Risks
Advisories
Browse
or
or
SUSE Security Update - kernel update for SLE11 SP3 (SUSE-SU-2013:1182-1)
SUSE Security Update: kernel update for SLE11 SP3
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1182-1
Rating:             important
References:         #763968 #773837 #785901 #797090 #797727 #801427
                    #803320 #804482 #804609 #805804 #806976 #808015
                    #808136 #808837 #808855 #809130 #809895 #809975
                    #810722 #812281 #812332 #812526 #812974 #813604
                    #813922 #815356 #816451 #817035 #817377 #818047
                    #818371 #818465 #819018 #819195 #819523 #819610
                    #819655 #820172 #820434 #821052 #821070 #821235
                    #821799 #821859 #821930 #822066 #822077 #822080
                    #822164 #822340 #822431 #822722 #822825 #823082
                    #823223 #823342 #823386 #823597 #823795 #824159
                    #825037 #825591 #825657 #825696 #826186
Cross-References:   CVE-2013-0160 CVE-2013-1774 CVE-2013-1979
                    CVE-2013-3076 CVE-2013-3222 CVE-2013-3223
                    CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
                    CVE-2013-3228 CVE-2013-3229 CVE-2013-3231
                    CVE-2013-3232 CVE-2013-3234 CVE-2013-3235

Affected Products:
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 15 vulnerabilities and has 50 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 11 Service Pack 3 kernel was
   updated to 3.0.82 and to fix various bugs and security
   issues.

   Following security issues were fixed: CVE-2013-1774: The
   chase_port function in drivers/usb/serial/io_ti.c in the
   Linux kernel allowed local users to cause a denial of
   service (NULL pointer dereference and system crash) via an
   attempted /dev/ttyUSB read or write operation on a
   disconnected Edgeport USB serial converter.

   CVE-2013-0160: Timing side channel on attacks were possible
   on /dev/ptmx that could allow local attackers to predict
   keypresses like e.g. passwords. This has been fixed again
   by updating accessed/modified time on the pty devices in
   resolution of 8 seconds, so that idle time detection can
   still work.

   CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
   in the Linux kernel did not initialize a certain length
   variable, which allowed local users to obtain sensitive
   information from kernel stack memory via a crafted recvmsg
   or recvfrom system call.

   CVE-2013-3223: The ax25_recvmsg function in
   net/ax25/af_ax25.c in the Linux kernel did not initialize a
   certain data structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3224: The bt_sock_recvmsg function in
   net/bluetooth/af_bluetooth.c in the Linux kernel did not
   properly initialize a certain length variable, which
   allowed local users to obtain sensitive information from
   kernel stack memory via a crafted recvmsg or recvfrom
   system call.

   CVE-2013-3225: The rfcomm_sock_recvmsg function in
   net/bluetooth/rfcomm/sock.c in the Linux kernel did not
   initialize a certain length variable, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   CVE-2013-3227: The caif_seqpkt_recvmsg function in
   net/caif/caif_socket.c in the Linux kernel did not
   initialize a certain length variable, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   CVE-2013-3228: The irda_recvmsg_dgram function in
   net/irda/af_irda.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3229: The iucv_sock_recvmsg function in
   net/iucv/af_iucv.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3231: The llc_ui_recvmsg function in
   net/llc/af_llc.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3232: The nr_recvmsg function in
   net/netrom/af_netrom.c in the Linux kernel did not
   initialize a certain data structure, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   CVE-2013-3234: The rose_recvmsg function in
   net/rose/af_rose.c in the Linux kernel did not initialize a
   certain data structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3235: net/tipc/socket.c in the Linux kernel did
   not initialize a certain data structure and a certain
   length variable, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3076: The crypto API in the Linux kernel did not
   initialize certain length variables, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call,
   related to the hash_recvmsg function in crypto/algif_hash.c
   and the skcipher_recvmsg function in
   crypto/algif_skcipher.c.

   CVE-2013-1979: The scm_set_cred function in
   include/net/scm.h in the Linux kernel used incorrect uid
   and gid values during credentials passing, which allowed
   local users to gain privileges via a crafted application.

   A kernel information leak via tkill/tgkill was fixed.

   Following non security bugs were fixed: S/390:
   - af_iucv: Missing man page (bnc#825037, LTC#94825).
   - iucv: fix kernel panic at reboot (bnc#825037, LTC#93803).
   - kernel: lost IPIs on CPU hotplug (bnc#825037, LTC#94784).
   - dasd: Add missing descriptions for dasd timeout messages
   (bnc#825037, LTC#94762).
   - dasd: Fix hanging device after resume with internal error
   13 (bnc#825037, LTC#94554).
   - cio: Suppress 2nd path verification during resume
   (bnc#825037, LTC#94554).
   - vmcp: Missing man page (bnc#825037, LTC#94453).
   - kernel: 3215 console crash (bnc#825037, LTC#94302).
   - netiucv: Hold rtnl between name allocation and device
   registration (bnc#824159).
   - s390/ftrace: fix mcount adjustment (bnc#809895).

   HyperV:
   - Drivers: hv: Fix a bug in get_vp_index().
   - hyperv: Fix a compiler warning in netvsc_send().
   - Tools: hv: Fix a checkpatch warning.
   - tools: hv: skip iso9660 mounts in hv_vss_daemon.
   - tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon.
   - tools: hv: use getmntent in hv_vss_daemon.
   - Tools: hv: Fix a checkpatch warning.
   - tools: hv: fix checks for origin of netlink message in
   hv_vss_daemon.
   - Tools: hv: fix warnings in hv_vss_daemon.
   - x86, hyperv: Handle Xen emulation of Hyper-V more
   gracefully.
   - hyperv: Fix a kernel warning from
   netvsc_linkstatus_callback().
   - Drivers: hv: balloon: make local functions static.
   - tools: hv: daemon should check type of received Netlink
   msg.
   - tools: hv: daemon setsockopt should use options macros.
   - tools: hv: daemon should subscribe only to CN_KVP_IDX
   group.
   - driver: hv: remove cast for kmalloc return value.
   - hyperv: use 3.4 as LIC version string (bnc#822431).

   BTRFS:
   - btrfs: flush delayed inodes if we are short on space
   (bnc#801427).
   - btrfs: rework shrink_delalloc (bnc#801427).
   - btrfs: fix our overcommit math (bnc#801427).
   - btrfs: delay block group item insertion (bnc#801427).
   - btrfs: remove bytes argument from do_chunk_alloc
   (bnc#801427).
   - btrfs: run delayed refs first when out of space
   (bnc#801427).
   - btrfs: do not commit instead of overcommitting
   (bnc#801427).
   - btrfs: do not take inode delalloc mutex if we are a free
   space inode (bnc#801427).
   - btrfs: fix chunk allocation error handling (bnc#801427).
   - btrfs: remove extent mapping if we fail to add chunk
   (bnc#801427).
   - btrfs: do not overcommit if we do not have enough space
   for global rsv (bnc#801427).
   - btrfs: rework the overcommit logic to be based on the
   total size (bnc#801427).
   - btrfs: steal from global reserve if we are cleaning up
   orphans (bnc#801427).
   - btrfs: clear chunk_alloc flag on retryable failure
   (bnc#801427).
   - btrfs: use reserved space for creating a snapshot
   (bnc#801427).
   - btrfs: cleanup to make the function
   btrfs_delalloc_reserve_metadata more logic (bnc#801427).
   - btrfs: fix space leak when we fail to reserve metadata
   space (bnc#801427).
   - btrfs: fix space accounting for unlink and rename
   (bnc#801427).
   - btrfs: allocate new chunks if the space is not enough for
   global rsv (bnc#801427).
   - btrfs: various abort cleanups (bnc#812526 bnc#801427).
   - btrfs: simplify unlink reservations (bnc#801427).

   XFS:
   - xfs: Move allocation stack switch up to xfs_bmapi
   (bnc#815356).
   - xfs: introduce XFS_BMAPI_STACK_SWITCH (bnc#815356).
   - xfs: zero allocation_args on the kernel stack
   (bnc#815356).
   - xfs: fix debug_object WARN at xfs_alloc_vextent()
   (bnc#815356).
   - xfs: do not defer metadata allocation to the workqueue
   (bnc#815356).
   - xfs: introduce an allocation workqueue (bnc#815356).
   - xfs: fix race while discarding buffers [V4] (bnc#815356
   (comment 36)).
   - xfs: Serialize file-extending direct IO (bnc#818371).
   - xfs: Do not allocate new buffers on every call to
   _xfs_buf_find (bnc#763968).
   - xfs: fix buffer lookup race on allocation failure
   (bnc#763968).

