Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme im Kernel
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme im Kernel
ID: openSUSE-SU-2015:0714-1
Distribution: SUSE
Plattformen: SUSE openSUSE 13.1
Datum: Mo, 13. April 2015, 14:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593

Originalnachricht

   openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0714-1
Rating: important
References: #903640 #904899 #907988 #909078 #910150 #911325
#911326 #912202 #912654 #912705 #913059 #913695
#914175 #915322 #917839 #920901
Cross-References: CVE-2014-7822 CVE-2014-8134 CVE-2014-8160
CVE-2014-8173 CVE-2014-8559 CVE-2014-9419
CVE-2014-9420 CVE-2014-9529 CVE-2014-9584
CVE-2014-9585 CVE-2015-1593
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that solves 11 vulnerabilities and has 5 fixes is
now available.

Description:


The Linux kernel was updated to fix various bugs and security issues.

Following security issues were fixed:
- CVE-2014-8173: A NULL pointer dereference flaw was found in the way the
Linux kernels madvise MADV_WILLNEED functionality handled page table
locking. A local, unprivileged user could have used this flaw to crash
the system.

- CVE-2015-1593: A integer overflow reduced the effectiveness of the stack
randomization on 64-bit systems.

- CVE-2014-7822: A flaw was found in the way the Linux kernels splice()
system call validated its parameters. On certain file systems, a local,
unprivileged user could have used this flaw to write past the maximum
file size, and thus crash the system.

- CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c
in the Linux kernel did not ensure that Thread Local Storage (TLS)
descriptors are loaded before proceeding with other steps, which made it
easier for local users to bypass the ASLR protection mechanism via a
crafted application that reads a TLS base address.

- CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c
in the Linux kernel used an improper paravirt_enabled setting for KVM
guest kernels, which made it easier for guest OS users to bypass the
ASLR protection mechanism via a crafted application that reads a 16-bit
value.

- CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux
kernel generated incorrect conntrack entries during handling of certain
iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
which allowed remote attackers to bypass intended access restrictions
via packets with disallowed port numbers.

- CVE-2014-9529: Race condition in the key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel allowed local users to cause a
denial of service (memory corruption or panic) or possibly have
unspecified other impact via keyctl commands that trigger access to a
key structure member during garbage collection of a key.

- CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel
through did not properly maintain the semantics of rename_lock, which
allowed local users to cause a denial of service (deadlock and system
hang) via a crafted application.

- CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
Linux kernel did not restrict the number of Rock Ridge continuation
entries, which allowed local users to cause a denial of service
(infinite loop, and system crash or hang) via a crafted iso9660 image.

- CVE-2014-9584: The parse_rock_ridge_inode_internal function in
fs/isofs/rock.c in the Linux kernel did not validate a length value in
the Extensions Reference (ER) System Use Field, which allowed local
users to obtain sensitive information from kernel memory via a crafted
iso9660 image.

- CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
Linux kernel did not properly choose memory locations for the vDSO area,
which made it easier for local users to bypass the ASLR protection
mechanism by guessing a location at the end of a PMD.

Following bugs were fixed:
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103
(bnc#920901).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f
(bnc#920901).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b
(bnc#920901).
- HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#920901).
- HID: usbhid: fix PIXART optical mouse (bnc#920901).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#920901).
- HID: usbhid: add always-poll quirk (bnc#920901).

- storvsc: ring buffer failures may result in I/O freeze (bnc#914175).

- mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process
being killed (VM Functionality bnc#910150).

- Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).

- mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by
mount (bsc#907988).

- DocBook: Do not exceed argument list limit.
- DocBook: Make mandocs parallel-safe.

- mm: free compound page with correct order (bnc#913695).

- udf: Check component length before reading it.
- udf: Check path length when reading symlink.
- udf: Verify symlink size before loading it.
- udf: Verify i_size when loading inode.

- xfs: remote attribute overwrite causes transaction overrun.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-301=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i686 x86_64):

