SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0674-1
Rating:             important
References:         #742111 #765687 #769093 #770980 #776370 #781485 
                    #785101 #786013 #787272 #789012 #790236 #792697 
                    #795075 #795335 #797175 #799611 #800280 #801178 
                    #802642 #804154 #809692 
Cross-References:   CVE-2012-4530 CVE-2013-0160 CVE-2013-0216
                    CVE-2013-0231 CVE-2013-0268 CVE-2013-0871
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 15 fixes is
   now available.

Description:


   This Linux kernel update fixes various security issues and
   bugs in the SUSE  Linux Enterprise 10 SP4 kernel.

   The following security issues have been fixed:

   *

   CVE-2013-0871: A race condition in ptrace(2) could be
   used by local attackers to crash the kernel and/or execute
   code in kernel context.

   *

   CVE-2013-0160: Avoid side channel information leaks
   from the ptys via ptmx, which allowed local attackers to
   guess keypresses.

   *

   CVE-2012-4530: Avoid leaving bprm->interp on the
   stack which might have leaked information from the kernel
   to userland attackers.

   *

   CVE-2013-0268: The msr_open function in
   arch/x86/kernel/msr.c in the Linux kernel allowed local
   users to bypass intended capability restrictions by
   executing a crafted application as root, as demonstrated by
   msr32.c.

   *

   CVE-2013-0216: The Xen netback functionality in the
   Linux kernel allowed guest OS users to cause a denial of
   service (loop) by triggering ring pointer corruption.

   *

   CVE-2013-0231: The pciback_enable_msi function in the
   PCI backend driver
   (drivers/xen/pciback/conf_space_capability_msi.c) in Xen
   for the Linux kernel allowed guest OS users with PCI device
   access to cause a denial of service via a large number of
   kernel log messages. NOTE: some of these details are
   obtained from third party information.

   Also the following non-security bugs have been fixed:

   S/390:

   * s390x: tty struct used after free (bnc#809692,
   LTC#90216).
   * s390x/kernel: sched_clock() overflow (bnc#799611,
   LTC#87978).
   * qeth: set new mac even if old mac is gone
   (bnc#789012,LTC#86643).
   * qeth: set new mac even if old mac is gone (2)
   (bnc#792697,LTC#87138).
   * qeth: fix deadlock between recovery and bonding
   driver (bnc#785101,LTC#85905).
   * dasd: check count address during online setting
   (bnc#781485,LTC#85346).
   * hugetlbfs: add missing TLB invalidation
   (bnc#781485,LTC#85463).
   * s390/kernel: make user-access pagetable walk code
   huge page aware (bnc#781485,LTC#85455).

   XEN:

   * xen/netback: fix netbk_count_requests().
   * xen: properly bound buffer access when parsing
   cpu/availability.
   * xen/scsiback/usbback: move cond_resched() invocations
   to proper place.
   * xen/pciback: properly clean up after calling
   pcistub_device_find().
   * xen: add further backward-compatibility configure
   options.
   * xen/PCI: suppress bogus warning on old hypervisors.
   * xenbus: fix overflow check in xenbus_dev_write().
   * xen/x86: do not corrupt %eip when returning from a
   signal handler.

   Other:

   * kernel: Restrict clearing TIF_SIGPENDING (bnc#742111).
   * kernel: recalc_sigpending_tsk fixes (bnc#742111).
   * xfs: Do not reclaim new inodes in xfs_sync_inodes()
   (bnc#770980).
   * jbd: Avoid BUG_ON when checkpoint stalls (bnc#795335).
   * reiserfs: Fix int overflow while calculating free
   space (bnc#795075).
   * cifs: clarify the meaning of tcpStatus == CifsGood
   (bnc#769093).
   * cifs: do not allow cifs_reconnect to exit with NULL
   socket pointer (bnc#769093).
   * cifs: switch to seq_files (bnc#776370).
   * scsi: fix check of PQ and PDT bits for WLUNs
   (bnc#765687).
   * hugetlb: preserve hugetlb pte dirty state
   (bnc#790236).
   * poll: enforce RLIMIT_NOFILE in poll() (bnc#787272).
   * proc: fix ->open less usage due to ->proc_fops flip
   (bnc#776370).
   * rpm/kernel-binary.spec.in: Ignore kabi errors if
   %%ignore_kabi_badness is defined. This is used in the
   Kernel:* projects in the OBS.

   Security Issue references:

   * CVE-2012-4530
   
   * CVE-2013-0160
   
   * CVE-2013-0216
   
   * CVE-2013-0231
   
   * CVE-2013-0268
   
   * CVE-2013-0871
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.101.1
      kernel-source-2.6.16.60-0.101.1
      kernel-syms-2.6.16.60-0.101.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.101.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.101.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.101.1
      kernel-xen-2.6.16.60-0.101.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.101.1
      kernel-kdumppae-2.6.16.60-0.101.1
      kernel-vmi-2.6.16.60-0.101.1
      kernel-vmipae-2.6.16.60-0.101.1
      kernel-xenpae-2.6.16.60-0.101.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.101.1
      kernel-ppc64-2.6.16.60-0.101.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.101.1
      kernel-smp-2.6.16.60-0.101.1
      kernel-source-2.6.16.60-0.101.1
      kernel-syms-2.6.16.60-0.101.1
      kernel-xen-2.6.16.60-0.101.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.101.1
      kernel-xenpae-2.6.16.60-0.101.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.101.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.101.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.101.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.101.1


References:

   https://www.suse.com/security/cve/CVE-2012-4530.html
   https://www.suse.com/security/cve/CVE-2013-0160.html
   https://www.suse.com/security/cve/CVE-2013-0216.html
   https://www.suse.com/security/cve/CVE-2013-0231.html
   https://www.suse.com/security/cve/CVE-2013-0268.html
   https://www.suse.com/security/cve/CVE-2013-0871.html
   https://bugzilla.novell.com/742111
   https://bugzilla.novell.com/765687
   https://bugzilla.novell.com/769093
   https://bugzilla.novell.com/770980
   https://bugzilla.novell.com/776370
   https://bugzilla.novell.com/781485
   https://bugzilla.novell.com/785101
   https://bugzilla.novell.com/786013
   https://bugzilla.novell.com/787272
   https://bugzilla.novell.com/789012
   https://bugzilla.novell.com/790236
   https://bugzilla.novell.com/792697
   https://bugzilla.novell.com/795075
   https://bugzilla.novell.com/795335
   https://bugzilla.novell.com/797175
   https://bugzilla.novell.com/799611
   https://bugzilla.novell.com/800280
   https://bugzilla.novell.com/801178
   https://bugzilla.novell.com/802642
   https://bugzilla.novell.com/804154
   https://bugzilla.novell.com/809692
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2013:0674-1: important: Linux kernel

April 13, 2013
An update that solves 6 vulnerabilities and has 15 fixes is An update that solves 6 vulnerabilities and has 15 fixes is An update that solves 6 vulnerabilities and has 15 fixes is ...

Summary

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed: * CVE-2013-0871: A race condition in ptrace(2) could be used by local attackers to crash the kernel and/or execute code in kernel context. * CVE-2013-0160: Avoid side channel information leaks from the ptys via ptmx, which allowed local attackers to guess keypresses. * CVE-2012-4530: Avoid leaving bprm->interp on the stack which might have leaked information from the kernel to userland attackers. * CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. * CVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by t...

Read the Full Advisory

References

#742111 #765687 #769093 #770980 #776370 #781485

#785101 #786013 #787272 #789012 #790236 #792697

#795075 #795335 #797175 #799611 #800280 #801178

#802642 #804154 #809692

Cross- CVE-2012-4530 CVE-2013-0160 CVE-2013-0216

CVE-2013-0231 CVE-2013-0268 CVE-2013-0871

Affected Products:

SUSE Linux Enterprise Server 10 SP4

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

https://www.suse.com/security/cve/CVE-2012-4530.html

https://www.suse.com/security/cve/CVE-2013-0160.html

https://www.suse.com/security/cve/CVE-2013-0216.html

https://www.suse.com/security/cve/CVE-2013-0231.html

https://www.suse.com/security/cve/CVE-2013-0268.html

https://www.suse.com/security/cve/CVE-2013-0871.html

https://bugzilla.novell.com/742111

https://bugzilla.novell.com/765687

https://bugzilla.novell.com/769093

https://bugzilla.novell...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2013:0674-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved