SUSE-SU-2013:0259-1: moderate: kernel update for SLE11 SP2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Feb 7 16:04:58 MST 2013
SUSE Security Update: kernel update for SLE11 SP2
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:0259-1
Rating: moderate
References: #729854 #731387 #736255 #739728 #745876 #749651
#758104 #762158 #763463 #773487 #773831 #775685
#778136 #779577 #780008 #782721 #783515 #786013
#786976 #787348 #787576 #787848 #789115 #789648
#789993 #790935 #791498 #791853 #791904 #792270
#792500 #792656 #792834 #793104 #793139 #793593
#793671 #794231 #794824 #795354 #797042 #798960
#799209 #799275 #799909
Cross-References: CVE-2012-0957 CVE-2012-4530 CVE-2012-4565
Affected Products:
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise High Availability Extension 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves three vulnerabilities and has 42
fixes is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 SP2 kernel was updated to
3.0.58, fixing various bugs and security issues.
It contains the following feature enhancement:
- Enable various md/raid10 and DASD enhancements.
(FATE#311379) These make is possible for RAID10 to cope
with DASD devices being slow for various reasons - the
affected device will be temporarily removed from the
array.
Also added support for reshaping of RAID10 arrays.
mdadm changes will be published to support this feature.
The following security issues were fixed:
- CVE-2012-4565: A division by zero in the TCP Illinois
algorithm was fixed.
- CVE-2012-0957: The UNAME26 personality leaked kernel
memory information.
- CVE-2012-4530: Kernel stack content was disclosed via
binfmt_script load_script().
Following non security issues were fixed: BTRFS:
- btrfs: reset path lock state to zero.
- btrfs: fix off-by-one in lseek.
- btrfs: fix btrfs_cont_expand() freeing IS_ERR em.
- btrfs: update timestamps on truncate().
- btrfs: put csums on the right ordered extent.
- btrfs: use existing align macros in btrfs_allocate()
- btrfs: fix off-by-one error of the reserved size of
btrfs_allocate()
- btrfs: add fiemaps flag check
- btrfs: fix permissions of empty files not affected by
umask
- btrfs: do not auto defrag a file when doing directIO
- btrfs: fix wrong return value of btrfs_truncate_page()
- btrfs: Notify udev when removing device
- btrfs: fix permissions of empty files not affected by
umask
- btrfs: fix hash overflow handling
- btrfs: do not delete a subvolume which is in a R/O
subvolume
- btrfs: remove call to btrfs_wait_ordered_extents to avoid
potential deadlock.
- btrfs: update the checks for mixed block groups with big
metadata blocks
- btrfs: Fix use-after-free in __btrfs_end_transaction
- btrfs: use commit root when loading free space cache.
- btrfs: avoid setting ->d_op twice (FATE#306586
bnc#731387).
- btrfs: fix race in reada (FATE#306586).
- btrfs: do not add both copies of DUP to reada extent tree
- btrfs: do not mount when we have a sectorsize unequal to
PAGE_SIZE
- btrfs: add missing unlocks to transaction abort paths
- btrfs: avoid sleeping in verify_parent_transid while
atomic
- btrfs: disallow unequal data/metadata blocksize for mixed
block groups
- btrfs: enhance superblock sanity checks (bnc#749651).
- btrfs: sanitizing ->fs_info, parts 1-5.
- btrfs: make open_ctree() return int.
- btrfs: kill pointless reassignment of ->s_fs_info in
btrfs_fill_super().
- btrfs: merge free_fs_info() calls on fill_super failures.
- btrfs: make free_fs_info() call ->kill_sb() unconditional.
- btrfs: consolidate failure exits in btrfs_mount() a bit.
- btrfs: let ->s_fs_info point to fs_info, not root...
- btrfs: take allocation of ->tree_root into open_ctree().
DASD:
- Update DASD blk_timeout patches after review from IBM
(FATE#311379):
* dasd: Abort all requests from ioctl
* dasd: Disable block timeouts per default
* dasd: Reduce amount of messages for specific errors
* dasd: Rename ioctls
* dasd: check blk_noretry_request in dasd_times_out()
* dasd: lock ccw queue in dasd_times_out()
* dasd: make DASD_FLAG_TIMEOUT setting more robust
* dasd: rename flag to abortall
LPFC:
- Update lpfc version for 8.3.5.48.3p driver release
(bnc#793593).
- lpfc 8.3.32: Correct successful aborts returning error
status (bnc#793593).
- lpfc 8.3.34: Correct lock handling to eliminate reset
escalation on I/O abort (bnc#793593).
- lpfc 8.3.34: Streamline fcp underrun message printing
(bnc#793593).
DRM/i915:
- drm/i915: EBUSY status handling added to i915_gem_fault()
(bnc#793139).
- drm/i915: Only clear the GPU domains upon a successful
finish (bnc#793139).
- drm/i915: always use RPNSWREQ for turbo change requests
(bnc#793139).
- drm/i915: do not call modeset_init_hw in i915_reset
(bnc#793139).
- drm/i915: do not hang userspace when the gpu reset is
stuck (bnc#793139).
- drm/i915: do not trylock in the gpu reset code
(bnc#793139).
- drm/i915: re-init modeset hw state after gpu reset
(bnc#793139).
HyperV:
- x86: Hyper-V: register clocksource only if its advertised
(bnc#792500).
OTHER:
- xfrm: fix freed block size calculation in
xfrm_policy_fini() (bnc#798960).
- bonding: in balance-rr mode, set curr_active_slave only
if it is up (bnc#789648).
- kernel: broken interrupt statistics (bnc#799275,
LTC#87893).
- kernel: sched_clock() overflow (bnc#799275, LTC#87978).
- mm: call sleep_on_page_killable from
__wait_on_page_locked_killable (bnc#799909).
- TTY: do not reset masters packet mode (bnc#797042).
- patches.suse/kbuild-record-built-in-o: Avoid using
printf(1) in Makefile.build
- rpm/built-in-where.mk: Do not rely on the *.parts file to
be newline-separated.
- NFS: Allow sec=none mounts in certain cases (bnc#795354).
- NFS: fix recent breakage to NFS error handling
(bnc#793104).
- bridge: Pull ip header into skb->data before looking into
ip header (bnc#799209).
- dm mpath: allow ioctls to trigger pg init (bnc#787348).
- dm mpath: only retry ioctl when no paths if
queue_if_no_path set (bnc#787348).
- radix-tree: fix preload vector size (bnc#763463).
- sched, rt: Unthrottle rt runqueues in __disable_runtime().
- sched/rt: Fix SCHED_RR across cgroups.
- sched/rt: Do not throttle when PI boosting.
- sched/rt: Keep period timer ticking when rt throttling is
active.
- sched/rt: Prevent idle task boosting.
- mm: limit mmu_gather batching to fix soft lockups on
!CONFIG_PREEMPT (bnc#791904).
- kabi fixup for mm: limit mmu_gather batching to fix soft
lockups on !CONFIG_PREEMPT (bnc#791904).
- Refresh Xen patches after update to 3.0.57.
- aio: make kiocb->private NUll in init_sync_kiocb()
(bnc#794231).
- qeth: Fix retry logic in hardsetup (bnc#792656,LTC#87080).
- netiucv: reinsert dev_alloc_name for device naming
(bnc#792656,LTC#87086).
- qeth: set new mac even if old mac is gone (2)
(bnc#792656,LTC#87138).
- ocfs2: use spinlock irqsave for downconvert lock.patch
(bnc#794824).
- af_netlink: force credentials passing (bnc#779577).
-
patches.fixes/af_unix-dnt-send-SCM_CREDENTIALS-by-default: a
f_unix: dont send SCM_CREDENTIALS by default
(bnc#779577).
- sunrpc: increase maximum slots to use (bnc#775685).
- bio: bio allocation failure due to bio_get_nr_vecs()
(bnc#792270).
- bio: do not overflow in bio_get_nr_vecs() (bnc#792270).
- md: close race between removing and adding a device
(bnc#787848).
- thp, memcg: split hugepage for memcg oom on cow
(bnc#793671).
- bonding: delete migrated IP addresses from the rlb hash
table (bnc#729854).
- xfs: Fix re-use of EWOULDBLOCK during read on dm-mirror
(bnc#736255).
- qla2xxx: Determine the number of outstanding commands
based on available resources (bnc#782721).
- qla2xxx: Ramp down queue depth for attached SCSI devices
(bnc#782721).
- autofs4: fix lockdep splat in autofs (bnc#792834).
- ipv6: tcp: fix panic in SYN processing (bnc#789115).
- add splash=black option to bootsplash code, to keep a
black background, useful for remote access to VMs
(bnc#773487)
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-kernel-7273 slessp2-kernel-7277
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-kernel-7273 slessp2-kernel-7274 slessp2-kernel-7275 slessp2-kernel-7276 slessp2-kernel-7277
- SUSE Linux Enterprise High Availability Extension 11 SP2:
zypper in -t patch sleshasp2-kernel-7273 sleshasp2-kernel-7274 sleshasp2-kernel-7275 sleshasp2-kernel-7276 sleshasp2-kernel-7277
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-kernel-7273 sledsp2-kernel-7277
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.58]:
kernel-default-3.0.58-0.6.2.1
kernel-default-base-3.0.58-0.6.2.1
kernel-default-devel-3.0.58-0.6.2.1
kernel-source-3.0.58-0.6.2.1
kernel-syms-3.0.58-0.6.2.1
kernel-trace-3.0.58-0.6.2.1
kernel-trace-base-3.0.58-0.6.2.1
kernel-trace-devel-3.0.58-0.6.2.1
kernel-xen-devel-3.0.58-0.6.2.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):
xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.58]:
kernel-pae-3.0.58-0.6.2.1
kernel-pae-base-3.0.58-0.6.2.1
kernel-pae-devel-3.0.58-0.6.2.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.58]:
kernel-default-3.0.58-0.6.2.1
kernel-default-base-3.0.58-0.6.2.1
kernel-default-devel-3.0.58-0.6.2.1
kernel-source-3.0.58-0.6.2.1
kernel-syms-3.0.58-0.6.2.1
kernel-trace-3.0.58-0.6.2.1
kernel-trace-base-3.0.58-0.6.2.1
kernel-trace-devel-3.0.58-0.6.2.1
- SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.58]:
kernel-ec2-3.0.58-0.6.2.1
kernel-ec2-base-3.0.58-0.6.2.1
kernel-ec2-devel-3.0.58-0.6.2.1
kernel-xen-3.0.58-0.6.2.1
kernel-xen-base-3.0.58-0.6.2.1
kernel-xen-devel-3.0.58-0.6.2.1
- SUSE Linux Enterprise Server 11 SP2 (x86_64):
xen-kmp-default-4.1.3_06_3.0.58_0.6.2-0.7.16
xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16
- SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.58]:
kernel-default-man-3.0.58-0.6.2.1
- SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.58]:
kernel-ppc64-3.0.58-0.6.2.1
kernel-ppc64-base-3.0.58-0.6.2.1
kernel-ppc64-devel-3.0.58-0.6.2.1
- SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.58]:
kernel-pae-3.0.58-0.6.2.1
kernel-pae-base-3.0.58-0.6.2.1
kernel-pae-devel-3.0.58-0.6.2.1
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):
cluster-network-kmp-default-1.4_3.0.58_0.6.2-2.18.18
cluster-network-kmp-trace-1.4_3.0.58_0.6.2-2.18.18
gfs2-kmp-default-2_3.0.58_0.6.2-0.7.53
gfs2-kmp-trace-2_3.0.58_0.6.2-0.7.53
ocfs2-kmp-default-1.6_3.0.58_0.6.2-0.11.17
ocfs2-kmp-trace-1.6_3.0.58_0.6.2-0.11.17
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):
cluster-network-kmp-xen-1.4_3.0.58_0.6.2-2.18.18
gfs2-kmp-xen-2_3.0.58_0.6.2-0.7.53
ocfs2-kmp-xen-1.6_3.0.58_0.6.2-0.11.17
- SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):
cluster-network-kmp-ppc64-1.4_3.0.58_0.6.2-2.18.18
gfs2-kmp-ppc64-2_3.0.58_0.6.2-0.7.53
ocfs2-kmp-ppc64-1.6_3.0.58_0.6.2-0.11.17
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):
cluster-network-kmp-pae-1.4_3.0.58_0.6.2-2.18.18
gfs2-kmp-pae-2_3.0.58_0.6.2-0.7.53
ocfs2-kmp-pae-1.6_3.0.58_0.6.2-0.11.17
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.58]:
kernel-default-3.0.58-0.6.2.1
kernel-default-base-3.0.58-0.6.2.1
kernel-default-devel-3.0.58-0.6.2.1
kernel-default-extra-3.0.58-0.6.2.1
kernel-source-3.0.58-0.6.2.1
kernel-syms-3.0.58-0.6.2.1
kernel-trace-3.0.58-0.6.2.1
kernel-trace-base-3.0.58-0.6.2.1
kernel-trace-devel-3.0.58-0.6.2.1
kernel-trace-extra-3.0.58-0.6.2.1
kernel-xen-3.0.58-0.6.2.1
kernel-xen-base-3.0.58-0.6.2.1
kernel-xen-devel-3.0.58-0.6.2.1
kernel-xen-extra-3.0.58-0.6.2.1
- SUSE Linux Enterprise Desktop 11 SP2 (x86_64):
xen-kmp-default-4.1.3_06_3.0.58_0.6.2-0.7.16
xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16
- SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.58]:
kernel-pae-3.0.58-0.6.2.1
kernel-pae-base-3.0.58-0.6.2.1
kernel-pae-devel-3.0.58-0.6.2.1
kernel-pae-extra-3.0.58-0.6.2.1
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
ext4-writeable-kmp-default-0_3.0.58_0.6.2-0.14.34
ext4-writeable-kmp-trace-0_3.0.58_0.6.2-0.14.34
kernel-default-extra-3.0.58-0.6.2.1
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
ext4-writeable-kmp-xen-0_3.0.58_0.6.2-0.14.34
kernel-xen-extra-3.0.58-0.6.2.1
- SLE 11 SERVER Unsupported Extras (ppc64):
ext4-writeable-kmp-ppc64-0_3.0.58_0.6.2-0.14.34
kernel-ppc64-extra-3.0.58-0.6.2.1
- SLE 11 SERVER Unsupported Extras (i586):
ext4-writeable-kmp-pae-0_3.0.58_0.6.2-0.14.34
kernel-pae-extra-3.0.58-0.6.2.1
References:
http://support.novell.com/security/cve/CVE-2012-0957.html
http://support.novell.com/security/cve/CVE-2012-4530.html
http://support.novell.com/security/cve/CVE-2012-4565.html
https://bugzilla.novell.com/729854
https://bugzilla.novell.com/731387
https://bugzilla.novell.com/736255
https://bugzilla.novell.com/739728
https://bugzilla.novell.com/745876
https://bugzilla.novell.com/749651
https://bugzilla.novell.com/758104
https://bugzilla.novell.com/762158
https://bugzilla.novell.com/763463
https://bugzilla.novell.com/773487
https://bugzilla.novell.com/773831
https://bugzilla.novell.com/775685
https://bugzilla.novell.com/778136
https://bugzilla.novell.com/779577
https://bugzilla.novell.com/780008
https://bugzilla.novell.com/782721
https://bugzilla.novell.com/783515
https://bugzilla.novell.com/786013
https://bugzilla.novell.com/786976
https://bugzilla.novell.com/787348
https://bugzilla.novell.com/787576
https://bugzilla.novell.com/787848
https://bugzilla.novell.com/789115
https://bugzilla.novell.com/789648
https://bugzilla.novell.com/789993
https://bugzilla.novell.com/790935
https://bugzilla.novell.com/791498
https://bugzilla.novell.com/791853
https://bugzilla.novell.com/791904
https://bugzilla.novell.com/792270
https://bugzilla.novell.com/792500
https://bugzilla.novell.com/792656
https://bugzilla.novell.com/792834
https://bugzilla.novell.com/793104
https://bugzilla.novell.com/793139
https://bugzilla.novell.com/793593
https://bugzilla.novell.com/793671
https://bugzilla.novell.com/794231
https://bugzilla.novell.com/794824
https://bugzilla.novell.com/795354
https://bugzilla.novell.com/797042
https://bugzilla.novell.com/798960
https://bugzilla.novell.com/799209
https://bugzilla.novell.com/799275
https://bugzilla.novell.com/799909
http://download.novell.com/patch/finder/?keywords=0ba62dbce0c094606981fc3add2accf8
http://download.novell.com/patch/finder/?keywords=1c315e6cfd3ce8087b1899e68e65ae0e
http://download.novell.com/patch/finder/?keywords=1fc2bacaf0ca817ef3701dd571d7ad71
http://download.novell.com/patch/finder/?keywords=206afc330e3dbf0d4cc7c90edee812d8
http://download.novell.com/patch/finder/?keywords=2a57cc5f2a5ec70fa191adaddf997939
http://download.novell.com/patch/finder/?keywords=35ebd8d95c6d93e3c6fb100f6d4cb011
http://download.novell.com/patch/finder/?keywords=685b42f17ef53989efa8424d2aed59d0
http://download.novell.com/patch/finder/?keywords=6e8758cce7d593f1b00bbef027636b94
http://download.novell.com/patch/finder/?keywords=cdb80b057dfc85a1205eb7dab68ee993
http://download.novell.com/patch/finder/?keywords=edc95718160c9abca495cef1ddcff568
More information about the sle-security-updates
mailing list