kernel-debug-3.11.10-29.1
kernel-debug-base-3.11.10-29.1
kernel-debug-base-debuginfo-3.11.10-29.1
kernel-debug-debuginfo-3.11.10-29.1
kernel-debug-debugsource-3.11.10-29.1
kernel-debug-devel-3.11.10-29.1
kernel-debug-devel-debuginfo-3.11.10-29.1
kernel-desktop-3.11.10-29.1
kernel-desktop-base-3.11.10-29.1
kernel-desktop-base-debuginfo-3.11.10-29.1
kernel-desktop-debuginfo-3.11.10-29.1
kernel-desktop-debugsource-3.11.10-29.1
kernel-desktop-devel-3.11.10-29.1
kernel-desktop-devel-debuginfo-3.11.10-29.1
kernel-ec2-3.11.10-29.1
kernel-ec2-base-3.11.10-29.1
kernel-ec2-base-debuginfo-3.11.10-29.1
kernel-ec2-debuginfo-3.11.10-29.1
kernel-ec2-debugsource-3.11.10-29.1
kernel-ec2-devel-3.11.10-29.1
kernel-ec2-devel-debuginfo-3.11.10-29.1
kernel-trace-3.11.10-29.1
kernel-trace-base-3.11.10-29.1
kernel-trace-base-debuginfo-3.11.10-29.1
kernel-trace-debuginfo-3.11.10-29.1
kernel-trace-debugsource-3.11.10-29.1
kernel-trace-devel-3.11.10-29.1
kernel-trace-devel-debuginfo-3.11.10-29.1
kernel-vanilla-3.11.10-29.1
kernel-vanilla-debuginfo-3.11.10-29.1
kernel-vanilla-debugsource-3.11.10-29.1
kernel-vanilla-devel-3.11.10-29.1
kernel-vanilla-devel-debuginfo-3.11.10-29.1
kernel-xen-3.11.10-29.1
kernel-xen-base-3.11.10-29.1
kernel-xen-base-debuginfo-3.11.10-29.1
kernel-xen-debuginfo-3.11.10-29.1
kernel-xen-debugsource-3.11.10-29.1
kernel-xen-devel-3.11.10-29.1
kernel-xen-devel-debuginfo-3.11.10-29.1

- openSUSE 13.1 (i586 x86_64):

