SUSE-SU-2013:0674-1

Security update for Linux kernel

SUSE Security Update: Security update for Linux kernel
Announcement ID: SUSE-SU-2013:0674-1
Rating: important
References: #742111 #765687 #769093 #770980 #776370 #781485 #785101 #786013 #787272 #789012 #790236 #792697 #795075 #795335 #797175 #799611 #800280 #801178 #802642 #804154 #809692
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4
  • SUSE Linux Enterprise Desktop 10 SP4
  • SLE SDK 10 SP4

  • An update that solves 6 vulnerabilities and has 15 fixes is now available.

    Description:


    This Linux kernel update fixes various security issues and
    bugs in the SUSE Linux Enterprise 10 SP4 kernel.

    The following security issues have been fixed:

    *

    CVE-2013-0871: A race condition in ptrace(2) could be
    used by local attackers to crash the kernel and/or execute
    code in kernel context.

    *

    CVE-2013-0160: Avoid side channel information leaks
    from the ptys via ptmx, which allowed local attackers to
    guess keypresses.

    *

    CVE-2012-4530: Avoid leaving bprm->interp on the
    stack which might have leaked information from the kernel
    to userland attackers.

    *

    CVE-2013-0268: The msr_open function in
    arch/x86/kernel/msr.c in the Linux kernel allowed local
    users to bypass intended capability restrictions by
    executing a crafted application as root, as demonstrated by
    msr32.c.

    *

    CVE-2013-0216: The Xen netback functionality in the
    Linux kernel allowed guest OS users to cause a denial of
    service (loop) by triggering ring pointer corruption.

    *

    CVE-2013-0231: The pciback_enable_msi function in the
    PCI backend driver
    (drivers/xen/pciback/conf_space_capability_msi.c) in Xen
    for the Linux kernel allowed guest OS users with PCI device
    access to cause a denial of service via a large number of
    kernel log messages. NOTE: some of these details are
    obtained from third party information.

    Also the following non-security bugs have been fixed:

    S/390:

    * s390x: tty struct used after free (bnc#809692,
    LTC#90216).
    * s390x/kernel: sched_clock() overflow (bnc#799611,
    LTC#87978).
    * qeth: set new mac even if old mac is gone
    (bnc#789012,LTC#86643).
    * qeth: set new mac even if old mac is gone (2)
    (bnc#792697,LTC#87138).
    * qeth: fix deadlock between recovery and bonding
    driver (bnc#785101,LTC#85905).
    * dasd: check count address during online setting
    (bnc#781485,LTC#85346).
    * hugetlbfs: add missing TLB invalidation
    (bnc#781485,LTC#85463).
    * s390/kernel: make user-access pagetable walk code
    huge page aware (bnc#781485,LTC#85455).

    XEN:

    * xen/netback: fix netbk_count_requests().
    * xen: properly bound buffer access when parsing
    cpu/availability.
    * xen/scsiback/usbback: move cond_resched() invocations
    to proper place.
    * xen/pciback: properly clean up after calling
    pcistub_device_find().
    * xen: add further backward-compatibility configure
    options.
    * xen/PCI: suppress bogus warning on old hypervisors.
    * xenbus: fix overflow check in xenbus_dev_write().
    * xen/x86: do not corrupt %eip when returning from a
    signal handler.

    Other:

    * kernel: Restrict clearing TIF_SIGPENDING (bnc#742111).
    * kernel: recalc_sigpending_tsk fixes (bnc#742111).
    * xfs: Do not reclaim new inodes in xfs_sync_inodes()
    (bnc#770980).
    * jbd: Avoid BUG_ON when checkpoint stalls (bnc#795335).
    * reiserfs: Fix int overflow while calculating free
    space (bnc#795075).
    * cifs: clarify the meaning of tcpStatus == CifsGood
    (bnc#769093).
    * cifs: do not allow cifs_reconnect to exit with NULL
    socket pointer (bnc#769093).
    * cifs: switch to seq_files (bnc#776370).
    * scsi: fix check of PQ and PDT bits for WLUNs
    (bnc#765687).
    * hugetlb: preserve hugetlb pte dirty state
    (bnc#790236).
    * poll: enforce RLIMIT_NOFILE in poll() (bnc#787272).
    * proc: fix ->open less usage due to ->proc_fops flip
    (bnc#776370).
    * rpm/kernel-binary.spec.in: Ignore kabi errors if
    %%ignore_kabi_badness is defined. This is used in the
    Kernel:* projects in the OBS.

