SUSE-SU-2013:1832-1: moderate: Security update for Linux kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Dec 6 23:04:15 MST 2013


   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1832-1
Rating:             moderate
References:         #537165 #609220 #615418 #649868 #656153 #681180 
                    #681181 #681185 #683101 #693513 #699354 #699355 
                    #699709 #700879 #701550 #702014 #702037 #703153 
                    #703156 #706375 #707288 #709213 #709369 #713430 
                    #717421 #718028 #721267 #721351 #721830 #722400 
                    #724692 #725878 #726064 #726600 #727597 #730118 
                    #730749 #731673 #731770 #732613 #733407 #734056 
                    #735612 #740131 #742881 #745760 #747576 #749168 
                    #752556 #760902 #762825 #765102 #765320 #770980 
                    #773831 #776888 #786013 #789831 #795075 #797175 
                    #802642 #804154 #808827 #809889 #809891 #809892 
                    #809893 #809894 #809898 #809899 #809900 #809901 
                    #809903 #811354 #811752 #813735 #815745 #816668 
                    #823260 #823267 #824295 #826102 #826551 #827749 
                    #827750 #828119 #836856 #850241 
Cross-References:   CVE-2009-4020 CVE-2009-4067 CVE-2010-4249
                    CVE-2011-1170 CVE-2011-1171 CVE-2011-1172
                    CVE-2011-2203 CVE-2011-2213 CVE-2011-2484
                    CVE-2011-2492 CVE-2011-2494 CVE-2011-2525
                    CVE-2011-2534 CVE-2011-2699 CVE-2011-2928
                    CVE-2011-3209 CVE-2011-3363 CVE-2011-4077
                    CVE-2011-4110 CVE-2011-4132 CVE-2011-4324
                    CVE-2011-4330 CVE-2012-2136 CVE-2012-3510
                    CVE-2012-4444 CVE-2012-4530 CVE-2012-6537
                    CVE-2012-6539 CVE-2012-6540 CVE-2012-6541
                    CVE-2012-6542 CVE-2012-6544 CVE-2012-6545
                    CVE-2012-6546 CVE-2012-6547 CVE-2012-6549
                    CVE-2013-0160 CVE-2013-0268 CVE-2013-0871
                    CVE-2013-0914 CVE-2013-1827 CVE-2013-1928
                    CVE-2013-2141 CVE-2013-2147 CVE-2013-2164
                    CVE-2013-2206 CVE-2013-2232 CVE-2013-2234
                    CVE-2013-2237 CVE-2013-3222 CVE-2013-3223
                    CVE-2013-3224 CVE-2013-3228 CVE-2013-3229
                    CVE-2013-3231 CVE-2013-3232 CVE-2013-3234
                    CVE-2013-3235
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________

   An update that solves 58 vulnerabilities and has 30 fixes
   is now available.

Description:


   The SUSE Linux Enterprise Server 10 SP3 LTSS kernel
   received a roll up  update to fix lots of moderate security
   issues and several bugs.

   The Following security issues have been fixed:

   *

   CVE-2012-4530: The load_script function in
   fs/binfmt_script.c in the Linux kernel did not properly
   handle recursion, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted application.

   *

   CVE-2011-2494: kernel/taskstats.c in the Linux kernel
   allowed local users to obtain sensitive I/O statistics by
   sending taskstats commands to a netlink socket, as
   demonstrated by discovering the length of another users
   password.

   *

   CVE-2013-2234: The (1) key_notify_sa_flush and (2)
   key_notify_policy_flush functions in net/key/af_key.c in
   the Linux kernel did not initialize certain structure
   members, which allowed local users to obtain sensitive
   information from kernel heap memory by reading a broadcast
   message from the notify interface of an IPSec key_socket.

   *

   CVE-2013-2237: The key_notify_policy_flush function
   in net/key/af_key.c in the Linux kernel did not initialize
   a certain structure member, which allowed local users to
   obtain sensitive information from kernel heap memory by
   reading a broadcast message from the notify_policy
   interface of an IPSec key_socket.

   *

   CVE-2013-2147: The HP Smart Array controller
   disk-array driver and Compaq SMART2 controller disk-array
   driver in the Linux kernel did not initialize certain data
   structures, which allowed local users to obtain sensitive
   information from kernel memory via (1) a crafted
   IDAGETPCIINFO command for a /dev/ida device, related to the
   ida_locked_ioctl function in drivers/block/cpqarray.c or
   (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss
   device, related to the cciss_ioctl32_passthru function in
   drivers/block/cciss.c.

   *

   CVE-2013-2141: The do_tkill function in
   kernel/signal.c in the Linux kernel did not initialize a
   certain data structure, which allowed local users to obtain
   sensitive information from kernel memory via a crafted
   application that makes a (1) tkill or (2) tgkill system
   call.

   *

   CVE-2013-0160: The Linux kernel allowed local users
   to obtain sensitive information about keystroke timing by
   using the inotify API on the /dev/ptmx device.

   *

   CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux
   kernel did not initialize certain structures, which allowed
   local users to obtain sensitive information from kernel
   memory by leveraging the CAP_NET_ADMIN capability.

   *

   CVE-2013-3222: The vcc_recvmsg function in
   net/atm/common.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   *

   CVE-2013-3223: The ax25_recvmsg function in
   net/ax25/af_ax25.c in the Linux kernel did not initialize a
   certain data structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   *

   CVE-2013-3224: The bt_sock_recvmsg function in
   net/bluetooth/af_bluetooth.c in the Linux kernel did not
   properly initialize a certain length variable, which
   allowed local users to obtain sensitive information from
   kernel stack memory via a crafted recvmsg or recvfrom
   system call.

   *

   CVE-2013-3228: The irda_recvmsg_dgram function in
   net/irda/af_irda.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   *

   CVE-2013-3229: The iucv_sock_recvmsg function in
   net/iucv/af_iucv.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   *

   CVE-2013-3231: The llc_ui_recvmsg function in
   net/llc/af_llc.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   *

   CVE-2013-3232: The nr_recvmsg function in
   net/netrom/af_netrom.c in the Linux kernel did not
   initialize a certain data structure, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   *

   CVE-2013-3234: The rose_recvmsg function in
   net/rose/af_rose.c in the Linux kernel did not initialize a
   certain data structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   *

   CVE-2013-3235: net/tipc/socket.c in the Linux kernel
   did not initialize a certain data structure and a certain
   length variable, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   *

   CVE-2013-1827: net/dccp/ccid.h in the Linux kernel
   allowed local users to gain privileges or cause a denial of
   service (NULL pointer dereference and system crash) by
   leveraging the CAP_NET_ADMIN capability for a certain (1)
   sender or (2) receiver getsockopt call.

   *

   CVE-2012-6549: The isofs_export_encode_fh function in
   fs/isofs/export.c in the Linux kernel did not initialize a
   certain structure member, which allowed local users to
   obtain sensitive information from kernel heap memory via a
   crafted application.

   *

   CVE-2012-6547: The __tun_chr_ioctl function in
   drivers/net/tun.c in the Linux kernel did not initialize a
   certain structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted application.

   *

   CVE-2012-6546: The ATM implementation in the Linux
   kernel did not initialize certain structures, which allowed
   local users to obtain sensitive information from kernel
   stack memory via a crafted application.

   *

   CVE-2012-6544: The Bluetooth protocol stack in the
   Linux kernel did not properly initialize certain
   structures, which allowed local users to obtain sensitive
   information from kernel stack memory via a crafted
   application that targets the (1) L2CAP or (2) HCI
   implementation.

   *

   CVE-2012-6545: The Bluetooth RFCOMM implementation in
   the Linux kernel did not properly initialize certain
   structures, which allowed local users to obtain sensitive
   information from kernel memory via a crafted application.

   *

   CVE-2012-6542: The llc_ui_getname function in
   net/llc/af_llc.c in the Linux kernel had an incorrect
   return value in certain circumstances, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted application that leverages an
   uninitialized pointer argument.

   *

   CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
   net/dccp/ccids/ccid3.c in the Linux kernel did not
   initialize a certain structure, which allowed local users
   to obtain sensitive information from kernel stack memory
   via a crafted application.

   *

   CVE-2012-6540: The do_ip_vs_get_ctl function in
   net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not
   initialize a certain structure for IP_VS_SO_GET_TIMEOUT
   commands, which allowed local users to obtain sensitive
   information from kernel stack memory via a crafted
   application.

   *

   CVE-2013-0914: The flush_signal_handlers function in
   kernel/signal.c in the Linux kernel preserved the value of
   the sa_restorer field across an exec operation, which made
   it easier for local users to bypass the ASLR protection
   mechanism via a crafted application containing a sigaction
   system call.

   *

   CVE-2011-2492: The bluetooth subsystem in the Linux
   kernel did not properly initialize certain data structures,
   which allowed local users to obtain potentially sensitive
   information from kernel memory via a crafted getsockopt
   system call, related to (1) the l2cap_sock_getsockopt_old
   function in net/bluetooth/l2cap_sock.c and (2) the
   rfcomm_sock_getsockopt_old function in
   net/bluetooth/rfcomm/sock.c.

   *

   CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
   in net/sctp/sm_statefuns.c in the SCTP implementation in
   the Linux kernel did not properly handle associations
   during the processing of a duplicate COOKIE ECHO chunk,
   which allowed remote attackers to cause a denial of service
   (NULL pointer dereference and system crash) or possibly
   have unspecified other impact via crafted SCTP traffic.

   *

   CVE-2012-6539: The dev_ifconf function in
   net/socket.c in the Linux kernel did not initialize a
   certain structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted application.

   *

   CVE-2013-2232: The ip6_sk_dst_check function in
   net/ipv6/ip6_output.c in the Linux kernel allowed local
   users to cause a denial of service (system crash) by using
   an AF_INET6 socket for a connection to an IPv4 interface.

   *

   CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
   in drivers/cdrom/cdrom.c in the Linux kernel allowed local
   users to obtain sensitive information from kernel memory
   via a read operation on a malfunctioning CD-ROM drive.

   *

   CVE-2012-4444: The ip6_frag_queue function in
   net/ipv6/reassembly.c in the Linux kernel allowed remote
   attackers to bypass intended network restrictions via
   overlapping IPv6 fragments.

   *

   CVE-2013-1928: The do_video_set_spu_palette function
   in fs/compat_ioctl.c in the Linux kernel on unspecified
   architectures lacked a certain error check, which might
   have allowed local users to obtain sensitive information
   from kernel stack memory via a crafted
   VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.

   *

   CVE-2013-0871: Race condition in the ptrace
   functionality in the Linux kernel allowed local users to
   gain privileges via a PTRACE_SETREGS ptrace system call in
   a crafted application, as demonstrated by ptrace_death.

   *

   CVE-2013-0268: The msr_open function in
   arch/x86/kernel/msr.c in the Linux kernel allowed local
   users to bypass intended capability restrictions by
   executing a crafted application as root, as demonstrated by
   msr32.c.

   *

   CVE-2012-3510: Use-after-free vulnerability in the
   xacct_add_tsk function in kernel/tsacct.c in the Linux
   kernel allowed local users to obtain potentially sensitive
   information from kernel memory or cause a denial of service
   (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
   command.

   *

   CVE-2011-4110: The user_update function in
   security/keys/user_defined.c in the Linux kernel allowed
   local users to cause a denial of service (NULL pointer
   dereference and kernel oops) via vectors related to a
   user-defined key and "updating a negative key into a fully
   instantiated key."

   *

   CVE-2012-2136: The sock_alloc_send_pskb function in
   net/core/sock.c in the Linux kernel did not properly
   validate a certain length value, which allowed local users
   to cause a denial of service (heap-based buffer overflow
   and system crash) or possibly gain privileges by leveraging
   access to a TUN/TAP device.

   *

   CVE-2009-4020: Stack-based buffer overflow in the hfs
   subsystem in the Linux kernel allowed remote attackers to
   have an unspecified impact via a crafted Hierarchical File
   System (HFS) filesystem, related to the hfs_readdir
   function in fs/hfs/dir.c.

   *

   CVE-2011-2928: The befs_follow_link function in
   fs/befs/linuxvfs.c in the Linux kernel did not validate the
   length attribute of long symlinks, which allowed local
   users to cause a denial of service (incorrect pointer
   dereference and OOPS) by accessing a long symlink on a
   malformed Be filesystem.

   *

   CVE-2011-4077: Buffer overflow in the xfs_readlink
   function in fs/xfs/xfs_vnodeops.c in XFS in the Linux
   kernel, when CONFIG_XFS_DEBUG is disabled, allowed local
   users to cause a denial of service (memory corruption and
   crash) and possibly execute arbitrary code via an XFS image
   containing a symbolic link with a long pathname.

   *

   CVE-2011-4324: The encode_share_access function in
   fs/nfs/nfs4xdr.c in the Linux kernel allowed local users to
   cause a denial of service (BUG and system crash) by using
   the mknod system call with a pathname on an NFSv4
   filesystem.

   *

   CVE-2011-4330: Stack-based buffer overflow in the
   hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel
   allowed local users to cause a denial of service (crash)
   and possibly execute arbitrary code via an HFS image with a
   crafted len field.

   *

   CVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the
   IPv6 implementation in the Linux kernel did not place the
   expected 0 character at the end of string data in the
   values of certain structure members, which allowed local
   users to obtain potentially sensitive information from
   kernel memory by leveraging the CAP_NET_ADMIN capability to
   issue a crafted request, and then reading the argument to
   the resulting modprobe process.

   *

   CVE-2011-2525: The qdisc_notify function in
   net/sched/sch_api.c in the Linux kernel did not prevent
   tc_fill_qdisc function calls referencing builtin (aka
   CQ_F_BUILTIN) Qdisc structures, which allowed local users
   to cause a denial of service (NULL pointer dereference and
   OOPS) or possibly have unspecified other impact via a
   crafted call.

   *

   CVE-2011-2699: The IPv6 implementation in the Linux
   kernel did not generate Fragment Identification values
   separately for each destination, which made it easier for
   remote attackers to cause a denial of service (disrupted
   networking) by predicting these values and sending crafted
   packets.

   *

   CVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the
   IPv4 implementation in the Linux kernel did not place the
   expected 0 character at the end of string data in the
   values of certain structure members, which allowed local
   users to obtain potentially sensitive information from
   kernel memory by leveraging the CAP_NET_ADMIN capability to
   issue a crafted request, and then reading the argument to
   the resulting modprobe process.

   *

   CVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the
   IPv4 implementation in the Linux kernel did not place the
   expected 0 character at the end of string data in the
   values of certain structure members, which allowed local
   users to obtain potentially sensitive information from
   kernel memory by leveraging the CAP_NET_ADMIN capability to
   issue a crafted request, and then reading the argument to
   the resulting modprobe process.

   *

   CVE-2011-3209: The div_long_long_rem implementation
   in include/asm-x86/div64.h in the Linux kernel on the x86
   platform allowed local users to cause a denial of service
   (Divide Error Fault and panic) via a clock_gettime system
   call.

   *

   CVE-2011-2213: The inet_diag_bc_audit function in
   net/ipv4/inet_diag.c in the Linux kernel did not properly
   audit INET_DIAG bytecode, which allowed local users to
   cause a denial of service (kernel infinite loop) via
   crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
   message, as demonstrated by an INET_DIAG_BC_JMP instruction
   with a zero yes value, a different vulnerability than
   CVE-2010-3880.

   *

   CVE-2011-2534: Buffer overflow in the
   clusterip_proc_write function in
   net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel
   might have allowed local users to cause a denial of service
   or have unspecified other impact via a crafted write
   operation, related to string data that lacks a terminating
   0 character.

   *

   CVE-2011-2699: The IPv6 implementation in the Linux
   kernel did not generate Fragment Identification values
   separately for each destination, which made it easier for
   remote attackers to cause a denial of service (disrupted
   networking) by predicting these values and sending crafted
   packets.

   *

   CVE-2011-2203: The hfs_find_init function in the
   Linux kernel allowed local users to cause a denial of
   service (NULL pointer dereference and Oops) by mounting an
   HFS file system with a malformed MDB extent record.

   *

   CVE-2009-4067: A USB string descriptor overflow in
   the auerwald USB driver was fixed, which could be used by
   physically proximate attackers to cause a kernel crash.

   *

   CVE-2011-3363: The setup_cifs_sb function in
   fs/cifs/connect.c in the Linux kernel did not properly
   handle DFS referrals, which allowed remote CIFS servers to
   cause a denial of service (system crash) by placing a
   referral at the root of a share.

   *

   CVE-2011-2484: The add_del_listener function in
   kernel/taskstats.c in the Linux kernel did not prevent
   multiple registrations of exit handlers, which allowed
   local users to cause a denial of service (memory and CPU
   consumption), and bypass the OOM Killer, via a crafted
   application.

   *

   CVE-2011-4132: The cleanup_journal_tail function in
   the Journaling Block Device (JBD) functionality in the
   Linux kernel allowed local users to cause a denial of
   service (assertion error and kernel oops) via an ext3 or
   ext4 image with an "invalid log first block value."

   *

   CVE-2010-4249: The wait_for_unix_gc function in
   net/unix/garbage.c in the Linux kernel before
   2.6.37-rc3-next-20101125 does not properly select times for
   garbage collection of inflight sockets, which allows local
   users to cause a denial of service (system hang) via
   crafted use of the socketpair and sendmsg system calls for
   SOCK_SEQPACKET sockets.

   The following bugs have been fixed:

   *

   patches.fixes/allow-executables-larger-than-2GB.patch: Allow
   executables larger than 2GB (bnc#836856).

   *

   cio: prevent kernel panic after unexpected I/O
   interrupt (bnc#649868,LTC#67975).

   * cio: Add timeouts for internal IO
   (bnc#701550,LTC#72691).
   *

   kernel: first time swap use results in heavy swapping
   (bnc#701550,LTC#73132).

   *

   qla2xxx: Do not be so verbose on underrun detected

   *

   patches.arch/i386-run-tsc-calibration-5-times.patch:
   Fix the patch, the logic was wrong (bnc#537165, bnc#826551).

   *

   xfs: Do not reclaim new inodes in xfs_sync_inodes()
   (bnc#770980 bnc#811752).

   *

   kbuild: Fix gcc -x syntax (bnc#773831).

   *

   e1000e: stop cleaning when we reach
   tx_ring->next_to_use (bnc#762825).

   *

   Fix race condition about network device name
   allocation (bnc#747576).

   *

   kdump: bootmem map over crash reserved region
   (bnc#749168, bnc#722400, bnc#742881).

   *

   tcp: fix race condition leading to premature
   termination of sockets in FIN_WAIT2 state and connection
   being reset (bnc#745760)

   *

   tcp: drop SYN+FIN messages (bnc#765102).

   *

   net/linkwatch: Handle jiffies wrap-around
   (bnc#740131).

   *

   patches.fixes/vm-dirty-bytes: Provide
   /proc/sys/vm/dirty_{background_,}bytes for tuning
   (bnc#727597).

   *

   ipmi: Fix deadlock in start_next_msg() (bnc#730749).

   *

   cpu-hotplug: release workqueue_mutex properly on CPU
   hot-remove (bnc#733407).

   *

   libiscsi: handle init task failures (bnc#721351).

   *

   NFS/sunrpc: do not use a credential with extra groups
   (bnc#725878).

   *

   x86_64: fix reboot hang when "reboot=b" is passed to
   the kernel (bnc#721267).

   *

   nf_nat: do not add NAT extension for confirmed
   conntracks (bnc#709213).

   *

   xfs: fix memory reclaim recursion deadlock on locked
   inode buffer (bnc#699355 bnc#699354 bnc#721830).

   *

   ipmi: do not grab locks in run-to-completion mode
   (bnc#717421).

   *

   cciss: do not attempt to read from a write-only
   register (bnc#683101).

   *

   qla2xxx: Disable MSI-X initialization (bnc#693513).

   *

   Allow balance_dirty_pages to help other filesystems
   (bnc#709369).

   * nfs: fix congestion control (bnc#709369).
   * NFS: Separate metadata and page cache revalidation
   mechanisms (bnc#709369).
   *

   knfsd: nfsd4: fix laundromat shutdown race
   (bnc#752556).

   *

   x87: Do not synchronize TSCs across cores if they
   already should be synchronized by HW (bnc#615418
   bnc#609220).

   *

   reiserfs: Fix int overflow while calculating free
   space (bnc#795075).

   *

   af_unix: limit recursion level (bnc#656153).

   *

   bcm43xx: netlink deadlock fix (bnc#850241).

   *

   jbd: Issue cache flush after checkpointing
   (bnc#731770).

   *

   cfq: Fix infinite loop in cfq_preempt_queue()
   (bnc#724692).

   Security Issue references:

   * CVE-2009-4020
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4020
   >
   * CVE-2009-4067
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4067
   >
   * CVE-2010-4249
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
   >
   * CVE-2011-1170
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170
   >
   * CVE-2011-1171
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171
   >
   * CVE-2011-1172
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172
   >
   * CVE-2011-2203
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2203
   >
   * CVE-2011-2213
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
   >
   * CVE-2011-2484
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484
   >
   * CVE-2011-2492
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
   >
   * CVE-2011-2494
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494
   >
   * CVE-2011-2525
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525
   >
   * CVE-2011-2534
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2534
   >
   * CVE-2011-2699
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699
   >
   * CVE-2011-2928
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928
   >
   * CVE-2011-3209
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3209
   >
   * CVE-2011-3363
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3363
   >
   * CVE-2011-4077
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077
   >
   * CVE-2011-4110
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110
   >
   * CVE-2011-4324
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4324
   >
   * CVE-2011-4330
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4330
   >
   * CVE-2012-2136
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136
   >
   * CVE-2012-3510
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510
   >
   * CVE-2012-4444
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4444
   >
   * CVE-2012-4530
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
   >
   * CVE-2012-6537
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6537
   >
   * CVE-2012-6539
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6539
   >
   * CVE-2012-6540
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6540
   >
   * CVE-2012-6541
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6541
   >
   * CVE-2012-6542
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6542
   >
   * CVE-2012-6544
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6544
   >
   * CVE-2012-6545
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6545
   >
   * CVE-2012-6546
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6546
   >
   * CVE-2012-6547
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6547
   >
   * CVE-2012-6549
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6549
   >
   * CVE-2013-0160
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160
   >
   * CVE-2013-0268
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268
   >
   * CVE-2013-0871
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
   >
   * CVE-2013-0914
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
   >
   * CVE-2013-1827
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1827
   >
   * CVE-2013-2141
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
   >
   * CVE-2013-2147
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147
   >
   * CVE-2013-2164
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
   >
   * CVE-2013-2206
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206
   >
   * CVE-2013-2232
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
   >
   * CVE-2013-2234
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
   >
   * CVE-2013-2237
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
   >
   * CVE-2013-3222
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222
   >
   * CVE-2013-3223
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223
   >
   * CVE-2013-3224
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224
   >
   * CVE-2013-3228
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228
   >
   * CVE-2013-3229
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229
   >
   * CVE-2013-3231
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231
   >
   * CVE-2013-3232
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232
   >
   * CVE-2013-3234
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234
   >
   * CVE-2013-3235
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235
   >
   * CVE-2011-4132
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132
   >
   * CVE-2013-1928
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1928
   >

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):

      kernel-default-2.6.16.60-0.113.1
      kernel-source-2.6.16.60-0.113.1
      kernel-syms-2.6.16.60-0.113.1

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64):

      kernel-debug-2.6.16.60-0.113.1
      kernel-kdump-2.6.16.60-0.113.1
      kernel-smp-2.6.16.60-0.113.1
      kernel-xen-2.6.16.60-0.113.1

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586):

      kernel-bigsmp-2.6.16.60-0.113.1
      kernel-kdumppae-2.6.16.60-0.113.1
      kernel-vmi-2.6.16.60-0.113.1
      kernel-vmipae-2.6.16.60-0.113.1
      kernel-xenpae-2.6.16.60-0.113.1


References:

   http://support.novell.com/security/cve/CVE-2009-4020.html
   http://support.novell.com/security/cve/CVE-2009-4067.html
   http://support.novell.com/security/cve/CVE-2010-4249.html
   http://support.novell.com/security/cve/CVE-2011-1170.html
   http://support.novell.com/security/cve/CVE-2011-1171.html
   http://support.novell.com/security/cve/CVE-2011-1172.html
   http://support.novell.com/security/cve/CVE-2011-2203.html
   http://support.novell.com/security/cve/CVE-2011-2213.html
   http://support.novell.com/security/cve/CVE-2011-2484.html
   http://support.novell.com/security/cve/CVE-2011-2492.html
   http://support.novell.com/security/cve/CVE-2011-2494.html
   http://support.novell.com/security/cve/CVE-2011-2525.html
   http://support.novell.com/security/cve/CVE-2011-2534.html
   http://support.novell.com/security/cve/CVE-2011-2699.html
   http://support.novell.com/security/cve/CVE-2011-2928.html
   http://support.novell.com/security/cve/CVE-2011-3209.html
   http://support.novell.com/security/cve/CVE-2011-3363.html
   http://support.novell.com/security/cve/CVE-2011-4077.html
   http://support.novell.com/security/cve/CVE-2011-4110.html
   http://support.novell.com/security/cve/CVE-2011-4132.html
   http://support.novell.com/security/cve/CVE-2011-4324.html
   http://support.novell.com/security/cve/CVE-2011-4330.html
   http://support.novell.com/security/cve/CVE-2012-2136.html
   http://support.novell.com/security/cve/CVE-2012-3510.html
   http://support.novell.com/security/cve/CVE-2012-4444.html
   http://support.novell.com/security/cve/CVE-2012-4530.html
   http://support.novell.com/security/cve/CVE-2012-6537.html
   http://support.novell.com/security/cve/CVE-2012-6539.html
   http://support.novell.com/security/cve/CVE-2012-6540.html
   http://support.novell.com/security/cve/CVE-2012-6541.html
   http://support.novell.com/security/cve/CVE-2012-6542.html
   http://support.novell.com/security/cve/CVE-2012-6544.html
   http://support.novell.com/security/cve/CVE-2012-6545.html
   http://support.novell.com/security/cve/CVE-2012-6546.html
   http://support.novell.com/security/cve/CVE-2012-6547.html
   http://support.novell.com/security/cve/CVE-2012-6549.html
   http://support.novell.com/security/cve/CVE-2013-0160.html
   http://support.novell.com/security/cve/CVE-2013-0268.html
   http://support.novell.com/security/cve/CVE-2013-0871.html
   http://support.novell.com/security/cve/CVE-2013-0914.html
   http://support.novell.com/security/cve/CVE-2013-1827.html
   http://support.novell.com/security/cve/CVE-2013-1928.html
   http://support.novell.com/security/cve/CVE-2013-2141.html
   http://support.novell.com/security/cve/CVE-2013-2147.html
   http://support.novell.com/security/cve/CVE-2013-2164.html
   http://support.novell.com/security/cve/CVE-2013-2206.html
   http://support.novell.com/security/cve/CVE-2013-2232.html
   http://support.novell.com/security/cve/CVE-2013-2234.html
   http://support.novell.com/security/cve/CVE-2013-2237.html
   http://support.novell.com/security/cve/CVE-2013-3222.html
   http://support.novell.com/security/cve/CVE-2013-3223.html
   http://support.novell.com/security/cve/CVE-2013-3224.html
   http://support.novell.com/security/cve/CVE-2013-3228.html
   http://support.novell.com/security/cve/CVE-2013-3229.html
   http://support.novell.com/security/cve/CVE-2013-3231.html
   http://support.novell.com/security/cve/CVE-2013-3232.html
   http://support.novell.com/security/cve/CVE-2013-3234.html
   http://support.novell.com/security/cve/CVE-2013-3235.html
   https://bugzilla.novell.com/537165
   https://bugzilla.novell.com/609220
   https://bugzilla.novell.com/615418
   https://bugzilla.novell.com/649868
   https://bugzilla.novell.com/656153
   https://bugzilla.novell.com/681180
   https://bugzilla.novell.com/681181
   https://bugzilla.novell.com/681185
   https://bugzilla.novell.com/683101
   https://bugzilla.novell.com/693513
   https://bugzilla.novell.com/699354
   https://bugzilla.novell.com/699355
   https://bugzilla.novell.com/699709
   https://bugzilla.novell.com/700879
   https://bugzilla.novell.com/701550
   https://bugzilla.novell.com/702014
   https://bugzilla.novell.com/702037
   https://bugzilla.novell.com/703153
   https://bugzilla.novell.com/703156
   https://bugzilla.novell.com/706375
   https://bugzilla.novell.com/707288
   https://bugzilla.novell.com/709213
   https://bugzilla.novell.com/709369
   https://bugzilla.novell.com/713430
   https://bugzilla.novell.com/717421
   https://bugzilla.novell.com/718028
   https://bugzilla.novell.com/721267
   https://bugzilla.novell.com/721351
   https://bugzilla.novell.com/721830
   https://bugzilla.novell.com/722400
   https://bugzilla.novell.com/724692
   https://bugzilla.novell.com/725878
   https://bugzilla.novell.com/726064
   https://bugzilla.novell.com/726600
   https://bugzilla.novell.com/727597
   https://bugzilla.novell.com/730118
   https://bugzilla.novell.com/730749
   https://bugzilla.novell.com/731673
   https://bugzilla.novell.com/731770
   https://bugzilla.novell.com/732613
   https://bugzilla.novell.com/733407
   https://bugzilla.novell.com/734056
   https://bugzilla.novell.com/735612
   https://bugzilla.novell.com/740131
   https://bugzilla.novell.com/742881
   https://bugzilla.novell.com/745760
   https://bugzilla.novell.com/747576
   https://bugzilla.novell.com/749168
   https://bugzilla.novell.com/752556
   https://bugzilla.novell.com/760902
   https://bugzilla.novell.com/762825
   https://bugzilla.novell.com/765102
   https://bugzilla.novell.com/765320
   https://bugzilla.novell.com/770980
   https://bugzilla.novell.com/773831
   https://bugzilla.novell.com/776888
   https://bugzilla.novell.com/786013
   https://bugzilla.novell.com/789831
   https://bugzilla.novell.com/795075
   https://bugzilla.novell.com/797175
   https://bugzilla.novell.com/802642
   https://bugzilla.novell.com/804154
   https://bugzilla.novell.com/808827
   https://bugzilla.novell.com/809889
   https://bugzilla.novell.com/809891
   https://bugzilla.novell.com/809892
   https://bugzilla.novell.com/809893
   https://bugzilla.novell.com/809894
   https://bugzilla.novell.com/809898
   https://bugzilla.novell.com/809899
   https://bugzilla.novell.com/809900
   https://bugzilla.novell.com/809901
   https://bugzilla.novell.com/809903
   https://bugzilla.novell.com/811354
   https://bugzilla.novell.com/811752
   https://bugzilla.novell.com/813735
   https://bugzilla.novell.com/815745
   https://bugzilla.novell.com/816668
   https://bugzilla.novell.com/823260
   https://bugzilla.novell.com/823267
   https://bugzilla.novell.com/824295
   https://bugzilla.novell.com/826102
   https://bugzilla.novell.com/826551
   https://bugzilla.novell.com/827749
   https://bugzilla.novell.com/827750
   https://bugzilla.novell.com/828119
   https://bugzilla.novell.com/836856
   https://bugzilla.novell.com/850241
   http://download.novell.com/patch/finder/?keywords=2edd49abdf9ae71916d1b5acb9177a75
   http://download.novell.com/patch/finder/?keywords=ab3d3594ee8b8099b9bc0f2a2095b6b6
   http://download.novell.com/patch/finder/?keywords=ffdbcc106c0e9486ae78943c42345dbd



More information about the sle-security-updates mailing list