SuseOPENSUSE-SU-2013:0951-1kernel: security and bugfix update (critical)
0.001 Low
EPSS
Percentile
33.3%
The openSUSE 12.3 kernel was updated to fix a critical
security issue, other security issues and several bugs.
Security issues fixed: CVE-2013-2094: The perf_swevent_init
function in kernel/events/core.c in the Linux kernel used
an incorrect integer data type, which allowed local users
to gain privileges via a crafted perf_event_open system
call.
CVE-2013-0290: The __skb_recv_datagram function in
net/core/datagram.c in the Linux kernel did not properly
handle the MSG_PEEK flag with zero-length data, which
allowed local users to cause a denial of service (infinite
loop and system hang) via a crafted application.
Bugs fixed:
-
qlge: fix dma map leak when the last chunk is not
allocated (bnc#819519). -
ACPI / thermal: do not always return
THERMAL_TREND_RAISING for active trip points (bnc#820048). -
perf: Treat attr.config as u64 in perf_swevent_init()
(bnc#819789, CVE-2013-2094). -
cxgb4: fix error recovery when t4_fw_hello returns a
positive value (bnc#818497). -
kabi/severities: Ignore drivers/mfd/ucb1400_core It
provides internal exports to UCB1400 drivers, that we
have just disabled. -
Fix -devel package for armv7hl armv7hl kernel flavors in
the non-multiplatform configuration (which is the default
for our openSUSE 12.3 release), needs more header files
from the machine specific directories to be included in
kernel-devel. -
Update config files: disable UCB1400 on all but ARM
Currently UCB1400 is only used on ARM OMAP systems, and
part of the code is dead code that can’t even be
modularized. -
CONFIG_UCB1400_CORE=n
-
CONFIG_TOUCHSCREEN_UCB1400=n
-
CONFIG_GPIO_UCB1400=n
-
rpm/config.sh: Drop the ARM repository, the KOTD will
build against the "ports" repository of openSUSE:12.3 -
mm/mmap: check for RLIMIT_AS before unmapping
(bnc#818327). -
rpm/kernel-spec-macros: Properly handle KOTD release
numbers with .g<commit> suffix -
rpm/kernel-spec-macros: Drop the %release_num macro We no
longer put the -rcX tag into the release string. -
xen-pciback: notify hypervisor about devices intended to
be assigned to guests. -
unix/stream: fix peeking with an offset larger than data
in queue (bnc#803931 CVE-2013-0290). -
unix/dgram: fix peeking with an offset larger than data
in queue (bnc#803931 CVE-2013-0290). -
unix/dgram: peek beyond 0-sized skbs (bnc#803931
CVE-2013-0290). -
net: fix infinite loop in __skb_recv_datagram()
(bnc#803931 CVE-2013-0290). -
TTY: fix atime/mtime regression (bnc#815745).
-
md/raid1,raid10: fix deadlock with freeze_array()
(813889). -
md: raid1,10: Handle REQ_WRITE_SAME flag in write bios
(bnc#813889). -
KMS: fix EDID detailed timing vsync parsing.
-
KMS: fix EDID detailed timing frame rate.
-
Add Netfilter/ebtables support Those modues are needed
for proper OpenStack support on ARM, and are also enabled
on x86(_64)
Related
