kernel: fixed local privilege escalation
The Linux kernel was updated to 3.4.33 and to fix a local root privilege
escalation and various other security and non-security bugs.
CVE-2013-1763: A out of bounds access in sock_diag could be used by local attackers
to execute code in kernel context and so become root.
CVE-2013-0160: The atime of /dev/ptmx is no longer updated, avoiding side channel
attacks via user typing speed.
CVE-2012-5374: Denial of service via btrfs hashes could have been used by local attackers
to cause a compute denial of service.
CVE-2013-0216: Fixed a problem in XEN netback: shutdown the ring if it contains garbage.
CVE-2013-0231: Fixed a problem in XEN pciback: rate limit error messages from xen_pcibk_enable_msi(x).
-
Submitted by
Jeff Mahoney (jeff_mahoney)
- Reboot is suggested
Fixed bugs
bnc#804738
VUL-1: CVE-2012-5374: kernel: btrfs: denial of service via CRC32C computational overflowing
bnc#805633
VUL-0: CVE-2013-1763: kernel: local privilege escalation via sock_diag netlink socket
bnc#802153
quota: quota_v2 not autoloaded when QFMT_VFS_V1 used
bnc#797175
VUL-1: kernel: /dev/ptmx timing attacks
bnc#801782
[HP BCS SLES11 ]: Stack overflow in __reserve_region_with_split
bnc#799209
Newer Emulex be2net drivers need upstream bridge patch
bnc#800280
VUL-0: XSA-39: CVE-2013-0216 CVE-2013-0217: xen: netback DoS via malicious guest ring
bnc#801178
VUL-0: Xen: XSA-43: CVE-2013-0231: Linux pciback DoS via not rate limited log messages
