openSUSE Security Update : kernel (openSUSE-SU-2013:0824-1)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Linux kernel was updated to kernel 3.4.42 fixing various bugs and
security issues.

- Refresh patches.suse/SUSE-bootsplash. Fix bootsplash
breakage due to stable fix (bnc#813963)

- Linux 3.4.39.

- kABI: protect struct tracer.

- Linux 3.4.38 (bnc#808829,CVE-2013-0913).

- patches.kabi/kabi-protect-struct-sk_buff.patch: kABI:
protect struct sk_buff.

- patches.kabi/kabi-ipv4-remove-inclusion.patch: kABI:
ipv4, remove inclusion.

- USB: io_ti: Fix NULL dereference in chase_port()
(bnc#806976, CVE-2013-1774).

- Linux 3.4.37 (bnc#809155 bnc#809330 bnc#809748
CVE-2013-1848).

- Linux 3.4.36.

- KVM: Convert MSR_KVM_SYSTEM_TIME to use
gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797).

- KVM: Fix bounds checking in ioapic indirect register
read (bnc#806980 CVE-2013-1798).

- KVM: Fix for buffer overflow in handling of
MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796).

- kabi/severities: Allow kvm abi changes - kvm modules are
self consistent

- loopdev: fix a deadlock (bnc#809748).

- block: use i_size_write() in bd_set_size() (bnc#809748).

- drm/i915: bounds check execbuffer relocation count
(bnc#808829,CVE-2013-0913).

- TTY: do not reset master's packet mode (bnc#809330).

- Update patches.fixes/ext3-Fix-format-string-issues.patch
(bnc#809155 CVE-2013-1848).

- ext3: Fix format string issues (bnc#809155).

- Linux 3.4.35 (bnc#802153).

- Linux 3.4.34 (CVE-2013-1763 CVE-2013-1767 bnc#792500
bnc#806138 bnc#805633).

- tmpfs: fix use-after-free of mempolicy object
(bnc#806138, CVE-2013-1767).

See also :

http://lists.opensuse.org/opensuse-updates/2013-05/msg00030.html
https://bugzilla.novell.com/show_bug.cgi?id=792500
https://bugzilla.novell.com/show_bug.cgi?id=802153
https://bugzilla.novell.com/show_bug.cgi?id=805633
https://bugzilla.novell.com/show_bug.cgi?id=806138
https://bugzilla.novell.com/show_bug.cgi?id=806976
https://bugzilla.novell.com/show_bug.cgi?id=806980
https://bugzilla.novell.com/show_bug.cgi?id=808829
https://bugzilla.novell.com/show_bug.cgi?id=809155
https://bugzilla.novell.com/show_bug.cgi?id=809330
https://bugzilla.novell.com/show_bug.cgi?id=809748
https://bugzilla.novell.com/show_bug.cgi?id=813963

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75012 ()

Bugtraq ID:

CVE ID: CVE-2013-0913
CVE-2013-1763
CVE-2013-1767
CVE-2013-1774
CVE-2013-1796
CVE-2013-1797
CVE-2013-1798
CVE-2013-1848

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now