SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0537-1
Rating:             important
References:         #599263 #769035 #769644 #793727 #798050 #805114 
                    #805740 #820434 #823618 #827670 #833968 #844513 
                    #845378 #845621 #846654 #846790 #846984 #847672 
                    #848055 #849364 #849855 #851603 #852153 #852488 
                    #852967 #853052 #853162 #853166 #853455 #854025 
                    #854445 #854516 #855825 #855885 #856848 #857358 
                    #857643 #857919 #858534 #858604 #858831 #859225 
                    #859342 #861093 #862796 #862957 #863178 #863526 
                    #864025 #864058 #864833 #864880 #865342 #865783 
                    #866253 #866428 #870801 
Cross-References:   CVE-2013-4470 CVE-2013-6368 CVE-2013-6885
                    CVE-2013-7263 CVE-2013-7264 CVE-2013-7265
                    CVE-2014-0069
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 11 SP3
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has 50 fixes is
   now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 3 RealTime
   Extension kernel has  been updated to fix various bugs and
   security issues.

   ------------------------------------------------------------
   ------------ WARNING: If you are running KVM with PCI
   pass-through on a system with one  of the following Intel
   chipsets: 5500 (revision 0x13), 5520 (revision 0x13)  or
   X58 (revisions 0x12, 0x13, 0x22), please make sure to read
   the following  support document before installing this
   update: https://www.suse.com/support/kb/
    You
   will have to update your KVM setup to no longer make use
   of PCI  pass-through before rebooting to the updated
   kernel.
   ------------------------------------------------------------
   ------------

   The following security bugs have been fixed:

   *

   CVE-2013-4470: The Linux kernel before 3.12, when UDP
   Fragmentation Offload (UFO) is enabled, does not properly
   initialize certain data structures, which allows local
   users to cause a denial of service (memory corruption and
   system crash) or possibly gain privileges via a crafted
   application that uses the UDP_CORK option in a setsockopt
   system call and sends both short and long packets, related
   to the ip_ufo_append_data function in net/ipv4/ip_output.c
   and the ip6_ufo_append_data function in
   net/ipv6/ip6_output.c. (bnc#847672)

   *

   CVE-2013-6368: The KVM subsystem in the Linux kernel
   through 3.12.5 allows local users to gain privileges or
   cause a denial of service (system crash) via a VAPIC
   synchronization operation involving a page-end address.
   (bnc#853052)

   *

   CVE-2013-6885: The microcode on AMD 16h 00h through
   0Fh processors does not properly handle the interaction
   between locked instructions and write-combined memory
   types, which allows local users to cause a denial of
   service (system hang) via a crafted application, aka the
   errata 793 issue. (bnc#852967)

   *

   CVE-2013-7263: The Linux kernel before 3.12.4 updates
   certain length values before ensuring that associated data
   structures have been initialized, which allows local users   to obtain sensitive information from kernel stack memory
   via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
   call, related to net/ipv4/ping.c, net/ipv4/raw.c,
   net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
   (bnc#857643)

   *

   CVE-2013-7264: The l2tp_ip_recvmsg function in
   net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4
   updates a certain length value before ensuring that an
   associated data structure has been initialized, which
   allows local users to obtain sensitive information from
   kernel stack memory via a (1) recvfrom, (2) recvmmsg, or
   (3) recvmsg system call. (bnc#857643)

   *

   CVE-2013-7265: The pn_recvmsg function in
   net/phonet/datagram.c in the Linux kernel before 3.12.4
   updates a certain length value before ensuring that an
   associated data structure has been initialized, which
   allows local users to obtain sensitive information from
   kernel stack memory via a (1) recvfrom, (2) recvmmsg, or
   (3) recvmsg system call. (bnc#857643)

   *

   CVE-2014-0069: The cifs_iovec_write function in
   fs/cifs/file.c in the Linux kernel through 3.13.5 does not
   properly handle uncached write operations that copy fewer
   than the requested number of bytes, which allows local
   users to obtain sensitive information from kernel memory,
   cause a denial of service (memory corruption and system
   crash), or possibly gain privileges via a writev system
   call with a crafted pointer. (bnc#864025)

   Also the following non-security bugs have been fixed:

