Lucene search

K
suseSuseSUSE-SU-2013:1022-2
HistoryJun 17, 2013 - 11:04 p.m.

Security update for Linux kernel (important)

2013-06-1723:04:15
lists.opensuse.org
37

EPSS

0.001

Percentile

46.5%

The SUSE Linux Enterprise 11 Service Pack 2 kernel has been
updated to Linux kernel 3.0.80 which fixes various bugs
and security issues.

The following security issues have been fixed:

CVE-2013-0160: Timing side channel on attacks were
possible on /dev/ptmx that could allow local attackers to
predict keypresses like e.g. passwords. This has been fixed
again by updating accessed/modified time on the pty devices
in resolution of 8 seconds, so that idle time detection can
still work.

CVE-2013-3222: The vcc_recvmsg function in
net/atm/common.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom
system call.

CVE-2013-3225: The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3227: The caif_seqpkt_recvmsg function in
net/caif/caif_socket.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3235: net/tipc/socket.c in the Linux kernel
did not initialize a certain data structure and a certain
length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3076: The crypto API in the Linux kernel did
not initialize certain length variables, which allowed
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call,
related to the hash_recvmsg function in crypto/algif_hash.c
and the skcipher_recvmsg function in
crypto/algif_skcipher.c.

CVE-2013-1979: The scm_set_cred function in
include/net/scm.h in the Linux kernel used incorrect uid
and gid values during credentials passing, which allowed
local users to gain privileges via a crafted application.

A kernel information leak via tkill/tgkill was fixed.

The following bugs have been fixed:

  • reiserfs: fix spurious multiple-fill in
    reiserfs_readdir_dentry (bnc#822722).
  • libfc: do not exch_done() on invalid sequence ptr
    (bnc#810722).
  • netfilter: ip6t_LOG: fix logging of packet mark
    (bnc#821930).
  • hyperv: use 3.4 as LIC version string (bnc#822431).
  • virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
    (bnc#819655).
  • xen/netback: do not disconnect frontend when seeing
    oversize packet.
  • xen/netfront: reduce gso_max_size to account for max
    TCP header.
  • xen/netfront: fix kABI after "reduce gso_max_size to
    account for max TCP header".
  • xfs: Fix kABI due to change in xfs_buf (bnc#815356).
  • xfs: fix race while discarding buffers [V4]
    (bnc#815356 (comment 36)).
  • xfs: Serialize file-extending direct IO (bnc#818371).
  • xhci: Do not switch webcams in some HP ProBooks to
    XHCI (bnc#805804).
  • bluetooth: Do not switch BT on HP ProBook 4340
    (bnc#812281).
  • s390/ftrace: fix mcount adjustment (bnc#809895).
  • mm: memory_dev_init make sure nmi watchdog does not
    trigger while registering memory sections (bnc#804609,
    bnc#820434).
  • patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid
    pathological backwards allocation (bnc#805945).
  • mm: compaction: Restart compaction from near where it
    left off
  • mm: compaction: cache if a pageblock was scanned and
    no pages were isolated
  • mm: compaction: clear PG_migrate_skip based on
    compaction and reclaim activity
  • mm: compaction: Scan PFN caching KABI workaround
  • mm: page_allocator: Remove first_pass guard
  • mm: vmscan: do not stall on writeback during memory
    compaction Cache compaction restart points for faster
    compaction cycles (bnc#816451)
  • qlge: fix dma map leak when the last chunk is not
    allocated (bnc#819519).
  • SUNRPC: Get rid of the redundant xprt->shutdown bit
    field (bnc#800907).
  • SUNRPC: Ensure that we grab the XPRT_LOCK before
    calling xprt_alloc_slot (bnc#800907).
  • SUNRPC: Fix a UDP transport regression (bnc#800907).
  • SUNRPC: Allow caller of rpc_sleep_on() to select
    priority levels (bnc#800907).
  • SUNRPC: Replace xprt->resend and xprt->sending with a
    priority queue (bnc#800907).
  • SUNRPC: Fix potential races in xprt_lock_write_next()
    (bnc#800907).
  • md: cannot re-add disks after recovery (bnc#808647).
  • fs/xattr.c:getxattr(): improve handling of allocation
    failures (bnc#818053).
  • fs/xattr.c:listxattr(): fall back to vmalloc() if
    kmalloc() failed (bnc#818053).
  • fs/xattr.c:setxattr(): improve handling of allocation
    failures (bnc#818053).
  • fs/xattr.c: suppress page allocation failure warnings
    from sys_listxattr() (bnc#818053).
  • virtio-blk: Call revalidate_disk() upon online disk
    resize (bnc#817339).
  • usb-storage: CY7C68300A chips do not support Cypress
    ATACB (bnc#819295).
  • patches.kernel.org/patch-3.0.60-61: Update references
    (add bnc#810580).
  • usb: Using correct way to clear usb3.0 devices remote
    wakeup feature (bnc#818516).
  • xhci: Fix TD size for isochronous URBs (bnc#818514).
  • ALSA: hda - fixup D3 pin and right channel mute on
    Haswell HDMI audio (bnc#818798).
  • ALSA: hda - Apply pin-enablement workaround to all
    Haswell HDMI codecs (bnc#818798).
  • xfs: fallback to vmalloc for large buffers in
    xfs_attrmulti_attr_get (bnc#818053).
  • xfs: fallback to vmalloc for large buffers in
    xfs_attrlist_by_handle (bnc#818053).
  • xfs: xfs: fallback to vmalloc for large buffers in
    xfs_compat_attrlist_by_handle (bnc#818053).
  • xHCI: store rings type.
  • xhci: Fix hang on back-to-back Set TR Deq Ptr
    commands.
  • xHCI: check enqueue pointer advance into dequeue seg.
  • xHCI: store rings last segment and segment numbers.
  • xHCI: Allocate 2 segments for transfer ring.
  • xHCI: count free TRBs on transfer ring.
  • xHCI: factor out segments allocation and free
    function.
  • xHCI: update sg tablesize.
  • xHCI: set cycle state when allocate rings.
  • xhci: Reserve one command for USB3 LPM disable.
  • xHCI: dynamic ring expansion.
  • xhci: Do not warn on empty ring for suspended devices.
  • md/raid1: Do not release reference to device while
    handling read error (bnc#809122, bnc#814719).
  • rpm/mkspec: Stop generating the get_release_number.sh
    file.
  • rpm/kernel-spec-macros: Properly handle KOTD release
    numbers with .g suffix.
  • rpm/kernel-spec-macros: Drop the %release_num macro
    We no longer put the -rcX tag into the release string.
  • rpm/kernel-*.spec.in, rpm/mkspec: Do not force the
    "<RELEASE>" string in specfiles.
  • mm/mmap: check for RLIMIT_AS before unmapping
    (bnc#818327).
  • mm: Fix add_page_wait_queue() to work for PG_Locked
    bit waiters (bnc#792584).
  • mm: Fix add_page_wait_queue() to work for PG_Locked
    bit waiters (bnc#792584).
  • bonding: only use primary address for ARP
    (bnc#815444).
  • bonding: remove entries for master_ip and vlan_ip and
    query devices instead (bnc#815444).
  • mm: speedup in __early_pfn_to_nid (bnc#810624).
  • TTY: fix atime/mtime regression (bnc#815745).
  • sd_dif: problem with verify of type 1 protection
    information (PI) (bnc#817010).
  • sched: harden rq rt usage accounting (bnc#769685,
    bnc#788590).
  • rcu: Avoid spurious RCU CPU stall warnings
    (bnc#816586).
  • rcu: Dump local stack if cannot dump all CPUs stacks
    (bnc#816586).
  • rcu: Fix detection of abruptly-ending stall
    (bnc#816586).
  • rcu: Suppress NMI backtraces when stall ends before
    dump (bnc#816586).
  • Update Xen patches to 3.0.74.
  • btrfs: do not re-enter when allocating a chunk.
  • btrfs: save us a read_lock.
  • btrfs: Check CAP_DAC_READ_SEARCH for
    BTRFS_IOC_INO_PATHS.
  • btrfs: remove unused fs_info from
    btrfs_decode_error().
  • btrfs: handle null fs_info in btrfs_panic().
  • btrfs: fix varargs in __btrfs_std_error.
  • btrfs: fix the race between bio and
    btrfs_stop_workers.
  • btrfs: fix NULL pointer after aborting a transaction.
  • btrfs: fix infinite loop when we abort on mount.
  • xfs: Do not allocate new buffers on every call to
    _xfs_buf_find (bnc#763968).
  • xfs: fix buffer lookup race on allocation failure
    (bnc#763968).

References