cloop-2.639-11.19.1
cloop-debuginfo-2.639-11.19.1
cloop-debugsource-2.639-11.19.1
cloop-kmp-default-2.639_k3.11.10_29-11.19.1
cloop-kmp-default-debuginfo-2.639_k3.11.10_29-11.19.1
cloop-kmp-desktop-2.639_k3.11.10_29-11.19.1
cloop-kmp-desktop-debuginfo-2.639_k3.11.10_29-11.19.1
cloop-kmp-xen-2.639_k3.11.10_29-11.19.1
cloop-kmp-xen-debuginfo-2.639_k3.11.10_29-11.19.1
crash-7.0.2-2.19.1
crash-debuginfo-7.0.2-2.19.1
crash-debugsource-7.0.2-2.19.1
crash-devel-7.0.2-2.19.1
crash-doc-7.0.2-2.19.1
crash-eppic-7.0.2-2.19.1
crash-eppic-debuginfo-7.0.2-2.19.1
crash-gcore-7.0.2-2.19.1
crash-gcore-debuginfo-7.0.2-2.19.1
crash-kmp-default-7.0.2_k3.11.10_29-2.19.1
crash-kmp-default-debuginfo-7.0.2_k3.11.10_29-2.19.1
crash-kmp-desktop-7.0.2_k3.11.10_29-2.19.1
crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_29-2.19.1
crash-kmp-xen-7.0.2_k3.11.10_29-2.19.1
crash-kmp-xen-debuginfo-7.0.2_k3.11.10_29-2.19.1
hdjmod-debugsource-1.28-16.19.1
hdjmod-kmp-default-1.28_k3.11.10_29-16.19.1
hdjmod-kmp-default-debuginfo-1.28_k3.11.10_29-16.19.1
hdjmod-kmp-desktop-1.28_k3.11.10_29-16.19.1
hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_29-16.19.1
hdjmod-kmp-xen-1.28_k3.11.10_29-16.19.1
hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_29-16.19.1
ipset-6.21.1-2.23.1
ipset-debuginfo-6.21.1-2.23.1
ipset-debugsource-6.21.1-2.23.1
ipset-devel-6.21.1-2.23.1
ipset-kmp-default-6.21.1_k3.11.10_29-2.23.1
ipset-kmp-default-debuginfo-6.21.1_k3.11.10_29-2.23.1
ipset-kmp-desktop-6.21.1_k3.11.10_29-2.23.1
ipset-kmp-desktop-debuginfo-6.21.1_k3.11.10_29-2.23.1
ipset-kmp-xen-6.21.1_k3.11.10_29-2.23.1
ipset-kmp-xen-debuginfo-6.21.1_k3.11.10_29-2.23.1
iscsitarget-1.4.20.3-13.19.1
iscsitarget-debuginfo-1.4.20.3-13.19.1
iscsitarget-debugsource-1.4.20.3-13.19.1
iscsitarget-kmp-default-1.4.20.3_k3.11.10_29-13.19.1
iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_29-13.19.1
iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_29-13.19.1
iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_29-13.19.1
iscsitarget-kmp-xen-1.4.20.3_k3.11.10_29-13.19.1
iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_29-13.19.1
kernel-default-3.11.10-29.1
kernel-default-base-3.11.10-29.1
kernel-default-base-debuginfo-3.11.10-29.1
kernel-default-debuginfo-3.11.10-29.1
kernel-default-debugsource-3.11.10-29.1
kernel-default-devel-3.11.10-29.1
kernel-default-devel-debuginfo-3.11.10-29.1
kernel-syms-3.11.10-29.1
libipset3-6.21.1-2.23.1
libipset3-debuginfo-6.21.1-2.23.1
ndiswrapper-1.58-19.1
ndiswrapper-debuginfo-1.58-19.1
ndiswrapper-debugsource-1.58-19.1
ndiswrapper-kmp-default-1.58_k3.11.10_29-19.1
ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_29-19.1
ndiswrapper-kmp-desktop-1.58_k3.11.10_29-19.1
ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_29-19.1
pcfclock-0.44-258.19.1
pcfclock-debuginfo-0.44-258.19.1
pcfclock-debugsource-0.44-258.19.1
pcfclock-kmp-default-0.44_k3.11.10_29-258.19.1
pcfclock-kmp-default-debuginfo-0.44_k3.11.10_29-258.19.1
pcfclock-kmp-desktop-0.44_k3.11.10_29-258.19.1
pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_29-258.19.1
python-virtualbox-4.2.28-2.28.1
python-virtualbox-debuginfo-4.2.28-2.28.1
vhba-kmp-debugsource-20130607-2.20.1
vhba-kmp-default-20130607_k3.11.10_29-2.20.1
vhba-kmp-default-debuginfo-20130607_k3.11.10_29-2.20.1
vhba-kmp-desktop-20130607_k3.11.10_29-2.20.1
vhba-kmp-desktop-debuginfo-20130607_k3.11.10_29-2.20.1
vhba-kmp-xen-20130607_k3.11.10_29-2.20.1
vhba-kmp-xen-debuginfo-20130607_k3.11.10_29-2.20.1
virtualbox-4.2.28-2.28.1
virtualbox-debuginfo-4.2.28-2.28.1
virtualbox-debugsource-4.2.28-2.28.1
virtualbox-devel-4.2.28-2.28.1
virtualbox-guest-kmp-default-4.2.28_k3.11.10_29-2.28.1
virtualbox-guest-kmp-default-debuginfo-4.2.28_k3.11.10_29-2.28.1
virtualbox-guest-kmp-desktop-4.2.28_k3.11.10_29-2.28.1
virtualbox-guest-kmp-desktop-debuginfo-4.2.28_k3.11.10_29-2.28.1
virtualbox-guest-tools-4.2.28-2.28.1
virtualbox-guest-tools-debuginfo-4.2.28-2.28.1
virtualbox-guest-x11-4.2.28-2.28.1
virtualbox-guest-x11-debuginfo-4.2.28-2.28.1
virtualbox-host-kmp-default-4.2.28_k3.11.10_29-2.28.1
virtualbox-host-kmp-default-debuginfo-4.2.28_k3.11.10_29-2.28.1
virtualbox-host-kmp-desktop-4.2.28_k3.11.10_29-2.28.1
virtualbox-host-kmp-desktop-debuginfo-4.2.28_k3.11.10_29-2.28.1
virtualbox-qt-4.2.28-2.28.1
virtualbox-qt-debuginfo-4.2.28-2.28.1
virtualbox-websrv-4.2.28-2.28.1
virtualbox-websrv-debuginfo-4.2.28-2.28.1
xen-debugsource-4.3.3_04-37.1
xen-devel-4.3.3_04-37.1
xen-kmp-default-4.3.3_04_k3.11.10_29-37.1
xen-kmp-default-debuginfo-4.3.3_04_k3.11.10_29-37.1
xen-kmp-desktop-4.3.3_04_k3.11.10_29-37.1
xen-kmp-desktop-debuginfo-4.3.3_04_k3.11.10_29-37.1
xen-libs-4.3.3_04-37.1
xen-libs-debuginfo-4.3.3_04-37.1
xen-tools-domU-4.3.3_04-37.1
xen-tools-domU-debuginfo-4.3.3_04-37.1
xtables-addons-2.3-2.19.1
xtables-addons-debuginfo-2.3-2.19.1
xtables-addons-debugsource-2.3-2.19.1
xtables-addons-kmp-default-2.3_k3.11.10_29-2.19.1
xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_29-2.19.1
xtables-addons-kmp-desktop-2.3_k3.11.10_29-2.19.1
xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_29-2.19.1
xtables-addons-kmp-xen-2.3_k3.11.10_29-2.19.1
xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_29-2.19.1

- openSUSE 13.1 (noarch):

kernel-devel-3.11.10-29.1
kernel-docs-3.11.10-29.2
kernel-source-3.11.10-29.1
kernel-source-vanilla-3.11.10-29.1

- openSUSE 13.1 (x86_64):

xen-4.3.3_04-37.1
xen-doc-html-4.3.3_04-37.1
xen-libs-32bit-4.3.3_04-37.1
xen-libs-debuginfo-32bit-4.3.3_04-37.1
xen-tools-4.3.3_04-37.1
xen-tools-debuginfo-4.3.3_04-37.1
xen-xend-tools-4.3.3_04-37.1
xen-xend-tools-debuginfo-4.3.3_04-37.1

- openSUSE 13.1 (i686):

kernel-pae-3.11.10-29.1
kernel-pae-base-3.11.10-29.1
kernel-pae-base-debuginfo-3.11.10-29.1
kernel-pae-debuginfo-3.11.10-29.1
kernel-pae-debugsource-3.11.10-29.1
kernel-pae-devel-3.11.10-29.1
kernel-pae-devel-debuginfo-3.11.10-29.1

- openSUSE 13.1 (i586):

cloop-kmp-pae-2.639_k3.11.10_29-11.19.1
cloop-kmp-pae-debuginfo-2.639_k3.11.10_29-11.19.1
crash-kmp-pae-7.0.2_k3.11.10_29-2.19.1
crash-kmp-pae-debuginfo-7.0.2_k3.11.10_29-2.19.1
hdjmod-kmp-pae-1.28_k3.11.10_29-16.19.1
hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_29-16.19.1
ipset-kmp-pae-6.21.1_k3.11.10_29-2.23.1
ipset-kmp-pae-debuginfo-6.21.1_k3.11.10_29-2.23.1
iscsitarget-kmp-pae-1.4.20.3_k3.11.10_29-13.19.1
iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_29-13.19.1
ndiswrapper-kmp-pae-1.58_k3.11.10_29-19.1
ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_29-19.1
pcfclock-kmp-pae-0.44_k3.11.10_29-258.19.1
pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_29-258.19.1
vhba-kmp-pae-20130607_k3.11.10_29-2.20.1
vhba-kmp-pae-debuginfo-20130607_k3.11.10_29-2.20.1
virtualbox-guest-kmp-pae-4.2.28_k3.11.10_29-2.28.1
virtualbox-guest-kmp-pae-debuginfo-4.2.28_k3.11.10_29-2.28.1
virtualbox-host-kmp-pae-4.2.28_k3.11.10_29-2.28.1
virtualbox-host-kmp-pae-debuginfo-4.2.28_k3.11.10_29-2.28.1
xen-kmp-pae-4.3.3_04_k3.11.10_29-37.1
xen-kmp-pae-debuginfo-4.3.3_04_k3.11.10_29-37.1
xtables-addons-kmp-pae-2.3_k3.11.10_29-2.19.1
xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_29-2.19.1


References:

https://www.suse.com/security/cve/CVE-2014-7822.html
https://www.suse.com/security/cve/CVE-2014-8134.html
https://www.suse.com/security/cve/CVE-2014-8160.html
https://www.suse.com/security/cve/CVE-2014-8173.html
https://www.suse.com/security/cve/CVE-2014-8559.html
https://www.suse.com/security/cve/CVE-2014-9419.html
https://www.suse.com/security/cve/CVE-2014-9420.html
https://www.suse.com/security/cve/CVE-2014-9529.html
https://www.suse.com/security/cve/CVE-2014-9584.html
https://www.suse.com/security/cve/CVE-2014-9585.html
https://www.suse.com/security/cve/CVE-2015-1593.html
https://bugzilla.suse.com/903640
https://bugzilla.suse.com/904899
https://bugzilla.suse.com/907988
https://bugzilla.suse.com/909078
https://bugzilla.suse.com/910150
https://bugzilla.suse.com/911325
https://bugzilla.suse.com/911326
https://bugzilla.suse.com/912202
https://bugzilla.suse.com/912654
https://bugzilla.suse.com/912705
https://bugzilla.suse.com/913059
https://bugzilla.suse.com/913695
https://bugzilla.suse.com/914175
https://bugzilla.suse.com/915322
https://bugzilla.suse.com/917839
https://bugzilla.suse.com/920901

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung