openSUSE Security Update : kernel (openSUSE-SU-2013:0951-1)

High Nessus Plugin ID 75016

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 12.3 kernel was updated to fix a critical security issue, other security issues and several bugs.

Security issues fixed: CVE-2013-2094: The perf_swevent_init function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_event_open system call.

CVE-2013-0290: The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel did not properly handle the MSG_PEEK flag with zero-length data, which allowed local users to cause a denial of service (infinite loop and system hang) via a crafted application.

Bugs fixed :

- qlge: fix dma map leak when the last chunk is not allocated (bnc#819519).

- ACPI / thermal: do not always return THERMAL_TREND_RAISING for active trip points (bnc#820048).

- perf: Treat attr.config as u64 in perf_swevent_init() (bnc#819789, CVE-2013-2094).

- cxgb4: fix error recovery when t4_fw_hello returns a positive value (bnc#818497).

- kabi/severities: Ignore drivers/mfd/ucb1400_core It provides internal exports to UCB1400 drivers, that we have just disabled.

- Fix -devel package for armv7hl armv7hl kernel flavors in the non-multiplatform configuration (which is the default for our openSUSE 12.3 release), needs more header files from the machine specific directories to be included in kernel-devel.

- Update config files: disable UCB1400 on all but ARM Currently UCB1400 is only used on ARM OMAP systems, and part of the code is dead code that can't even be modularized.

- CONFIG_UCB1400_CORE=n

- CONFIG_TOUCHSCREEN_UCB1400=n

- CONFIG_GPIO_UCB1400=n

- rpm/config.sh: Drop the ARM repository, the KOTD will build against the 'ports' repository of openSUSE:12.3

- mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327).

- rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g<commit> suffix

- rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string.

- xen-pciback: notify hypervisor about devices intended to be assigned to guests.

- unix/stream: fix peeking with an offset larger than data in queue (bnc#803931 CVE-2013-0290).

- unix/dgram: fix peeking with an offset larger than data in queue (bnc#803931 CVE-2013-0290).

- unix/dgram: peek beyond 0-sized skbs (bnc#803931 CVE-2013-0290).

- net: fix infinite loop in __skb_recv_datagram() (bnc#803931 CVE-2013-0290).

- TTY: fix atime/mtime regression (bnc#815745).

- md/raid1,raid10: fix deadlock with freeze_array() (813889).

- md: raid1,10: Handle REQ_WRITE_SAME flag in write bios (bnc#813889).

- KMS: fix EDID detailed timing vsync parsing.

- KMS: fix EDID detailed timing frame rate.

- Add Netfilter/ebtables support Those modues are needed for proper OpenStack support on ARM, and are also enabled on x86(_64)

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=803931

https://bugzilla.novell.com/show_bug.cgi?id=813889

https://bugzilla.novell.com/show_bug.cgi?id=815745

https://bugzilla.novell.com/show_bug.cgi?id=818327

https://bugzilla.novell.com/show_bug.cgi?id=818497

https://bugzilla.novell.com/show_bug.cgi?id=819519

https://bugzilla.novell.com/show_bug.cgi?id=819789

https://bugzilla.novell.com/show_bug.cgi?id=820048

https://lists.opensuse.org/opensuse-updates/2013-06/msg00087.html

Plugin Details

Severity: High

ID: 75016

File Name: openSUSE-2013-452.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/05/25

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2013-0290, CVE-2013-2094

BID: 57964, 59846