-devel-debuginfo-3.7.10-1.40.1
      kernel-desktop-3.7.10-1.40.1
      kernel-desktop-base-3.7.10-1.40.1
      kernel-desktop-base-debuginfo-3.7.10-1.40.1
      kernel-desktop-debuginfo-3.7.10-1.40.1
      kernel-desktop-debugsource-3.7.10-1.40.1
      kernel-desktop-devel-3.7.10-1.40.1
      kernel-desktop-devel-debuginfo-3.7.10-1.40.1
      kernel-ec2-3.7.10-1.40.1
      kernel-ec2-base-3.7.10-1.40.1
      kernel-ec2-base-debuginfo-3.7.10-1.40.1
      kernel-ec2-debuginfo-3.7.10-1.40.1
      kernel-ec2-debugsource-3.7.10-1.40.1
      kernel-ec2-devel-3.7.10-1.40.1
      kernel-ec2-devel-debuginfo-3.7.10-1.40.1
      kernel-trace-3.7.10-1.40.1
      kernel-trace-base-3.7.10-1.40.1
      kernel-trace-base-debuginfo-3.7.10-1.40.1
      kernel-trace-debuginfo-3.7.10-1.40.1
      kernel-trace-debugsource-3.7.10-1.40.1
      kernel-trace-devel-3.7.10-1.40.1
      kernel-trace-devel-debuginfo-3.7.10-1.40.1
      kernel-vanilla-3.7.10-1.40.1
      kernel-vanilla-debuginfo-3.7.10-1.40.1
      kernel-vanilla-debugsource-3.7.10-1.40.1
      kernel-vanilla-devel-3.7.10-1.40.1
      kernel-vanilla-devel-debuginfo-3.7.10-1.40.1
      kernel-xen-3.7.10-1.40.1
      kernel-xen-base-3.7.10-1.40.1
      kernel-xen-base-debuginfo-3.7.10-1.40.1
      kernel-xen-debuginfo-3.7.10-1.40.1
      kernel-xen-debugsource-3.7.10-1.40.1
      kernel-xen-devel-3.7.10-1.40.1
      kernel-xen-devel-debuginfo-3.7.10-1.40.1

   - openSUSE 12.3 (noarch):

      kernel-devel-3.7.10-1.40.1
      kernel-docs-3.7.10-1.40.2
      kernel-source-3.7.10-1.40.1
      kernel-source-vanilla-3.7.10-1.40.1

   - openSUSE 12.3 (i686):

      kernel-pae-3.7.10-1.40.1
      kernel-pae-base-3.7.10-1.40.1
      kernel-pae-base-debuginfo-3.7.10-1.40.1
      kernel-pae-debuginfo-3.7.10-1.40.1
      kernel-pae-debugsource-3.7.10-1.40.1
      kernel-pae-devel-3.7.10-1.40.1
      kernel-pae-devel-debuginfo-3.7.10-1.40.1


References:

   http://support.novell.com/security/cve/CVE-2014-0131.html
   http://support.novell.com/security/cve/CVE-2014-2309.html
   http://support.novell.com/security/cve/CVE-2014-3144.html
   http://support.novell.com/security/cve/CVE-2014-3145.html
   http://support.novell.com/security/cve/CVE-2014-3917.html
   http://support.novell.com/security/cve/CVE-2014-4014.html
   http://support.novell.com/security/cve/CVE-2014-4171.html
   http://support.novell.com/security/cve/CVE-2014-4508.html
   http://support.novell.com/security/cve/CVE-2014-4652.html
   http://support.novell.com/security/cve/CVE-2014-4653.html
   http://support.novell.com/security/cve/CVE-2014-4654.html
   http://support.novell.com/security/cve/CVE-2014-4655.html
   http://support.novell.com/security/cve/CVE-2014-4656.html
   http://support.novell.com/security/cve/CVE-2014-4667.html
   http://support.novell.com/security/cve/CVE-2014-4699.html
   https://bugzilla.novell.com/788080
   https://bugzilla.novell.com/867531
   https://bugzilla.novell.com/867723
   https://bugzilla.novell.com/877257
   https://bugzilla.novell.com/880484
   https://bugzilla.novell.com/882189
   https://bugzilla.novell.com/883518
   https://bugzilla.novell.com/883724
   https://bugzilla.novell.com/883795
   https://bugzilla.novell.com/885422
   https://bugzilla.novell.com/885725

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung