The openSUSE 12.1 kernel was updated to fix a severe secrutiy issue
and various bugs.
Security issues fixed:
CVE-2013-2094: The perf_swevent_init function in kernel/events/core.c
in the Linux kernel used an incorrect integer data type, which allowed
local users to gain privileges via a crafted perf_event_open system call.
CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in
the Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) via an attempted /dev/ttyUSB read
or write operation on a disconnected Edgeport USB serial converter.
CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c
in the Linux kernel lacked a certain error check, which might have allowed
local users to obtain sensitive information from kernel stack memory
via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.
CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in
the Linux kernel did not ensure a required time_page alignment during
an MSR_KVM_SYSTEM_TIME operation, which allowed guest OS users to cause
a denial of service (buffer overflow and host OS memory corruption)
or possibly have unspecified other impact via a crafted application.
CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in
the Linux kernel allowed guest OS users to cause a denial of service
(host OS memory corruption) or possibly have unspecified other impact
via a crafted application that triggers use of a guest physical address
(GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME
kvm_set_msr_common operation.
CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in
the Linux kernel did not properly handle a certain combination of invalid
IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allowed guest
OS users to obtain sensitive information from host OS memory or cause
a denial of service (host OS OOPS) via a crafted application.
CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs
function in mm/shmem.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (system crash) by remounting
a tmpfs filesystem without specifying a required mpol (aka mempolicy)
mount option.
CVE-2013-0913: Integer overflow in
drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the
Direct Rendering Manager (DRM) subsystem in the Linux kernel allowed
local users to cause a denial of service (heap-based buffer overflow)
or possibly have unspecified other impact via a crafted application
that triggers many relocation copies, and potentially leads to a race
condition.
Bugs fixed:
- qlge: fix dma map leak when the last chunk is not allocated
(bnc#819519).
- TTY: fix atime/mtime regression (bnc#815745).
- fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check
(bnc#813735).
- USB: io_ti: Fix NULL dereference in chase_port() (bnc#806976,
CVE-2013-1774).
- KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init
(bnc#806980 CVE-2013-1797).
- KVM: Fix bounds checking in ioapic indirect register read
(bnc#806980 CVE-2013-1798).
- KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME
(bnc#806980 CVE-2013-1796).
- kabi/severities: Allow kvm module abi changes - modules are self consistent
- loopdev: fix a deadlock (bnc#809748).
- block: use i_size_write() in bd_set_size() (bnc#809748).
- drm/i915: bounds check execbuffer relocation count
(bnc#808829,CVE-2013-0913).
- tmpfs: fix use-after-free of mempolicy object (bnc#806138,
CVE-2013-1767).
-
Submitted by
Jeff Mahoney (jeff_mahoney)
- Reboot is suggested
