openSUSE Security Update : kernel (openSUSE-SU-2013:1619-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Linux kernel was updated to 3.4.63, fixing various bugs and
security issues.

- Linux 3.4.59 (CVE-2013-2237 bnc#828119).

- Linux 3.4.57 (CVE-2013-2148 bnc#823517).

- Linux 3.4.55 (CVE-2013-2232 CVE-2013-2234 CVE-2013-4162
CVE-2013-4163 bnc#827749 bnc#827750 bnc#831055
bnc#831058).

- Drivers: hv: util: Fix a bug in util version negotiation
code (bnc#838346).

- vmxnet3: prevent div-by-zero panic when ring resizing
uninitialized dev (bnc#833321).

- bnx2x: protect different statistics flows (bnc#814336).

- bnx2x: Avoid sending multiple statistics queries
(bnc#814336).

- Drivers: hv: util: Fix a bug in version negotiation code
for util services (bnc#828714).

- Update Xen patches to 3.4.53.

- netfront: fix kABI after 'reduce gso_max_size to account
for max TCP header'.

- netback: don't disconnect frontend when seeing oversize
packet (bnc#823342).

- netfront: reduce gso_max_size to account for max TCP
header.

- backends: Check for insane amounts of requests on the
ring.

- reiserfs: Fixed double unlock in reiserfs_setattr
failure path.

- reiserfs: locking, release lock around quota operations
(bnc#815320).

- reiserfs: locking, handle nested locks properly
(bnc#815320).

- reiserfs: locking, push write lock out of xattr code
(bnc#815320).

- ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).

- af_key: fix info leaks in notify messages (bnc#827749
CVE-2013-2234).

- af_key: initialize satype in key_notify_policy_flush()
(bnc#828119 CVE-2013-2237).

- ipv6: call udp_push_pending_frames when uncorking a
socket with (bnc#831058, CVE-2013-4162).

- ipv6: ip6_sk_dst_check() must not assume ipv6 dst.

- xfs: fix _xfs_buf_find oops on blocks beyond the
filesystem end (CVE-2013-1819 bnc#807471).

- brcmsmac: don't start device when RfKill is engaged
(bnc#787649).

- CIFS: Protect i_nlink from being negative (bnc#785542
bnc#789598).

- cifs: don't compare uniqueids in cifs_prime_dcache
unless server inode numbers are in use (bnc#794988).

- xfs: xfs: fallback to vmalloc for large buffers in
xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153).

- xfs: fallback to vmalloc for large buffers in
xfs_attrlist_by_handle (bnc#818053 bnc#807153).

- Linux 3.4.53 (CVE-2013-2164 CVE-2013-2851 bnc#822575
bnc#824295).

- drivers/cdrom/cdrom.c: use kzalloc() for failing
hardware (bnc#824295, CVE-2013-2164).

- fanotify: info leak in copy_event_to_user()
(CVE-2013-2148 bnc#823517).

- block: do not pass disk names as format strings
(bnc#822575 CVE-2013-2851).

- ext4: avoid hang when mounting non-journal filesystems
with orphan list (bnc#817377).

- Linux 3.4.49 (CVE-2013-0231 XSA-43 bnc#801178).

- Linux 3.4.48 (CVE-2013-1774 CVE-2013-2850 bnc#806976
bnc#821560).

- Always include the git commit in KOTD builds This allows
us not to set it explicitly in builds submitted to the
official distribution (bnc#821612, bnc#824171).

- Bluetooth: Really fix registering hci with duplicate
name (bnc#783858).

- Bluetooth: Fix registering hci with duplicate name
(bnc#783858).

See also :

http://lists.opensuse.org/opensuse-updates/2013-10/msg00063.html
https://bugzilla.novell.com/show_bug.cgi?id=783858
https://bugzilla.novell.com/show_bug.cgi?id=785542
https://bugzilla.novell.com/show_bug.cgi?id=787649
https://bugzilla.novell.com/show_bug.cgi?id=789598
https://bugzilla.novell.com/show_bug.cgi?id=794988
https://bugzilla.novell.com/show_bug.cgi?id=801178
https://bugzilla.novell.com/show_bug.cgi?id=806976
https://bugzilla.novell.com/show_bug.cgi?id=807153
https://bugzilla.novell.com/show_bug.cgi?id=807471
https://bugzilla.novell.com/show_bug.cgi?id=814336
https://bugzilla.novell.com/show_bug.cgi?id=815320
https://bugzilla.novell.com/show_bug.cgi?id=817377
https://bugzilla.novell.com/show_bug.cgi?id=818053
https://bugzilla.novell.com/show_bug.cgi?id=821560
https://bugzilla.novell.com/show_bug.cgi?id=821612
https://bugzilla.novell.com/show_bug.cgi?id=822575
https://bugzilla.novell.com/show_bug.cgi?id=823342
https://bugzilla.novell.com/show_bug.cgi?id=823517
https://bugzilla.novell.com/show_bug.cgi?id=824171
https://bugzilla.novell.com/show_bug.cgi?id=824295
https://bugzilla.novell.com/show_bug.cgi?id=827749
https://bugzilla.novell.com/show_bug.cgi?id=827750
https://bugzilla.novell.com/show_bug.cgi?id=828119
https://bugzilla.novell.com/show_bug.cgi?id=828714
https://bugzilla.novell.com/show_bug.cgi?id=831055
https://bugzilla.novell.com/show_bug.cgi?id=831058
https://bugzilla.novell.com/show_bug.cgi?id=833321
https://bugzilla.novell.com/show_bug.cgi?id=835414
https://bugzilla.novell.com/show_bug.cgi?id=838346

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.9
(CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now