Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2013:1022-2
Rating: important
References: #763968 #764209 #768052 #769685 #788590 #792584
#793139 #797042 #797175 #800907 #802153 #804154
#804609 #805804 #805945 #806431 #806980 #808647
#809122 #809155 #809748 #809895 #810580 #810624
#810722 #812281 #814719 #815356 #815444 #815745
#816443 #816451 #816586 #816668 #816708 #817010
#817339 #818053 #818327 #818371 #818514 #818516
#818798 #819295 #819519 #819655 #819789 #820434
#821560 #821930 #822431 #822722
Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076
CVE-2013-3222 CVE-2013-3223 CVE-2013-3224
CVE-2013-3225 CVE-2013-3227 CVE-2013-3228
CVE-2013-3229 CVE-2013-3231 CVE-2013-3232
CVE-2013-3234 CVE-2013-3235
Affected Products:
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise High Availability Extension 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

An update that solves 14 vulnerabilities and has 38 fixes
is now available. It includes one version update.

Description:

The SUSE Linux Enterprise 11 Service Pack 2 kernel has been
updated to Linux kernel 3.0.80 which fixes various bugs
and security issues.

The following security issues have been fixed:

*

CVE-2013-0160: Timing side channel on attacks were
possible on /dev/ptmx that could allow local attackers to
predict keypresses like e.g. passwords. This has been fixed
again by updating accessed/modified time on the pty devices
in resolution of 8 seconds, so that idle time detection can
still work.

*

CVE-2013-3222: The vcc_recvmsg function in
net/atm/common.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

*

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

*

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom
system call.

*

CVE-2013-3225: The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

*

CVE-2013-3227: The caif_seqpkt_recvmsg function in
net/caif/caif_socket.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

*

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

*

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

*

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

*

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

*

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

*

CVE-2013-3235: net/tipc/socket.c in the Linux kernel
did not initialize a certain data structure and a certain
length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

*

CVE-2013-3076: The crypto API in the Linux kernel did
not initialize certain length variables, which allowed
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call,
related to the hash_recvmsg function in crypto/algif_hash.c
and the skcipher_recvmsg function in
crypto/algif_skcipher.c.

*

CVE-2013-1979: The scm_set_cred function in
include/net/scm.h in the Linux kernel used incorrect uid
and gid values during credentials passing, which allowed
local users to gain privileges via a crafted application.

*

A kernel information leak via tkill/tgkill was fixed.

The following bugs have been fixed:

* reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry (bnc#822722).
* libfc: do not exch_done() on invalid sequence ptr
(bnc#810722).
* netfilter: ip6t_LOG: fix logging of packet mark
(bnc#821930).
* hyperv: use 3.4 as LIC version string (bnc#822431).
* virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
(bnc#819655).
* xen/netback: do not disconnect frontend when seeing
oversize packet.
* xen/netfront: reduce gso_max_size to account for max
TCP header.
* xen/netfront: fix kABI after "reduce gso_max_size to
account for max TCP header".
* xfs: Fix kABI due to change in xfs_buf (bnc#815356).
* xfs: fix race while discarding buffers [V4]
(bnc#815356 (comment 36)).
* xfs: Serialize file-extending direct IO (bnc#818371).
* xhci: Do not switch webcams in some HP ProBooks to
XHCI (bnc#805804).
* bluetooth: Do not switch BT on HP ProBook 4340
(bnc#812281).
* s390/ftrace: fix mcount adjustment (bnc#809895).
* mm: memory_dev_init make sure nmi watchdog does not
trigger while registering memory sections (bnc#804609,
bnc#820434).
* patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid
pathological backwards allocation (bnc#805945).
* mm: compaction: Restart compaction from near where it
left off
* mm: compaction: cache if a pageblock was scanned and
no pages were isolated
* mm: compaction: clear PG_migrate_skip based on
compaction and reclaim activity
* mm: compaction: Scan PFN caching KABI workaround
* mm: page_allocator: Remove first_pass guard
* mm: vmscan: do not stall on writeback during memory
compaction Cache compaction restart points for faster
compaction cycles (bnc#816451)
* qlge: fix dma map leak when the last chunk is not
allocated (bnc#819519).
* SUNRPC: Get rid of the redundant xprt->shutdown bit
field (bnc#800907).
* SUNRPC: Ensure that we grab the XPRT_LOCK before
calling xprt_alloc_slot (bnc#800907).
* SUNRPC: Fix a UDP transport regression (bnc#800907).
* SUNRPC: Allow caller of rpc_sleep_on() to select
priority levels (bnc#800907).
* SUNRPC: Replace xprt->resend and xprt->sending with a
priority queue (bnc#800907).
* SUNRPC: Fix potential races in xprt_lock_write_next()
(bnc#800907).
* md: cannot re-add disks after recovery (bnc#808647).
* fs/xattr.c:getxattr(): improve handling of allocation
failures (bnc#818053).
* fs/xattr.c:listxattr(): fall back to vmalloc() if
kmalloc() failed (bnc#818053).
* fs/xattr.c:setxattr(): improve handling of allocation
failures (bnc#818053).
* fs/xattr.c: suppress page allocation failure warnings
from sys_listxattr() (bnc#818053).
* virtio-blk: Call revalidate_disk() upon online disk
resize (bnc#817339).
* usb-storage: CY7C68300A chips do not support Cypress
ATACB (bnc#819295).
* patches.kernel.org/patch-3.0.60-61: Update references
(add bnc#810580).
* usb: Using correct way to clear usb3.0 devices remote
wakeup feature (bnc#818516).
* xhci: Fix TD size for isochronous URBs (bnc#818514).
* ALSA: hda - fixup D3 pin and right channel mute on
Haswell HDMI audio (bnc#818798).
* ALSA: hda - Apply pin-enablement workaround to all
Haswell HDMI codecs (bnc#818798).
* xfs: fallback to vmalloc for large buffers in
xfs_attrmulti_attr_get (bnc#818053).
* xfs: fallback to vmalloc for large buffers in
xfs_attrlist_by_handle (bnc#818053).
* xfs: xfs: fallback to vmalloc for large buffers in
xfs_compat_attrlist_by_handle (bnc#818053).
* xHCI: store rings type.
* xhci: Fix hang on back-to-back Set TR Deq Ptr
commands.
* xHCI: check enqueue pointer advance into dequeue seg.
* xHCI: store rings last segment and segment numbers.
* xHCI: Allocate 2 segments for transfer ring.
* xHCI: count free TRBs on transfer ring.
* xHCI: factor out segments allocation and free
function.
* xHCI: update sg tablesize.
* xHCI: set cycle state when allocate rings.
* xhci: Reserve one command for USB3 LPM disable.
* xHCI: dynamic ring expansion.
* xhci: Do not warn on empty ring for suspended devices.
* md/raid1: Do not release reference to device while
handling read error (bnc#809122, bnc#814719).
* rpm/mkspec: Stop generating the get_release_number.sh
file.
* rpm/kernel-spec-macros: Properly handle KOTD release
numbers with .g suffix.
* rpm/kernel-spec-macros: Drop the %release_num macro
We no longer put the -rcX tag into the release string.
* rpm/kernel-*.spec.in, rpm/mkspec: Do not force the
"<RELEASE>" string in specfiles.
* mm/mmap: check for RLIMIT_AS before unmapping
(bnc#818327).
* mm: Fix add_page_wait_queue() to work for PG_Locked
bit waiters (bnc#792584).
* mm: Fix add_page_wait_queue() to work for PG_Locked
bit waiters (bnc#792584).
* bonding: only use primary address for ARP
(bnc#815444).
* bonding: remove entries for master_ip and vlan_ip and
query devices instead (bnc#815444).
* mm: speedup in __early_pfn_to_nid (bnc#810624).
* TTY: fix atime/mtime regression (bnc#815745).
* sd_dif: problem with verify of type 1 protection
information (PI) (bnc#817010).
* sched: harden rq rt usage accounting (bnc#769685,
bnc#788590).
* rcu: Avoid spurious RCU CPU stall warnings
(bnc#816586).
* rcu: Dump local stack if cannot dump all CPUs stacks
(bnc#816586).
* rcu: Fix detection of abruptly-ending stall
(bnc#816586).
* rcu: Suppress NMI backtraces when stall ends before
dump (bnc#816586).
* Update Xen patches to 3.0.74.
* btrfs: do not re-enter when allocating a chunk.
* btrfs: save us a read_lock.
* btrfs: Check CAP_DAC_READ_SEARCH for
BTRFS_IOC_INO_PATHS.
* btrfs: remove unused fs_info from
btrfs_decode_error().
* btrfs: handle null fs_info in btrfs_panic().
* btrfs: fix varargs in __btrfs_std_error.
* btrfs: fix the race between bio and
btrfs_stop_workers.
* btrfs: fix NULL pointer after aborting a transaction.
* btrfs: fix infinite loop when we abort on mount.
* xfs: Do not allocate new buffers on every call to
_xfs_buf_find (bnc#763968).
* xfs: fix buffer lookup race on allocation failure
(bnc#763968).

Security Issue references:

* CVE-2013-0160
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160
>
* CVE-2013-3076
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3076
>
* CVE-2013-3222
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222
>
* CVE-2013-3223
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223
>
* CVE-2013-3224
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224
>
* CVE-2013-3225
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3225
>
* CVE-2013-3227
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3227
>
* CVE-2013-3228
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228
>
* CVE-2013-3229
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229
>
* CVE-2013-3231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231
>
* CVE-2013-3232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232
>
* CVE-2013-3234
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234
>
* CVE-2013-3235
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235
>
* CVE-2013-1979
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979
>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server 11 SP2 for VMware:

zypper in -t patch slessp2-kernel-7811 slessp2-kernel-7814

- SUSE Linux Enterprise Server 11 SP2:

zypper in -t patch slessp2-kernel-7811 slessp2-kernel-7812
slessp2-kernel-7813 slessp2-kernel-7814 slessp2-kernel-7819

- SUSE Linux Enterprise High Availability Extension 11 SP2:

zypper in -t patch sleshasp2-kernel-7811 sleshasp2-kernel-7812
sleshasp2-kernel-7813 sleshasp2-kernel-7814 sleshasp2-kernel-7819

- SUSE Linux Enterprise Desktop 11 SP2:

zypper in -t patch sledsp2-kernel-7811 sledsp2-kernel-7814

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version:
3.0.80]:

kernel-default-3.0.80-0.5.1
kernel-default-base-3.0.80-0.5.1
kernel-default-devel-3.0.80-0.5.1
kernel-source-3.0.80-0.5.1
kernel-syms-3.0.80-0.5.1
kernel-trace-3.0.80-0.5.1
kernel-trace-base-3.0.80-0.5.1
kernel-trace-devel-3.0.80-0.5.1
kernel-xen-devel-3.0.80-0.5.1

- SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):

xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5

- SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version:
3.0.80]:

kernel-pae-3.0.80-0.5.1
kernel-pae-base-3.0.80-0.5.1
kernel-pae-devel-3.0.80-0.5.1

- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New
Version: 3.0.80]:

kernel-default-3.0.80-0.5.1
kernel-default-base-3.0.80-0.5.1
kernel-default-devel-3.0.80-0.5.1
kernel-source-3.0.80-0.5.1
kernel-syms-3.0.80-0.5.1
kernel-trace-3.0.80-0.5.1
kernel-trace-base-3.0.80-0.5.1
kernel-trace-devel-3.0.80-0.5.1

- SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.80]:

kernel-ec2-3.0.80-0.5.1
kernel-ec2-base-3.0.80-0.5.1
kernel-ec2-devel-3.0.80-0.5.1
kernel-xen-3.0.80-0.5.1
kernel-xen-base-3.0.80-0.5.1
kernel-xen-devel-3.0.80-0.5.1

- SUSE Linux Enterprise Server 11 SP2 (x86_64):

xen-kmp-default-4.1.5_02_3.0.80_0.5-0.5.5
xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5

- SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.80]:

kernel-default-man-3.0.80-0.5.1

- SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.80]:

kernel-ppc64-3.0.80-0.5.1
kernel-ppc64-base-3.0.80-0.5.1
kernel-ppc64-devel-3.0.80-0.5.1

- SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.80]:

kernel-pae-3.0.80-0.5.1
kernel-pae-base-3.0.80-0.5.1
kernel-pae-devel-3.0.80-0.5.1

- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64
s390x x86_64):

cluster-network-kmp-default-1.4_3.0.80_0.5-2.18.45
cluster-network-kmp-trace-1.4_3.0.80_0.5-2.18.45
gfs2-kmp-default-2_3.0.80_0.5-0.7.76
gfs2-kmp-trace-2_3.0.80_0.5-0.7.76
ocfs2-kmp-default-1.6_3.0.80_0.5-0.11.44
ocfs2-kmp-trace-1.6_3.0.80_0.5-0.11.44

- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):

cluster-network-kmp-xen-1.4_3.0.80_0.5-2.18.45
gfs2-kmp-xen-2_3.0.80_0.5-0.7.76
ocfs2-kmp-xen-1.6_3.0.80_0.5-0.11.44

- SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):

cluster-network-kmp-ppc64-1.4_3.0.80_0.5-2.18.45
gfs2-kmp-ppc64-2_3.0.80_0.5-0.7.76
ocfs2-kmp-ppc64-1.6_3.0.80_0.5-0.11.44

- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):

cluster-network-kmp-pae-1.4_3.0.80_0.5-2.18.45
gfs2-kmp-pae-2_3.0.80_0.5-0.7.76
ocfs2-kmp-pae-1.6_3.0.80_0.5-0.11.44

- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.80]:

kernel-default-3.0.80-0.5.1
kernel-default-base-3.0.80-0.5.1
kernel-default-devel-3.0.80-0.5.1
kernel-default-extra-3.0.80-0.5.1
kernel-source-3.0.80-0.5.1
kernel-syms-3.0.80-0.5.1
kernel-trace-3.0.80-0.5.1
kernel-trace-base-3.0.80-0.5.1
kernel-trace-devel-3.0.80-0.5.1
kernel-trace-extra-3.0.80-0.5.1
kernel-xen-3.0.80-0.5.1
kernel-xen-base-3.0.80-0.5.1
kernel-xen-devel-3.0.80-0.5.1
kernel-xen-extra-3.0.80-0.5.1

- SUSE Linux Enterprise Desktop 11 SP2 (x86_64):

xen-kmp-default-4.1.5_02_3.0.80_0.5-0.5.5
xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5

- SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.80]:

kernel-pae-3.0.80-0.5.1
kernel-pae-base-3.0.80-0.5.1
kernel-pae-devel-3.0.80-0.5.1
kernel-pae-extra-3.0.80-0.5.1

References:

http://support.novell.com/security/cve/CVE-2013-0160.html
http://support.novell.com/security/cve/CVE-2013-1979.html
http://support.novell.com/security/cve/CVE-2013-3076.html
http://support.novell.com/security/cve/CVE-2013-3222.html
http://support.novell.com/security/cve/CVE-2013-3223.html
http://support.novell.com/security/cve/CVE-2013-3224.html
http://support.novell.com/security/cve/CVE-2013-3225.html
http://support.novell.com/security/cve/CVE-2013-3227.html
http://support.novell.com/security/cve/CVE-2013-3228.html
http://support.novell.com/security/cve/CVE-2013-3229.html
http://support.novell.com/security/cve/CVE-2013-3231.html
http://support.novell.com/security/cve/CVE-2013-3232.html
http://support.novell.com/security/cve/CVE-2013-3234.html
http://support.novell.com/security/cve/CVE-2013-3235.html
https://bugzilla.novell.com/763968
https://bugzilla.novell.com/764209
https://bugzilla.novell.com/768052
https://bugzilla.novell.com/769685
https://bugzilla.novell.com/788590
https://bugzilla.novell.com/792584
https://bugzilla.novell.com/793139
https://bugzilla.novell.com/797042
https://bugzilla.novell.com/797175
https://bugzilla.novell.com/800907
https://bugzilla.novell.com/802153
https://bugzilla.novell.com/804154
https://bugzilla.novell.com/804609
https://bugzilla.novell.com/805804
https://bugzilla.novell.com/805945
https://bugzilla.novell.com/806431
https://bugzilla.novell.com/806980
https://bugzilla.novell.com/808647
https://bugzilla.novell.com/809122
https://bugzilla.novell.com/809155
https://bugzilla.novell.com/809748
https://bugzilla.novell.com/809895
https://bugzilla.novell.com/810580
https://bugzilla.novell.com/810624
https://bugzilla.novell.com/810722
https://bugzilla.novell.com/812281
https://bugzilla.novell.com/814719
https://bugzilla.novell.com/815356
https://bugzilla.novell.com/815444
https://bugzilla.novell.com/815745
https://bugzilla.novell.com/816443
https://bugzilla.novell.com/816451
https://bugzilla.novell.com/816586
https://bugzilla.novell.com/816668
https://bugzilla.novell.com/816708
https://bugzilla.novell.com/817010
https://bugzilla.novell.com/817339
https://bugzilla.novell.com/818053
https://bugzilla.novell.com/818327
https://bugzilla.novell.com/818371
https://bugzilla.novell.com/818514
https://bugzilla.novell.com/818516
https://bugzilla.novell.com/818798
https://bugzilla.novell.com/819295
https://bugzilla.novell.com/819519
https://bugzilla.novell.com/819655
https://bugzilla.novell.com/819789
https://bugzilla.novell.com/820434
https://bugzilla.novell.com/821560
https://bugzilla.novell.com/821930
https://bugzilla.novell.com/822431
https://bugzilla.novell.com/822722
?keywords=19c95cc7458aa30d3c072b77a8701a6d
?keywords=23807efa0fda2554a9635e4fffacead3
?keywords=8bd84321504d865c571ca2d3e49279bb
?keywords=9004723920468a034b1397e23a00e0ff
?keywords=ba206bb6e19abef79b40e9307204a30e

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org