Security update for Linux Kernel

SUSE Security Update: Security update for Linux Kernel
Announcement ID: SUSE-SU-2014:0773-1
Rating: low
References: #797175 #833968 #852553 #857643 #874108 #875798
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4 LTSS

  • An update that fixes 6 vulnerabilities is now available.

    Description:


    The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been
    updated to fix various security issues and several bugs.

    The following security issues have been addressed:

    *

    CVE-2013-6382: Multiple buffer underflows in the XFS implementation
    in the Linux kernel through 3.12.1 allow local users to cause a denial of
    service (memory corruption) or possibly have unspecified
    other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
    XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call
    with a crafted length value, related to the xfs_attrlist_by_handle
    function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
    function in fs/xfs/xfs_ioctl32.c. (bnc#852553)

    *

    CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length
    values before ensuring that associated data structures have been
    initialized, which allows local users to obtain sensitive information from
    kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg
    system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
    net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)

    *

    CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in
    the Linux kernel before 3.12.4 updates a certain length value before
    ensuring that an associated data structure has been initialized, which
    allows local users to obtain sensitive information from kernel stack
    memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
    (bnc#857643)

    *

    CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in
    the Linux kernel before 3.12.4 updates a certain length value before
    ensuring that an associated data structure has been initialized, which
    allows local users to obtain sensitive information from kernel stack
    memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
    (bnc#857643)

    *

    CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c
    in the Linux kernel through 3.14.3 does not properly handle error
    conditions during processing of an FDRAWCMD ioctl call, which allows local
    users to trigger kfree operations and gain privileges by leveraging write
    access to a /dev/fd device. (bnc#875798)

    *

    CVE-2014-1738: The raw_cmd_copyout function in
    drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
    properly restrict access to certain pointers during processing of an
    FDRAWCMD ioctl call, which allows local users to obtain sensitive
    information from kernel heap memory by leveraging write access to a
    /dev/fd device. (bnc#875798)

    Additionally, the following non-security bugs have been fixed:

    * tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).
    * tcp: syncookies: reduce mss table to four values (bnc#833968).
    * ia64: Change default PSR.ac from '1' to '0' (Fix erratum #237)
    (bnc#874108).
    * tty: fix up atime/mtime mess, take three (bnc#797175).

    Security Issues references:

    * CVE-2013-6382

    * CVE-2013-7263

    * CVE-2013-7264

    * CVE-2013-7265

    * CVE-2014-1737

    * CVE-2014-1738

    Indications:

    Everyone using the Linux Kernel on x86_64 architecture should update.

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):
      • kernel-default-2.6.16.60-0.107.1
      • kernel-source-2.6.16.60-0.107.1
      • kernel-syms-2.6.16.60-0.107.1
    • SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):
      • kernel-debug-2.6.16.60-0.107.1
      • kernel-kdump-2.6.16.60-0.107.1
      • kernel-smp-2.6.16.60-0.107.1
      • kernel-xen-2.6.16.60-0.107.1

    References:

    • http://support.novell.com/security/cve/CVE-2013-6382.html
    • http://support.novell.com/security/cve/CVE-2013-7263.html
    • http://support.novell.com/security/cve/CVE-2013-7264.html
    • http://support.novell.com/security/cve/CVE-2013-7265.html
    • http://support.novell.com/security/cve/CVE-2014-1737.html
    • http://support.novell.com/security/cve/CVE-2014-1738.html
    • https://bugzilla.novell.com/797175
    • https://bugzilla.novell.com/833968
    • https://bugzilla.novell.com/852553
    • https://bugzilla.novell.com/857643
    • https://bugzilla.novell.com/874108
    • https://bugzilla.novell.com/875798
    • http://download.suse.com/patch/finder/?keywords=92e5a7d9af3ca4f050703bcbf2268c9e
    • http://download.suse.com/patch/finder/?keywords=a9f7b560616d678d5217f211234abdba