   ALSA:
   - Fix VT1708 jack detection on SLEPOS machines (bnc#813922).
   - ALSA: hda - Avoid choose same converter for unused pins
   (bnc#826186).
   - ALSA: hda - Cache the MUX selection for generic HDMI
   (bnc#826186).
   - ALSA: hda - Haswell converter power state D0 verify
   (bnc#826186).
   - ALSA: hda - Do not take unresponsive D3 transition too
   serious (bnc#823597).
   - ALSA: hda - Introduce bit flags to
   snd_hda_codec_read/write() (bnc#823597).
   - ALSA: hda - Check CORB overflow (bnc#823597).
   - ALSA: hda - Check validity of CORB/RIRB WP reads
   (bnc#823597).
   - ALSA: hda - Fix system panic when DMA > 40 bits for
   Nvidia audio controllers (bnc#818465).
   - ALSA: hda - Add hint for suppressing lower cap for IDT
   codecs (bnc#812332).
   - ALSA: hda - Enable mic-mute LED on more HP laptops
   (bnc#821859).

   Direct Rendering Manager (DRM):
   - drm/i915: Add wait_for in init_ring_common (bnc#813604).
   - drm/i915: Mark the ringbuffers as being in the GTT domain
   (bnc#813604).
   - drm/edid: Do not print messages regarding stereo or csync
   by default (bnc #821235).
   - drm/i915: force full modeset if the connector is in DPMS
   OFF mode (bnc #809975).
   - drm/i915/sdvo: Use &intel_sdvo->ddc instead of
   intel_sdvo->i2c for DDC (bnc #808855).
   - drm/mm: fix dump table BUG. (bnc#808837)
   - drm/i915: Clear the stolen fb before enabling
   (bnc#808015).

   XEN:
   - xen/netback: Update references (bnc#823342).
   - xen: Check for insane amounts of requests on the ring.
   - Update Xen patches to 3.0.82.
   - netback: do not disconnect frontend when seeing oversize
   packet.
   - netfront: reduce gso_max_size to account for max TCP
   header.
   - netfront: fix kABI after "reduce gso_max_size to account
   for max TCP header".

   Other:
   - x86, efi: retry ExitBootServices() on failure
   (bnc#823386).
   - x86/efi: Fix dummy variable buffer allocation
   (bnc#822080).

   - ext4: avoid hang when mounting non-journal filesystems
   with orphan list (bnc#817377).

   - mm: compaction: Scan PFN caching KABI workaround (Fix
   KABI breakage (bnc#825657)).

   - autofs4 - fix get_next_positive_subdir() (bnc#819523).

   - ocfs2: Add bits_wanted while calculating credits in
   ocfs2_calc_extend_credits (bnc#822077).

   - writeback: Avoid needless scanning of b_dirty list
   (bnc#819018).
   - writeback: Do not sort b_io list only because of block
   device inode (bnc#819018).

   - re-enable io tracing (bnc#785901).

   - pciehp: Corrected the old mismatching DMI strings.

   - SUNRPC: Prevent an rpc_task wakeup race (bnc#825591).

   - tg3: Prevent system hang during repeated EEH errors
   (bnc#822066).

   - scsi_dh_alua: multipath failover fails with error 15
   (bnc#825696).

   - Do not switch camera on HP EB 8780 (bnc#797090).

   - Do not switch webcam for HP EB 8580w (bnc#797090).

   - mm: fixup compilation error due to an asm write through a
   const pointer. (bnc#823795)

   - do not switch cam port on HP EliteBook 840 (bnc#822164).

   - net/sunrpc: xpt_auth_cache should be ignored when expired
   (bnc#803320).
   - sunrpc/cache: ensure items removed from cache do not have
   pending upcalls (bnc#803320).
   - sunrpc/cache: remove races with queuing an upcall
   (bnc#803320).
   - sunrpc/cache: use cache_fresh_unlocked consistently and
   correctly (bnc#803320).

   - KVM: x86: emulate movdqa (bnc#821070).
   - KVM: x86: emulator: add support for vector alignment
   (bnc#821070).
   - KVM: x86: emulator: expand decode flags to 64 bits
   (bnc#821070).

   - xhci - correct comp_mode_recovery_timer on return from
   hibernate (bnc#808136).

   - md/raid10 enough fixes (bnc#773837).

   - lib/Makefile: Fix oid_registry build dependency
   (bnc#823223).

   - Update config files: disable IP_PNP (bnc#822825)

   - Fix kABI breakage for addition of
   snd_hda_bus.no_response_fallback (bnc#823597).

   - Disable efi pstore by default (bnc#804482 bnc#820172).

   - md: Fix problem with GET_BITMAP_FILE returning wrong
   status (bnc#812974).

   - bnx2x: Fix bridged GSO for 57710/57711 chips (bnc#819610).

   - USB: xHCI: override bogus bulk wMaxPacketSize values
   (bnc#823082).

   - BTUSB: Add MediaTek bluetooth MT76x0E support (bnc#797727
   bnc#822340).

   - qlge: Update version to 1.00.00.32 (bnc#819195).
   - qlge: Fix ethtool autoneg advertising (bnc#819195).
   - qlge: Fix receive path to drop error frames (bnc#819195).
   - qlge: remove NETIF_F_TSO6 flag (bnc#819195).
   - remove init of dev->perm_addr in drivers (bnc#819195).
   - drivers/net: fix up function prototypes after __dev*
   removals (bnc#819195).
   - qlge: remove __dev* attributes (bnc#819195).
   - drivers: ethernet: qlogic: qlge_dbg.c: Fixed a coding
   style issue (bnc#819195).

   - cxgb4: Force uninitialized state if FW_ON_ADAPTER is <
   FW_VERSION and we are the MASTER_PF (bnc#809130).

   - USB: UHCI: fix for suspend of virtual HP controller
   (bnc#817035).

   - timer_list: Convert timer list to be a proper seq_file
   (bnc#818047).
   - timer_list: Split timer_list_show_tickdevices
   (bnc#818047).
   - sched: Fix /proc/sched_debug failure on very very large
   systems (bnc#818047).
   - sched: Fix /proc/sched_stat failure on very very large
   systems (bnc#818047).

   - reiserfs: fix spurious multiple-fill in
   reiserfs_readdir_dentry (bnc#822722).

   - libfc: do not exch_done() on invalid sequence ptr
   (bnc#810722).

   - netfilter: ip6t_LOG: fix logging of packet mark
   (bnc#821930).


   - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
   (bnc#819655).

   - HWPOISON: fix misjudgement of page_action() for errors on
   mlocked pages (Memory failure RAS (bnc#821799)).
   - HWPOISON: check dirty flag to match against clean page
   (Memory failure RAS (bnc#821799)).
   - HWPOISON: change order of error_states elements (Memory
   failure RAS (bnc#821799)).
   - mm: hwpoison: fix action_result() to print out
   dirty/clean (Memory failure RAS (bnc#821799)).

   - mm: mmu_notifier: re-fix freed page still mapped in
   secondary MMU (bnc#821052).

   - Do not switch webcams in some HP ProBooks to XHCI
   (bnc#805804).

   - Do not switch BT on HP ProBook 4340 (bnc#812281).

   - mm: memory_dev_init make sure nmi watchdog does not
   trigger while registering memory sections (bnc#804609,
   bnc#820434).

   - mm: compaction: Restart compaction from near where it
   left off
   - mm: compaction: cache if a pageblock was scanned and no
   pages were isolated
   - mm: compaction: clear PG_migrate_skip based on compaction
   and reclaim activity
   - mm: compaction: Scan PFN caching KABI workaround
   - mm: page_allocator: Remove first_pass guard
   - mm: vmscan: do not stall on writeback during memory
   compaction Cache compaction restart points for faster
   compaction cycles (bnc#816451)


Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SLE 11 SERVER Unsupported Extras (ppc64 s390x x86_64):

      kernel-default-extra-3.0.82-0.7.9

   - SLE 11 SERVER Unsupported Extras (x86_64):

      kernel-xen-extra-3.0.82-0.7.9

   - SLE 11 SERVER Unsupported Extras (ppc64):

      kernel-ppc64-extra-3.0.82-0.7.9


References:

   http://support.novell.com/security/cve/CVE-2013-0160.html
   http://support.novell.com/security/cve/CVE-2013-1774.html
   http://support.novell.com/security/cve/CVE-2013-1979.html
   http://support.novell.com/security/cve/CVE-2013-3076.html
   http://support.novell.com/security/cve/CVE-2013-3222.html
   http://support.novell.com/security/cve/CVE-2013-3223.html
   http://support.novell.com/security/cve/CVE-2013-3224.html
   http://support.novell.com/security/cve/CVE-2013-3225.html
   http://support.novell.com/security/cve/CVE-2013-3227.html
   http://support.novell.com/security/cve/CVE-2013-3228.html
   http://support.novell.com/security/cve/CVE-2013-3229.html
   http://support.novell.com/security/cve/CVE-2013-3231.html
   http://support.novell.com/security/cve/CVE-2013-3232.html
   http://support.novell.com/security/cve/CVE-2013-3234.html
   http://support.novell.com/security/cve/CVE-2013-3235.html
   https://bugzilla.novell.com/763968
   https://bugzilla.novell.com/773837
   https://bugzilla.novell.com/785901
   https://bugzilla.novell.com/797090
   https://bugzilla.novell.com/797727
   https://bugzilla.novell.com/801427
   https://bugzilla.novell.com/803320
   https://bugzilla.novell.com/804482
   https://bugzilla.novell.com/804609
   https://bugzilla.novell.com/805804
   https://bugzilla.novell.com/806976
   https://bugzilla.novell.com/808015
   https://bugzilla.novell.com/808136
   https://bugzilla.novell.com/808837
   https://bugzilla.novell.com/808855
   https://bugzilla.novell.com/809130
   https://bugzilla.novell.com/809895
   https://bugzilla.novell.com/809975
   https://bugzilla.novell.com/810722
   https://bugzilla.novell.com/812281
   https://bugzilla.novell.com/812332
   https://bugzilla.novell.com/812526
   https://bugzilla.novell.com/812974
   https://bugzilla.novell.com/813604
   https://bugzilla.novell.com/813922
   https://bugzilla.novell.com/815356
   https://bugzilla.novell.com/816451
   https://bugzilla.novell.com/817035
   https://bugzilla.novell.com/817377
   https://bugzilla.novell.com/818047
   https://bugzilla.novell.com/818371
   https://bugzilla.novell.com/818465
   https://bugzilla.novell.com/819018
   https://bugzilla.novell.com/819195
   https://bugzilla.novell.com/819523
   https://bugzilla.novell.com/819610
   https://bugzilla.novell.com/819655
   https://bugzilla.novell.com/820172
   https://bugzilla.novell.com/820434
   https://bugzilla.novell.com/821052
   https://bugzilla.novell.com/821070
   https://bugzilla.novell.com/821235
   https://bugzilla.novell.com/821799
   https://bugzilla.novell.com/821859
   https://bugzilla.novell.com/821930
   https://bugzilla.novell.com/822066
   https://bugzilla.novell.com/822077
   https://bugzilla.novell.com/822080
   https://bugzilla.novell.com/822164
   https://bugzilla.novell.com/822340
   https://bugzilla.novell.com/822431
   https://bugzilla.novell.com/822722
   https://bugzilla.novell.com/822825
   https://bugzilla.novell.com/823082
   https://bugzilla.novell.com/823223
   https://bugzilla.novell.com/823342
   https://bugzilla.novell.com/823386
   https://bugzilla.novell.com/823597
   https://bugzilla.novell.com/823795
   https://bugzilla.novell.com/824159
   https://bugzilla.novell.com/825037
   https://bugzilla.novell.com/825591
   https://bugzilla.novell.com/825657
   https://bugzilla.novell.com/825696
   https://bugzilla.novell.com/826186
  
http://download.novell.com/patch/finder/?keywords=9deafe882b5e3b5f0df9f5075f0d6114
  
http://download.novell.com/patch/finder/?keywords=bdd1cc737ed1a109b28b077184acad08
   http://download.novell.com/patch/finder/?keywords=ddd472e1f756fe2a224c4a247ce90bef




Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //