SUSE-SU-2013:1832-1: moderate: Security update for Linux kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Dec 6 23:04:15 MST 2013
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1832-1
Rating: moderate
References: #537165 #609220 #615418 #649868 #656153 #681180
#681181 #681185 #683101 #693513 #699354 #699355
#699709 #700879 #701550 #702014 #702037 #703153
#703156 #706375 #707288 #709213 #709369 #713430
#717421 #718028 #721267 #721351 #721830 #722400
#724692 #725878 #726064 #726600 #727597 #730118
#730749 #731673 #731770 #732613 #733407 #734056
#735612 #740131 #742881 #745760 #747576 #749168
#752556 #760902 #762825 #765102 #765320 #770980
#773831 #776888 #786013 #789831 #795075 #797175
#802642 #804154 #808827 #809889 #809891 #809892
#809893 #809894 #809898 #809899 #809900 #809901
#809903 #811354 #811752 #813735 #815745 #816668
#823260 #823267 #824295 #826102 #826551 #827749
#827750 #828119 #836856 #850241
Cross-References: CVE-2009-4020 CVE-2009-4067 CVE-2010-4249
CVE-2011-1170 CVE-2011-1171 CVE-2011-1172
CVE-2011-2203 CVE-2011-2213 CVE-2011-2484
CVE-2011-2492 CVE-2011-2494 CVE-2011-2525
CVE-2011-2534 CVE-2011-2699 CVE-2011-2928
CVE-2011-3209 CVE-2011-3363 CVE-2011-4077
CVE-2011-4110 CVE-2011-4132 CVE-2011-4324
CVE-2011-4330 CVE-2012-2136 CVE-2012-3510
CVE-2012-4444 CVE-2012-4530 CVE-2012-6537
CVE-2012-6539 CVE-2012-6540 CVE-2012-6541
CVE-2012-6542 CVE-2012-6544 CVE-2012-6545
CVE-2012-6546 CVE-2012-6547 CVE-2012-6549
CVE-2013-0160 CVE-2013-0268 CVE-2013-0871
CVE-2013-0914 CVE-2013-1827 CVE-2013-1928
CVE-2013-2141 CVE-2013-2147 CVE-2013-2164
CVE-2013-2206 CVE-2013-2232 CVE-2013-2234
CVE-2013-2237 CVE-2013-3222 CVE-2013-3223
CVE-2013-3224 CVE-2013-3228 CVE-2013-3229
CVE-2013-3231 CVE-2013-3232 CVE-2013-3234
CVE-2013-3235
Affected Products:
SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________
An update that solves 58 vulnerabilities and has 30 fixes
is now available.
Description:
The SUSE Linux Enterprise Server 10 SP3 LTSS kernel
received a roll up update to fix lots of moderate security
issues and several bugs.
The Following security issues have been fixed:
*
CVE-2012-4530: The load_script function in
fs/binfmt_script.c in the Linux kernel did not properly
handle recursion, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted application.
*
CVE-2011-2494: kernel/taskstats.c in the Linux kernel
allowed local users to obtain sensitive I/O statistics by
sending taskstats commands to a netlink socket, as
demonstrated by discovering the length of another users
password.
*
CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel did not initialize certain structure
members, which allowed local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
*
CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel did not initialize
a certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy
interface of an IPSec key_socket.
*
CVE-2013-2147: The HP Smart Array controller
disk-array driver and Compaq SMART2 controller disk-array
driver in the Linux kernel did not initialize certain data
structures, which allowed local users to obtain sensitive
information from kernel memory via (1) a crafted
IDAGETPCIINFO command for a /dev/ida device, related to the
ida_locked_ioctl function in drivers/block/cpqarray.c or
(2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss
device, related to the cciss_ioctl32_passthru function in
drivers/block/cciss.c.
*
CVE-2013-2141: The do_tkill function in
kernel/signal.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel memory via a crafted
application that makes a (1) tkill or (2) tgkill system
call.
*
CVE-2013-0160: The Linux kernel allowed local users
to obtain sensitive information about keystroke timing by
using the inotify API on the /dev/ptmx device.
*
CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux
kernel did not initialize certain structures, which allowed
local users to obtain sensitive information from kernel
memory by leveraging the CAP_NET_ADMIN capability.
*
CVE-2013-3222: The vcc_recvmsg function in
net/atm/common.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
*
CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
*
CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom
system call.
*
CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
*
CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
*
CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
*
CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
*
CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
*
CVE-2013-3235: net/tipc/socket.c in the Linux kernel
did not initialize a certain data structure and a certain
length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.
*
CVE-2013-1827: net/dccp/ccid.h in the Linux kernel
allowed local users to gain privileges or cause a denial of
service (NULL pointer dereference and system crash) by
leveraging the CAP_NET_ADMIN capability for a certain (1)
sender or (2) receiver getsockopt call.
*
CVE-2012-6549: The isofs_export_encode_fh function in
fs/isofs/export.c in the Linux kernel did not initialize a
certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory via a
crafted application.
*
CVE-2012-6547: The __tun_chr_ioctl function in
drivers/net/tun.c in the Linux kernel did not initialize a
certain structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted application.
*
CVE-2012-6546: The ATM implementation in the Linux
kernel did not initialize certain structures, which allowed
local users to obtain sensitive information from kernel
stack memory via a crafted application.
*
CVE-2012-6544: The Bluetooth protocol stack in the
Linux kernel did not properly initialize certain
structures, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
application that targets the (1) L2CAP or (2) HCI
implementation.
*
CVE-2012-6545: The Bluetooth RFCOMM implementation in
the Linux kernel did not properly initialize certain
structures, which allowed local users to obtain sensitive
information from kernel memory via a crafted application.
*
CVE-2012-6542: The llc_ui_getname function in
net/llc/af_llc.c in the Linux kernel had an incorrect
return value in certain circumstances, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted application that leverages an
uninitialized pointer argument.
*
CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
net/dccp/ccids/ccid3.c in the Linux kernel did not
initialize a certain structure, which allowed local users
to obtain sensitive information from kernel stack memory
via a crafted application.
*
CVE-2012-6540: The do_ip_vs_get_ctl function in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not
initialize a certain structure for IP_VS_SO_GET_TIMEOUT
commands, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
application.
*
CVE-2013-0914: The flush_signal_handlers function in
kernel/signal.c in the Linux kernel preserved the value of
the sa_restorer field across an exec operation, which made
it easier for local users to bypass the ASLR protection
mechanism via a crafted application containing a sigaction
system call.
*
CVE-2011-2492: The bluetooth subsystem in the Linux
kernel did not properly initialize certain data structures,
which allowed local users to obtain potentially sensitive
information from kernel memory via a crafted getsockopt
system call, related to (1) the l2cap_sock_getsockopt_old
function in net/bluetooth/l2cap_sock.c and (2) the
rfcomm_sock_getsockopt_old function in
net/bluetooth/rfcomm/sock.c.
*
CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
in net/sctp/sm_statefuns.c in the SCTP implementation in
the Linux kernel did not properly handle associations
during the processing of a duplicate COOKIE ECHO chunk,
which allowed remote attackers to cause a denial of service
(NULL pointer dereference and system crash) or possibly
have unspecified other impact via crafted SCTP traffic.
*
CVE-2012-6539: The dev_ifconf function in
net/socket.c in the Linux kernel did not initialize a
certain structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted application.
*
CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.
*
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory
via a read operation on a malfunctioning CD-ROM drive.
*
CVE-2012-4444: The ip6_frag_queue function in
net/ipv6/reassembly.c in the Linux kernel allowed remote
attackers to bypass intended network restrictions via
overlapping IPv6 fragments.
*
CVE-2013-1928: The do_video_set_spu_palette function
in fs/compat_ioctl.c in the Linux kernel on unspecified
architectures lacked a certain error check, which might
have allowed local users to obtain sensitive information
from kernel stack memory via a crafted
VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.
*
CVE-2013-0871: Race condition in the ptrace
functionality in the Linux kernel allowed local users to
gain privileges via a PTRACE_SETREGS ptrace system call in
a crafted application, as demonstrated by ptrace_death.
*
CVE-2013-0268: The msr_open function in
arch/x86/kernel/msr.c in the Linux kernel allowed local
users to bypass intended capability restrictions by
executing a crafted application as root, as demonstrated by
msr32.c.
*
CVE-2012-3510: Use-after-free vulnerability in the
xacct_add_tsk function in kernel/tsacct.c in the Linux
kernel allowed local users to obtain potentially sensitive
information from kernel memory or cause a denial of service
(system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
command.
*
CVE-2011-4110: The user_update function in
security/keys/user_defined.c in the Linux kernel allowed
local users to cause a denial of service (NULL pointer
dereference and kernel oops) via vectors related to a
user-defined key and "updating a negative key into a fully
instantiated key."
*
CVE-2012-2136: The sock_alloc_send_pskb function in
net/core/sock.c in the Linux kernel did not properly
validate a certain length value, which allowed local users
to cause a denial of service (heap-based buffer overflow
and system crash) or possibly gain privileges by leveraging
access to a TUN/TAP device.
*
CVE-2009-4020: Stack-based buffer overflow in the hfs
subsystem in the Linux kernel allowed remote attackers to
have an unspecified impact via a crafted Hierarchical File
System (HFS) filesystem, related to the hfs_readdir
function in fs/hfs/dir.c.
*
CVE-2011-2928: The befs_follow_link function in
fs/befs/linuxvfs.c in the Linux kernel did not validate the
length attribute of long symlinks, which allowed local
users to cause a denial of service (incorrect pointer
dereference and OOPS) by accessing a long symlink on a
malformed Be filesystem.
*
CVE-2011-4077: Buffer overflow in the xfs_readlink
function in fs/xfs/xfs_vnodeops.c in XFS in the Linux
kernel, when CONFIG_XFS_DEBUG is disabled, allowed local
users to cause a denial of service (memory corruption and
crash) and possibly execute arbitrary code via an XFS image
containing a symbolic link with a long pathname.
*
CVE-2011-4324: The encode_share_access function in
fs/nfs/nfs4xdr.c in the Linux kernel allowed local users to
cause a denial of service (BUG and system crash) by using
the mknod system call with a pathname on an NFSv4
filesystem.
*
CVE-2011-4330: Stack-based buffer overflow in the
hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel
allowed local users to cause a denial of service (crash)
and possibly execute arbitrary code via an HFS image with a
crafted len field.
*
CVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the
IPv6 implementation in the Linux kernel did not place the
expected 0 character at the end of string data in the
values of certain structure members, which allowed local
users to obtain potentially sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability to
issue a crafted request, and then reading the argument to
the resulting modprobe process.
*
CVE-2011-2525: The qdisc_notify function in
net/sched/sch_api.c in the Linux kernel did not prevent
tc_fill_qdisc function calls referencing builtin (aka
CQ_F_BUILTIN) Qdisc structures, which allowed local users
to cause a denial of service (NULL pointer dereference and
OOPS) or possibly have unspecified other impact via a
crafted call.
*
CVE-2011-2699: The IPv6 implementation in the Linux
kernel did not generate Fragment Identification values
separately for each destination, which made it easier for
remote attackers to cause a denial of service (disrupted
networking) by predicting these values and sending crafted
packets.
*
CVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the
IPv4 implementation in the Linux kernel did not place the
expected 0 character at the end of string data in the
values of certain structure members, which allowed local
users to obtain potentially sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability to
issue a crafted request, and then reading the argument to
the resulting modprobe process.
*
CVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the
IPv4 implementation in the Linux kernel did not place the
expected 0 character at the end of string data in the
values of certain structure members, which allowed local
users to obtain potentially sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability to
issue a crafted request, and then reading the argument to
the resulting modprobe process.
*
CVE-2011-3209: The div_long_long_rem implementation
in include/asm-x86/div64.h in the Linux kernel on the x86
platform allowed local users to cause a denial of service
(Divide Error Fault and panic) via a clock_gettime system
call.
*
CVE-2011-2213: The inet_diag_bc_audit function in
net/ipv4/inet_diag.c in the Linux kernel did not properly
audit INET_DIAG bytecode, which allowed local users to
cause a denial of service (kernel infinite loop) via
crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
message, as demonstrated by an INET_DIAG_BC_JMP instruction
with a zero yes value, a different vulnerability than
CVE-2010-3880.
*
CVE-2011-2534: Buffer overflow in the
clusterip_proc_write function in
net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel
might have allowed local users to cause a denial of service
or have unspecified other impact via a crafted write
operation, related to string data that lacks a terminating
0 character.
*
CVE-2011-2699: The IPv6 implementation in the Linux
kernel did not generate Fragment Identification values
separately for each destination, which made it easier for
remote attackers to cause a denial of service (disrupted
networking) by predicting these values and sending crafted
packets.
*
CVE-2011-2203: The hfs_find_init function in the
Linux kernel allowed local users to cause a denial of
service (NULL pointer dereference and Oops) by mounting an
HFS file system with a malformed MDB extent record.
*
CVE-2009-4067: A USB string descriptor overflow in
the auerwald USB driver was fixed, which could be used by
physically proximate attackers to cause a kernel crash.
*
CVE-2011-3363: The setup_cifs_sb function in
fs/cifs/connect.c in the Linux kernel did not properly
handle DFS referrals, which allowed remote CIFS servers to
cause a denial of service (system crash) by placing a
referral at the root of a share.
*
CVE-2011-2484: The add_del_listener function in
kernel/taskstats.c in the Linux kernel did not prevent
multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU
consumption), and bypass the OOM Killer, via a crafted
application.
*
CVE-2011-4132: The cleanup_journal_tail function in
the Journaling Block Device (JBD) functionality in the
Linux kernel allowed local users to cause a denial of
service (assertion error and kernel oops) via an ext3 or
ext4 image with an "invalid log first block value."
*
CVE-2010-4249: The wait_for_unix_gc function in
net/unix/garbage.c in the Linux kernel before
2.6.37-rc3-next-20101125 does not properly select times for
garbage collection of inflight sockets, which allows local
users to cause a denial of service (system hang) via
crafted use of the socketpair and sendmsg system calls for
SOCK_SEQPACKET sockets.
The following bugs have been fixed:
*
patches.fixes/allow-executables-larger-than-2GB.patch: Allow
executables larger than 2GB (bnc#836856).
*
cio: prevent kernel panic after unexpected I/O
interrupt (bnc#649868,LTC#67975).
* cio: Add timeouts for internal IO
(bnc#701550,LTC#72691).
*
kernel: first time swap use results in heavy swapping
(bnc#701550,LTC#73132).
*
qla2xxx: Do not be so verbose on underrun detected
*
patches.arch/i386-run-tsc-calibration-5-times.patch:
Fix the patch, the logic was wrong (bnc#537165, bnc#826551).
*
xfs: Do not reclaim new inodes in xfs_sync_inodes()
(bnc#770980 bnc#811752).
*
kbuild: Fix gcc -x syntax (bnc#773831).
*
e1000e: stop cleaning when we reach
tx_ring->next_to_use (bnc#762825).
*
Fix race condition about network device name
allocation (bnc#747576).
*
kdump: bootmem map over crash reserved region
(bnc#749168, bnc#722400, bnc#742881).
*
tcp: fix race condition leading to premature
termination of sockets in FIN_WAIT2 state and connection
being reset (bnc#745760)
*
tcp: drop SYN+FIN messages (bnc#765102).
*
net/linkwatch: Handle jiffies wrap-around
(bnc#740131).
*
patches.fixes/vm-dirty-bytes: Provide
/proc/sys/vm/dirty_{background_,}bytes for tuning
(bnc#727597).
*
ipmi: Fix deadlock in start_next_msg() (bnc#730749).
*
cpu-hotplug: release workqueue_mutex properly on CPU
hot-remove (bnc#733407).
*
libiscsi: handle init task failures (bnc#721351).
*
NFS/sunrpc: do not use a credential with extra groups
(bnc#725878).
*
x86_64: fix reboot hang when "reboot=b" is passed to
the kernel (bnc#721267).
*
nf_nat: do not add NAT extension for confirmed
conntracks (bnc#709213).
*
xfs: fix memory reclaim recursion deadlock on locked
inode buffer (bnc#699355 bnc#699354 bnc#721830).
*
ipmi: do not grab locks in run-to-completion mode
(bnc#717421).
*
cciss: do not attempt to read from a write-only
register (bnc#683101).
*
qla2xxx: Disable MSI-X initialization (bnc#693513).
*
Allow balance_dirty_pages to help other filesystems
(bnc#709369).
* nfs: fix congestion control (bnc#709369).
* NFS: Separate metadata and page cache revalidation
mechanisms (bnc#709369).
*
knfsd: nfsd4: fix laundromat shutdown race
(bnc#752556).
*
x87: Do not synchronize TSCs across cores if they
already should be synchronized by HW (bnc#615418
bnc#609220).
*
reiserfs: Fix int overflow while calculating free
space (bnc#795075).
*
af_unix: limit recursion level (bnc#656153).
*
bcm43xx: netlink deadlock fix (bnc#850241).
*
jbd: Issue cache flush after checkpointing
(bnc#731770).
*
cfq: Fix infinite loop in cfq_preempt_queue()
(bnc#724692).
Security Issue references:
* CVE-2009-4020
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4020
>
* CVE-2009-4067
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4067
>
* CVE-2010-4249
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
>
* CVE-2011-1170
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170
>
* CVE-2011-1171
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171
>
* CVE-2011-1172
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172
>
* CVE-2011-2203
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2203
>
* CVE-2011-2213
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
>
* CVE-2011-2484
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484
>
* CVE-2011-2492
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
>
* CVE-2011-2494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494
>
* CVE-2011-2525
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525
>
* CVE-2011-2534
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2534
>
* CVE-2011-2699
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699
>
* CVE-2011-2928
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928
>
* CVE-2011-3209
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3209
>
* CVE-2011-3363
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3363
>
* CVE-2011-4077
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077
>
* CVE-2011-4110
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110
>
* CVE-2011-4324
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4324
>
* CVE-2011-4330
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4330
>
* CVE-2012-2136
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136
>
* CVE-2012-3510
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510
>
* CVE-2012-4444
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4444
>
* CVE-2012-4530
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
>
* CVE-2012-6537
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6537
>
* CVE-2012-6539
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6539
>
* CVE-2012-6540
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6540
>
* CVE-2012-6541
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6541
>
* CVE-2012-6542
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6542
>
* CVE-2012-6544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6544
>
* CVE-2012-6545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6545
>
* CVE-2012-6546
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6546
>
* CVE-2012-6547
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6547
>
* CVE-2012-6549
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6549
>
* CVE-2013-0160
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160
>
* CVE-2013-0268
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268
>
* CVE-2013-0871
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
>
* CVE-2013-0914
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
>
* CVE-2013-1827
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1827
>
* CVE-2013-2141
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
>
* CVE-2013-2147
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147
>
* CVE-2013-2164
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
>
* CVE-2013-2206
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206
>
* CVE-2013-2232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
>
* CVE-2013-2234
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
>
* CVE-2013-2237
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
>
* CVE-2013-3222
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222
>
* CVE-2013-3223
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223
>
* CVE-2013-3224
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224
>
* CVE-2013-3228
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228
>
* CVE-2013-3229
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229
>
* CVE-2013-3231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231
>
* CVE-2013-3232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232
>
* CVE-2013-3234
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234
>
* CVE-2013-3235
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235
>
* CVE-2011-4132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132
>
* CVE-2013-1928
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1928
>
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
kernel-default-2.6.16.60-0.113.1
kernel-source-2.6.16.60-0.113.1
kernel-syms-2.6.16.60-0.113.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64):
kernel-debug-2.6.16.60-0.113.1
kernel-kdump-2.6.16.60-0.113.1
kernel-smp-2.6.16.60-0.113.1
kernel-xen-2.6.16.60-0.113.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586):
kernel-bigsmp-2.6.16.60-0.113.1
kernel-kdumppae-2.6.16.60-0.113.1
kernel-vmi-2.6.16.60-0.113.1
kernel-vmipae-2.6.16.60-0.113.1
kernel-xenpae-2.6.16.60-0.113.1
References:
http://support.novell.com/security/cve/CVE-2009-4020.html
http://support.novell.com/security/cve/CVE-2009-4067.html
http://support.novell.com/security/cve/CVE-2010-4249.html
http://support.novell.com/security/cve/CVE-2011-1170.html
http://support.novell.com/security/cve/CVE-2011-1171.html
http://support.novell.com/security/cve/CVE-2011-1172.html
http://support.novell.com/security/cve/CVE-2011-2203.html
http://support.novell.com/security/cve/CVE-2011-2213.html
http://support.novell.com/security/cve/CVE-2011-2484.html
http://support.novell.com/security/cve/CVE-2011-2492.html
http://support.novell.com/security/cve/CVE-2011-2494.html
http://support.novell.com/security/cve/CVE-2011-2525.html
http://support.novell.com/security/cve/CVE-2011-2534.html
http://support.novell.com/security/cve/CVE-2011-2699.html
http://support.novell.com/security/cve/CVE-2011-2928.html
http://support.novell.com/security/cve/CVE-2011-3209.html
http://support.novell.com/security/cve/CVE-2011-3363.html
http://support.novell.com/security/cve/CVE-2011-4077.html
http://support.novell.com/security/cve/CVE-2011-4110.html
http://support.novell.com/security/cve/CVE-2011-4132.html
http://support.novell.com/security/cve/CVE-2011-4324.html
http://support.novell.com/security/cve/CVE-2011-4330.html
http://support.novell.com/security/cve/CVE-2012-2136.html
http://support.novell.com/security/cve/CVE-2012-3510.html
http://support.novell.com/security/cve/CVE-2012-4444.html
http://support.novell.com/security/cve/CVE-2012-4530.html
http://support.novell.com/security/cve/CVE-2012-6537.html
http://support.novell.com/security/cve/CVE-2012-6539.html
http://support.novell.com/security/cve/CVE-2012-6540.html
http://support.novell.com/security/cve/CVE-2012-6541.html
http://support.novell.com/security/cve/CVE-2012-6542.html
http://support.novell.com/security/cve/CVE-2012-6544.html
http://support.novell.com/security/cve/CVE-2012-6545.html
http://support.novell.com/security/cve/CVE-2012-6546.html
http://support.novell.com/security/cve/CVE-2012-6547.html
http://support.novell.com/security/cve/CVE-2012-6549.html
http://support.novell.com/security/cve/CVE-2013-0160.html
http://support.novell.com/security/cve/CVE-2013-0268.html
http://support.novell.com/security/cve/CVE-2013-0871.html
http://support.novell.com/security/cve/CVE-2013-0914.html
http://support.novell.com/security/cve/CVE-2013-1827.html
http://support.novell.com/security/cve/CVE-2013-1928.html
http://support.novell.com/security/cve/CVE-2013-2141.html
http://support.novell.com/security/cve/CVE-2013-2147.html
http://support.novell.com/security/cve/CVE-2013-2164.html
http://support.novell.com/security/cve/CVE-2013-2206.html
http://support.novell.com/security/cve/CVE-2013-2232.html
http://support.novell.com/security/cve/CVE-2013-2234.html
http://support.novell.com/security/cve/CVE-2013-2237.html
http://support.novell.com/security/cve/CVE-2013-3222.html
http://support.novell.com/security/cve/CVE-2013-3223.html
http://support.novell.com/security/cve/CVE-2013-3224.html
http://support.novell.com/security/cve/CVE-2013-3228.html
http://support.novell.com/security/cve/CVE-2013-3229.html
http://support.novell.com/security/cve/CVE-2013-3231.html
http://support.novell.com/security/cve/CVE-2013-3232.html
http://support.novell.com/security/cve/CVE-2013-3234.html
http://support.novell.com/security/cve/CVE-2013-3235.html
https://bugzilla.novell.com/537165
https://bugzilla.novell.com/609220
https://bugzilla.novell.com/615418
https://bugzilla.novell.com/649868
https://bugzilla.novell.com/656153
https://bugzilla.novell.com/681180
https://bugzilla.novell.com/681181
https://bugzilla.novell.com/681185
https://bugzilla.novell.com/683101
https://bugzilla.novell.com/693513
https://bugzilla.novell.com/699354
https://bugzilla.novell.com/699355
https://bugzilla.novell.com/699709
https://bugzilla.novell.com/700879
https://bugzilla.novell.com/701550
https://bugzilla.novell.com/702014
https://bugzilla.novell.com/702037
https://bugzilla.novell.com/703153
https://bugzilla.novell.com/703156
https://bugzilla.novell.com/706375
https://bugzilla.novell.com/707288
https://bugzilla.novell.com/709213
https://bugzilla.novell.com/709369
https://bugzilla.novell.com/713430
https://bugzilla.novell.com/717421
https://bugzilla.novell.com/718028
https://bugzilla.novell.com/721267
https://bugzilla.novell.com/721351
https://bugzilla.novell.com/721830
https://bugzilla.novell.com/722400
https://bugzilla.novell.com/724692
https://bugzilla.novell.com/725878
https://bugzilla.novell.com/726064
https://bugzilla.novell.com/726600
https://bugzilla.novell.com/727597
https://bugzilla.novell.com/730118
https://bugzilla.novell.com/730749
https://bugzilla.novell.com/731673
https://bugzilla.novell.com/731770
https://bugzilla.novell.com/732613
https://bugzilla.novell.com/733407
https://bugzilla.novell.com/734056
https://bugzilla.novell.com/735612
https://bugzilla.novell.com/740131
https://bugzilla.novell.com/742881
https://bugzilla.novell.com/745760
https://bugzilla.novell.com/747576
https://bugzilla.novell.com/749168
https://bugzilla.novell.com/752556
https://bugzilla.novell.com/760902
https://bugzilla.novell.com/762825
https://bugzilla.novell.com/765102
https://bugzilla.novell.com/765320
https://bugzilla.novell.com/770980
https://bugzilla.novell.com/773831
https://bugzilla.novell.com/776888
https://bugzilla.novell.com/786013
https://bugzilla.novell.com/789831
https://bugzilla.novell.com/795075
https://bugzilla.novell.com/797175
https://bugzilla.novell.com/802642
https://bugzilla.novell.com/804154
https://bugzilla.novell.com/808827
https://bugzilla.novell.com/809889
https://bugzilla.novell.com/809891
https://bugzilla.novell.com/809892
https://bugzilla.novell.com/809893
https://bugzilla.novell.com/809894
https://bugzilla.novell.com/809898
https://bugzilla.novell.com/809899
https://bugzilla.novell.com/809900
https://bugzilla.novell.com/809901
https://bugzilla.novell.com/809903
https://bugzilla.novell.com/811354
https://bugzilla.novell.com/811752
https://bugzilla.novell.com/813735
https://bugzilla.novell.com/815745
https://bugzilla.novell.com/816668
https://bugzilla.novell.com/823260
https://bugzilla.novell.com/823267
https://bugzilla.novell.com/824295
https://bugzilla.novell.com/826102
https://bugzilla.novell.com/826551
https://bugzilla.novell.com/827749
https://bugzilla.novell.com/827750
https://bugzilla.novell.com/828119
https://bugzilla.novell.com/836856
https://bugzilla.novell.com/850241
http://download.novell.com/patch/finder/?keywords=2edd49abdf9ae71916d1b5acb9177a75
http://download.novell.com/patch/finder/?keywords=ab3d3594ee8b8099b9bc0f2a2095b6b6
http://download.novell.com/patch/finder/?keywords=ffdbcc106c0e9486ae78943c42345dbd
More information about the sle-security-updates
mailing list