SUSE-SU-2013:1744-1: important: Security update for Real Time Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Nov 21 21:04:52 MST 2013
SUSE Security Update: Security update for Real Time Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1744-1
Rating: important
References: #763463 #794824 #797526 #804950 #816099 #820848
#821259 #821465 #826102 #827246 #827416 #828714
#828894 #829682 #831029 #831143 #831380 #832292
#833321 #833588 #833635 #833820 #833858 #834204
#834600 #834905 #835094 #835684 #835930 #836218
#836347 #836801 #837372 #837803 #838346 #838448
#840830 #841094 #841402 #841498 #842063 #842604
#844513
Cross-References: CVE-2013-2206
Affected Products:
SUSE Linux Enterprise Real Time 11 SP2
______________________________________________________________________________
An update that solves one vulnerability and has 42 fixes is
now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 2 kernel for
RealTime was updated to version 3.0.101 and also includes
various other bug and security fixes.
The following features have been added:
* Drivers: hv: Support handling multiple VMBUS versions
(FATE#314665).
* Drivers: hv: Save and export negotiated vmbus version
(FATE#314665).
* Drivers: hv: Move vmbus version definitions to
hyperv.h (FATE#314665).
The following security issue has been fixed:
* CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
in net/sctp/sm_statefuns.c in the SCTP implementation in
the Linux kernel did not properly handle associations
during the processing of a duplicate COOKIE ECHO chunk,
which allowed remote attackers to cause a denial of service
(NULL pointer dereference and system crash) or possibly
have unspecified other impact via crafted SCTP traffic.
(bnc#826102)
The following non-security bugs have been fixed:
* mm: Do not walk all of system memory during show_mem
(Reduce tasklist_lock hold times (bnc#821259)).
* mm, memcg: introduce own oom handler to iterate only
over its own threads.
* mm, memcg: move all oom handling to memcontrol.c.
* mm, oom: avoid looping when chosen thread detaches
its mm.
* mm, oom: fold oom_kill_task() into oom_kill_process().
* mm, oom: introduce helper function to process threads
during scan.
* mm, oom: reduce dependency on tasklist_lock.
* kernel: sclp console hangs (bnc#841498, LTC#95711).
* splice: fix racy pipe->buffers uses (bnc#827246).
* blktrace: fix race with open trace files and
directory removal (bnc#832292).
* Set proper SK when CK_COND is set (bnc#833588).
* iommu/vt-d: add quirk for broken interrupt remapping
on 55XX chipsets (bnc#844513).
* x86/iommu/vt-d: Expand interrupt remapping quirk to
cover x58 chipset (bnc#844513).
* iommu/vt-d: Only warn about broken interrupt
remapping (bnc#844513).
* iommu: Remove stack trace from broken irq remapping
warning (bnc#844513).
* intel-iommu: Fix leaks in pagetable freeing
(bnc#841402).
* softirq: reduce latencies (bnc#797526).
* softirq: Fix lockup related to stop_machine being
stuck in __do_softirq (bnc#797526).
* bounce: Bounce memory pool initialisation (bnc#836347)
* writeback: Do not sync data dirtied after sync start
(bnc#833820).
* config//debug: Enable FSCACHE_DEBUG and
CACHEFILES_DEBUG (bnc#837372).
* Fixed Xen guest freezes (bnc#829682, bnc#842063).
* SUNRPC: close a rare race in xs_tcp_setup_socket
(bnc#794824).
* NFS: make nfs_flush_incompatible more generous
(bnc#816099).
* NFS: don't try to use lock state when we hold a
delegation (bnc#831029).
* nfs_lookup_revalidate(): fix a leak (bnc#828894).
* fs: do_add_mount()/umount -l races (bnc#836801).
* cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields
(bnc#804950).
* cifs: Fix EREMOTE errors encountered on DFS links
(bnc#831143).
* xfs: growfs: use uncached buffers for new headers
(bnc#842604).
* xfs: avoid double-free in xfs_attr_node_addname.
* xfs: Check the return value of xfs_buf_get()
(bnc#842604).
* iscsi: don't hang in endless loop if no targets
present (bnc#841094).
* reiserfs: fix race with flush_used_journal_lists and
flush_journal_list (bnc#837803).
* md: Throttle number of pending write requests in
md/raid10 (bnc#833858).
* dm: ignore merge_bvec for snapshots when safe
(bnc#820848).
* rcu: Do not trigger false positive RCU stall
detection (bnc#834204).
* net/mlx4_en: Fix BlueFlame race (bnc#835684).
* net: remove skb_orphan_try() (bnc#834600).
* bonding: check bond->vlgrp in bond_vlan_rx_kill_vid()
(bnc#834905).
* ipv6: don't call fib6_run_gc() until routing is ready
(bnc#836218).
* ipv6: prevent fib6_run_gc() contention (bnc#797526).
* ipv6: update ip6_rt_last_gc every time GC is run
(bnc#797526).
* netfilter: nf_conntrack: use RCU safe kfree for
conntrack extensions (bnc#827416 bko#60853
bugzilla.netfilter.org:714).
* netfilter: prevent race condition breaking net
reference counting (bnc#835094).
* sctp: deal with multiple COOKIE_ECHO chunks
(bnc#826102).
* quirks: add touchscreen that is dazzeled by remote
wakeup (bnc#835930).
* bnx2x: Change to D3hot only on removal (bnc#838448).
* vmxnet3: prevent div-by-zero panic when ring resizing
uninitialized dev (bnc#833321).
* Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
* Drivers: hv: util: Correctly support ws2008R2 and
earlier (bnc#838346).
* Drivers: hv: util: Fix a bug in util version
negotiation code (bnc#838346).
* elousb: some systems cannot stomach work around
(bnc#840830).
* bio-integrity: track owner of integrity payload
(bnc#831380).
* lib/radix-tree.c: make radix_tree_node_alloc() work
correctly within interrupt (bnc#763463).
* series.conf: disable XHCI ring expansion patches
because on machines with large memory they cause a
starvation problem (bnc#833635)
* rpm/old-flavors, rpm/mkspec: Add version information
to obsolete flavors (bnc#821465).
* rpm/kernel-binary.spec.in: Move the xenpae obsolete
to the old-flavors file.
* rpm/old-flavors: Convert the old-packages.conf file
to a flat list.
* rpm/old-packages.conf: Drop bogus obsoletes for "smp"
(bnc#821465).
* rpm/kernel-binary.spec.in: Make sure that all KMP
obsoletes are versioned (bnc#821465).
* rpm/kernel-binary.spec.in: Remove unversioned
provides/obsoletes for packages that were only seen in
openSUSE releases up to 11.0. (bnc#821465).
* sched/workqueue: Only wake up idle workers if not
blocked on sleeping spin lock.
* genirq: Set irq thread to RT priority on creation.
* timers: prepare for full preemption improve.
* kernel/cpu: fix cpu down problem if kthread's cpu is
going down.
* kernel/hotplug: restore original cpu mask oncpu/down.
* drm/i915: drop trace_i915_gem_ring_dispatch on rt.
* rt,ntp: Move call to schedule_delayed_work() to
helper thread.
* hwlat-detector: Update hwlat_detector to add outer
loop detection.
* hwlat-detect/trace: Export trace_clock_local for
hwlat-detector.
* hwlat-detector: Use trace_clock_local if available.
* hwlat-detector: Use thread instead of stop machine.
* genirq: do not invoke the affinity callback via a
workqueue.
Security Issues:
* CVE-2013-2206
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206
>
Indications:
Everyone using the Real Time Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time 11 SP2:
zypper in -t patch slertesp2-kernel-8546
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.101.rt130]:
cluster-network-kmp-rt-1.4_3.0.101_rt130_0.5-2.18.71
cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.5-2.18.71
drbd-kmp-rt-8.4.2_3.0.101_rt130_0.5-0.6.6.62
drbd-kmp-rt_trace-8.4.2_3.0.101_rt130_0.5-0.6.6.62
iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.5-0.25.25.10
iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.5-0.25.25.10
kernel-rt-3.0.101.rt130-0.5.1
kernel-rt-base-3.0.101.rt130-0.5.1
kernel-rt-devel-3.0.101.rt130-0.5.1
kernel-rt_trace-3.0.101.rt130-0.5.1
kernel-rt_trace-base-3.0.101.rt130-0.5.1
kernel-rt_trace-devel-3.0.101.rt130-0.5.1
kernel-source-rt-3.0.101.rt130-0.5.1
kernel-syms-rt-3.0.101.rt130-0.5.1
lttng-modules-kmp-rt-2.0.4_3.0.101_rt130_0.5-0.9.9.1
lttng-modules-kmp-rt_trace-2.0.4_3.0.101_rt130_0.5-0.9.9.1
ocfs2-kmp-rt-1.6_3.0.101_rt130_0.5-0.11.70
ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.5-0.11.70
ofed-kmp-rt-1.5.2_3.0.101_rt130_0.5-0.28.28.42
ofed-kmp-rt_trace-1.5.2_3.0.101_rt130_0.5-0.28.28.42
References:
http://support.novell.com/security/cve/CVE-2013-2206.html
https://bugzilla.novell.com/763463
https://bugzilla.novell.com/794824
https://bugzilla.novell.com/797526
https://bugzilla.novell.com/804950
https://bugzilla.novell.com/816099
https://bugzilla.novell.com/820848
https://bugzilla.novell.com/821259
https://bugzilla.novell.com/821465
https://bugzilla.novell.com/826102
https://bugzilla.novell.com/827246
https://bugzilla.novell.com/827416
https://bugzilla.novell.com/828714
https://bugzilla.novell.com/828894
https://bugzilla.novell.com/829682
https://bugzilla.novell.com/831029
https://bugzilla.novell.com/831143
https://bugzilla.novell.com/831380
https://bugzilla.novell.com/832292
https://bugzilla.novell.com/833321
https://bugzilla.novell.com/833588
https://bugzilla.novell.com/833635
https://bugzilla.novell.com/833820
https://bugzilla.novell.com/833858
https://bugzilla.novell.com/834204
https://bugzilla.novell.com/834600
https://bugzilla.novell.com/834905
https://bugzilla.novell.com/835094
https://bugzilla.novell.com/835684
https://bugzilla.novell.com/835930
https://bugzilla.novell.com/836218
https://bugzilla.novell.com/836347
https://bugzilla.novell.com/836801
https://bugzilla.novell.com/837372
https://bugzilla.novell.com/837803
https://bugzilla.novell.com/838346
https://bugzilla.novell.com/838448
https://bugzilla.novell.com/840830
https://bugzilla.novell.com/841094
https://bugzilla.novell.com/841402
https://bugzilla.novell.com/841498
https://bugzilla.novell.com/842063
https://bugzilla.novell.com/842604
https://bugzilla.novell.com/844513
http://download.novell.com/patch/finder/?keywords=9b7b4d9abfb4ec87d3d2090a6f40b7d0
More information about the sle-security-updates
mailing list