Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme im Kernel
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme im Kernel
ID: openSUSE-SU-2014:0957-1
Distribution: SUSE
Plattformen: SUSE openSUSE 12.3
Datum: Fr, 1. August 2014, 18:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699
Applikationen: Linux

Originalnachricht

   openSUSE Security Update: kernel: security and bugfix update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0957-1
Rating: important
References: #788080 #867531 #867723 #877257 #880484 #882189
#883518 #883724 #883795 #885422 #885725
Cross-References: CVE-2014-0131 CVE-2014-2309 CVE-2014-3144
CVE-2014-3145 CVE-2014-3917 CVE-2014-4014
CVE-2014-4171 CVE-2014-4508 CVE-2014-4652
CVE-2014-4653 CVE-2014-4654 CVE-2014-4655
CVE-2014-4656 CVE-2014-4667 CVE-2014-4699

Affected Products:
openSUSE 12.3
______________________________________________________________________________

An update that fixes 15 vulnerabilities is now available.

Description:


The Linux Kernel was updated to fix various bugs and security issues.

CVE-2014-4699: The Linux kernel on Intel processors did not properly
restrict use of a non-canonical value for the saved RIP address in the
case of a system call that does not use IRET, which allowed local users to
leverage a race condition and gain privileges, or cause a denial of
service (double fault), via a crafted application that makes ptrace and
fork system calls.

CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c
in the Linux kernel did not properly manage a certain backlog value, which
allowed remote attackers to cause a denial of service (socket
outage) via a crafted SCTP packet.

CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement
the interaction between range notification and hole punching, which
allowed local users to cause a denial of service (i_mutex hold) by using
the mmap system call to access a hole, as demonstrated by interfering with
intended shmem activity by blocking completion of (1) an MADV_REMOVE
madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.

CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit
x86 platforms, when syscall auditing is enabled and the sep CPU feature
flag is set, allowed local users to cause a denial of service (OOPS and
system crash) via an invalid syscall number, as demonstrated by number
1000.

CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the
ALSA control implementation in the Linux kernel allowed local users to
cause a denial of service by leveraging /dev/snd/controlCX access, related
to (1) index values in the snd_ctl_add function and (2) numid values in
the snd_ctl_remove_numid_conflict function.

CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in
the ALSA control implementation in the Linux kernel did not properly
maintain the user_ctl_count value, which allowed local users to cause a
denial of service (integer overflow and limit bypass) by leveraging
/dev/snd/controlCX access for a large number of
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.

CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in
the ALSA control implementation in the Linux kernel did not check
authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed
local users to remove kernel controls and cause a denial of service
(use-after-free and system crash) by leveraging /dev/snd/controlCX access
for an ioctl call.

CVE-2014-4653: sound/core/control.c in the ALSA control implementation in
the Linux kernel did not ensure possession of a read/write lock, which
allowed local users to cause a denial of service (use-after-free) and
obtain sensitive information from kernel memory by leveraging
/dev/snd/controlCX access.

CVE-2014-4652: Race condition in the tlv handler functionality in the
snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control
implementation in the Linux kernel allowed local users to obtain sensitive
information from kernel memory by leveraging /dev/snd/controlCX access.

CVE-2014-4014: The capabilities implementation in the Linux kernel did not
properly consider that namespaces are inapplicable to inodes, which
allowed local users to bypass intended chmod restrictions by first
creating a user namespace, as demonstrated by setting the setgid bit on a
file with group ownership of root.

CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux
kernel did not properly count the addition of routes, which allowed remote
attackers to cause a denial of service (memory consumption) via a flood of
ICMPv6 Router Advertisement packets.

CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local
users to obtain potentially sensitive single-bit values from kernel memory
or cause a denial of service (OOPS) via a large value of a syscall number.

CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in
net/core/skbuff.c in the Linux kernel allowed attackers to obtain
sensitive information from kernel memory by leveraging the absence of a
certain orphaning operation.

CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST
extension implementations in the sk_run_filter function in
net/core/filter.c in the Linux kernel did not check whether a certain
length value is sufficiently large, which allowed local users to cause a
denial of service (integer underflow and system crash) via crafted BPF
instructions.

CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the
sk_run_filter function in net/core/filter.c in the Linux kernel used the
reverse order in a certain subtraction, which allowed local users to cause
a denial of service (over-read and system crash) via crafted BPF
instructions. NOTE: the affected code was moved to the
__skb_get_nlattr_nest function before the vulnerability was announced.

