openSUSE Security Update: kernel: security and bugfix update
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:0396-1
Rating:             important
References:         #714906 #720226 #733148 #755546 #762693 #765524 
                    #768506 #769784 #769896 #770695 #773406 #773831 
                    #774285 #774523 #774859 #776144 #778630 #779432 
                    #781134 #783515 #784192 #786013 #787168 #792500 
                    #793671 #797175 #799209 #800280 #801178 #801782 
                    #802153 #802642 #804154 #804652 #804738 
Cross-References:   CVE-2012-0957 CVE-2012-2745 CVE-2012-3412
                    CVE-2012-4530 CVE-2013-0160 CVE-2013-0216
                    CVE-2013-0231 CVE-2013-0268 CVE-2013-0309
                    CVE-2013-0871
Affected Products:
                    openSUSE 12.1
______________________________________________________________________________

   An update that solves 10 vulnerabilities and has 25 fixes
   is now available.

Description:


   The Linux kernel was updated to fix various bugs and
   security issues:

   CVE-2013-0871: Race condition in the ptrace functionality
   in the Linux kernel allowed local users to gain privileges
   via a PTRACE_SETREGS ptrace system call in a crafted
   application, as demonstrated by ptrace_death.

   CVE-2013-0160: Avoid a side channel attack on /dev/ptmx
   (keyboard input timing).

   CVE-2012-5374: Fixed a local denial of service in the BTRFS
   hashing code.

   CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux
   kernel, when transparent huge pages are used, does not
   properly support PROT_NONE memory regions, which allows
   local users to cause a denial of service (system crash) via
   a crafted application.

   CVE-2013-0268: The msr_open function in
   arch/x86/kernel/msr.c in the Linux kernel allowed local
   users to bypass intended capability restrictions by
   executing a crafted application as root, as demonstrated by
   msr32.c.

   CVE-2012-0957: The override_release function in
   kernel/sys.c in the Linux kernel allowed local users to
   obtain sensitive information from kernel stack memory via a
   uname system call in conjunction with a UNAME26 personality.

   CVE-2013-0216: The Xen netback functionality in the Linux
   kernel allowed guest OS users to cause a denial of service
   (loop) by triggering ring pointer corruption.

   CVE-2013-0231: The pciback_enable_msi function in the PCI
   backend driver
   (drivers/xen/pciback/conf_space_capability_msi.c) in Xen
   for the Linux kernel allowed guest OS users with PCI device
   access to cause a denial of service via a large number of
   kernel log messages. NOTE: some of these details are
   obtained from third party information.

   CVE-2012-4530: The load_script function in
   fs/binfmt_script.c in the Linux kernel did not properly
   handle recursion, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted application.

   CVE-2012-4508: Race condition in fs/ext4/extents.c in the
   Linux kernel allowed local users to obtain sensitive
   information from a deleted file by reading an extent that
   was not properly marked as uninitialized.

   CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver
   in the Linux kernel allowed remote attackers to cause a
   denial of service (DMA descriptor consumption and
   network-controller outage) via crafted TCP packets that
   trigger a small MSS value.

   CVE-2012-2745: The copy_creds function in kernel/cred.c in
   the Linux kernel provided an invalid replacement session
   keyring to a child process, which allowed local users to
   cause a denial of service (panic) via a crafted application
   that uses the fork system call.

   CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c
   in the Linux kernel did not properly handle ELOOP errors in
   EPOLL_CTL_ADD operations, which allowed local users to
   cause a denial of service (file-descriptor consumption and
   system crash) via a crafted application that attempts to
   create a circular epoll dependency.

   CVE-2012-3400: Heap-based buffer overflow in the
   udf_load_logicalvol function in fs/udf/super.c in the Linux
   kernel allowed remote attackers to cause a denial of
   service (system crash) or possibly have unspecified other
   impact via a crafted UDF filesystem.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2013-176

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.1 (i586 x86_64):

      kernel-debug-3.1.10-1.19.1
      kernel-debug-base-3.1.10-1.19.1
      kernel-debug-base-debuginfo-3.1.10-1.19.1
      kernel-debug-debuginfo-3.1.10-1.19.1
      kernel-debug-debugsource-3.1.10-1.19.1
      kernel-debug-devel-3.1.10-1.19.1
      kernel-debug-devel-debuginfo-3.1.10-1.19.1
      kernel-default-3.1.10-1.19.1
      kernel-default-base-3.1.10-1.19.1
      kernel-default-base-debuginfo-3.1.10-1.19.1
      kernel-default-debuginfo-3.1.10-1.19.1
      kernel-default-debugsource-3.1.10-1.19.1
      kernel-default-devel-3.1.10-1.19.1
      kernel-default-devel-debuginfo-3.1.10-1.19.1
      kernel-desktop-3.1.10-1.19.1
      kernel-desktop-base-3.1.10-1.19.1
      kernel-desktop-base-debuginfo-3.1.10-1.19.1
      kernel-desktop-debuginfo-3.1.10-1.19.1
      kernel-desktop-debugsource-3.1.10-1.19.1
      kernel-desktop-devel-3.1.10-1.19.1
      kernel-desktop-devel-debuginfo-3.1.10-1.19.1
      kernel-ec2-3.1.10-1.19.1
      kernel-ec2-base-3.1.10-1.19.1
      kernel-ec2-base-debuginfo-3.1.10-1.19.1
      kernel-ec2-debuginfo-3.1.10-1.19.1
      kernel-ec2-debugsource-3.1.10-1.19.1
      kernel-ec2-devel-3.1.10-1.19.1
      kernel-ec2-devel-debuginfo-3.1.10-1.19.1
      kernel-ec2-extra-3.1.10-1.19.1
      kernel-ec2-extra-debuginfo-3.1.10-1.19.1
      kernel-syms-3.1.10-1.19.1
      kernel-trace-3.1.10-1.19.1
      kernel-trace-base-3.1.10-1.19.1
      kernel-trace-base-debuginfo-3.1.10-1.19.1
      kernel-trace-debuginfo-3.1.10-1.19.1
      kernel-trace-debugsource-3.1.10-1.19.1
      kernel-trace-devel-3.1.10-1.19.1
      kernel-trace-devel-debuginfo-3.1.10-1.19.1
      kernel-vanilla-3.1.10-1.19.1
      kernel-vanilla-base-3.1.10-1.19.1
      kernel-vanilla-base-debuginfo-3.1.10-1.19.1
      kernel-vanilla-debuginfo-3.1.10-1.19.1
      kernel-vanilla-debugsource-3.1.10-1.19.1
      kernel-vanilla-devel-3.1.10-1.19.1
      kernel-vanilla-devel-debuginfo-3.1.10-1.19.1
      kernel-xen-3.1.10-1.19.1
      kernel-xen-base-3.1.10-1.19.1
      kernel-xen-base-debuginfo-3.1.10-1.19.1
      kernel-xen-debuginfo-3.1.10-1.19.1
      kernel-xen-debugsource-3.1.10-1.19.1
      kernel-xen-devel-3.1.10-1.19.1
      kernel-xen-devel-debuginfo-3.1.10-1.19.1

   - openSUSE 12.1 (noarch):

      kernel-devel-3.1.10-1.19.1
      kernel-docs-3.1.10-1.19.2
      kernel-source-3.1.10-1.19.1
      kernel-source-vanilla-3.1.10-1.19.1

   - openSUSE 12.1 (i586):

      kernel-pae-3.1.10-1.19.1
      kernel-pae-base-3.1.10-1.19.1
      kernel-pae-base-debuginfo-3.1.10-1.19.1
      kernel-pae-debuginfo-3.1.10-1.19.1
      kernel-pae-debugsource-3.1.10-1.19.1
      kernel-pae-devel-3.1.10-1.19.1
      kernel-pae-devel-debuginfo-3.1.10-1.19.1


References:

   https://www.suse.com/security/cve/CVE-2012-0957.html
   https://www.suse.com/security/cve/CVE-2012-2745.html
   https://www.suse.com/security/cve/CVE-2012-3412.html
   https://www.suse.com/security/cve/CVE-2012-4530.html
   https://www.suse.com/security/cve/CVE-2013-0160.html
   https://www.suse.com/security/cve/CVE-2013-0216.html
   https://www.suse.com/security/cve/CVE-2013-0231.html
   https://www.suse.com/security/cve/CVE-2013-0268.html
   https://www.suse.com/security/cve/CVE-2013-0309.html
   https://www.suse.com/security/cve/CVE-2013-0871.html
   https://bugzilla.novell.com/714906
   https://bugzilla.novell.com/720226
   https://bugzilla.novell.com/733148
   https://bugzilla.novell.com/755546
   https://bugzilla.novell.com/762693
   https://bugzilla.novell.com/765524
   https://bugzilla.novell.com/768506
   https://bugzilla.novell.com/769784
   https://bugzilla.novell.com/769896
   https://bugzilla.novell.com/770695
   https://bugzilla.novell.com/773406
   https://bugzilla.novell.com/773831
   https://bugzilla.novell.com/774285
   https://bugzilla.novell.com/774523
   https://bugzilla.novell.com/774859
   https://bugzilla.novell.com/776144
   https://bugzilla.novell.com/778630
   https://bugzilla.novell.com/779432
   https://bugzilla.novell.com/781134
   https://bugzilla.novell.com/783515
   https://bugzilla.novell.com/784192
   https://bugzilla.novell.com/786013
   https://bugzilla.novell.com/787168
   https://bugzilla.novell.com/792500
   https://bugzilla.novell.com/793671
   https://bugzilla.novell.com/797175
   https://bugzilla.novell.com/799209
   https://bugzilla.novell.com/800280
   https://bugzilla.novell.com/801178
   https://bugzilla.novell.com/801782
   https://bugzilla.novell.com/802153
   https://bugzilla.novell.com/802642
   https://bugzilla.novell.com/804154
   https://bugzilla.novell.com/804652
   https://bugzilla.novell.com/804738

openSUSE: 2013:0396-1: important: kernel

March 5, 2013
An update that solves 10 vulnerabilities and has 25 fixes An update that solves 10 vulnerabilities and has 25 fixes An update that solves 10 vulnerabilities and has 25 fixes is now...

Description

The Linux kernel was updated to fix various bugs and security issues: CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0160: Avoid a side channel attack on /dev/ptmx (keyboard input timing). CVE-2012-5374: Fixed a local denial of service in the BTRFS hashing code. CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux kernel, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-0957: The over...

