SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7811 / 7813 / 7814)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to
Linux kernel 3.0.80 which fixes various bugs and security issues.

The following security issues have been fixed :

- Timing side channel on attacks were possible on
/dev/ptmx that could allow local attackers to predict
keypresses like e.g. passwords. This has been fixed
again by updating accessed/modified time on the pty
devices in resolution of 8 seconds, so that idle time
detection can still work. (CVE-2013-0160)

- The vcc_recvmsg function in net/atm/common.c in the
Linux kernel did not initialize a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (CVE-2013-3222)

- The ax25_recvmsg function in net/ax25/af_ax25.c in the
Linux kernel did not initialize a certain data
structure, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (CVE-2013-3223)

- The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom
system call. (CVE-2013-3224)

- The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel did not
initialize a certain length variable, which allowed
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system
call. (CVE-2013-3225)

- The caif_seqpkt_recvmsg function in
net/caif/caif_socket.c in the Linux kernel did not
initialize a certain length variable, which allowed
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system
call. (CVE-2013-3227)

- The irda_recvmsg_dgram function in net/irda/af_irda.c in
the Linux kernel did not initialize a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (CVE-2013-3228)

- The iucv_sock_recvmsg function in net/iucv/af_iucv.c in
the Linux kernel did not initialize a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (CVE-2013-3229)

- The llc_ui_recvmsg function in net/llc/af_llc.c in the
Linux kernel did not initialize a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (CVE-2013-3231)

- The nr_recvmsg function in net/netrom/af_netrom.c in the
Linux kernel did not initialize a certain data
structure, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (CVE-2013-3232)

- The rose_recvmsg function in net/rose/af_rose.c in the
Linux kernel did not initialize a certain data
structure, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (CVE-2013-3234)

- net/tipc/socket.c in the Linux kernel did not initialize
a certain data structure and a certain length variable,
which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (CVE-2013-3235)

- The crypto API in the Linux kernel did not initialize
certain length variables, which allowed local users to
obtain sensitive information from kernel stack memory
via a crafted recvmsg or recvfrom system call, related
to the hash_recvmsg function in crypto/algif_hash.c and
the skcipher_recvmsg function in
crypto/algif_skcipher.c. (CVE-2013-3076)

- The scm_set_cred function in include/net/scm.h in the
Linux kernel used incorrect uid and gid values during
credentials passing, which allowed local users to gain
privileges via a crafted application. (CVE-2013-1979)

- A kernel information leak via tkill/tgkill was fixed.
The following bugs have been fixed :

- reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry. (bnc#822722)

- libfc: do not exch_done() on invalid sequence ptr.
(bnc#810722)

- netfilter: ip6t_LOG: fix logging of packet mark.
(bnc#821930)

- hyperv: use 3.4 as LIC version string. (bnc#822431)

- virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID.
(bnc#819655)

- xen/netback: do not disconnect frontend when seeing
oversize packet.

- xen/netfront: reduce gso_max_size to account for max TCP
header.

- xen/netfront: fix kABI after 'reduce gso_max_size to
account for max TCP header'.

- xfs: Fix kABI due to change in xfs_buf. (bnc#815356)

- xfs: fix race while discarding buffers [V4] (bnc#815356
(comment 36)).

- xfs: Serialize file-extending direct IO. (bnc#818371)

- xhci: Do not switch webcams in some HP ProBooks to XHCI.
(bnc#805804)

- bluetooth: Do not switch BT on HP ProBook 4340.
(bnc#812281)

- s390/ftrace: fix mcount adjustment. (bnc#809895)

- mm: memory_dev_init make sure nmi watchdog does not
trigger while registering memory sections. (bnc#804609,
bnc#820434)

- patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid
pathological backwards allocation. (bnc#805945)

- mm: compaction: Restart compaction from near where it
left off

- mm: compaction: cache if a pageblock was scanned and no
pages were isolated

- mm: compaction: clear PG_migrate_skip based on
compaction and reclaim activity

- mm: compaction: Scan PFN caching KABI workaround

- mm: page_allocator: Remove first_pass guard

- mm: vmscan: do not stall on writeback during memory
compaction Cache compaction restart points for faster
compaction cycles. (bnc#816451)

- qlge: fix dma map leak when the last chunk is not
allocated. (bnc#819519)

- SUNRPC: Get rid of the redundant xprt->shutdown bit
field. (bnc#800907)

- SUNRPC: Ensure that we grab the XPRT_LOCK before calling
xprt_alloc_slot. (bnc#800907)

- SUNRPC: Fix a UDP transport regression. (bnc#800907)

- SUNRPC: Allow caller of rpc_sleep_on() to select
priority levels. (bnc#800907)

- SUNRPC: Replace xprt->resend and xprt->sending with a
priority queue. (bnc#800907)

- SUNRPC: Fix potential races in xprt_lock_write_next().
(bnc#800907)

- md: cannot re-add disks after recovery. (bnc#808647)

- fs/xattr.c:getxattr(): improve handling of allocation
failures. (bnc#818053)

- fs/xattr.c:listxattr(): fall back to vmalloc() if
kmalloc() failed. (bnc#818053)

- fs/xattr.c:setxattr(): improve handling of allocation
failures. (bnc#818053)

- fs/xattr.c: suppress page allocation failure warnings
from sys_listxattr(). (bnc#818053)

- virtio-blk: Call revalidate_disk() upon online disk
resize. (bnc#817339)

- usb-storage: CY7C68300A chips do not support Cypress
ATACB. (bnc#819295)

- patches.kernel.org/patch-3.0.60-61: Update references
(add bnc#810580).

- usb: Using correct way to clear usb3.0 devices remote
wakeup feature. (bnc#818516)

- xhci: Fix TD size for isochronous URBs. (bnc#818514)

- ALSA: hda - fixup D3 pin and right channel mute on
Haswell HDMI audio. (bnc#818798)

- ALSA: hda - Apply pin-enablement workaround to all
Haswell HDMI codecs. (bnc#818798)

- xfs: fallback to vmalloc for large buffers in
xfs_attrmulti_attr_get. (bnc#818053)

- xfs: fallback to vmalloc for large buffers in
xfs_attrlist_by_handle. (bnc#818053)

- xfs: xfs: fallback to vmalloc for large buffers in
xfs_compat_attrlist_by_handle. (bnc#818053)

- xHCI: store rings type.

- xhci: Fix hang on back-to-back Set TR Deq Ptr commands.

- xHCI: check enqueue pointer advance into dequeue seg.

- xHCI: store rings last segment and segment numbers.

- xHCI: Allocate 2 segments for transfer ring.

- xHCI: count free TRBs on transfer ring.

- xHCI: factor out segments allocation and free function.

- xHCI: update sg tablesize.

- xHCI: set cycle state when allocate rings.

- xhci: Reserve one command for USB3 LPM disable.

- xHCI: dynamic ring expansion.

- xhci: Do not warn on empty ring for suspended devices.

- md/raid1: Do not release reference to device while
handling read error. (bnc#809122, bnc#814719)

- rpm/mkspec: Stop generating the get_release_number.sh
file.

- rpm/kernel-spec-macros: Properly handle KOTD release
numbers with .g suffix.

- rpm/kernel-spec-macros: Drop the %release_num macro We
no longer put the -rcX tag into the release string.

- rpm/kernel-*.spec.in, rpm/mkspec: Do not force the
'<RELEASE>' string in specfiles.

- mm/mmap: check for RLIMIT_AS before unmapping.
(bnc#818327)

- mm: Fix add_page_wait_queue() to work for PG_Locked bit
waiters. (bnc#792584)

- mm: Fix add_page_wait_queue() to work for PG_Locked bit
waiters. (bnc#792584)

- bonding: only use primary address for ARP. (bnc#815444)

- bonding: remove entries for master_ip and vlan_ip and
query devices instead. (bnc#815444)

- mm: speedup in __early_pfn_to_nid. (bnc#810624)

- TTY: fix atime/mtime regression. (bnc#815745)

- sd_dif: problem with verify of type 1 protection
information (PI). (bnc#817010)

- sched: harden rq rt usage accounting. (bnc#769685,
bnc#788590)

- rcu: Avoid spurious RCU CPU stall warnings. (bnc#816586)

- rcu: Dump local stack if cannot dump all CPUs stacks.
(bnc#816586)

- rcu: Fix detection of abruptly-ending stall.
(bnc#816586)

- rcu: Suppress NMI backtraces when stall ends before
dump. (bnc#816586)

- Update Xen patches to 3.0.74.

- btrfs: do not re-enter when allocating a chunk.

- btrfs: save us a read_lock.

- btrfs: Check CAP_DAC_READ_SEARCH for
BTRFS_IOC_INO_PATHS.

- btrfs: remove unused fs_info from btrfs_decode_error().

- btrfs: handle null fs_info in btrfs_panic().

- btrfs: fix varargs in __btrfs_std_error.

- btrfs: fix the race between bio and btrfs_stop_workers.

- btrfs: fix NULL pointer after aborting a transaction.

- btrfs: fix infinite loop when we abort on mount.

- xfs: Do not allocate new buffers on every call to
_xfs_buf_find. (bnc#763968)

- xfs: fix buffer lookup race on allocation failure.
(bnc#763968)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=763968
https://bugzilla.novell.com/show_bug.cgi?id=764209
https://bugzilla.novell.com/show_bug.cgi?id=768052
https://bugzilla.novell.com/show_bug.cgi?id=769685
https://bugzilla.novell.com/show_bug.cgi?id=788590
https://bugzilla.novell.com/show_bug.cgi?id=792584
https://bugzilla.novell.com/show_bug.cgi?id=793139
https://bugzilla.novell.com/show_bug.cgi?id=797042
https://bugzilla.novell.com/show_bug.cgi?id=797175
https://bugzilla.novell.com/show_bug.cgi?id=800907
https://bugzilla.novell.com/show_bug.cgi?id=802153
https://bugzilla.novell.com/show_bug.cgi?id=804154
https://bugzilla.novell.com/show_bug.cgi?id=804609
https://bugzilla.novell.com/show_bug.cgi?id=805804
https://bugzilla.novell.com/show_bug.cgi?id=805945
https://bugzilla.novell.com/show_bug.cgi?id=806431
https://bugzilla.novell.com/show_bug.cgi?id=806980
https://bugzilla.novell.com/show_bug.cgi?id=808647
https://bugzilla.novell.com/show_bug.cgi?id=809122
https://bugzilla.novell.com/show_bug.cgi?id=809155
https://bugzilla.novell.com/show_bug.cgi?id=809748
https://bugzilla.novell.com/show_bug.cgi?id=809895
https://bugzilla.novell.com/show_bug.cgi?id=810580
https://bugzilla.novell.com/show_bug.cgi?id=810624
https://bugzilla.novell.com/show_bug.cgi?id=810722
https://bugzilla.novell.com/show_bug.cgi?id=812281
https://bugzilla.novell.com/show_bug.cgi?id=814719
https://bugzilla.novell.com/show_bug.cgi?id=815356
https://bugzilla.novell.com/show_bug.cgi?id=815444
https://bugzilla.novell.com/show_bug.cgi?id=815745
https://bugzilla.novell.com/show_bug.cgi?id=816443
https://bugzilla.novell.com/show_bug.cgi?id=816451
https://bugzilla.novell.com/show_bug.cgi?id=816586
https://bugzilla.novell.com/show_bug.cgi?id=816668
https://bugzilla.novell.com/show_bug.cgi?id=816708
https://bugzilla.novell.com/show_bug.cgi?id=817010
https://bugzilla.novell.com/show_bug.cgi?id=817339
https://bugzilla.novell.com/show_bug.cgi?id=818053
https://bugzilla.novell.com/show_bug.cgi?id=818327
https://bugzilla.novell.com/show_bug.cgi?id=818371
https://bugzilla.novell.com/show_bug.cgi?id=818514
https://bugzilla.novell.com/show_bug.cgi?id=818516
https://bugzilla.novell.com/show_bug.cgi?id=818798
https://bugzilla.novell.com/show_bug.cgi?id=819295
https://bugzilla.novell.com/show_bug.cgi?id=819519
https://bugzilla.novell.com/show_bug.cgi?id=819655
https://bugzilla.novell.com/show_bug.cgi?id=819789
https://bugzilla.novell.com/show_bug.cgi?id=820434
https://bugzilla.novell.com/show_bug.cgi?id=821560
https://bugzilla.novell.com/show_bug.cgi?id=821930
https://bugzilla.novell.com/show_bug.cgi?id=822431
https://bugzilla.novell.com/show_bug.cgi?id=822722
http://support.novell.com/security/cve/CVE-2013-0160.html
http://support.novell.com/security/cve/CVE-2013-1979.html
http://support.novell.com/security/cve/CVE-2013-3076.html
http://support.novell.com/security/cve/CVE-2013-3222.html
http://support.novell.com/security/cve/CVE-2013-3223.html
http://support.novell.com/security/cve/CVE-2013-3224.html
http://support.novell.com/security/cve/CVE-2013-3225.html
http://support.novell.com/security/cve/CVE-2013-3227.html
http://support.novell.com/security/cve/CVE-2013-3228.html
http://support.novell.com/security/cve/CVE-2013-3229.html
http://support.novell.com/security/cve/CVE-2013-3231.html
http://support.novell.com/security/cve/CVE-2013-3232.html
http://support.novell.com/security/cve/CVE-2013-3234.html
http://support.novell.com/security/cve/CVE-2013-3235.html

Solution :

Apply SAT patch number 7811 / 7813 / 7814 as appropriate.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now