   * sched/rt: Fix rqs cpupri leak while enqueue/dequeue
   child RT entities.
   * sched/rt: Use root_domain of rt_rq not current
   processor (bnc#857919).
   * kernel: oops due to linkage stack instructions
   (bnc#862796, LTC#103860).
   * kabi: protect symbols modified by bnc#864833 fix
   (bnc#864833).
   * kabi: protect bind_conflict callback in struct
   inet_connection_sock_af_ops (bnc#823618).
   * mm: mempolicy: fix mbind_range() && vma_adjust()
   interaction (VM Functionality (bnc#866428)).
   * mm: merging memory blocks resets mempolicy (VM
   Functionality (bnc#866428)).
   * mm/page-writeback.c: do not count anon pages as
   dirtyable memory (High memory utilisation performance
   (bnc#859225)).
   * mm: vmscan: Do not force reclaim file pages until it
   exceeds anon (High memory utilisation performance
   (bnc#859225)).
   * mm: vmscan: fix endless loop in kswapd balancing
   (High memory utilisation performance (bnc#859225)).
   * mm: vmscan: Update rotated and scanned when force
   reclaimed (High memory utilisation performance
   (bnc#859225)).
   * mm: fix return type for functions nr_free_*_pages
   kabi fixup (bnc#864058).
   * mm: fix return type for functions nr_free_*_pages
   (bnc#864058).
   * mm: swap: Use swapfiles in priority order (Use swap
   files in priority order (bnc#862957)).
   * mm: exclude memory less nodes from zone_reclaim
   (bnc#863526).
   *

   mm: reschedule to avoid RCU stall triggering during
   boot of large machines (bnc#820434,bnc#852153).

   *

   arch/x86: Fix incorrect config symbol in #ifdef
   (bnc#844513).

   * arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing
   SLIT (bnc#863178).
   * vmscan: change type of vm_total_pages to unsigned
   long (bnc#864058).
   * crypto: s390 - fix des and des3_ede ctr concurrency
   issue (bnc#862796, LTC#103744).
   * crypto: s390 - fix concurrency issue in aes-ctr mode
   (bnc#862796, LTC#103742).
   * X.509: Fix certificate gathering (bnc#805114).
   * dump: Fix dump memory detection
   (bnc#862796,LTC#103575).
   * lockd: send correct lock when granting a delayed lock
   (bnc#859342).
   * nohz: Check for nohz active instead of nohz enabled
   (bnc#846790).
   * nohz: Fix another inconsistency between
   CONFIG_NO_HZ=n and nohz=off (bnc#846790).
   * futex: move user address verification up to common
   code (bnc#851603).
   * futexes: Clean up various details (bnc#851603).
   * futexes: Increase hash table size for better
   performance (bnc#851603).
   * futexes: Document multiprocessor ordering guarantees
   (bnc#851603).
   * futexes: Avoid taking the hb->lock if there is
   nothing to wake up (bnc#851603).
   * efifb: prevent null-deref when iterating dmi_list
   (bnc#848055).
   * x86/PCI: reduce severity of host bridge window
   conflict warnings (bnc#858534).
   *

   x86/dumpstack: Fix printk_address for direct
   addresses (bnc#845621).

   *

   ipv6 routing, NLM_F_* flag support: REPLACE and EXCL
   flags support, warn about missing CREATE flag (bnc#865783).

   * ipv6: send router reachability probe if route has an
   unreachable gateway (bnc#853162).
   * inet: handle rt{,6}_bind_peer() failure correctly
   (bnc#870801).
   * inet: Avoid potential NULL peer dereference
   (bnc#864833).
   * inet: Hide route peer accesses behind helpers   (bnc#864833).
   * inet: Pass inetpeer root into inet_getpeer*()
   interfaces (bnc#864833).
   * tcp: syncookies: reduce cookie lifetime to 128
   seconds (bnc#833968).
   * tcp: syncookies: reduce mss table to four values
   (bnc#833968).
   * tcp: bind() fix autoselection to share ports
   (bnc#823618).
   * tcp: bind() use stronger condition for bind_conflict
   (bnc#823618).
   * tcp: ipv6: bind() use stronger condition for
   bind_conflict (bnc#823618).
   * net: change type of virtio_chan->p9_max_pages
   (bnc#864058).
   * sctp: Implement quick failover draft from tsvwg
   (bnc#827670).
   * ipvs: fix AF assignment in ip_vs_conn_new()
   (bnc#856848).
   * net: Do not enable tx-nocache-copy by default
   (bnc#845378).
   * macvlan: introduce IFF_MACVLAN flag and helper
   function (bnc#846984).
   * macvlan: introduce macvlan_dev_real_dev() helper
   function (bnc#846984).
   *

   macvlan: disable LRO on lower device instead of
   macvlan (bnc#846984).

   *

   dlm: remove get_comm (bnc#827670).

   * dlm: Avoid LVB truncation (bnc#827670).
   * dlm: disable nagle for SCTP (bnc#827670).
   * dlm: retry failed SCTP sends (bnc#827670).
   * dlm: try other IPs when sctp init assoc fails
   (bnc#827670).
   * dlm: clear correct bit during sctp init failure
   handling (bnc#827670).
   * dlm: set sctp assoc id during setup (bnc#827670).
   * dlm: clear correct init bit during sctp setup
   (bnc#827670).
   * dlm: fix deadlock between dlm_send and dlm_controld
   (bnc#827670).
   *

   dlm: fix return value from lockspace_busy()
   (bnc#827670).

   *

   NFSD/sunrpc: avoid deadlock on TCP connection due to
   memory pressure (bnc#853455).

   * ncpfs: fix rmdir returns Device or resource busy
   (bnc#864880).
   * btrfs: bugfix collection
   * fs/fs-cache: Handle removal of unadded object to the
   fscache_object_list rb tree (bnc#855885).
   * fs/nfsd: change type of max_delegations,
   nfsd_drc_max_mem and nfsd_drc_mem_used (bnc#864058).
   * fs/nfs: Avoid occasional hang with NFS (bnc#852488).
   *

   fs/buffer.c: change type of max_buffer_heads to
   unsigned long (bnc#864058).

   *

   dm-multipath: abort all requests when failing a path
   (bnc#798050).

   *

   dm-multipath: Do not stall on invalid ioctls
   (bnc#865342).

   *

   scsi: kABI fixes (bnc#798050).

   * scsi: remove check for "resetting" (bnc#798050).
   * scsi: Add "eh_deadline" to limit SCSI EH runtime
   (bnc#798050).
   * scsi: Allow error handling timeout to be specified
   (bnc#798050).
   * scsi: Fixup compilation warning (bnc#798050).
   * scsi: Retry failfast commands after EH (bnc#798050).
   * scsi: Warn on invalid command completion (bnc#798050).
   * scsi: cleanup setting task state in
   scsi_error_handler() (bnc#798050).
   * scsi_dh_alua: fixup misplaced brace in
   alua_initialize() (bnc#858831).
   * scsi_dh_alua: fixup RTPG retry delay miscalculation
   (bnc#854025).
   * scsi_dh_alua: Simplify state machine (bnc#854025).
   * scsi_dh_alua: endless STPG retries for a failed LUN
   (bnc#865342).
   *

   scsi_dh_rdac: Add new IBM 1813 product id to rdac
   devlist (bnc#846654).

   *

   xhci: Fix resume issues on Renesas chips in Samsung
   laptops (bnc#866253).

   * bonding: disallow enslaving a bond to itself
   (bnc#599263).
   * net/mlx4_en: Fix pages never dma unmapped on rx
   (bnc#858604).
   * USB: hub: handle -ETIMEDOUT during enumeration
   (bnc#855825).
   * powerpc: Add VDSO version of getcpu (fate#316816,
   bnc#854445).
   * privcmd: allow preempting long running user-mode
   originating hypercalls (bnc#861093).
   * audit: dynamically allocate audit_names when not
   enough space is in the names array (bnc#857358).
   * audit: make filetype matching consistent with other
   filters (bnc#857358).
   * mpt2sas: Fix unsafe using smp_processor_id() in
   preemptible (bnc#853166).
   * balloon: do not crash in HVM-with-PoD guests.
   * hwmon: (coretemp) Fix truncated name of alarm
   attributes.
   * rtc-cmos: Add an alarm disable quirk (bnc#805740).
   *

   md: Change handling of save_raid_disk and metadata
   update during recovery (bnc#849364).

   *

   s390: Avoid kabi change due to newly visible
   structures.

   *

   s390/pci: remove PCI/MSI interruption class
   (FATE#83037, LTC#94737).

   *

   advansys: Remove "last_reset" references (bnc#798050).

   * dc395: Move "last_reset" into internal host structure
   (bnc#798050).
   * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).
   * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
   (bnc#798050).
   * tmscsim: Move "last_reset" into host structure
   (bnc#798050).
   *

   bnx2x: remove false warning regarding interrupt
   number (bnc#769035).

   *

   block: factor out vector mergeable decision to a
   helper function (bnc#769644).

   *

   block: modify __bio_add_page check to accept pages
   that do not start a new segment (bnc#769644).

   *

   HID: multitouch: Add support for NextWindow 0340
   touchscreen (bnc#849855).

   * HID: multitouch: Add support for Qaunta 3027
   touchscreen (bnc#854516).
   * HID: multitouch: add support for Atmel 212c
   touchscreen (bnc#793727).
   * HID: multitouch: partial support of win8 devices
   (bnc#854516,bnc#793727,bnc#849855).
   * HID: hid-multitouch: add support for the IDEACOM 6650
   chip (bnc#854516,bnc#793727,bnc#849855).

   Security Issue references:

   * CVE-2013-4470
   
   * CVE-2013-6368
   
   * CVE-2013-6885
   
   * CVE-2013-7263
   
   * CVE-2013-7264
   
   * CVE-2013-7265
   
   * CVE-2014-0069
   

Indications:

   Everyone using the Real Time Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 11 SP3:

      zypper in -t patch slertesp3-kernel-9114

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]:

      cluster-network-kmp-rt-1.4_3.0.101_rt130_0.14-2.27.55
      cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.14-2.27.55
      drbd-kmp-rt-8.4.4_3.0.101_rt130_0.14-0.22.21
      drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.14-0.22.21
      iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.14-0.38.40
      iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.14-0.38.40
      kernel-rt-3.0.101.rt130-0.14.1
      kernel-rt-base-3.0.101.rt130-0.14.1
      kernel-rt-devel-3.0.101.rt130-0.14.1
      kernel-rt_trace-3.0.101.rt130-0.14.1
      kernel-rt_trace-base-3.0.101.rt130-0.14.1
      kernel-rt_trace-devel-3.0.101.rt130-0.14.1
      kernel-source-rt-3.0.101.rt130-0.14.1
      kernel-syms-rt-3.0.101.rt130-0.14.1
      lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.14-0.11.36
      lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.14-0.11.36
      ocfs2-kmp-rt-1.6_3.0.101_rt130_0.14-0.20.55
      ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.14-0.20.55
      ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.14-0.13.46
      ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.14-0.13.46


References:

   https://www.suse.com/security/cve/CVE-2013-4470.html
   https://www.suse.com/security/cve/CVE-2013-6368.html
   https://www.suse.com/security/cve/CVE-2013-6885.html
   https://www.suse.com/security/cve/CVE-2013-7263.html
   https://www.suse.com/security/cve/CVE-2013-7264.html
   https://www.suse.com/security/cve/CVE-2013-7265.html
   https://www.suse.com/security/cve/CVE-2014-0069.html
                                                                                                                                                                              https://scc.suse.com:443/patches/

SuSE: 2014:0537-1: important: Linux kernel

April 17, 2014
An update that solves 7 vulnerabilities and has 50 fixes is An update that solves 7 vulnerabilities and has 50 fixes is An update that solves 7 vulnerabilities and has 50 fixes is ...

Summary

The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel has been updated to fix various bugs and security issues.

References

#599263 #769035 #769644 #793727 #798050 #805114

#805740 #820434 #823618 #827670 #833968 #844513

#845378 #845621 #846654 #846790 #846984 #847672

#848055 #849364 #849855 #851603 #852153 #852488

#852967 #853052 #853162 #853166 #853455 #854025

#854445 #854516 #855825 #855885 #856848 #857358

#857643 #857919 #858534 #858604 #858831 #859225

#859342 #861093 #862796 #862957 #863178 #863526

#864025 #864058 #864833 #864880 #865342 #865783

#866253 #866428 #870801

Cross- CVE-2013-4470 CVE-2013-6368 CVE-2013-6885

CVE-2013-7263 CVE-2013-7264 CVE-2013-7265

CVE-2014-0069

Affected Products:

SUSE Linux Enterprise Real Time Extension 11 SP3

https://www.suse.com/security/cve/CVE-2013-4470.html

https://www.suse.com/security/cve/CVE-2013-6368.html

https://w...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2014:0537-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved