SUSE-SU-2013:1531-1: Security update for Real Time Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Oct 7 15:04:15 MDT 2013
SUSE Security Update: Security update for Real Time Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1531-1
Rating: low
References: #708296 #745640 #754690 #760407 #763968 #765523
#773006 #773255 #773837 #783475 #785901 #789010
#792991 #797090 #797727 #797909 #800875 #800907
#801341 #801427 #803320 #804482 #804609 #805371
#805740 #805804 #805945 #806396 #806976 #807471
#807502 #808015 #808136 #808647 #808837 #808855
#808940 #809122 #809130 #809220 #809463 #809617
#809895 #809975 #810098 #810210 #810722 #812274
#812281 #812332 #812526 #812974 #813604 #813733
#813922 #814336 #815256 #815320 #815356 #816043
#816065 #816403 #816451 #816892 #816925 #816971
#817035 #817339 #817377 #818047 #818053 #818064
#818154 #818371 #818465 #818497 #819018 #819195
#819295 #819363 #819519 #819523 #819610 #819655
#819789 #819979 #820172 #820183 #820434 #820569
#820738 #820948 #820982 #821052 #821070 #821235
#821560 #821799 #821802 #821859 #821930 #821980
#822052 #822066 #822077 #822080 #822164 #822225
#822340 #822431 #822575 #822579 #822722 #822825
#822878 #823082 #823191 #823223 #823342 #823386
#823517 #823597 #823795 #824159 #824256 #824295
#824568 #824915 #825037 #825048 #825142 #825227
#825591 #825657 #825696 #825887 #826186 #826350
#826960 #827271 #827372 #827376 #827378 #827749
#827750 #827930 #828087 #828119 #828192 #828265
#828574 #828714 #828886 #828914 #829001 #829082
#829357 #829539 #829622 #830346 #830478 #830766
#830822 #830901 #831055 #831058 #831410 #831422
#831424 #831438 #831623 #831949 #832318 #833073
#833097 #833148 #834116 #834647 #834742 #835175
Cross-References: CVE-2013-1059 CVE-2013-1774 CVE-2013-1819
CVE-2013-1929 CVE-2013-2094 CVE-2013-2148
CVE-2013-2164 CVE-2013-2232 CVE-2013-2234
CVE-2013-2237 CVE-2013-2850 CVE-2013-2851
CVE-2013-2852 CVE-2013-3301 CVE-2013-4162
CVE-2013-4163
Affected Products:
SUSE Linux Enterprise Real Time Extension 11 SP3
______________________________________________________________________________
An update that solves 16 vulnerabilities and has 164 fixes
is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to version 3.0.93 and to fix various bugs and
security issues.
The following features have been added:
* NFS: Now supports a "nosharetransport" option
(bnc#807502, bnc#828192, FATE#315593).
* ALSA: virtuoso: Xonar DSX support was added
(FATE#316016).
The following security issues have been fixed:
*
CVE-2013-2148: The fill_event_metadata function in
fs/notify/fanotify/fanotify_user.c in the Linux kernel did
not initialize a certain structure member, which allowed
local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.
*
CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel did not initialize
a certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy
interface of an IPSec key_socket.
*
CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.
*
CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel did not initialize certain structure
members, which allowed local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
CVE-2013-4162: The udp_v6_push_pending_frames function in
net/ipv6/udp.c in the IPv6 implementation in the Linux
kernel made an incorrect function call for pending data,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1059: net/ceph/auth_none.c in the Linux
kernel allowed remote attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via an auth_reply
message that triggers an attempted build_request operation.
*
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory
via a read operation on a malfunctioning CD-ROM drive.
*
CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
allowed local users to gain privileges by leveraging root
access and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create
a crafted /dev/md device name.
*
CVE-2013-4163: The ip6_append_data_mtu function in
net/ipv6/ip6_output.c in the IPv6 implementation in the
Linux kernel did not properly maintain information about
whether the IPV6_MTU setsockopt option had been specified,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1929: Heap-based buffer overflow in the
tg3_read_vpd function in
drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
allowed physically proximate attackers to cause a denial of
service (system crash) or possibly execute arbitrary code
via crafted firmware that specifies a long string in the
Vital Product Data (VPD) data structure.
*
CVE-2013-1819: The _xfs_buf_find function in
fs/xfs/xfs_buf.c in the Linux kernel did not validate block
numbers, which allowed local users to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by leveraging the
ability to mount an XFS filesystem containing a metadata
inode with an invalid extent map.
Also the following non-security bugs have been fixed:
* ACPI / APEI: Force fatal AER severity when component
has been reset (bnc#828886 bnc#824568).
* PCI/AER: Move AER severity defines to aer.h
(bnc#828886 bnc#824568).
* PCI/AER: Set dev->__aer_firmware_first only for
matching devices (bnc#828886 bnc#824568).
* PCI/AER: Factor out HEST device type matching
(bnc#828886 bnc#824568).
* PCI/AER: Do not parse HEST table for non-PCIe devices
(bnc#828886 bnc#824568).
*
PCI/AER: Reset link for devices below Root Port or
Downstream Port (bnc#828886 bnc#824568).
*
zfcp: fix lock imbalance by reworking request queue
locking (bnc#835175, LTC#96825).
*
qeth: Fix crash on initial MTU size change
(bnc#835175, LTC#96809).
*
qeth: change default standard blkt settings for OSA
Express (bnc#835175, LTC#96808).
*
x86: Add workaround to NMI iret woes (bnc#831949).
*
x86: Do not schedule while still in NMI context
(bnc#831949).
*
drm/i915: no longer call drm_helper_resume_force_mode
(bnc#831424,bnc#800875).
*
bnx2x: protect different statistics flows
(bnc#814336).
* bnx2x: Avoid sending multiple statistics queries
(bnc#814336).
*
bnx2x: protect different statistics flows
(bnc#814336).
*
ALSA: hda - Fix unbalanced runtime pm refount
(bnc#834742).
*
xhci: directly calling _PS3 on suspend (bnc#833148).
*
futex: Take hugepages into account when generating
futex_key.
*
e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
* e1000e: helper functions for accessing EMI registers
(bnc#834647).
* e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
*
e1000e: helper functions for accessing EMI registers
(bnc#834647).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
printk: Add NMI ringbuffer (bnc#831949).
* printk: extract ringbuffer handling from vprintk
(bnc#831949).
* printk: NMI safe printk (bnc#831949).
* printk: Make NMI ringbuffer size independent on
log_buf_len (bnc#831949).
* printk: Do not call console_unlock from nmi context
(bnc#831949).
*
printk: Do not use printk_cpu from finish_printk
(bnc#831949).
*
zfcp: fix schedule-inside-lock in scsi_device list
loops (bnc#833073, LTC#94937).
*
uvc: increase number of buffers (bnc#822164,
bnc#805804).
*
drm/i915: Adding more reserved PCI IDs for Haswell
(bnc#834116).
*
Refresh patches.xen/xen-netback-generalize
(bnc#827378).
*
Update Xen patches to 3.0.87.
*
mlx4_en: Adding 40gb speed report for ethtool
(bnc#831410).
*
drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
* drm/i915: Fix write-read race with multiple rings
(bnc#831422).
* drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
*
drm/i915: Fix write-read race with multiple rings
(bnc#831422).
*
xhci: Add xhci_disable_ports boot option (bnc#822164).
*
xhci: set device to D3Cold on shutdown (bnc#833097).
*
reiserfs: Fixed double unlock in reiserfs_setattr
failure path.
* reiserfs: locking, release lock around quota
operations (bnc#815320).
* reiserfs: locking, push write lock out of xattr code
(bnc#815320).
* reiserfs: locking, handle nested locks properly
(bnc#815320).
* reiserfs: do not lock journal_init() (bnc#815320).
*
reiserfs: delay reiserfs lock until journal
initialization (bnc#815320).
*
NFS: support "nosharetransport" option (bnc#807502,
bnc#828192, FATE#315593).
*
HID: hyperv: convert alloc+memcpy to memdup.
* Drivers: hv: vmbus: Implement multi-channel support
(fate#316098).
* Drivers: hv: Add the GUID fot synthetic fibre channel
device (fate#316098).
* tools: hv: Check return value of setsockopt call.
* tools: hv: Check return value of poll call.
* tools: hv: Check retrun value of strchr call.
* tools: hv: Fix file descriptor leaks.
* tools: hv: Improve error logging in KVP daemon.
* drivers: hv: switch to use mb() instead of smp_mb().
* drivers: hv: check interrupt mask before read_index.
* drivers: hv: allocate synic structures before
hv_synic_init().
* storvsc: Increase the value of scsi timeout for
storvsc devices (fate#316098).
* storvsc: Update the storage protocol to win8 level
(fate#316098).
* storvsc: Implement multi-channel support
(fate#316098).
* storvsc: Support FC devices (fate#316098).
* storvsc: Increase the value of
STORVSC_MAX_IO_REQUESTS (fate#316098).
* hyperv: Fix the NETIF_F_SG flag setting in netvsc.
* Drivers: hv: vmbus: incorrect device name is printed
when child device is unregistered.
*
Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
(bnc#828714).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
dm mpath: add retain_attached_hw_handler feature
(bnc#760407).
*
scsi_dh: add scsi_dh_attached_handler_name
(bnc#760407).
*
af_key: fix info leaks in notify messages (bnc#827749
CVE-2013-2234).
*
af_key: initialize satype in
key_notify_policy_flush() (bnc#828119 CVE-2013-2237).
*
ipv6: call udp_push_pending_frames when uncorking a
socket with (bnc#831058, CVE-2013-4162).
*
tg3: fix length overflow in VPD firmware parsing
(bnc#813733 CVE-2013-1929).
*
xfs: fix _xfs_buf_find oops on blocks beyond the
filesystem end (CVE-2013-1819 bnc#807471).
*
ipv6: ip6_sk_dst_check() must not assume ipv6 dst
(bnc#827750, CVE-2013-2232).
*
dasd: fix hanging devices after path events
(bnc#831623, LTC#96336).
*
kernel: z90crypt module load crash (bnc#831623,
LTC#96214).
*
ata: Fix DVD not dectected at some platform with
Wellsburg PCH (bnc#822225).
*
drm/i915: edp: add standard modes (bnc#832318).
*
Do not switch camera on yet more HP machines
(bnc#822164).
*
Do not switch camera on HP EB 820 G1 (bnc#822164).
*
xhci: Avoid NULL pointer deref when host dies
(bnc#827271).
*
bonding: disallow change of MAC if fail_over_mac
enabled (bnc#827376).
* bonding: propagate unicast lists down to slaves
(bnc#773255 bnc#827372).
* net/bonding: emit address change event also in
bond_release (bnc#773255 bnc#827372).
*
bonding: emit event when bonding changes MAC
(bnc#773255 bnc#827372).
*
usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
controllers with xhci 1.0 (bnc#797909).
*
xhci: fix null pointer dereference on
ring_doorbell_for_active_rings (bnc#827271).
*
updated reference for security issue fixed inside
(CVE-2013-3301 bnc#815256)
*
qla2xxx: Clear the MBX_INTR_WAIT flag when the
mailbox time-out happens (bnc#830478).
*
drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
* drm/i915: fix up gt init sequence fallout
(bnc#801341).
* drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
*
drm/i915: fix up gt init sequence fallout
(bnc#801341).
*
timer_list: Correct the iterator for timer_list
(bnc#818047).
*
firmware: do not spew errors in normal boot
(bnc#831438, fate#314574).
*
ALSA: virtuoso: Xonar DSX support (FATE#316016).
*
SUNRPC: Ensure we release the socket write lock if
the rpc_task exits early (bnc#830901).
*
ext4: Re-add config option Building ext4 as the
ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that
read-write module should be enabled. This update just
defaults allow_rw to true if it is set.
*
e1000: fix vlan processing regression (bnc#830766).
*
ext4: force read-only unless rw=1 module option is
used (fate#314864).
*
dm mpath: fix ioctl deadlock when no paths
(bnc#808940).
*
HID: fix unused rsize usage (bnc#783475).
*
add reference for b43 format string flaw (bnc#822579
CVE-2013-2852)
*
HID: fix data access in implement() (bnc#783475).
*
xfs: fix deadlock in xfs_rtfree_extent with kernel
v3.x (bnc#829622).
*
kernel: sclp console hangs (bnc#830346, LTC#95711).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
Delete
patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi
rst-occurrence. It was removed from series.conf in
063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was
not deleted.
*
Drivers: hv: balloon: Do not post pressure status if
interrupted (bnc#829539).
*
Drivers: hv: balloon: Fix a bug in the hot-add code
(bnc#829539).
*
drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
* drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
* drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
*
drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
* r8169: move the firmware down into the device private
data (bnc#805371).
* r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
*
r8169: move the firmware down into the device private
data (bnc#805371).
*
patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:
mm: link_mem_sections make sure nmi watchdog does not
trigger while linking memory sections (bnc#820434).
*
drm/i915: fix long-standing SNB regression in power
consumption after resume v2 (bnc#801341).
*
RTC: Add an alarm disable quirk (bnc#805740).
*
drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
* drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
* drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
*
drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
*
drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
* drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
* drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
*
drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
*
patches.arch/s390-66-02-smp-ipi.patch: kernel: lost
IPIs on CPU hotplug (bnc#825048, LTC#94784).
*
patches.fixes/iwlwifi-use-correct-supported-firmware-for-603
5-and-.patch: iwlwifi: use correct supported firmware for
6035 and 6000g2 (bnc#825887).
*
patches.fixes/watchdog-update-watchdog_thresh-atomically.pat
ch: watchdog: Update watchdog_thresh atomically
(bnc#829357).
*
patches.fixes/watchdog-update-watchdog_tresh-properly.patch:
watchdog: update watchdog_tresh properly (bnc#829357).
*
patches.fixes/watchdog-make-disable-enable-hotplug-and-preem
pt-save.patch:
watchdog-make-disable-enable-hotplug-and-preempt-save.patch
(bnc#829357).
*
kabi/severities: Ignore changes in drivers/hv
*
patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou
t.patch: lpfc: Return correct error code on bsg_timeout
(bnc#816043).
*
patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:
dm-multipath: Drop table when retrying ioctl (bnc#808940).
*
scsi: Do not retry invalid function error
(bnc#809122).
*
patches.suse/scsi-do-not-retry-invalid-function-error.patch:
scsi: Do not retry invalid function error (bnc#809122).
*
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.suse/scsi-always-retry-internal-target-error.patch:
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.drivers/drm-edid-Don-t-print-messages-regarding-ster
eo-or-csync-by-default.patch: Refresh: add upstream commit
ID.
*
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
Refresh. (bnc#824915).
*
Refresh
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch
(bnc#824915).
*
Update kabi files.
*
ACPI:remove panic in case hardware has changed after
S4 (bnc#829001).
*
ibmvfc: Driver version 1.0.1 (bnc#825142).
* ibmvfc: Fix for offlining devices during error
recovery (bnc#825142).
* ibmvfc: Properly set cancel flags when cancelling
abort (bnc#825142).
* ibmvfc: Send cancel when link is down (bnc#825142).
* ibmvfc: Support FAST_IO_FAIL in EH handlers
(bnc#825142).
*
ibmvfc: Suppress ABTS if target gone (bnc#825142).
*
fs/dcache.c: add cond_resched() to
shrink_dcache_parent() (bnc#829082).
*
drivers/cdrom/cdrom.c: use kzalloc() for failing
hardware (bnc#824295, CVE-2013-2164).
*
kmsg_dump: do not run on non-error paths by default
(bnc#820172).
*
supported.conf: mark tcm_qla2xxx as supported
*
mm: honor min_free_kbytes set by user (bnc#826960).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
hyperv: Fix a kernel warning from
netvsc_linkstatus_callback() (bnc#828574).
*
RT: Fix up hardening patch to not gripe when avg >
available, which lockless access makes possible and happens
in -rt kernels running a cpubound ltp realtime testcase.
Just keep the output sane in that case.
*
kabi/severities: Add exception for
aer_recover_queue() There should not be any user besides
ghes.ko.
*
Fix rpm changelog
*
PCI / PM: restore the original behavior of
pci_set_power_state() (bnc#827930).
*
fanotify: info leak in copy_event_to_user()
(CVE-2013-2148 bnc#823517).
*
usb: xhci: check usb2 port capabilities before adding
hw link PM support (bnc#828265).
*
aerdrv: Move cper_print_aer() call out of interrupt
context (bnc#822052, bnc#824568).
*
PCI/AER: pci_get_domain_bus_and_slot() call missing
required pci_dev_put() (bnc#822052, bnc#824568).
*
patches.fixes/block-do-not-pass-disk-names-as-format-strings
.patch: block: do not pass disk names as format strings
(bnc#822575 CVE-2013-2851).
*
powerpc: POWER8 cputable entries (bnc#824256).
*
libceph: Fix NULL pointer dereference in auth client
code. (CVE-2013-1059, bnc#826350)
*
md/raid10: Fix two bug affecting RAID10 reshape.
*
Allow NFSv4 to run execute-only files (bnc#765523).
*
fs/ocfs2/namei.c: remove unecessary ERROR when
removing non-empty directory (bnc#819363).
*
block: Reserve only one queue tag for sync IO if only
3 tags are available (bnc#806396).
*
btrfs: merge contigous regions when loading free
space cache
*
btrfs: fix how we deal with the orphan block rsv.
* btrfs: fix wrong check during log recovery.
* btrfs: change how we indicate we are adding csums.
Security Issue references:
* CVE-2013-1059
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059
>
* CVE-2013-1819
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1819
>
* CVE-2013-1929
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1929
>
* CVE-2013-2148
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2148
>
* CVE-2013-2164
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
>
* CVE-2013-2232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
>
* CVE-2013-2234
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
>
* CVE-2013-2237
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
>
* CVE-2013-2851
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851
>
* CVE-2013-2852
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
>
* CVE-2013-3301
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3301
>
* CVE-2013-4162
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
>
* CVE-2013-4163
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4163
>
Indications:
Everyone using the Real Time Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 11 SP3:
zypper in -t patch slertesp3-kernel-8410
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.93.rt117]:
cluster-network-kmp-rt-1.4_3.0.93_rt117_0.9-2.27.16
cluster-network-kmp-rt_trace-1.4_3.0.93_rt117_0.9-2.27.16
drbd-kmp-rt-8.4.3_3.0.93_rt117_0.9-0.19.7
drbd-kmp-rt_trace-8.4.3_3.0.93_rt117_0.9-0.19.7
iscsitarget-kmp-rt-1.4.20_3.0.93_rt117_0.9-0.38.1
iscsitarget-kmp-rt_trace-1.4.20_3.0.93_rt117_0.9-0.38.1
kernel-rt-3.0.93.rt117-0.9.1
kernel-rt-base-3.0.93.rt117-0.9.1
kernel-rt-devel-3.0.93.rt117-0.9.1
kernel-rt_trace-3.0.93.rt117-0.9.1
kernel-rt_trace-base-3.0.93.rt117-0.9.1
kernel-rt_trace-devel-3.0.93.rt117-0.9.1
kernel-source-rt-3.0.93.rt117-0.9.1
kernel-syms-rt-3.0.93.rt117-0.9.1
lttng-modules-kmp-rt-2.1.1_3.0.93_rt117_0.9-0.11.6
lttng-modules-kmp-rt_trace-2.1.1_3.0.93_rt117_0.9-0.11.6
ocfs2-kmp-rt-1.6_3.0.93_rt117_0.9-0.20.16
ocfs2-kmp-rt_trace-1.6_3.0.93_rt117_0.9-0.20.16
ofed-kmp-rt-1.5.4.1_3.0.93_rt117_0.9-0.13.7
ofed-kmp-rt_trace-1.5.4.1_3.0.93_rt117_0.9-0.13.7
References:
http://support.novell.com/security/cve/CVE-2013-1059.html
http://support.novell.com/security/cve/CVE-2013-1774.html
http://support.novell.com/security/cve/CVE-2013-1819.html
http://support.novell.com/security/cve/CVE-2013-1929.html
http://support.novell.com/security/cve/CVE-2013-2094.html
http://support.novell.com/security/cve/CVE-2013-2148.html
http://support.novell.com/security/cve/CVE-2013-2164.html
http://support.novell.com/security/cve/CVE-2013-2232.html
http://support.novell.com/security/cve/CVE-2013-2234.html
http://support.novell.com/security/cve/CVE-2013-2237.html
http://support.novell.com/security/cve/CVE-2013-2850.html
http://support.novell.com/security/cve/CVE-2013-2851.html
http://support.novell.com/security/cve/CVE-2013-2852.html
http://support.novell.com/security/cve/CVE-2013-3301.html
http://support.novell.com/security/cve/CVE-2013-4162.html
http://support.novell.com/security/cve/CVE-2013-4163.html
https://bugzilla.novell.com/708296
https://bugzilla.novell.com/745640
https://bugzilla.novell.com/754690
https://bugzilla.novell.com/760407
https://bugzilla.novell.com/763968
https://bugzilla.novell.com/765523
https://bugzilla.novell.com/773006
https://bugzilla.novell.com/773255
https://bugzilla.novell.com/773837
https://bugzilla.novell.com/783475
https://bugzilla.novell.com/785901
https://bugzilla.novell.com/789010
https://bugzilla.novell.com/792991
https://bugzilla.novell.com/797090
https://bugzilla.novell.com/797727
https://bugzilla.novell.com/797909
https://bugzilla.novell.com/800875
https://bugzilla.novell.com/800907
https://bugzilla.novell.com/801341
https://bugzilla.novell.com/801427
https://bugzilla.novell.com/803320
https://bugzilla.novell.com/804482
https://bugzilla.novell.com/804609
https://bugzilla.novell.com/805371
https://bugzilla.novell.com/805740
https://bugzilla.novell.com/805804
https://bugzilla.novell.com/805945
https://bugzilla.novell.com/806396
https://bugzilla.novell.com/806976
https://bugzilla.novell.com/807471
https://bugzilla.novell.com/807502
https://bugzilla.novell.com/808015
https://bugzilla.novell.com/808136
https://bugzilla.novell.com/808647
https://bugzilla.novell.com/808837
https://bugzilla.novell.com/808855
https://bugzilla.novell.com/808940
https://bugzilla.novell.com/809122
https://bugzilla.novell.com/809130
https://bugzilla.novell.com/809220
https://bugzilla.novell.com/809463
https://bugzilla.novell.com/809617
https://bugzilla.novell.com/809895
https://bugzilla.novell.com/809975
https://bugzilla.novell.com/810098
https://bugzilla.novell.com/810210
https://bugzilla.novell.com/810722
https://bugzilla.novell.com/812274
https://bugzilla.novell.com/812281
https://bugzilla.novell.com/812332
https://bugzilla.novell.com/812526
https://bugzilla.novell.com/812974
https://bugzilla.novell.com/813604
https://bugzilla.novell.com/813733
https://bugzilla.novell.com/813922
https://bugzilla.novell.com/814336
https://bugzilla.novell.com/815256
https://bugzilla.novell.com/815320
https://bugzilla.novell.com/815356
https://bugzilla.novell.com/816043
https://bugzilla.novell.com/816065
https://bugzilla.novell.com/816403
https://bugzilla.novell.com/816451
https://bugzilla.novell.com/816892
https://bugzilla.novell.com/816925
https://bugzilla.novell.com/816971
https://bugzilla.novell.com/817035
https://bugzilla.novell.com/817339
https://bugzilla.novell.com/817377
https://bugzilla.novell.com/818047
https://bugzilla.novell.com/818053
https://bugzilla.novell.com/818064
https://bugzilla.novell.com/818154
https://bugzilla.novell.com/818371
https://bugzilla.novell.com/818465
https://bugzilla.novell.com/818497
https://bugzilla.novell.com/819018
https://bugzilla.novell.com/819195
https://bugzilla.novell.com/819295
https://bugzilla.novell.com/819363
https://bugzilla.novell.com/819519
https://bugzilla.novell.com/819523
https://bugzilla.novell.com/819610
https://bugzilla.novell.com/819655
https://bugzilla.novell.com/819789
https://bugzilla.novell.com/819979
https://bugzilla.novell.com/820172
https://bugzilla.novell.com/820183
https://bugzilla.novell.com/820434
https://bugzilla.novell.com/820569
https://bugzilla.novell.com/820738
https://bugzilla.novell.com/820948
https://bugzilla.novell.com/820982
https://bugzilla.novell.com/821052
https://bugzilla.novell.com/821070
https://bugzilla.novell.com/821235
https://bugzilla.novell.com/821560
https://bugzilla.novell.com/821799
https://bugzilla.novell.com/821802
https://bugzilla.novell.com/821859
https://bugzilla.novell.com/821930
https://bugzilla.novell.com/821980
https://bugzilla.novell.com/822052
https://bugzilla.novell.com/822066
https://bugzilla.novell.com/822077
https://bugzilla.novell.com/822080
https://bugzilla.novell.com/822164
https://bugzilla.novell.com/822225
https://bugzilla.novell.com/822340
https://bugzilla.novell.com/822431
https://bugzilla.novell.com/822575
https://bugzilla.novell.com/822579
https://bugzilla.novell.com/822722
https://bugzilla.novell.com/822825
https://bugzilla.novell.com/822878
https://bugzilla.novell.com/823082
https://bugzilla.novell.com/823191
https://bugzilla.novell.com/823223
https://bugzilla.novell.com/823342
https://bugzilla.novell.com/823386
https://bugzilla.novell.com/823517
https://bugzilla.novell.com/823597
https://bugzilla.novell.com/823795
https://bugzilla.novell.com/824159
https://bugzilla.novell.com/824256
https://bugzilla.novell.com/824295
https://bugzilla.novell.com/824568
https://bugzilla.novell.com/824915
https://bugzilla.novell.com/825037
https://bugzilla.novell.com/825048
https://bugzilla.novell.com/825142
https://bugzilla.novell.com/825227
https://bugzilla.novell.com/825591
https://bugzilla.novell.com/825657
https://bugzilla.novell.com/825696
https://bugzilla.novell.com/825887
https://bugzilla.novell.com/826186
https://bugzilla.novell.com/826350
https://bugzilla.novell.com/826960
https://bugzilla.novell.com/827271
https://bugzilla.novell.com/827372
https://bugzilla.novell.com/827376
https://bugzilla.novell.com/827378
https://bugzilla.novell.com/827749
https://bugzilla.novell.com/827750
https://bugzilla.novell.com/827930
https://bugzilla.novell.com/828087
https://bugzilla.novell.com/828119
https://bugzilla.novell.com/828192
https://bugzilla.novell.com/828265
https://bugzilla.novell.com/828574
https://bugzilla.novell.com/828714
https://bugzilla.novell.com/828886
https://bugzilla.novell.com/828914
https://bugzilla.novell.com/829001
https://bugzilla.novell.com/829082
https://bugzilla.novell.com/829357
https://bugzilla.novell.com/829539
https://bugzilla.novell.com/829622
https://bugzilla.novell.com/830346
https://bugzilla.novell.com/830478
https://bugzilla.novell.com/830766
https://bugzilla.novell.com/830822
https://bugzilla.novell.com/830901
https://bugzilla.novell.com/831055
https://bugzilla.novell.com/831058
https://bugzilla.novell.com/831410
https://bugzilla.novell.com/831422
https://bugzilla.novell.com/831424
https://bugzilla.novell.com/831438
https://bugzilla.novell.com/831623
https://bugzilla.novell.com/831949
https://bugzilla.novell.com/832318
https://bugzilla.novell.com/833073
https://bugzilla.novell.com/833097
https://bugzilla.novell.com/833148
https://bugzilla.novell.com/834116
https://bugzilla.novell.com/834647
https://bugzilla.novell.com/834742
https://bugzilla.novell.com/835175
http://download.novell.com/patch/finder/?keywords=48c5687a9cfba9c5cbed976a2680b095
More information about the sle-security-updates
mailing list