Lucene search

K
suseSuseOPENSUSE-SU-2013:1042-1
HistoryJun 19, 2013 - 11:04 a.m.

kernel: security and bugfix update (critical)

2013-06-1911:04:11
lists.opensuse.org
26

0.033 Low

EPSS

Percentile

90.3%

The openSUSE 12.2 kernel was updated to fix security issue
and other bugs.

Security issues fixed: CVE-2013-2850: Incorrect strncpy
usage in the network listening part of the iscsi target
driver could have been used by remote attackers to crash
the kernel or execute code.

This required the iscsi target running on the machine and
the attacker able to make a network connection to it (aka
not filtered by firewalls).

CVE-2013-2094: The perf_swevent_init function in
kernel/events/core.c in the Linux kernel used an incorrect
integer data type, which allowed local users to gain
privileges via a crafted perf_event_open system call.

CVE-2013-0290: The __skb_recv_datagram function in
net/core/datagram.c in the Linux kernel did not properly
handle the MSG_PEEK flag with zero-length data, which
allowed local users to cause a denial of service (infinite
loop and system hang) via a crafted application.

Bugs fixed:

  • reiserfs: fix spurious multiple-fill in
    reiserfs_readdir_dentry (bnc#822722).

  • reiserfs: fix problems with chowning setuid file w/
    xattrs (bnc#790920).

  • qlge: fix dma map leak when the last chunk is not
    allocated (bnc#819519).

  • Update config files: disable UCB1400 on all but ARM
    Currently UCB1400 is only used on ARM OMAP systems, and
    part of the code is dead code that can’t even be
    modularized.

  • CONFIG_UCB1400_CORE=n

  • CONFIG_TOUCHSCREEN_UCB1400=n

  • CONFIG_GPIO_UCB1400=n

  • mm/mmap: check for RLIMIT_AS before unmapping
    (bnc#818327).

  • unix/stream: fix peeking with an offset larger than data
    in queue (bnc#803931 CVE-2013-0290).

  • unix/dgram: fix peeking with an offset larger than data
    in queue (bnc#803931 CVE-2013-0290).

  • unix/dgram: peek beyond 0-sized skbs (bnc#803931
    CVE-2013-0290).