Additional Bug fixed:
- HID: logitech-dj: Fix USB 3.0 issue (bnc#788080).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-478

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

kernel-default-3.7.10-1.40.1
kernel-default-base-3.7.10-1.40.1
kernel-default-base-debuginfo-3.7.10-1.40.1
kernel-default-debuginfo-3.7.10-1.40.1
kernel-default-debugsource-3.7.10-1.40.1
kernel-default-devel-3.7.10-1.40.1
kernel-default-devel-debuginfo-3.7.10-1.40.1
kernel-syms-3.7.10-1.40.1

- openSUSE 12.3 (i686 x86_64):

kernel-debug-3.7.10-1.40.1
kernel-debug-base-3.7.10-1.40.1
kernel-debug-base-debuginfo-3.7.10-1.40.1
kernel-debug-debuginfo-3.7.10-1.40.1
kernel-debug-debugsource-3.7.10-1.40.1
kernel-debug-devel-3.7.10-1.40.1
kernel-debug-devel-debuginfo-3.7.10-1.40.1
kernel-desktop-3.7.10-1.40.1
kernel-desktop-base-3.7.10-1.40.1
kernel-desktop-base-debuginfo-3.7.10-1.40.1
kernel-desktop-debuginfo-3.7.10-1.40.1
kernel-desktop-debugsource-3.7.10-1.40.1
kernel-desktop-devel-3.7.10-1.40.1
kernel-desktop-devel-debuginfo-3.7.10-1.40.1
kernel-ec2-3.7.10-1.40.1
kernel-ec2-base-3.7.10-1.40.1
kernel-ec2-base-debuginfo-3.7.10-1.40.1
kernel-ec2-debuginfo-3.7.10-1.40.1
kernel-ec2-debugsource-3.7.10-1.40.1
kernel-ec2-devel-3.7.10-1.40.1
kernel-ec2-devel-debuginfo-3.7.10-1.40.1
kernel-trace-3.7.10-1.40.1
kernel-trace-base-3.7.10-1.40.1
kernel-trace-base-debuginfo-3.7.10-1.40.1
kernel-trace-debuginfo-3.7.10-1.40.1
kernel-trace-debugsource-3.7.10-1.40.1
kernel-trace-devel-3.7.10-1.40.1
kernel-trace-devel-debuginfo-3.7.10-1.40.1
kernel-vanilla-3.7.10-1.40.1
kernel-vanilla-debuginfo-3.7.10-1.40.1
kernel-vanilla-debugsource-3.7.10-1.40.1
kernel-vanilla-devel-3.7.10-1.40.1
kernel-vanilla-devel-debuginfo-3.7.10-1.40.1
kernel-xen-3.7.10-1.40.1
kernel-xen-base-3.7.10-1.40.1
kernel-xen-base-debuginfo-3.7.10-1.40.1
kernel-xen-debuginfo-3.7.10-1.40.1
kernel-xen-debugsource-3.7.10-1.40.1
kernel-xen-devel-3.7.10-1.40.1
kernel-xen-devel-debuginfo-3.7.10-1.40.1

- openSUSE 12.3 (noarch):

kernel-devel-3.7.10-1.40.1
kernel-docs-3.7.10-1.40.2
kernel-source-3.7.10-1.40.1
kernel-source-vanilla-3.7.10-1.40.1

- openSUSE 12.3 (i686):

kernel-pae-3.7.10-1.40.1
kernel-pae-base-3.7.10-1.40.1
kernel-pae-base-debuginfo-3.7.10-1.40.1
kernel-pae-debuginfo-3.7.10-1.40.1
kernel-pae-debugsource-3.7.10-1.40.1
kernel-pae-devel-3.7.10-1.40.1
kernel-pae-devel-debuginfo-3.7.10-1.40.1


References:

http://support.novell.com/security/cve/CVE-2014-0131.html
http://support.novell.com/security/cve/CVE-2014-2309.html
http://support.novell.com/security/cve/CVE-2014-3144.html
http://support.novell.com/security/cve/CVE-2014-3145.html
http://support.novell.com/security/cve/CVE-2014-3917.html
http://support.novell.com/security/cve/CVE-2014-4014.html
http://support.novell.com/security/cve/CVE-2014-4171.html
http://support.novell.com/security/cve/CVE-2014-4508.html
http://support.novell.com/security/cve/CVE-2014-4652.html
http://support.novell.com/security/cve/CVE-2014-4653.html
http://support.novell.com/security/cve/CVE-2014-4654.html
http://support.novell.com/security/cve/CVE-2014-4655.html
http://support.novell.com/security/cve/CVE-2014-4656.html
http://support.novell.com/security/cve/CVE-2014-4667.html
http://support.novell.com/security/cve/CVE-2014-4699.html
https://bugzilla.novell.com/788080
https://bugzilla.novell.com/867531
https://bugzilla.novell.com/867723
https://bugzilla.novell.com/877257
https://bugzilla.novell.com/880484
https://bugzilla.novell.com/882189
https://bugzilla.novell.com/883518
https://bugzilla.novell.com/883724
https://bugzilla.novell.com/883795
https://bugzilla.novell.com/885422
https://bugzilla.novell.com/885725

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung