Mehrere Probleme im Kernel
ID: | openSUSE-SU-2013:1187-1 |
Distribution: | SUSE |
Plattformen: | openSUSE 11.4 |
Datum: | Fr, 12. Juli 2013, 10:38 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0311 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2635 |
Applikationen: | Linux |
Originalnachricht |
|
openSUSE Security Update: 3.0.80 kernel update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1187-1 Rating: important References: #763968 #769685 #788590 #789359 #792584 #797175 #800907 #802642 #804609 #804656 #805804 #805945 #806238 #806980 #808358 #808647 #808827 #809122 #809895 #809902 #809903 #810473 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #820434 #821930 #822431 #822722 Cross-References: CVE-2012-6548 CVE-2012-6549 CVE-2013-0160 CVE-2013-0268 CVE-2013-0311 CVE-2013-0914 CVE-2013-1772 CVE-2013-1792 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-2634 CVE-2013-2635 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 35 fixes is now available. Description: The kernel was updated to Linux kernel 3.0.80, fixing various bugs and security issues. Following security issues were fixed: CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. A kernel information leak via tkill/tgkill was fixed. Following bugs were fixed: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - libfc: do not exch_done() on invalid sequence ptr (bnc#810722). - netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). - hyperv: use 3.4 as LIC version string (bnc#822431). - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). - xen/netback: do not disconnect frontend when seeing oversize packet. - xen/netfront: reduce gso_max_size to account for max TCP header. - xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - xfs: Fix kABI due to change in xfs_buf (bnc#815356). - xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). - xfs: Serialize file-extending direct IO (bnc#818371). - xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). - bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). - s390/ftrace: fix mcount adjustment (bnc#809895). - mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). - patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). - mm: compaction: Restart compaction from near where it left off - mm: compaction: cache if a pageblock was scanned and no pages were isolated - mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity - mm: compaction: Scan PFN caching KABI workaround - mm: page_allocator: Remove first_pass guard - mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). - SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). - SUNRPC: Fix a UDP transport regression (bnc#800907). - SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). - SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). - SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). - md: cannot re-add disks after recovery (bnc#808647). - fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). - fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). - virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). - usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). - patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). - usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). - xhci: Fix TD size for isochronous URBs (bnc#818514). - ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). - ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). - xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). - xHCI: store rings type. - xhci: Fix hang on back-to-back Set TR Deq Ptr commands. - xHCI: check enqueue pointer advance into dequeue seg. - xHCI: store rings last segment and segment numbers. - xHCI: Allocate 2 segments for transfer ring. - xHCI: count free TRBs on transfer ring. - xHCI: factor out segments allocation and free function. - xHCI: update sg tablesize. - xHCI: set cycle state when allocate rings. - xhci: Reserve one command for USB3 LPM disable. - xHCI: dynamic ring expansion. - xhci: Do not warn on empty ring for suspended devices. - md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). - rpm/mkspec: Stop generating the get_release_number.sh file. - rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g |