openSUSE Security Update : kernel (openSUSE-SU-2014:0204-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Linux kernel was updated to fix various bugs and security issues :

- mm/page-writeback.c: do not count anon pages as
dirtyable memory (reclaim stalls).

- mm/page-writeback.c: fix dirty_balance_reserve
subtraction from dirtyable memory (reclaim stalls).

- compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).

- hwmon: (coretemp) Fix truncated name of alarm attributes

- net: fib: fib6_add: fix potential NULL pointer
dereference (bnc#854173 CVE-2013-6431).

- keys: fix race with concurrent install_user_keyrings()
(bnc#808358)(CVE-2013-1792).

- KVM: x86: Convert vapic synchronization to _cached
functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).

- wireless: radiotap: fix parsing buffer overrun
(bnc#854634 CVE-2013-7027).

- KVM: x86: fix guest-initiated crash with x2apic
(CVE-2013-6376) (bnc#853053 CVE-2013-6376).

- KVM: x86: Fix potential divide by 0 in lapic
(CVE-2013-6367) (bnc#853051 CVE-2013-6367).

- KVM: Improve create VCPU parameter (CVE-2013-4587)
(bnc#853050 CVE-2013-4587).

- staging: ozwpan: prevent overflow in oz_cdev_write()
(bnc#849023 CVE-2013-4513).

- perf/x86: Fix offcore_rsp valid mask for SNB/IVB
(bnc#825006).

- perf/x86: Add Intel IvyBridge event scheduling
constraints (bnc#825006).

- libertas: potential oops in debugfs (bnc#852559
CVE-2013-6378).

- aacraid: prevent invalid pointer dereference (bnc#852373
CVE-2013-6380).

- staging: wlags49_h2: buffer overflow setting station
name (bnc#849029 CVE-2013-4514).

- net: flow_dissector: fail on evil iph->ihl (bnc#848079
CVE-2013-4348).

- Staging: bcm: info leak in ioctl (bnc#849034
CVE-2013-4515).

- Refresh
patches.fixes/net-rework-recvmsg-handler-msg_name-and-ms
g_namelen-logic.patch.

- ipv6: remove max_addresses check from
ipv6_create_tempaddr (bnc#805226, CVE-2013-0343).

- net: rework recvmsg handler msg_name and msg_namelen
logic (bnc#854722).

- crypto: ansi_cprng - Fix off by one error in non-block
size request (bnc#840226).

- x6: Fix reserve_initrd so that acpi_initrd_override is
reached (bnc#831836).

- Refresh other Xen patches.

- aacraid: missing capable() check in compat ioctl
(bnc#852558).

-
patches.fixes/gpio-ich-fix-ichx_gpio_check_available-ret
urn.patch: Update upstream reference

- perf/ftrace: Fix paranoid level for enabling function
tracer (bnc#849362).

- xhci: fix NULL pointer dereference on
ring_doorbell_for_active_rings (bnc#848255).

- xhci: Fix oops happening after address device timeout
(bnc#848255).

- xhci: Ensure a command structure points to the correct
trb on the command ring (bnc#848255).

-
patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i
rq-remapping-warning.patch: Update upstream reference.

- Allow NFSv4 username mapping to work properly
(bnc#838024).

- Refresh btrfs attribute publishing patchset to match
openSUSE-13.1 No user-visible changes, but uses
kobj_sysfs_ops and better kobject lifetime management.

- Fix a few incorrectly checked [io_]remap_pfn_range()
calls (bnc#849021, CVE-2013-4511).

- drm/radeon: don't set hpd, afmt interrupts when
interrupts are disabled.

-
patches.fixes/cifs-fill-TRANS2_QUERY_FILE_INFO-ByteCount
-fields.patch: Fix TRANS2_QUERY_FILE_INFO ByteCount
fields (bnc#804950).

- iommu: Remove stack trace from broken irq remapping
warning (bnc#844513).

- Disable patches related to bnc#840656
patches.suse/btrfs-cleanup-don-t-check-the-same-thing-tw
ice
patches.suse/btrfs-0220-fix-for-patch-cleanup-don-t-chec
k-the-same-thi.patch

- btrfs: use feature attribute names to print better error
messages.

- btrfs: add ability to change features via sysfs.

- btrfs: add publishing of unknown features in sysfs.

- btrfs: publish per-super features to sysfs.

- btrfs: add per-super attributes to sysfs.

- btrfs: export supported featured to sysfs.

- kobject: introduce kobj_completion.

- btrfs: add ioctls to query/change feature bits online.

- btrfs: use btrfs_commit_transaction when setting
fslabel.

- x86/iommu/vt-d: Expand interrupt remapping quirk to
cover x58 chipset (bnc#844513).

- NFSv4: Fix issues in nfs4_discover_server_trunking
(bnc#811746).

- iommu/vt-d: add quirk for broken interrupt remapping on
55XX chipsets (bnc#844513).

See also :

http://lists.opensuse.org/opensuse-updates/2014-02/msg00021.html
https://bugzilla.novell.com/show_bug.cgi?id=804950
https://bugzilla.novell.com/show_bug.cgi?id=805226
https://bugzilla.novell.com/show_bug.cgi?id=808358
https://bugzilla.novell.com/show_bug.cgi?id=811746
https://bugzilla.novell.com/show_bug.cgi?id=825006
https://bugzilla.novell.com/show_bug.cgi?id=831836
https://bugzilla.novell.com/show_bug.cgi?id=838024
https://bugzilla.novell.com/show_bug.cgi?id=840226
https://bugzilla.novell.com/show_bug.cgi?id=840656
https://bugzilla.novell.com/show_bug.cgi?id=844513
https://bugzilla.novell.com/show_bug.cgi?id=848079
https://bugzilla.novell.com/show_bug.cgi?id=848255
https://bugzilla.novell.com/show_bug.cgi?id=849021
https://bugzilla.novell.com/show_bug.cgi?id=849023
https://bugzilla.novell.com/show_bug.cgi?id=849029
https://bugzilla.novell.com/show_bug.cgi?id=849034
https://bugzilla.novell.com/show_bug.cgi?id=849362
https://bugzilla.novell.com/show_bug.cgi?id=852373
https://bugzilla.novell.com/show_bug.cgi?id=852558
https://bugzilla.novell.com/show_bug.cgi?id=852559
https://bugzilla.novell.com/show_bug.cgi?id=853050
https://bugzilla.novell.com/show_bug.cgi?id=853051
https://bugzilla.novell.com/show_bug.cgi?id=853052
https://bugzilla.novell.com/show_bug.cgi?id=853053
https://bugzilla.novell.com/show_bug.cgi?id=854173
https://bugzilla.novell.com/show_bug.cgi?id=854634
https://bugzilla.novell.com/show_bug.cgi?id=854722
https://bugzilla.novell.com/show_bug.cgi?id=860993

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now