Kernel: security and bugfix update

[Lighty]

Kernel: security and bugfix update

Diese Aktualisierung wird für eine Behebung eines mit dem Paket verbundenen Sicherheitsrisikos benötigt.

The Linux kernel was updated to fix security issues and bugs.

Security issues fixed:
CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux
kernel did not ensure that calls have two different futex addresses,
which allowed local users to gain privileges via a crafted FUTEX_REQUEUE
command that facilitates unsafe waiter modification.

CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST
extension implementations in the sk_run_filter function in
net/core/filter.c in the Linux kernel did not check whether a certain
length value is sufficiently large, which allowed local users to cause
a denial of service (integer underflow and system crash) via crafted BPF
instructions. NOTE: the affected code was moved to the __skb_get_nlattr
and __skb_get_nlattr_nest functions before the vulnerability was
announced.

CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in
the sk_run_filter function in net/core/filter.c in the Linux kernel
used the reverse order in a certain subtraction, which allowed local
users to cause a denial of service (over-read and system crash) via
crafted BPF instructions. NOTE: the affected code was moved to the
__skb_get_nlattr_nest function before the vulnerability was announced.

CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable
buffers are disabled, did not properly validate packet lengths, which
allowed guest OS users to cause a denial of service (memory corruption
and host OS crash) or possibly gain privileges on the host OS via crafted
packets, related to the handle_rx and get_rx_bufs functions.

CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the
vhost-net subsystem in the Linux kernel package did not properly handle
vhost_get_vq_desc errors, which allowed guest OS users to cause a denial
of service (host OS crash) via unspecified vectors.

CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a bind system call for an RDS socket on a system that lacks
RDS transports.

CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a bind system call for an RDS socket on a system that lacks
RDS transports.

CVE-2014-2851: Integer overflow in the ping_init_sock function in
net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial
of service (use-after-free and system crash) or possibly gain privileges
via a crafted application that leverages an improperly managed reference
counter.

- ext4: Fix buffer double free in ext4_alloc_branch() (bnc#880599
bnc#876981).

- patches.fixes/firewire-01-net-fix-use-after-free.patch,
patches.fixes/firewire-02-ohci-fix-probe-failure-with-agere-lsi-controllers.patch,
patches.fixes/firewire-03-dont-use-prepare_delayed_work.patch: Add
missing bug reference (bnc#881697).

- firewire: don't use PREPARE_DELAYED_WORK.
- firewire: ohci: fix probe failure with Agere/LSI controllers.
- firewire: net: fix use after free.

- USB: OHCI: fix problem with global suspend on ATI controllers
(bnc#868315).

- mm: revert "page-writeback.c: subtract min_free_kbytes from
dirtyable memory" (bnc#879792).

- usb: musb: tusb6010: Use musb->tusb_revision instead of
tusb_get_revision call (bnc#872715).
- usb: musb: tusb6010: Add tusb_revision to struct musb to store
the revision (bnc#872715).

- ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets
(bnc#880613).

- floppy: do not corrupt bio.bi_flags when reading block 0
(bnc#879258).

- reiserfs: call truncate_setsize under tailpack mutex
(bnc#878115).

- Update Xen config files: Set compatibility level back to 4.1
(bnc#851338).

- Update config files.
Guillaume GARDET reported a broken build due to CONFIG_USB_SERIAL_GENERIC
being modular

- memcg: deprecate memory.force_empty knob (bnc#878274).

- nfsd: when reusing an existing repcache entry, unhash it first
(bnc#877721).

- Enable Socketcan again for i386 and x86_64 (bnc#858067)

- xhci: extend quirk for Renesas cards (bnc#877713).
- xhci: Fix resume issues on Renesas chips in Samsung laptops
(bnc#877713).

- mm: try_to_unmap_cluster() should lock_page() before mlocking
(bnc#876102, CVE-2014-3122).

- drm/i915, HD-audio: Don't continue probing when nomodeset is
given (bnc#882648).

- x86/mm/numa: Fix 32-bit kernel NUMA boot (bnc#881727).

Weitere Informationen zu den Fehlerbereinigungen dieser Aktualisierung sind auf diesen Webseiten verfügbar:
• https://bugzilla.novell.com/show_bug.cgi?id=851338
• https://bugzilla.novell.com/show_bug.cgi?id=858067
• https://bugzilla.novell.com/show_bug.cgi?id=868315
• https://bugzilla.novell.com/show_bug.cgi?id=869563
• https://bugzilla.novell.com/show_bug.cgi?id=870173
• https://bugzilla.novell.com/show_bug.cgi?id=870576
• https://bugzilla.novell.com/show_bug.cgi?id=871561
• https://bugzilla.novell.com/show_bug.cgi?id=872715
• https://bugzilla.novell.com/show_bug.cgi?id=873374
• https://bugzilla.novell.com/show_bug.cgi?id=876102
• https://bugzilla.novell.com/show_bug.cgi?id=876981
• https://bugzilla.novell.com/show_bug.cgi?id=877713
• https://bugzilla.novell.com/show_bug.cgi?id=877721
• https://bugzilla.novell.com/show_bug.cgi?id=878115
• https://bugzilla.novell.com/show_bug.cgi?id=878274
• https://bugzilla.novell.com/show_bug.cgi?id=879258
• https://bugzilla.novell.com/show_bug.cgi?id=879792
• https://bugzilla.novell.com/show_bug.cgi?id=880599
• https://bugzilla.novell.com/show_bug.cgi?id=880613
• https://bugzilla.novell.com/show_bug.cgi?id=880892
• https://bugzilla.novell.com/show_bug.cgi?id=881697
• https://bugzilla.novell.com/show_bug.cgi?id=882648
• https://bugzilla.novell.com/show_bug.cgi?id=881727
• https://bugzilla.novell.com/show_bug.cgi?id=877257

Weitere Informationen zu dieser Sicherheitsaktualisierung sind auf diesen Webseiten verfügbar:
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-3145
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-3144
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-3122
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-2678
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-0077
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-0055
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-3153
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-2851
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2013-7339

Ein Neustart des Rechners wird für die Übernahme der Änderungen der Aktualisierung erforderlich.