openSUSE Security Update : kernel (openSUSE-SU-2013:0847-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 12.1 kernel was updated to fix a severe secrutiy issue
and various bugs.

Security issues fixed: CVE-2013-2094: The perf_swevent_init function
in kernel/events/core.c in the Linux kernel used an incorrect integer
data type, which allowed local users to gain privileges via a crafted
perf_event_open system call.

CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c
in the Linux kernel allowed local users to cause a denial of service
(NULL pointer dereference and system crash) via an attempted
/dev/ttyUSB read or write operation on a disconnected Edgeport USB
serial converter.

CVE-2013-1928: The do_video_set_spu_palette function in
fs/compat_ioctl.c in the Linux kernel lacked a certain error check,
which might have allowed local users to obtain sensitive information
from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl
call on a /dev/dvb device.

CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c
in the Linux kernel did not ensure a required time_page alignment
during an MSR_KVM_SYSTEM_TIME operation, which allowed guest OS users
to cause a denial of service (buffer overflow and host OS memory
corruption) or possibly have unspecified other impact via a crafted
application.

CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in
the Linux kernel allowed guest OS users to cause a denial of service
(host OS memory corruption) or possibly have unspecified other impact
via a crafted application that triggers use of a guest physical
address (GPA) in (1) movable or (2) removable memory during an
MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.

CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c
in the Linux kernel did not properly handle a certain combination of
invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which
allowed guest OS users to obtain sensitive information from host OS
memory or cause a denial of service (host OS OOPS) via a crafted
application.

CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs
function in mm/shmem.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (system crash) by remounting a
tmpfs filesystem without specifying a required mpol (aka mempolicy)
mount option.

CVE-2013-0913: Integer overflow in
drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the
Direct Rendering Manager (DRM) subsystem in the Linux kernel allowed
local users to cause a denial of service (heap-based buffer overflow)
or possibly have unspecified other impact via a crafted application
that triggers many relocation copies, and potentially leads to a race
condition.

Bugs fixed :

- qlge: fix dma map leak when the last chunk is not
allocated (bnc#819519).

- TTY: fix atime/mtime regression (bnc#815745).

- fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error
check (bnc#813735).

- USB: io_ti: Fix NULL dereference in chase_port()
(bnc#806976, CVE-2013-1774).

- KVM: Convert MSR_KVM_SYSTEM_TIME to use
gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797).

- KVM: Fix bounds checking in ioapic indirect register
read (bnc#806980 CVE-2013-1798).

- KVM: Fix for buffer overflow in handling of
MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796).

- kabi/severities: Allow kvm module abi changes - modules
are self consistent

- loopdev: fix a deadlock (bnc#809748).

- block: use i_size_write() in bd_set_size() (bnc#809748).

- drm/i915: bounds check execbuffer relocation count
(bnc#808829,CVE-2013-0913).

- tmpfs: fix use-after-free of mempolicy object
(bnc#806138, CVE-2013-1767).

See also :

http://lists.opensuse.org/opensuse-updates/2013-05/msg00039.html
https://bugzilla.novell.com/show_bug.cgi?id=806138
https://bugzilla.novell.com/show_bug.cgi?id=806976
https://bugzilla.novell.com/show_bug.cgi?id=806980
https://bugzilla.novell.com/show_bug.cgi?id=808829
https://bugzilla.novell.com/show_bug.cgi?id=809748
https://bugzilla.novell.com/show_bug.cgi?id=813735
https://bugzilla.novell.com/show_bug.cgi?id=815745
https://bugzilla.novell.com/show_bug.cgi?id=819519
https://bugzilla.novell.com/show_bug.cgi?id=819789

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75018 ()

Bugtraq ID:

CVE ID: CVE-2013-0913
CVE-2013-1767
CVE-2013-1774
CVE-2013-1796
CVE-2013-1797
CVE-2013-1798
CVE-2013-1928
CVE-2013-2094

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now