The SUSE Linux Enterprise Server 11 SP1 LTSS kernel received a roll-up
update to fix security and non-security issues.
The following security issues have been fixed:
*
CVE-2014-3153: The futex acquisition code in kernel/futex.c can be
used to gain ring0 access via the futex syscall. This could be used for
privilege escalation for non root users. (bnc#880892)
*
CVE-2012-6647: The futex_wait_requeue_pi function in kernel/futex.c
in the Linux kernel before 3.5.1 does not ensure that calls have two
different futex addresses, which allows local users to cause a denial
of service (NULL pointer dereference and system crash) or possibly
have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.
(bnc#878289)
*
CVE-2013-6382: Multiple buffer underflows in the XFS implementation
in the Linux kernel through 3.12.1 allow local users to cause a denial of
service (memory corruption) or possibly have unspecified
other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call
with a crafted length value, related to the xfs_attrlist_by_handle
function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
function in fs/xfs/xfs_ioctl32.c. (bnc#852553)
*
CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors
does not properly handle the interaction between locked instructions and
write-combined memory types, which allows local users to cause a denial of
service (system hang) via a crafted application, aka the errata 793 issue.
(bnc#852967)
*
CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length
values before ensuring that associated data structures have been
initialized, which allows local users to obtain sensitive information from
kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg
system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)
*
CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in
the Linux kernel before 3.12.4 updates a certain length value before
ensuring that an associated data structure has been initialized, which
allows local users to obtain sensitive information from kernel stack
memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643)
*
CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in
the Linux kernel before 3.12.4 updates a certain length value before
ensuring that an associated data structure has been initialized, which
allows local users to obtain sensitive information from kernel stack
memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643)
*
CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in
the Linux kernel before 3.12.8 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via a bind system call for an RDS socket on a
system that lacks RDS transports. (bnc#869563)
*
CVE-2014-0101: The sctp_sf_do_5_1D_ce function in
net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not
validate certain auth_enable and auth_capable fields before making an
sctp_sf_authenticate call, which allows remote attackers to cause a denial
of service (NULL pointer dereference and system crash) via an SCTP
handshake with a modified INIT chunk and a crafted AUTH chunk before a
COOKIE_ECHO chunk. (bnc#866102)
*
CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in
the Linux kernel through 3.14.3 does not properly manage tty driver access
in the "LECHO & !OPOST" case, which allows local users to cause a denial
of service (memory corruption and system crash) or gain privileges by
triggering a race condition involving read and write operations with long
strings. (bnc#875690)
*
CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
in the Linux kernel through 3.14.3 does not properly handle error
conditions during processing of an FDRAWCMD ioctl call, which allows local
users to trigger kfree operations and gain privileges by leveraging write
access to a /dev/fd device. (bnc#875798)
*
CVE-2014-1738: The raw_cmd_copyout function in
drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
properly restrict access to certain pointers during processing of an
FDRAWCMD ioctl call, which allows local users to obtain sensitive
information from kernel heap memory by leveraging write access to a
/dev/fd device. (bnc#875798)
*
CVE-2014-1874: The security_context_to_sid_core function in
security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows
local users to cause a denial of service (system crash) by leveraging the
CAP_MAC_ADMIN capability to set a zero-length security context.
(bnc#863335)
*
CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux
kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows
remote attackers to cause a denial of service (system crash)
or possibly execute arbitrary code via a DCCP packet that triggers a
call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
(bnc#868653)
*
CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in
the Linux kernel through 3.14 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via a bind system call for an RDS socket on a
system that lacks RDS transports. (bnc#871561)
*
CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the
Linux kernel before 3.14.3 does not properly consider which pages must be
locked, which allows local users to cause a denial of service (system
crash) by triggering a memory-usage pattern that requires removal of
page-table mappings. (bnc#876102)
*
CVE-2013-7027: The ieee80211_radiotap_iterator_init function in
net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check
whether a frame contains any data outside of the header, which might allow
attackers to cause a denial of service (buffer over-read) via a crafted
header. (bnc#854634)
The following non-security issues have been fixed:
* sched: protect scale_rt_power() from clock aberations (bnc#630970,
bnc#661605, bnc#865310).
* sched: fix divide by zero at {thread_group,task}_times (bnc#761774,
bnc#873070).
* clocksource: avoid unnecessary overflow in cyclecounter_cyc2ns()
(bnc#865310).
* ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)
(bnc#874108).
* block: Wait for queue cleanup until the queue is empty before queue
cleanup (bnc#792407).
* fs: do_add_mount()/umount -l races (bnc#663516).
* vfs,proc: guarantee unique inodes in /proc (bnc#868049).
* nfs: Allow nfsdv4 to work when fips=1 (bnc#868488).
* inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state
(bnc#854743).
* bonding: send unsolicited NA for all addresses (bnc#856756).
* bonding: send unsolicited neighbour advertisements to all-nodes
(bnc#856756).
Security Issues references:
* CVE-2012-6647
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647</a>>
* CVE-2013-6382
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382</a>>
* CVE-2013-6885
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885</a>>
* CVE-2013-7027
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7027">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7027</a>>
* CVE-2013-7263
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>
* CVE-2013-7264
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264</a>>
* CVE-2013-7265
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265</a>>
* CVE-2013-7339
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339</a>>
* CVE-2014-0101
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101</a>>
* CVE-2014-0196
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196</a>>
* CVE-2014-1737
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737</a>>
* CVE-2014-1738
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738</a>>
* CVE-2014-1874
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874</a>>
* CVE-2014-2523
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523</a>>
* CVE-2014-2678
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678</a>>
* CVE-2014-3122
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122</a>>
* CVE-2014-3153
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153</a>>
download.suse.com/patch/finder/?keywords=1f7d34dea2e5092125c31d9d0a405f5a
download.suse.com/patch/finder/?keywords=518a51bcce5e0cc4e53c7e7bccd832c3
download.suse.com/patch/finder/?keywords=9ef95d829298aaa37050f0a54e442fe4
download.suse.com/patch/finder/?keywords=c146be129d24b739d74708b50d2cc532
download.suse.com/patch/finder/?keywords=d036686eebebfe198fe470f1df9f08cb
download.suse.com/patch/finder/?keywords=fdf0b5f57e08d67cb242abf486c62992
bugzilla.novell.com/630970
bugzilla.novell.com/661605
bugzilla.novell.com/663516
bugzilla.novell.com/761774
bugzilla.novell.com/792407
bugzilla.novell.com/852553
bugzilla.novell.com/852967
bugzilla.novell.com/854634
bugzilla.novell.com/854743
bugzilla.novell.com/856756
bugzilla.novell.com/857643
bugzilla.novell.com/863335
bugzilla.novell.com/865310
bugzilla.novell.com/866102
bugzilla.novell.com/868049
bugzilla.novell.com/868488
bugzilla.novell.com/868653
bugzilla.novell.com/869563
bugzilla.novell.com/871561
bugzilla.novell.com/873070
bugzilla.novell.com/874108
bugzilla.novell.com/875690
bugzilla.novell.com/875798
bugzilla.novell.com/876102
bugzilla.novell.com/878289
bugzilla.novell.com/880892