Read the Full Advisory

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-176 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 12.1 (i586 x86_64): kernel-debug-3.1.10-1.19.1 kernel-debug-base-3.1.10-1.19.1 kernel-debug-base-debuginfo-3.1.10-1.19.1 kernel-debug-debuginfo-3.1.10-1.19.1 kernel-debug-debugsource-3.1.10-1.19.1 kernel-debug-devel-3.1.10-1.19.1 kernel-debug-devel-debuginfo-3.1.10-1.19.1 kernel-default-3.1.10-1.19.1 kernel-default-base-3.1.10-1.19.1 kernel-default-base-debuginfo-3.1.10-1.19.1 kernel-default-debuginfo-3.1.10-1.19.1 kernel-default-debugsource-3.1.10-1.19.1 kernel-default-devel-3.1.10-1.19.1 kernel-default-devel-debuginfo-3.1.10-1.19.1 kernel-desktop-3.1.10-1.19.1 kernel-desktop-base-3.1.10-1.19.1 kernel-desktop-base-debuginfo-3.1.10-1.19.1 kernel-desktop-debuginfo-3.1.10-1.19.1 kernel-desktop-debugsource-3.1.10-1.19.1 kernel-desktop-devel-3.1.10-1.19.1 kernel-desktop-devel-debuginfo-3.1.10-1.19.1 kernel-ec2-3.1.10-1.19.1 kernel-ec2-base-3.1.10-1.19.1 kernel-ec2-base-debuginfo-3.1.10-1.19.1 kernel-ec2-debuginfo-3.1.10-1.19.1 kernel-ec2-debugsource-3.1.10-1.19.1 kernel-ec2-devel-3.1.10-1.19.1 kernel-ec2-devel-debuginfo-3.1.10-1.19.1 kernel-ec2-extra-3.1.10-1.19.1 kernel-ec2-extra-debuginfo-3.1.10-1.19.1 kernel-syms-3.1.10-1.19.1 kernel-trace-3.1.10-1.19.1 kernel-trace-base-3.1.10-1.19.1 kernel-trace-base-debuginfo-3.1.10-1.19.1 kernel-trace-debuginfo-3.1.10-1.19.1 kernel-trace-debugsource-3.1.10-1.19.1 kernel-trace-devel-3.1.10-1.19.1 kernel-trace-devel-debuginfo-3.1.10-1.19.1 kernel-vanilla-3.1.10-1.19.1 kernel-vanilla-base-3.1.10-1.19.1 kernel-vanilla-base-debuginfo-3.1.10-1.19.1 kernel-vanilla-debuginfo-3.1.10-1.19.1 kernel-vanilla-debugsource-3.1.10-1.19.1 kernel-vanilla-devel-3.1.10-1.19.1 kernel-vanilla-devel-debuginfo-3.1.10-1.19.1 kernel-xen-3.1.10-1.19.1 kernel-xen-base-3.1.10-1.19.1 kernel-xen-base-debuginfo-3.1.10-1.19.1 kernel-xen-debuginfo-3.1.10-1.19.1 kernel-xen-debugsource-3.1.10-1.19.1 kernel-xen-devel-3.1.10-1.19.1 kernel-xen-devel-debuginfo-3.1.10-1.19.1 - openSUSE 12.1 (noarch): kernel-devel-3.1.10-1.19.1 kernel-docs-3.1.10-1.19.2 kernel-source-3.1.10-1.19.1 kernel-source-vanilla-3.1.10-1.19.1 - openSUSE 12.1 (i586): kernel-pae-3.1.10-1.19.1 kernel-pae-base-3.1.10-1.19.1 kernel-pae-base-debuginfo-3.1.10-1.19.1 kernel-pae-debuginfo-3.1.10-1.19.1 kernel-pae-debugsource-3.1.10-1.19.1 kernel-pae-devel-3.1.10-1.19.1 kernel-pae-devel-debuginfo-3.1.10-1.19.1


References

https://www.suse.com/security/cve/CVE-2012-0957.html https://www.suse.com/security/cve/CVE-2012-2745.html https://www.suse.com/security/cve/CVE-2012-3412.html https://www.suse.com/security/cve/CVE-2012-4530.html https://www.suse.com/security/cve/CVE-2013-0160.html https://www.suse.com/security/cve/CVE-2013-0216.html https://www.suse.com/security/cve/CVE-2013-0231.html https://www.suse.com/security/cve/CVE-2013-0268.html https://www.suse.com/security/cve/CVE-2013-0309.html https://www.suse.com/security/cve/CVE-2013-0871.html https://bugzilla.novell.com/714906 https://bugzilla.novell.com/720226 https://bugzilla.novell.com/733148 https://bugzilla.novell.com/755546 https://bugzilla.novell.com/762693 https://bugzilla.novell.com/765524 https://bugzilla.novell.com/768506 https://bugzilla.novell.com/769784 https://bugzilla.novell.com/769896 https://bugzilla.novell.com/770695 https://bugzilla.novell.com/773406 https://bugzilla.novell.com/773831 https://bugzilla.novell.com/774285 https://bugzilla.novell.com/774523 https://bugzilla.novell.com/774859 https://bugzilla.novell.com/776144 https://bugzilla.novell.com/778630 https://bugzilla.novell.com/779432 https://bugzilla.novell.com/781134 https://bugzilla.novell.com/783515 https://bugzilla.novell.com/784192 https://bugzilla.novell.com/786013 https://bugzilla.novell.com/787168 https://bugzilla.novell.com/792500 https://bugzilla.novell.com/793671 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/799209 https://bugzilla.novell.com/800280 https://bugzilla.novell.com/801178 https://bugzilla.novell.com/801782 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/802642 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804652 https://bugzilla.novell.com/804738


Severity
Announcement ID: openSUSE-SU-2013:0396-1
Rating: important
Affected Products: openSUSE 12.1

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved