-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0787
          SUSE Security Update: Security update for Linux kernel
                                5 June 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          kernel
Publisher:        SUSE
Operating System: SUSE
Impact/Access:    Unauthorised Access      -- Remote/Unauthenticated
                  Access Confidential Data -- Existing Account      
Resolution:       Patch/Upgrade
CVE Names:        CVE-2013-1928 CVE-2012-4444 

Reference:        ESB-2013.0691
                  ESB-2013.0100
                  ESB-2012.1201

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0856-1
Rating:             important
References:         #760753 #789831 #790236 #810628 #812317 #813735 
                    #815745 #817666 #818337 #819403 
Cross-References:   CVE-2012-4444 CVE-2013-1928
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves two vulnerabilities and has 8 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 10 SP4 kernel has been updated to
   fix various  bugs and security issues.

   Security issues fixed:

   *

   CVE-2012-4444: The ip6_frag_queue function in
   net/ipv6/reassembly.c in the Linux kernel allowed remote
   attackers to bypass intended network restrictions via
   overlapping IPv6 fragments.

   *

   CVE-2013-1928: The do_video_set_spu_palette function
   in fs/compat_ioctl.c in the Linux kernel lacked a certain
   error check, which might have allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb
   device.

   Also the following bugs have been fixed:

   * hugetlb: Fix regression introduced by the original
   patch (bnc#790236, bnc#819403).
   * NFSv3/v2: Fix data corruption with NFS short reads
   (bnc#818337).
   * Fix package descriptions in specfiles (bnc#817666).
   * TTY: fix atime/mtime regression (bnc#815745).
   * virtio_net: ensure big packets are 64k (bnc#760753).
   * virtio_net: refill rx buffers when oom occurs
   (bnc#760753).
   * qeth: fix qeth_wait_for_threads() deadlock for OSN
   devices (bnc#812317, LTC#90910).
   * nfsd: remove unnecessary NULL checks from
   nfsd_cross_mnt (bnc#810628).
   * knfsd: Fixed problem with NFS exporting directories
   which are mounted on (bnc#810628).

   Security Issue references:

   * CVE-2012-4444
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4444
   >
   * CVE-2013-1928
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1928
   >

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.103.1
      kernel-source-2.6.16.60-0.103.1
      kernel-syms-2.6.16.60-0.103.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.103.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.103.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.103.1
      kernel-xen-2.6.16.60-0.103.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.103.1
      kernel-kdumppae-2.6.16.60-0.103.1
      kernel-vmi-2.6.16.60-0.103.1
      kernel-vmipae-2.6.16.60-0.103.1
      kernel-xenpae-2.6.16.60-0.103.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.103.1
      kernel-ppc64-2.6.16.60-0.103.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.103.1
      kernel-smp-2.6.16.60-0.103.1
      kernel-source-2.6.16.60-0.103.1
      kernel-syms-2.6.16.60-0.103.1
      kernel-xen-2.6.16.60-0.103.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.103.1
      kernel-xenpae-2.6.16.60-0.103.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.103.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.103.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.103.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.103.1


References:

   http://support.novell.com/security/cve/CVE-2012-4444.html
   http://support.novell.com/security/cve/CVE-2013-1928.html
   https://bugzilla.novell.com/760753
   https://bugzilla.novell.com/789831
   https://bugzilla.novell.com/790236
   https://bugzilla.novell.com/810628
   https://bugzilla.novell.com/812317
   https://bugzilla.novell.com/813735
   https://bugzilla.novell.com/815745
   https://bugzilla.novell.com/817666
   https://bugzilla.novell.com/818337
   https://bugzilla.novell.com/819403
   http://download.novell.com/patch/finder/?keywords=42590e04eddb51fa31379710deb16611
   http://download.novell.com/patch/finder/?keywords=4f3691ec5a62d5e0a58b289de36e7ba5
   http://download.novell.com/patch/finder/?keywords=60a0921c1bb3961c00333f60f45fee0b
   http://download.novell.com/patch/finder/?keywords=806641e6eb093ae891357f0c47c7e76f
   http://download.novell.com/patch/finder/?keywords=b108e81194a14724506e0d40a5303d13

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUa6Lfe4yVqjM2NGpAQIOoQ//bHk+nelgGxOioQhL/pPJwcLkiyxHfgMl
HN+g47ozJmljv1ylAu8k1OUTxsH1ANbTWe0Jd6zxq1KftfzIL/nkinHTUR0UvBLC
UwmriS73071wsiyXj+3u7NDnbEAkfOOS+JalnHe4KvzEr6KadT0TvO6dJG5tcrLW
xGu4XmpHMCo1TzAH0Vbrnp6DJFXjCfx+vWWSnz9IOp6/wWUu/ieC92Neu7bdV+G/
OBQIGf/Tpv3KfoEqRWXHR75z5FIgduHheqHb6tM+B2JWUDpTa8OFasBChJa2i1ud
0aCTZQWVvkTQlGhB4DIT6dh9c6Hqi8XHS7OJJVCdmQVKYzefZKGnGR6Kxwrnq+ey
p63DHwIe8cla41Y4ziPA8cb2T4Oaav1W4edHiLqx4NWNtu29E8WM6XgDzL3PrO08
LPclk8deSzMLSeyNV0jMxnSXsJp8wLw7qKUZVooKkdzT2YxzH2HYMg0jlVyrSv01
vnrcMq1WWiVoa8OeQ3uVdofYfZuCOjpX4yXT+jsg073K4myYUt6L7rNRLDlZMg0u
6OWx2W/1bKMZ+z0hThIDSygQhvcUyDCdwiXzp4zREsfHfbTkYXmxBGqOiB+05d82
PKlo+TsnxC2P+Ajrp2iUSM2pSKOkIT7qZTnzByHQ1mll8UX2NumDgDmQN9u10F75
hU7l8bovtQY=
=4550
-----END PGP SIGNATURE-----