Security update for Linux kernel
SUSE Security Update: Security update for Linux kernel
The SUSE Linux Enterprise 10 SP4 kernel has been updated to
fix various bugs and security issues.
Security issues fixed:
*
CVE-2012-4444: The ip6_frag_queue function in
net/ipv6/reassembly.c in the Linux kernel allowed remote
attackers to bypass intended network restrictions via
overlapping IPv6 fragments.
*
CVE-2013-1928: The do_video_set_spu_palette function
in fs/compat_ioctl.c in the Linux kernel lacked a certain
error check, which might have allowed local users to obtain
sensitive information from kernel stack memory via a
crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb
device.
Also the following bugs have been fixed:
* hugetlb: Fix regression introduced by the original
patch (bnc#790236, bnc#819403).
* NFSv3/v2: Fix data corruption with NFS short reads
(bnc#818337).
* Fix package descriptions in specfiles (bnc#817666).
* TTY: fix atime/mtime regression (bnc#815745).
* virtio_net: ensure big packets are 64k (bnc#760753).
* virtio_net: refill rx buffers when oom occurs
(bnc#760753).
* qeth: fix qeth_wait_for_threads() deadlock for OSN
devices (bnc#812317, LTC#90910).
* nfsd: remove unnecessary NULL checks from
nfsd_cross_mnt (bnc#810628).
* knfsd: Fixed problem with NFS exporting directories
which are mounted on (bnc#810628).
Security Issue references:
* CVE-2012-4444
>
* CVE-2013-1928
>
| Announcement ID: | SUSE-SU-2013:0856-1 |
| Rating: | important |
| References: | #760753 #789831 #790236 #810628 #812317 #813735 #815745 #817666 #818337 #819403 |
| Affected Products: |
An update that solves two vulnerabilities and has 8 fixes is now available.
Description:
The SUSE Linux Enterprise 10 SP4 kernel has been updated to
fix various bugs and security issues.
Security issues fixed:
*
CVE-2012-4444: The ip6_frag_queue function in
net/ipv6/reassembly.c in the Linux kernel allowed remote
attackers to bypass intended network restrictions via
overlapping IPv6 fragments.
*
CVE-2013-1928: The do_video_set_spu_palette function
in fs/compat_ioctl.c in the Linux kernel lacked a certain
error check, which might have allowed local users to obtain
sensitive information from kernel stack memory via a
crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb
device.
Also the following bugs have been fixed:
* hugetlb: Fix regression introduced by the original
patch (bnc#790236, bnc#819403).
* NFSv3/v2: Fix data corruption with NFS short reads
(bnc#818337).
* Fix package descriptions in specfiles (bnc#817666).
* TTY: fix atime/mtime regression (bnc#815745).
* virtio_net: ensure big packets are 64k (bnc#760753).
* virtio_net: refill rx buffers when oom occurs
(bnc#760753).
* qeth: fix qeth_wait_for_threads() deadlock for OSN
devices (bnc#812317, LTC#90910).
* nfsd: remove unnecessary NULL checks from
nfsd_cross_mnt (bnc#810628).
* knfsd: Fixed problem with NFS exporting directories
which are mounted on (bnc#810628).
Security Issue references:
* CVE-2012-4444
* CVE-2013-1928
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
- kernel-default-2.6.16.60-0.103.1
- kernel-source-2.6.16.60-0.103.1
- kernel-syms-2.6.16.60-0.103.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):
- kernel-debug-2.6.16.60-0.103.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):
- kernel-kdump-2.6.16.60-0.103.1
- SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):
- kernel-smp-2.6.16.60-0.103.1
- kernel-xen-2.6.16.60-0.103.1
- SUSE Linux Enterprise Server 10 SP4 (i586):
- kernel-bigsmp-2.6.16.60-0.103.1
- kernel-kdumppae-2.6.16.60-0.103.1
- kernel-vmi-2.6.16.60-0.103.1
- kernel-vmipae-2.6.16.60-0.103.1
- kernel-xenpae-2.6.16.60-0.103.1
- SUSE Linux Enterprise Server 10 SP4 (ppc):
- kernel-iseries64-2.6.16.60-0.103.1
- kernel-ppc64-2.6.16.60-0.103.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
- kernel-default-2.6.16.60-0.103.1
- kernel-smp-2.6.16.60-0.103.1
- kernel-source-2.6.16.60-0.103.1
- kernel-syms-2.6.16.60-0.103.1
- kernel-xen-2.6.16.60-0.103.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586):
- kernel-bigsmp-2.6.16.60-0.103.1
- kernel-xenpae-2.6.16.60-0.103.1
- SLE SDK 10 SP4 (i586 ia64 x86_64):
- kernel-debug-2.6.16.60-0.103.1
- SLE SDK 10 SP4 (i586 ppc x86_64):
- kernel-kdump-2.6.16.60-0.103.1
- SLE SDK 10 SP4 (i586 x86_64):
- kernel-xen-2.6.16.60-0.103.1
- SLE SDK 10 SP4 (i586):
- kernel-xenpae-2.6.16.60-0.103.1
References:
- http://support.novell.com/security/cve/CVE-2012-4444.html
- http://support.novell.com/security/cve/CVE-2013-1928.html
- https://bugzilla.novell.com/760753
- https://bugzilla.novell.com/789831
- https://bugzilla.novell.com/790236
- https://bugzilla.novell.com/810628
- https://bugzilla.novell.com/812317
- https://bugzilla.novell.com/813735
- https://bugzilla.novell.com/815745
- https://bugzilla.novell.com/817666
- https://bugzilla.novell.com/818337
- https://bugzilla.novell.com/819403
- http://download.suse.com/patch/finder/?keywords=42590e04eddb51fa31379710deb16611
- http://download.suse.com/patch/finder/?keywords=4f3691ec5a62d5e0a58b289de36e7ba5
- http://download.suse.com/patch/finder/?keywords=60a0921c1bb3961c00333f60f45fee0b
- http://download.suse.com/patch/finder/?keywords=806641e6eb093ae891357f0c47c7e76f
- http://download.suse.com/patch/finder/?keywords=b108e81194a14724506e0d40a5303d13