Sicherheit: Mehrere Probleme im Kernel

Lesezeichen hinzufügen

openSUSE Security Update: kernel to 3.11.10
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0205-1
Rating: important
References: #733022 #773058 #838024 #844513 #845621 #846529
#848042 #849021 #850072 #852652 #852656 #852931
#853050 #853051 #853052 #853053 #854175 #854722
#856294 #859804 #860993
Cross-References: CVE-2013-4511 CVE-2013-4563 CVE-2013-4587
CVE-2013-6367 CVE-2013-6368 CVE-2013-6376
CVE-2013-6432 CVE-2014-0038
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that solves 8 vulnerabilities and has 13 fixes is
now available.

Description:

The Linux Kernel was updated to version 3.11.10, fixing
security issues and bugs:

- floppy: bail out in open() if drive is not responding to
block0 read (bnc#773058).

- compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).

- HID: usbhid: fix sis quirk (bnc#859804).

- hwmon: (coretemp) Fix truncated name of alarm attributes

- HID: usbhid: quirk for Synaptics Quad HD touchscreen
(bnc#859804).
- HID: usbhid: quirk for Synaptics HD touchscreen
(bnc#859804).
- HID: usbhid: merge the sis quirk (bnc#859804).
- HID: hid-multitouch: add support for SiS panels
(bnc#859804).
- HID: usbhid: quirk for SiS Touchscreen (bnc#859804).
- HID: usbhid: quirk for Synaptics Large Touchccreen
(bnc#859804).

- drivers: net: cpsw: fix dt probe for one port ethernet.
- drivers: net: cpsw: fix for cpsw crash when build as
modules.
- dma: edma: Remove limits on number of slots.
- dma: edma: Leave linked to Null slot instead of DUMMY
slot.
- dma: edma: Find missed events and issue them.
- dma: edma: Write out and handle MAX_NR_SG at a given time.
- dma: edma: Setup parameters to DMA MAX_NR_SG at a time.
- ARM: edma: Add function to manually trigger an EDMA
channel.
- ARM: edma: Fix clearing of unused list for DT DMA
resources.

- ACPI: Add Toshiba NB100 to Vista _OSI blacklist.
- ACPI: add missing win8 OSI comment to blacklist
(bnc#856294).
- ACPI: update win8 OSI blacklist.
- ACPI: blacklist win8 OSI for buggy laptops.
- ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A
(bnc#856294).

- ACPI: Blacklist Win8 OSI for some HP laptop 2013 models
(bnc#856294).

- floppy: bail out in open() if drive is not responding to
block0 read (bnc#773058).

- ping: prevent NULL pointer dereference on write to
msg_name (bnc#854175 CVE-2013-6432).

- x86/dumpstack: Fix printk_address for direct addresses
(bnc#845621).
- Refresh patches.suse/stack-unwind.
- Refresh patches.xen/xen-x86_64-dump-user-pgt.

- KVM: x86: Convert vapic synchronization to _cached
functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).

- KVM: x86: fix guest-initiated crash with x2apic
(CVE-2013-6376) (bnc#853053 CVE-2013-6376).

- Build the KOTD against openSUSE:13.1:Update

- xencons: generalize use of add_preferred_console()
(bnc#733022, bnc#852652).
- Update Xen patches to 3.11.10.
- Rename patches.xen/xen-pcpu-hotplug to
patches.xen/xen-pcpu.

- KVM: x86: Fix potential divide by 0 in lapic
(CVE-2013-6367) (bnc#853051 CVE-2013-6367).

- KVM: Improve create VCPU parameter (CVE-2013-4587)
(bnc#853050 CVE-2013-4587).

- ipv6: fix headroom calculation in udp6_ufo_fragment
(bnc#848042 CVE-2013-4563).

- net: rework recvmsg handler msg_name and msg_namelen
logic (bnc#854722).

- patches.drivers/gpio-ucb1400-add-module_alias.patch:
Update upstream reference
-
patches.drivers/gpio-ucb1400-can-be-built-as-a-module.patch:
Update upstream reference

- Delete patches.suse/ida-remove-warning-dump-stack.patch.
Already included in kernel 3.11 (WARN calls dump_stack.)

- xhci: Limit the spurious wakeup fix only to HP machines
(bnc#852931).

- iscsi_target: race condition on shutdown (bnc#850072).

- Linux 3.11.10.
- Refresh patches.xen/xen3-patch-2.6.29.
- Delete
patches.suse/btrfs-relocate-csums-properly-with-prealloc-ext
ents.patch.

-
patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Haswel
l.patch: (bnc#852931).

- Build mei and mei_me as modules (bnc#852656)

- Linux 3.11.9.

- Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021).
- Delete
patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ.
- Delete
patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pfn_ra
nge-ca.patch.

- Add USB PHY support (needed to get USB and Ethernet
working on beagle and panda boards) Add
CONFIG_PINCTRL_SINGLE=y to be able to use Device tree (at
least for beagle and panda boards) Add ARM SoC sound
support Add SPI bus support Add user-space access to I2C
and SPI

-
patches.arch/iommu-vt-d-remove-stack-trace-from-broken-irq-r
emapping-warning.patch: Fix forward porting, sorry.

- iommu: Remove stack trace from broken irq remapping
warning (bnc#844513).

- gpio: ucb1400: Add MODULE_ALIAS.

- Allow NFSv4 username mapping to work properly
(bnc#838024).

- nfs: check if gssd is running before attempting to use
krb5i auth in SETCLIENTID call.
- sunrpc: replace sunrpc_net->gssd_running flag with a more
reliable check.
- sunrpc: create a new dummy pipe for gssd to hold open.

- Set CONFIG_GPIO_TWL4030 as built-in (instead of module)
as a requirement to boot on SD card on beagleboard xM

- armv6hl, armv7hl: Update config files. Set
CONFIG_BATMAN_ADV_BLA=y as all other kernel configuration
files have.

- Update config files:
* CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV
options are all enabled so why not this one.
* CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we
support all other features of these pieces of hardware.
* CONFIG_INTEL_POWERCLAMP=m, because this small driver
might be useful in specific cases, and there's no
obvious reason not to include it.

- Fix a few incorrectly checked [io_]remap_pfn_range()
calls (bnc#849021, CVE-2013-4511).
- Linux 3.11.7.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-114

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.1 (i586 x86_64):

kernel-default-3.11.10-7.1
kernel-default-base-3.11.10-7.1
kernel-default-base-debuginfo-3.11.10-7.1
kernel-default-debuginfo-3.11.10-7.1
kernel-default-debugsource-3.11.10-7.1
kernel-default-devel-3.11.10-7.1
kernel-default-devel-debuginfo-3.11.10-7.1
kernel-syms-3.11.10-7.1

- openSUSE 13.1 (i686 x86_64):

kernel-debug-3.11.10-7.1
kernel-debug-base-3.11.10-7.1
kernel-debug-base-debuginfo-3.11.10-7.1
kernel-debug-debuginfo-3.11.10-7.1
kernel-debug-debugsource-3.11.10-7.1
kernel-debug-devel-3.11.10-7.1
kernel-debug-devel-debuginfo-3.11.10-7.1
kernel-desktop-3.11.10-7.1
kernel-desktop-base-3.11.10-7.1
kernel-desktop-base-debuginfo-3.11.10-7.1
kernel-desktop-debuginfo-3.11.10-7.1
kernel-desktop-debugsource-3.11.10-7.1
kernel-desktop-devel-3.11.10-7.1
kernel-desktop-devel-debuginfo-3.11.10-7.1
kernel-ec2-3.11.10-7.1
kernel-ec2-base-3.11.10-7.1
kernel-ec2-base-debuginfo-3.11.10-7.1
kernel-ec2-debuginfo-3.11.10-7.1
kernel-ec2-debugsource-3.11.10-7.1
kernel-ec2-devel-3.11.10-7.1
kernel-ec2-devel-debuginfo-3.11.10-7.1
kernel-trace-3.11.10-7.1
kernel-trace-base-3.11.10-7.1
kernel-trace-base-debuginfo-3.11.10-7.1
kernel-trace-debuginfo-3.11.10-7.1
kernel-trace-debugsource-3.11.10-7.1
kernel-trace-devel-3.11.10-7.1
kernel-trace-devel-debuginfo-3.11.10-7.1
kernel-vanilla-3.11.10-7.1
kernel-vanilla-debuginfo-3.11.10-7.1
kernel-vanilla-debugsource-3.11.10-7.1
kernel-vanilla-devel-3.11.10-7.1
kernel-vanilla-devel-debuginfo-3.11.10-7.1
kernel-xen-3.11.10-7.1
kernel-xen-base-3.11.10-7.1
kernel-xen-base-debuginfo-3.11.10-7.1
kernel-xen-debuginfo-3.11.10-7.1
kernel-xen-debugsource-3.11.10-7.1
kernel-xen-devel-3.11.10-7.1
kernel-xen-devel-debuginfo-3.11.10-7.1

- openSUSE 13.1 (noarch):

kernel-devel-3.11.10-7.1
kernel-docs-3.11.10-7.3
kernel-source-3.11.10-7.1
kernel-source-vanilla-3.11.10-7.1

- openSUSE 13.1 (i686):

kernel-pae-3.11.10-7.1
kernel-pae-base-3.11.10-7.1
kernel-pae-base-debuginfo-3.11.10-7.1
kernel-pae-debuginfo-3.11.10-7.1
kernel-pae-debugsource-3.11.10-7.1
kernel-pae-devel-3.11.10-7.1
kernel-pae-devel-debuginfo-3.11.10-7.1

References:

http://support.novell.com/security/cve/CVE-2013-4511.html
http://support.novell.com/security/cve/CVE-2013-4563.html
http://support.novell.com/security/cve/CVE-2013-4587.html
http://support.novell.com/security/cve/CVE-2013-6367.html
http://support.novell.com/security/cve/CVE-2013-6368.html
http://support.novell.com/security/cve/CVE-2013-6376.html
http://support.novell.com/security/cve/CVE-2013-6432.html
http://support.novell.com/security/cve/CVE-2014-0038.html
https://bugzilla.novell.com/733022
https://bugzilla.novell.com/773058
https://bugzilla.novell.com/838024
https://bugzilla.novell.com/844513
https://bugzilla.novell.com/845621
https://bugzilla.novell.com/846529
https://bugzilla.novell.com/848042
https://bugzilla.novell.com/849021
https://bugzilla.novell.com/850072
https://bugzilla.novell.com/852652
https://bugzilla.novell.com/852656
https://bugzilla.novell.com/852931
https://bugzilla.novell.com/853050
https://bugzilla.novell.com/853051
https://bugzilla.novell.com/853052
https://bugzilla.novell.com/853053
https://bugzilla.novell.com/854175
https://bugzilla.novell.com/854722
https://bugzilla.novell.com/856294
https://bugzilla.novell.com/859804
https://bugzilla.novell.com/860993

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org