SUSE-SU-2013:1748-1: important: Security update for Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Nov 22 00:04:14 MST 2013
SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1748-1
Rating: important
References: #763463 #794824 #797526 #804950 #816099 #820848
#821259 #821465 #826102 #827246 #827416 #828714
#828894 #829682 #831029 #831143 #831380 #832292
#833321 #833588 #833635 #833820 #833858 #834204
#834600 #834905 #835094 #835684 #835930 #836218
#836347 #836801 #837372 #837803 #838346 #838448
#840830 #841094 #841402 #841498 #842063 #842604
#844513
Cross-References: CVE-2013-2206
Affected Products:
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise High Availability Extension 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves one vulnerability and has 42 fixes is
now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 2 kernel was
updated to version 3.0.101 and also includes various other
bug and security fixes.
The following features have been added:
* Drivers: hv: Support handling multiple VMBUS versions
(FATE#314665).
* Drivers: hv: Save and export negotiated vmbus version
(FATE#314665).
* Drivers: hv: Move vmbus version definitions to
hyperv.h (FATE#314665).
The following security issue has been fixed:
* CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
in net/sctp/sm_statefuns.c in the SCTP implementation in
the Linux kernel did not properly handle associations
during the processing of a duplicate COOKIE ECHO chunk,
which allowed remote attackers to cause a denial of service
(NULL pointer dereference and system crash) or possibly
have unspecified other impact via crafted SCTP traffic.
(bnc#826102)
The following non-security bugs have been fixed:
* kernel: sclp console hangs (bnc#841498, LTC#95711).
* intel-iommu: Fix leaks in pagetable freeing
(bnc#841402).
* iommu/vt-d: add quirk for broken interrupt remapping
on 55XX chipsets (bnc#844513).
* x86/iommu/vt-d: Expand interrupt remapping quirk to
cover x58 chipset (bnc#844513).
* iommu/vt-d: Only warn about broken interrupt
remapping (bnc#844513).
* iommu: Remove stack trace from broken irq remapping
warning (bnc#844513).
* softirq: reduce latencies (bnc#797526).
* Fix lockup related to stop_machine being stuck in
__do_softirq (bnc#797526).
* splice: fix racy pipe->buffers uses (bnc#827246).
* blktrace: fix race with open trace files and
directory removal (bnc#832292).
* mm: Do not walk all of system memory during show_mem
(Reduce tasklist_lock hold times (bnc#821259)).
* mm: Bounce memory pool initialisation (bnc#836347).
* mm, memcg: introduce own oom handler to iterate only
over its own threads.
* mm, memcg: move all oom handling to memcontrol.c.
* mm, oom: avoid looping when chosen thread detaches
its mm.
* mm, oom: fold oom_kill_task() into oom_kill_process().
* mm, oom: introduce helper function to process threads
during scan.
* mm, oom: reduce dependency on tasklist_lock.
* ipv6: do not call fib6_run_gc() until routing is
ready (bnc#836218).
* ipv6: prevent fib6_run_gc() contention (bnc#797526).
* ipv6: update ip6_rt_last_gc every time GC is run
(bnc#797526).
* net/mlx4_en: Fix BlueFlame race (bnc#835684).
* netfilter: nf_conntrack: use RCU safe kfree for
conntrack extensions (bnc#827416 bko#60853).
* netfilter: prevent race condition breaking net
reference counting (bnc#835094).
* net: remove skb_orphan_try() (bnc#834600).
* bonding: check bond->vlgrp in bond_vlan_rx_kill_vid()
(bnc#834905).
* sctp: deal with multiple COOKIE_ECHO chunks
(bnc#826102).
* SUNRPC: close a rare race in xs_tcp_setup_socket
(bnc#794824).
* NFS: make nfs_flush_incompatible more generous
(bnc#816099).
* NFS: do not try to use lock state when we hold a
delegation (bnc#831029).
* nfs_lookup_revalidate(): fix a leak (bnc#828894).
* xfs: growfs: use uncached buffers for new headers
(bnc#842604).
* xfs: Check the return value of xfs_buf_get()
(bnc#842604).
* xfs: avoid double-free in xfs_attr_node_addname.
* do_add_mount()/umount -l races (bnc#836801).
* cifs: Fix TRANS2_QUERY_FILE_INFO ByteCount fields
(bnc#804950).
* cifs: Fix EREMOTE errors encountered on DFS links
(bnc#831143).
* reiserfs: fix race with flush_used_journal_lists and
flush_journal_list (bnc#837803).
* reiserfs: remove useless flush_old_journal_lists.
* fs: writeback: Do not sync data dirtied after sync
start (bnc#833820).
* rcu: Do not trigger false positive RCU stall
detection (bnc#834204).
* lib/radix-tree.c: make radix_tree_node_alloc() work
correctly within interrupt (bnc#763463).
* bnx2x: Change to D3hot only on removal (bnc#838448).
* vmxnet3: prevent div-by-zero panic when ring resizing
uninitialized dev (bnc#833321).
* Drivers: hv: Support handling multiple VMBUS versions
(fate#314665).
* Drivers: hv: Save and export negotiated vmbus version
(fate#314665).
* Drivers: hv: Move vmbus version definitions to
hyperv.h (fate#314665).
* Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
* Drivers: hv: util: Correctly support ws2008R2 and
earlier (bnc#838346).
* Drivers: hv: util: Fix a bug in util version
negotiation code (bnc#838346).
* iscsi: do not hang in endless loop if no targets
present (bnc#841094).
* ata: Set proper SK when CK_COND is set (bnc#833588).
* md: Throttle number of pending write requests in
md/raid10 (bnc#833858).
* dm: ignore merge_bvec for snapshots when safe
(bnc#820848).
* elousb: some systems cannot stomach work around
(bnc#840830).
* bio-integrity: track owner of integrity payload
(bnc#831380).
* quirks: add touchscreen that is dazzeled by remote
wakeup (bnc#835930).
* Fixed Xen guest freezes (bnc#829682, bnc#842063).
* config/debug: Enable FSCACHE_DEBUG and
CACHEFILES_DEBUG (bnc#837372).
* series.conf: disable XHCI ring expansion patches
because on machines with large memory they cause a
starvation problem (bnc#833635).
* rpm/old-flavors, rpm/mkspec: Add version information
to obsolete flavors (bnc#821465).
* rpm/kernel-binary.spec.in: Move the xenpae obsolete
to the old-flavors file.
* rpm/old-flavors: Convert the old-packages.conf file
to a flat list.
* rpm/old-packages.conf: Drop bogus obsoletes for "smp"
(bnc#821465).
* rpm/kernel-binary.spec.in: Make sure that all KMP
obsoletes are versioned (bnc#821465).
* rpm/kernel-binary.spec.in: Remove unversioned
provides/obsoletes for packages that were only seen in
openSUSE releases up to 11.0. (bnc#821465).
Security Issue references:
* CVE-2013-2206
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206
>
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-kernel-8516 slessp2-kernel-8518
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-kernel-8509 slessp2-kernel-8514 slessp2-kernel-8515 slessp2-kernel-8516 slessp2-kernel-8518
- SUSE Linux Enterprise High Availability Extension 11 SP2:
zypper in -t patch sleshasp2-kernel-8509 sleshasp2-kernel-8514 sleshasp2-kernel-8515 sleshasp2-kernel-8516 sleshasp2-kernel-8518
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-kernel-8516 sledsp2-kernel-8518
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.101]:
kernel-default-3.0.101-0.5.1
kernel-default-base-3.0.101-0.5.1
kernel-default-devel-3.0.101-0.5.1
kernel-source-3.0.101-0.5.1
kernel-syms-3.0.101-0.5.1
kernel-trace-3.0.101-0.5.1
kernel-trace-base-3.0.101-0.5.1
kernel-trace-devel-3.0.101-0.5.1
kernel-xen-devel-3.0.101-0.5.1
xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.101]:
kernel-pae-3.0.101-0.5.1
kernel-pae-base-3.0.101-0.5.1
kernel-pae-devel-3.0.101-0.5.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:
kernel-default-3.0.101-0.5.1
kernel-default-base-3.0.101-0.5.1
kernel-default-devel-3.0.101-0.5.1
kernel-source-3.0.101-0.5.1
kernel-syms-3.0.101-0.5.1
kernel-trace-3.0.101-0.5.1
kernel-trace-base-3.0.101-0.5.1
kernel-trace-devel-3.0.101-0.5.1
- SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.101]:
kernel-ec2-3.0.101-0.5.1
kernel-ec2-base-3.0.101-0.5.1
kernel-ec2-devel-3.0.101-0.5.1
kernel-xen-3.0.101-0.5.1
kernel-xen-base-3.0.101-0.5.1
kernel-xen-devel-3.0.101-0.5.1
xen-kmp-default-4.1.6_02_3.0.101_0.5-0.5.5
xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5
- SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.101]:
kernel-default-man-3.0.101-0.5.1
- SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.101]:
kernel-ppc64-3.0.101-0.5.1
kernel-ppc64-base-3.0.101-0.5.1
kernel-ppc64-devel-3.0.101-0.5.1
- SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.101]:
kernel-pae-3.0.101-0.5.1
kernel-pae-base-3.0.101-0.5.1
kernel-pae-devel-3.0.101-0.5.1
xen-kmp-pae-4.1.6_02_3.0.101_0.5-0.5.5
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):
cluster-network-kmp-default-1.4_3.0.101_0.5-2.18.69
cluster-network-kmp-trace-1.4_3.0.101_0.5-2.18.69
gfs2-kmp-default-2_3.0.101_0.5-0.7.98
gfs2-kmp-trace-2_3.0.101_0.5-0.7.98
ocfs2-kmp-default-1.6_3.0.101_0.5-0.11.68
ocfs2-kmp-trace-1.6_3.0.101_0.5-0.11.68
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):
cluster-network-kmp-xen-1.4_3.0.101_0.5-2.18.69
gfs2-kmp-xen-2_3.0.101_0.5-0.7.98
ocfs2-kmp-xen-1.6_3.0.101_0.5-0.11.68
- SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):
cluster-network-kmp-ppc64-1.4_3.0.101_0.5-2.18.69
gfs2-kmp-ppc64-2_3.0.101_0.5-0.7.98
ocfs2-kmp-ppc64-1.6_3.0.101_0.5-0.11.68
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):
cluster-network-kmp-pae-1.4_3.0.101_0.5-2.18.69
gfs2-kmp-pae-2_3.0.101_0.5-0.7.98
ocfs2-kmp-pae-1.6_3.0.101_0.5-0.11.68
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.101]:
kernel-default-3.0.101-0.5.1
kernel-default-base-3.0.101-0.5.1
kernel-default-devel-3.0.101-0.5.1
kernel-default-extra-3.0.101-0.5.1
kernel-source-3.0.101-0.5.1
kernel-syms-3.0.101-0.5.1
kernel-trace-3.0.101-0.5.1
kernel-trace-base-3.0.101-0.5.1
kernel-trace-devel-3.0.101-0.5.1
kernel-trace-extra-3.0.101-0.5.1
kernel-xen-3.0.101-0.5.1
kernel-xen-base-3.0.101-0.5.1
kernel-xen-devel-3.0.101-0.5.1
kernel-xen-extra-3.0.101-0.5.1
xen-kmp-default-4.1.6_02_3.0.101_0.5-0.5.5
xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5
- SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.101]:
kernel-pae-3.0.101-0.5.1
kernel-pae-base-3.0.101-0.5.1
kernel-pae-devel-3.0.101-0.5.1
kernel-pae-extra-3.0.101-0.5.1
xen-kmp-pae-4.1.6_02_3.0.101_0.5-0.5.5
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
ext4-writeable-kmp-default-0_3.0.101_0.5-0.14.79
ext4-writeable-kmp-trace-0_3.0.101_0.5-0.14.79
kernel-default-extra-3.0.101-0.5.1
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
ext4-writeable-kmp-xen-0_3.0.101_0.5-0.14.79
kernel-xen-extra-3.0.101-0.5.1
- SLE 11 SERVER Unsupported Extras (ppc64):
ext4-writeable-kmp-ppc64-0_3.0.101_0.5-0.14.79
kernel-ppc64-extra-3.0.101-0.5.1
- SLE 11 SERVER Unsupported Extras (i586):
ext4-writeable-kmp-pae-0_3.0.101_0.5-0.14.79
kernel-pae-extra-3.0.101-0.5.1
References:
http://support.novell.com/security/cve/CVE-2013-2206.html
https://bugzilla.novell.com/763463
https://bugzilla.novell.com/794824
https://bugzilla.novell.com/797526
https://bugzilla.novell.com/804950
https://bugzilla.novell.com/816099
https://bugzilla.novell.com/820848
https://bugzilla.novell.com/821259
https://bugzilla.novell.com/821465
https://bugzilla.novell.com/826102
https://bugzilla.novell.com/827246
https://bugzilla.novell.com/827416
https://bugzilla.novell.com/828714
https://bugzilla.novell.com/828894
https://bugzilla.novell.com/829682
https://bugzilla.novell.com/831029
https://bugzilla.novell.com/831143
https://bugzilla.novell.com/831380
https://bugzilla.novell.com/832292
https://bugzilla.novell.com/833321
https://bugzilla.novell.com/833588
https://bugzilla.novell.com/833635
https://bugzilla.novell.com/833820
https://bugzilla.novell.com/833858
https://bugzilla.novell.com/834204
https://bugzilla.novell.com/834600
https://bugzilla.novell.com/834905
https://bugzilla.novell.com/835094
https://bugzilla.novell.com/835684
https://bugzilla.novell.com/835930
https://bugzilla.novell.com/836218
https://bugzilla.novell.com/836347
https://bugzilla.novell.com/836801
https://bugzilla.novell.com/837372
https://bugzilla.novell.com/837803
https://bugzilla.novell.com/838346
https://bugzilla.novell.com/838448
https://bugzilla.novell.com/840830
https://bugzilla.novell.com/841094
https://bugzilla.novell.com/841402
https://bugzilla.novell.com/841498
https://bugzilla.novell.com/842063
https://bugzilla.novell.com/842604
https://bugzilla.novell.com/844513
http://download.novell.com/patch/finder/?keywords=014f991484d20757de9526cb248bccd3
http://download.novell.com/patch/finder/?keywords=241c1cd269f2d6c946750be922bf77fa
http://download.novell.com/patch/finder/?keywords=29adfe67e725d67c311a0d762c7ef693
http://download.novell.com/patch/finder/?keywords=2f6d9dd2345e27452c0f4f8406222a7f
http://download.novell.com/patch/finder/?keywords=43bef7672074508c7f5cb7f86cbb1e60
http://download.novell.com/patch/finder/?keywords=4b0266473a79db08cd217a9013aa07e9
http://download.novell.com/patch/finder/?keywords=6143e2e6aa3e373197bc1dfda831fcf8
http://download.novell.com/patch/finder/?keywords=6f18fc180df1025daa721c72d012acbd
http://download.novell.com/patch/finder/?keywords=e004410f0af237e1cc306eea34a4b8f2
http://download.novell.com/patch/finder/?keywords=e10aac7447253ec336025bc035dd213f
More information about the sle-security-updates
mailing list