    Security Issue references:

    * CVE-2012-4530
    >
    * CVE-2013-0160
    >
    * CVE-2013-0216
    >
    * CVE-2013-0231
    >
    * CVE-2013-0268
    >
    * CVE-2013-0871
    >

    Indications:

    Everyone using the Linux Kernel on x86_64 architecture should update.

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
    • kernel-default-2.6.16.60-0.101.1
    • kernel-source-2.6.16.60-0.101.1
    • kernel-syms-2.6.16.60-0.101.1
    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):
    • kernel-debug-2.6.16.60-0.101.1
    • SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):
    • kernel-kdump-2.6.16.60-0.101.1
    • SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):
    • kernel-smp-2.6.16.60-0.101.1
    • kernel-xen-2.6.16.60-0.101.1
    • SUSE Linux Enterprise Server 10 SP4 (i586):
    • kernel-bigsmp-2.6.16.60-0.101.1
    • kernel-kdumppae-2.6.16.60-0.101.1
    • kernel-vmi-2.6.16.60-0.101.1
    • kernel-vmipae-2.6.16.60-0.101.1
    • kernel-xenpae-2.6.16.60-0.101.1
    • SUSE Linux Enterprise Server 10 SP4 (ppc):
    • kernel-iseries64-2.6.16.60-0.101.1
    • kernel-ppc64-2.6.16.60-0.101.1
    • SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
    • kernel-default-2.6.16.60-0.101.1
    • kernel-smp-2.6.16.60-0.101.1
    • kernel-source-2.6.16.60-0.101.1
    • kernel-syms-2.6.16.60-0.101.1
    • kernel-xen-2.6.16.60-0.101.1
    • SUSE Linux Enterprise Desktop 10 SP4 (i586):
    • kernel-bigsmp-2.6.16.60-0.101.1
    • kernel-xenpae-2.6.16.60-0.101.1
    • SLE SDK 10 SP4 (i586 ia64 x86_64):
    • kernel-debug-2.6.16.60-0.101.1
    • SLE SDK 10 SP4 (i586 ppc x86_64):
    • kernel-kdump-2.6.16.60-0.101.1
    • SLE SDK 10 SP4 (i586 x86_64):
    • kernel-xen-2.6.16.60-0.101.1
    • SLE SDK 10 SP4 (i586):
    • kernel-xenpae-2.6.16.60-0.101.1

    References:

    • http://support.novell.com/security/cve/CVE-2012-4530.html
    • http://support.novell.com/security/cve/CVE-2013-0160.html
    • http://support.novell.com/security/cve/CVE-2013-0216.html
    • http://support.novell.com/security/cve/CVE-2013-0231.html
    • http://support.novell.com/security/cve/CVE-2013-0268.html
    • http://support.novell.com/security/cve/CVE-2013-0871.html
    • https://bugzilla.novell.com/742111
    • https://bugzilla.novell.com/765687
    • https://bugzilla.novell.com/769093
    • https://bugzilla.novell.com/770980
    • https://bugzilla.novell.com/776370
    • https://bugzilla.novell.com/781485
    • https://bugzilla.novell.com/785101
    • https://bugzilla.novell.com/786013
    • https://bugzilla.novell.com/787272
    • https://bugzilla.novell.com/789012
    • https://bugzilla.novell.com/790236
    • https://bugzilla.novell.com/792697
    • https://bugzilla.novell.com/795075
    • https://bugzilla.novell.com/795335
    • https://bugzilla.novell.com/797175
    • https://bugzilla.novell.com/799611
    • https://bugzilla.novell.com/800280
    • https://bugzilla.novell.com/801178
    • https://bugzilla.novell.com/802642
    • https://bugzilla.novell.com/804154
    • https://bugzilla.novell.com/809692
    • http://download.suse.com/patch/finder/?keywords=2b51bf3e02179f8f70c7b2ada2571a2d
    • http://download.suse.com/patch/finder/?keywords=7cf4de409b28c5f187bc1e9f71ccd64f
    • http://download.suse.com/patch/finder/?keywords=ac5626f6e7f483c6dac1cc5fe253fcf9
    • http://download.suse.com/patch/finder/?keywords=ba0e542087a9075aed8c17a29d5f1cb8
    • http://download.suse.com/patch/finder/?keywords=dba6fc0fdae22199ec260695a6d2179e
    2020-03-20