SUSE-SU-2013:1531-1: Security update for Real Time Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Oct 7 15:04:15 MDT 2013


   SUSE Security Update: Security update for Real Time Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1531-1
Rating:             low
References:         #708296 #745640 #754690 #760407 #763968 #765523 
                    #773006 #773255 #773837 #783475 #785901 #789010 
                    #792991 #797090 #797727 #797909 #800875 #800907 
                    #801341 #801427 #803320 #804482 #804609 #805371 
                    #805740 #805804 #805945 #806396 #806976 #807471 
                    #807502 #808015 #808136 #808647 #808837 #808855 
                    #808940 #809122 #809130 #809220 #809463 #809617 
                    #809895 #809975 #810098 #810210 #810722 #812274 
                    #812281 #812332 #812526 #812974 #813604 #813733 
                    #813922 #814336 #815256 #815320 #815356 #816043 
                    #816065 #816403 #816451 #816892 #816925 #816971 
                    #817035 #817339 #817377 #818047 #818053 #818064 
                    #818154 #818371 #818465 #818497 #819018 #819195 
                    #819295 #819363 #819519 #819523 #819610 #819655 
                    #819789 #819979 #820172 #820183 #820434 #820569 
                    #820738 #820948 #820982 #821052 #821070 #821235 
                    #821560 #821799 #821802 #821859 #821930 #821980 
                    #822052 #822066 #822077 #822080 #822164 #822225 
                    #822340 #822431 #822575 #822579 #822722 #822825 
                    #822878 #823082 #823191 #823223 #823342 #823386 
                    #823517 #823597 #823795 #824159 #824256 #824295 
                    #824568 #824915 #825037 #825048 #825142 #825227 
                    #825591 #825657 #825696 #825887 #826186 #826350 
                    #826960 #827271 #827372 #827376 #827378 #827749 
                    #827750 #827930 #828087 #828119 #828192 #828265 
                    #828574 #828714 #828886 #828914 #829001 #829082 
                    #829357 #829539 #829622 #830346 #830478 #830766 
                    #830822 #830901 #831055 #831058 #831410 #831422 
                    #831424 #831438 #831623 #831949 #832318 #833073 
                    #833097 #833148 #834116 #834647 #834742 #835175 
                    
Cross-References:   CVE-2013-1059 CVE-2013-1774 CVE-2013-1819
                    CVE-2013-1929 CVE-2013-2094 CVE-2013-2148
                    CVE-2013-2164 CVE-2013-2232 CVE-2013-2234
                    CVE-2013-2237 CVE-2013-2850 CVE-2013-2851
                    CVE-2013-2852 CVE-2013-3301 CVE-2013-4162
                    CVE-2013-4163
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 11 SP3
______________________________________________________________________________

   An update that solves 16 vulnerabilities and has 164 fixes
   is now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
   updated to  version 3.0.93 and to fix various bugs and
   security issues.

   The following features have been added:

   * NFS: Now supports a "nosharetransport" option
   (bnc#807502, bnc#828192, FATE#315593).
   * ALSA: virtuoso: Xonar DSX support was added
   (FATE#316016).

   The following security issues have been fixed:

   *

   CVE-2013-2148: The fill_event_metadata function in
   fs/notify/fanotify/fanotify_user.c in the Linux kernel did
   not initialize a certain structure member, which allowed
   local users to obtain sensitive information from kernel
   memory via a read operation on the fanotify descriptor.

   *

   CVE-2013-2237: The key_notify_policy_flush function
   in net/key/af_key.c in the Linux kernel did not initialize
   a certain structure member, which allowed local users to
   obtain sensitive information from kernel heap memory by
   reading a broadcast message from the notify_policy
   interface of an IPSec key_socket.

   *

   CVE-2013-2232: The ip6_sk_dst_check function in
   net/ipv6/ip6_output.c in the Linux kernel allowed local
   users to cause a denial of service (system crash) by using
   an AF_INET6 socket for a connection to an IPv4 interface.

   *

   CVE-2013-2234: The (1) key_notify_sa_flush and (2)
   key_notify_policy_flush functions in net/key/af_key.c in
   the Linux kernel did not initialize certain structure
   members, which allowed local users to obtain sensitive
   information from kernel heap memory by reading a broadcast
   message from the notify interface of an IPSec key_socket.
   CVE-2013-4162: The udp_v6_push_pending_frames function in
   net/ipv6/udp.c in the IPv6 implementation in the Linux
   kernel made an incorrect function call for pending data,
   which allowed local users to cause a denial of service (BUG
   and system crash) via a crafted application that uses the
   UDP_CORK option in a setsockopt system call.

   *

   CVE-2013-1059: net/ceph/auth_none.c in the Linux
   kernel allowed remote attackers to cause a denial of
   service (NULL pointer dereference and system crash) or
   possibly have unspecified other impact via an auth_reply
   message that triggers an attempted build_request operation.

   *

   CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
   in drivers/cdrom/cdrom.c in the Linux kernel allowed local
   users to obtain sensitive information from kernel memory
   via a read operation on a malfunctioning CD-ROM drive.

   *

   CVE-2013-2851: Format string vulnerability in the
   register_disk function in block/genhd.c in the Linux kernel
   allowed local users to gain privileges by leveraging root
   access and writing format string specifiers to
   /sys/module/md_mod/parameters/new_array in order to create
   a crafted /dev/md device name.

   *

   CVE-2013-4163: The ip6_append_data_mtu function in
   net/ipv6/ip6_output.c in the IPv6 implementation in the
   Linux kernel did not properly maintain information about
   whether the IPV6_MTU setsockopt option had been specified,
   which allowed local users to cause a denial of service (BUG
   and system crash) via a crafted application that uses the
   UDP_CORK option in a setsockopt system call.

   *

   CVE-2013-1929: Heap-based buffer overflow in the
   tg3_read_vpd function in
   drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
   allowed physically proximate attackers to cause a denial of
   service (system crash) or possibly execute arbitrary code
   via crafted firmware that specifies a long string in the
   Vital Product Data (VPD) data structure.

   *

   CVE-2013-1819: The _xfs_buf_find function in
   fs/xfs/xfs_buf.c in the Linux kernel did not validate block
   numbers, which allowed local users to cause a denial of
   service (NULL pointer dereference and system crash) or
   possibly have unspecified other impact by leveraging the
   ability to mount an XFS filesystem containing a metadata
   inode with an invalid extent map.

   Also the following non-security bugs have been fixed:

   * ACPI / APEI: Force fatal AER severity when component
   has been reset (bnc#828886 bnc#824568).
   * PCI/AER: Move AER severity defines to aer.h
   (bnc#828886 bnc#824568).
   * PCI/AER: Set dev->__aer_firmware_first only for
   matching devices (bnc#828886 bnc#824568).
   * PCI/AER: Factor out HEST device type matching
   (bnc#828886 bnc#824568).
   * PCI/AER: Do not parse HEST table for non-PCIe devices
   (bnc#828886 bnc#824568).
   *

   PCI/AER: Reset link for devices below Root Port or
   Downstream Port (bnc#828886 bnc#824568).

   *

   zfcp: fix lock imbalance by reworking request queue
   locking (bnc#835175, LTC#96825).

   *

   qeth: Fix crash on initial MTU size change
   (bnc#835175, LTC#96809).

   *

   qeth: change default standard blkt settings for OSA
   Express (bnc#835175, LTC#96808).

   *

   x86: Add workaround to NMI iret woes (bnc#831949).

   *

   x86: Do not schedule while still in NMI context
   (bnc#831949).

   *

   drm/i915: no longer call drm_helper_resume_force_mode
   (bnc#831424,bnc#800875).

   *

   bnx2x: protect different statistics flows
   (bnc#814336).

   * bnx2x: Avoid sending multiple statistics queries
   (bnc#814336).
   *

   bnx2x: protect different statistics flows
   (bnc#814336).

   *

   ALSA: hda - Fix unbalanced runtime pm refount
   (bnc#834742).

   *

   xhci: directly calling _PS3 on suspend (bnc#833148).

   *

   futex: Take hugepages into account when generating
   futex_key.

   *

   e1000e: workaround DMA unit hang on I218 (bnc#834647).

   * e1000e: unexpected "Reset adapter" message when cable
   pulled (bnc#834647).
   * e1000e: 82577: workaround for link drop issue
   (bnc#834647).
   * e1000e: helper functions for accessing EMI registers
   (bnc#834647).
   * e1000e: workaround DMA unit hang on I218 (bnc#834647).
   * e1000e: unexpected "Reset adapter" message when cable
   pulled (bnc#834647).
   * e1000e: 82577: workaround for link drop issue
   (bnc#834647).
   *

   e1000e: helper functions for accessing EMI registers
   (bnc#834647).

   *

   Drivers: hv: util: Fix a bug in version negotiation
   code for util services (bnc#828714).

   *

   printk: Add NMI ringbuffer (bnc#831949).

   * printk: extract ringbuffer handling from vprintk
   (bnc#831949).
   * printk: NMI safe printk (bnc#831949).
   * printk: Make NMI ringbuffer size independent on
   log_buf_len (bnc#831949).
   * printk: Do not call console_unlock from nmi context
   (bnc#831949).
   *

   printk: Do not use printk_cpu from finish_printk
   (bnc#831949).

   *

   zfcp: fix schedule-inside-lock in scsi_device list
   loops (bnc#833073, LTC#94937).

   *

   uvc: increase number of buffers (bnc#822164,
   bnc#805804).

   *

   drm/i915: Adding more reserved PCI IDs for Haswell
   (bnc#834116).

   *

   Refresh patches.xen/xen-netback-generalize
   (bnc#827378).

   *

   Update Xen patches to 3.0.87.

   *

   mlx4_en: Adding 40gb speed report for ethtool
   (bnc#831410).

   *

   drm/i915: Retry DP aux_ch communications with a
   different clock after failure (bnc#831422).

   * drm/i915: split aux_clock_divider logic in a
   separated function for reuse (bnc#831422).
   * drm/i915: dp: increase probe retries (bnc#831422).
   * drm/i915: Only clear write-domains after a successful
   wait-seqno (bnc#831422).
   * drm/i915: Fix write-read race with multiple rings
   (bnc#831422).
   * drm/i915: Retry DP aux_ch communications with a
   different clock after failure (bnc#831422).
   * drm/i915: split aux_clock_divider logic in a
   separated function for reuse (bnc#831422).
   * drm/i915: dp: increase probe retries (bnc#831422).
   * drm/i915: Only clear write-domains after a successful
   wait-seqno (bnc#831422).
   *

   drm/i915: Fix write-read race with multiple rings
   (bnc#831422).

   *

   xhci: Add xhci_disable_ports boot option (bnc#822164).

   *

   xhci: set device to D3Cold on shutdown (bnc#833097).

   *

   reiserfs: Fixed double unlock in reiserfs_setattr
   failure path.

   * reiserfs: locking, release lock around quota
   operations (bnc#815320).
   * reiserfs: locking, push write lock out of xattr code
   (bnc#815320).
   * reiserfs: locking, handle nested locks properly
   (bnc#815320).
   * reiserfs: do not lock journal_init() (bnc#815320).
   *

   reiserfs: delay reiserfs lock until journal
   initialization (bnc#815320).

   *

   NFS: support "nosharetransport" option (bnc#807502,
   bnc#828192, FATE#315593).

   *

   HID: hyperv: convert alloc+memcpy to memdup.

   * Drivers: hv: vmbus: Implement multi-channel support
   (fate#316098).
   * Drivers: hv: Add the GUID fot synthetic fibre channel
   device (fate#316098).
   * tools: hv: Check return value of setsockopt call.
   * tools: hv: Check return value of poll call.
   * tools: hv: Check retrun value of strchr call.
   * tools: hv: Fix file descriptor leaks.
   * tools: hv: Improve error logging in KVP daemon.
   * drivers: hv: switch to use mb() instead of smp_mb().
   * drivers: hv: check interrupt mask before read_index.
   * drivers: hv: allocate synic structures before
   hv_synic_init().
   * storvsc: Increase the value of scsi timeout for
   storvsc devices (fate#316098).
   * storvsc: Update the storage protocol to win8 level
   (fate#316098).
   * storvsc: Implement multi-channel support
   (fate#316098).
   * storvsc: Support FC devices (fate#316098).
   * storvsc: Increase the value of
   STORVSC_MAX_IO_REQUESTS (fate#316098).
   * hyperv: Fix the NETIF_F_SG flag setting in netvsc.
   * Drivers: hv: vmbus: incorrect device name is printed
   when child device is unregistered.
   *

   Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
   (bnc#828714).

   *

   ipv6: ip6_append_data_mtu did not care about pmtudisc
   and frag_size (bnc#831055, CVE-2013-4163).

   *

   ipv6: ip6_append_data_mtu did not care about pmtudisc
   and frag_size (bnc#831055, CVE-2013-4163).

   *

   dm mpath: add retain_attached_hw_handler feature
   (bnc#760407).

   *

   scsi_dh: add scsi_dh_attached_handler_name
   (bnc#760407).

   *

   af_key: fix info leaks in notify messages (bnc#827749
   CVE-2013-2234).

   *

   af_key: initialize satype in
   key_notify_policy_flush() (bnc#828119 CVE-2013-2237).

   *

   ipv6: call udp_push_pending_frames when uncorking a
   socket with (bnc#831058, CVE-2013-4162).

   *

   tg3: fix length overflow in VPD firmware parsing
   (bnc#813733 CVE-2013-1929).

   *

   xfs: fix _xfs_buf_find oops on blocks beyond the
   filesystem end (CVE-2013-1819 bnc#807471).

   *

   ipv6: ip6_sk_dst_check() must not assume ipv6 dst
   (bnc#827750, CVE-2013-2232).

   *

   dasd: fix hanging devices after path events
   (bnc#831623, LTC#96336).

   *

   kernel: z90crypt module load crash (bnc#831623,
   LTC#96214).

   *

   ata: Fix DVD not dectected at some platform with
   Wellsburg PCH (bnc#822225).

   *

   drm/i915: edp: add standard modes (bnc#832318).

   *

   Do not switch camera on yet more HP machines
   (bnc#822164).

   *

   Do not switch camera on HP EB 820 G1 (bnc#822164).

   *

   xhci: Avoid NULL pointer deref when host dies
   (bnc#827271).

   *

   bonding: disallow change of MAC if fail_over_mac
   enabled (bnc#827376).

   * bonding: propagate unicast lists down to slaves
   (bnc#773255 bnc#827372).
   * net/bonding: emit address change event also in
   bond_release (bnc#773255 bnc#827372).
   *

   bonding: emit event when bonding changes MAC
   (bnc#773255 bnc#827372).

   *

   usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
   controllers with xhci 1.0 (bnc#797909).

   *

   xhci: fix null pointer dereference on
   ring_doorbell_for_active_rings (bnc#827271).

   *

   updated reference for security issue fixed inside
   (CVE-2013-3301 bnc#815256)

   *

   qla2xxx: Clear the MBX_INTR_WAIT flag when the
   mailbox time-out happens (bnc#830478).

   *

   drm/i915: initialize gt_lock early with other spin
   locks (bnc#801341).

   * drm/i915: fix up gt init sequence fallout
   (bnc#801341).
   * drm/i915: initialize gt_lock early with other spin
   locks (bnc#801341).
   *

   drm/i915: fix up gt init sequence fallout
   (bnc#801341).

   *

   timer_list: Correct the iterator for timer_list
   (bnc#818047).

   *

   firmware: do not spew errors in normal boot
   (bnc#831438, fate#314574).

   *

   ALSA: virtuoso: Xonar DSX support (FATE#316016).

   *

   SUNRPC: Ensure we release the socket write lock if
   the rpc_task exits early (bnc#830901).

   *

   ext4: Re-add config option Building ext4 as the
   ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that
   read-write module should be enabled. This update just
   defaults allow_rw to true if it is set.

   *

   e1000: fix vlan processing regression (bnc#830766).

   *

   ext4: force read-only unless rw=1 module option is
   used (fate#314864).

   *

   dm mpath: fix ioctl deadlock when no paths
   (bnc#808940).

   *

   HID: fix unused rsize usage (bnc#783475).

   *

   add reference for b43 format string flaw (bnc#822579
   CVE-2013-2852)

   *

   HID: fix data access in implement() (bnc#783475).

   *

   xfs: fix deadlock in xfs_rtfree_extent with kernel
   v3.x (bnc#829622).

   *

   kernel: sclp console hangs (bnc#830346, LTC#95711).

   *

   Refresh
   patches.fixes/rtc-add-an-alarm-disable-quirk.patch.

   *

   Delete
   patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi
   rst-occurrence. It was removed from series.conf in
   063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was
   not deleted.

   *

   Drivers: hv: balloon: Do not post pressure status if
   interrupted (bnc#829539).

   *

   Drivers: hv: balloon: Fix a bug in the hot-add code
   (bnc#829539).

   *

   drm/i915: Fix incoherence with fence updates on
   Sandybridge+ (bnc#809463).

   * drm/i915: merge {i965, sandybridge}_write_fence_reg()
   (bnc#809463).
   * drm/i915: Fix incoherence with fence updates on
   Sandybridge+ (bnc#809463).
   *

   drm/i915: merge {i965, sandybridge}_write_fence_reg()
   (bnc#809463).

   *

   Refresh
   patches.fixes/rtc-add-an-alarm-disable-quirk.patch.

   *

   r8169: allow multicast packets on sub-8168f chipset
   (bnc#805371).

   * r8169: support new chips of RTL8111F (bnc#805371).
   * r8169: define the early size for 8111evl (bnc#805371).
   * r8169: fix the reset setting for 8111evl (bnc#805371).
   * r8169: add MODULE_FIRMWARE for the firmware of
   8111evl (bnc#805371).
   * r8169: fix sticky accepts packet bits in RxConfig
   (bnc#805371).
   * r8169: adjust the RxConfig settings (bnc#805371).
   * r8169: support RTL8111E-VL (bnc#805371).
   * r8169: add ERI functions (bnc#805371).
   * r8169: modify the flow of the hw reset (bnc#805371).
   * r8169: adjust some registers (bnc#805371).
   * r8169: check firmware content sooner (bnc#805371).
   * r8169: support new firmware format (bnc#805371).
   * r8169: explicit firmware format check (bnc#805371).
   * r8169: move the firmware down into the device private
   data (bnc#805371).
   * r8169: allow multicast packets on sub-8168f chipset
   (bnc#805371).
   * r8169: support new chips of RTL8111F (bnc#805371).
   * r8169: define the early size for 8111evl (bnc#805371).
   * r8169: fix the reset setting for 8111evl (bnc#805371).
   * r8169: add MODULE_FIRMWARE for the firmware of
   8111evl (bnc#805371).
   * r8169: fix sticky accepts packet bits in RxConfig
   (bnc#805371).
   * r8169: adjust the RxConfig settings (bnc#805371).
   * r8169: support RTL8111E-VL (bnc#805371).
   * r8169: add ERI functions (bnc#805371).
   * r8169: modify the flow of the hw reset (bnc#805371).
   * r8169: adjust some registers (bnc#805371).
   * r8169: check firmware content sooner (bnc#805371).
   * r8169: support new firmware format (bnc#805371).
   * r8169: explicit firmware format check (bnc#805371).
   *

   r8169: move the firmware down into the device private
   data (bnc#805371).

   *

   patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:
   mm: link_mem_sections make sure nmi watchdog does not
   trigger while linking memory sections (bnc#820434).

   *

   drm/i915: fix long-standing SNB regression in power
   consumption after resume v2 (bnc#801341).

   *

   RTC: Add an alarm disable quirk (bnc#805740).

   *

   drm/i915: Fix bogus hotplug warnings at resume
   (bnc#828087).

   * drm/i915: Serialize all register access
   (bnc#809463,bnc#812274,bnc#822878,bnc#828914).
   * drm/i915: Resurrect ring kicking for semaphores,
   selectively (bnc#828087).
   * drm/i915: Fix bogus hotplug warnings at resume
   (bnc#828087).
   * drm/i915: Serialize all register access
   (bnc#809463,bnc#812274,bnc#822878,bnc#828914).
   *

   drm/i915: Resurrect ring kicking for semaphores,
   selectively (bnc#828087).

   *

   drm/i915: use lower aux clock divider on non-ULT HSW
   (bnc#800875).

   * drm/i915: preserve the PBC bits of TRANS_CHICKEN2
   (bnc#828087).
   * drm/i915: set CPT FDI RX polarity bits based on VBT
   (bnc#828087).
   * drm/i915: hsw: fix link training for eDP on port-A
   (bnc#800875).
   * drm/i915: use lower aux clock divider on non-ULT HSW
   (bnc#800875).
   * drm/i915: preserve the PBC bits of TRANS_CHICKEN2
   (bnc#828087).
   * drm/i915: set CPT FDI RX polarity bits based on VBT
   (bnc#828087).
   *

   drm/i915: hsw: fix link training for eDP on port-A
   (bnc#800875).

   *

   patches.arch/s390-66-02-smp-ipi.patch: kernel: lost
   IPIs on CPU hotplug (bnc#825048, LTC#94784).

   *

   patches.fixes/iwlwifi-use-correct-supported-firmware-for-603
   5-and-.patch: iwlwifi: use correct supported firmware for
   6035 and 6000g2 (bnc#825887).

   *

   patches.fixes/watchdog-update-watchdog_thresh-atomically.pat
   ch: watchdog: Update watchdog_thresh atomically
   (bnc#829357).

   *
   patches.fixes/watchdog-update-watchdog_tresh-properly.patch:
   watchdog: update watchdog_tresh properly (bnc#829357).
   *

   patches.fixes/watchdog-make-disable-enable-hotplug-and-preem
   pt-save.patch:
   watchdog-make-disable-enable-hotplug-and-preempt-save.patch
   (bnc#829357).

   *

   kabi/severities: Ignore changes in drivers/hv

   *

   patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou
   t.patch: lpfc: Return correct error code on bsg_timeout
   (bnc#816043).

   *

   patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:
   dm-multipath: Drop table when retrying ioctl (bnc#808940).

   *

   scsi: Do not retry invalid function error
   (bnc#809122).

   *

   patches.suse/scsi-do-not-retry-invalid-function-error.patch:
   scsi: Do not retry invalid function error (bnc#809122).

   *

   scsi: Always retry internal target error (bnc#745640,
   bnc#825227).

   *

   patches.suse/scsi-always-retry-internal-target-error.patch:
   scsi: Always retry internal target error (bnc#745640,
   bnc#825227).

   *

   patches.drivers/drm-edid-Don-t-print-messages-regarding-ster
   eo-or-csync-by-default.patch: Refresh: add upstream commit
   ID.

   *

   patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
   Refresh. (bnc#824915).

   *

   Refresh
   patches.suse/acpiphp-match-to-Bochs-dmi-data.patch
   (bnc#824915).

   *

   Update kabi files.

   *

   ACPI:remove panic in case hardware has changed after
   S4 (bnc#829001).

   *

   ibmvfc: Driver version 1.0.1 (bnc#825142).

   * ibmvfc: Fix for offlining devices during error
   recovery (bnc#825142).
   * ibmvfc: Properly set cancel flags when cancelling
   abort (bnc#825142).
   * ibmvfc: Send cancel when link is down (bnc#825142).
   * ibmvfc: Support FAST_IO_FAIL in EH handlers
   (bnc#825142).
   *

   ibmvfc: Suppress ABTS if target gone (bnc#825142).

   *

   fs/dcache.c: add cond_resched() to
   shrink_dcache_parent() (bnc#829082).

   *

   drivers/cdrom/cdrom.c: use kzalloc() for failing
   hardware (bnc#824295, CVE-2013-2164).

   *

   kmsg_dump: do not run on non-error paths by default
   (bnc#820172).

   *

   supported.conf: mark tcm_qla2xxx as supported

   *

   mm: honor min_free_kbytes set by user (bnc#826960).

   *

   Drivers: hv: util: Fix a bug in version negotiation
   code for util services (bnc#828714).

   *

   hyperv: Fix a kernel warning from
   netvsc_linkstatus_callback() (bnc#828574).

   *

   RT: Fix up hardening patch to not gripe when avg >
   available, which lockless access makes possible and happens
   in -rt kernels running a cpubound ltp realtime testcase.
   Just keep the output sane in that case.

   *

   kabi/severities: Add exception for
   aer_recover_queue() There should not be any user besides
   ghes.ko.

   *

   Fix rpm changelog

   *

   PCI / PM: restore the original behavior of
   pci_set_power_state() (bnc#827930).

   *

   fanotify: info leak in copy_event_to_user()
   (CVE-2013-2148 bnc#823517).

   *

   usb: xhci: check usb2 port capabilities before adding
   hw link PM support (bnc#828265).

   *

   aerdrv: Move cper_print_aer() call out of interrupt
   context (bnc#822052, bnc#824568).

   *

   PCI/AER: pci_get_domain_bus_and_slot() call missing
   required pci_dev_put() (bnc#822052, bnc#824568).

   *

   patches.fixes/block-do-not-pass-disk-names-as-format-strings
   .patch: block: do not pass disk names as format strings
   (bnc#822575 CVE-2013-2851).

   *

   powerpc: POWER8 cputable entries (bnc#824256).

   *

   libceph: Fix NULL pointer dereference in auth client
   code. (CVE-2013-1059, bnc#826350)

   *

   md/raid10: Fix two bug affecting RAID10 reshape.

   *

   Allow NFSv4 to run execute-only files (bnc#765523).

   *

   fs/ocfs2/namei.c: remove unecessary ERROR when
   removing non-empty directory (bnc#819363).

   *

   block: Reserve only one queue tag for sync IO if only
   3 tags are available (bnc#806396).

   *

   btrfs: merge contigous regions when loading free
   space cache

   *

   btrfs: fix how we deal with the orphan block rsv.

   * btrfs: fix wrong check during log recovery.
   * btrfs: change how we indicate we are adding csums.

   Security Issue references:

   * CVE-2013-1059
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059
   >
   * CVE-2013-1819
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1819
   >
   * CVE-2013-1929
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1929
   >
   * CVE-2013-2148
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2148
   >
   * CVE-2013-2164
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
   >
   * CVE-2013-2232
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
   >
   * CVE-2013-2234
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
   >
   * CVE-2013-2237
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
   >
   * CVE-2013-2851
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851
   >
   * CVE-2013-2852
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
   >
   * CVE-2013-3301
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3301
   >
   * CVE-2013-4162
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
   >
   * CVE-2013-4163
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4163
   >

Indications:

   Everyone using the Real Time Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 11 SP3:

      zypper in -t patch slertesp3-kernel-8410

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.93.rt117]:

      cluster-network-kmp-rt-1.4_3.0.93_rt117_0.9-2.27.16
      cluster-network-kmp-rt_trace-1.4_3.0.93_rt117_0.9-2.27.16
      drbd-kmp-rt-8.4.3_3.0.93_rt117_0.9-0.19.7
      drbd-kmp-rt_trace-8.4.3_3.0.93_rt117_0.9-0.19.7
      iscsitarget-kmp-rt-1.4.20_3.0.93_rt117_0.9-0.38.1
      iscsitarget-kmp-rt_trace-1.4.20_3.0.93_rt117_0.9-0.38.1
      kernel-rt-3.0.93.rt117-0.9.1
      kernel-rt-base-3.0.93.rt117-0.9.1
      kernel-rt-devel-3.0.93.rt117-0.9.1
      kernel-rt_trace-3.0.93.rt117-0.9.1
      kernel-rt_trace-base-3.0.93.rt117-0.9.1
      kernel-rt_trace-devel-3.0.93.rt117-0.9.1
      kernel-source-rt-3.0.93.rt117-0.9.1
      kernel-syms-rt-3.0.93.rt117-0.9.1
      lttng-modules-kmp-rt-2.1.1_3.0.93_rt117_0.9-0.11.6
      lttng-modules-kmp-rt_trace-2.1.1_3.0.93_rt117_0.9-0.11.6
      ocfs2-kmp-rt-1.6_3.0.93_rt117_0.9-0.20.16
      ocfs2-kmp-rt_trace-1.6_3.0.93_rt117_0.9-0.20.16
      ofed-kmp-rt-1.5.4.1_3.0.93_rt117_0.9-0.13.7
      ofed-kmp-rt_trace-1.5.4.1_3.0.93_rt117_0.9-0.13.7


References:

   http://support.novell.com/security/cve/CVE-2013-1059.html
   http://support.novell.com/security/cve/CVE-2013-1774.html
   http://support.novell.com/security/cve/CVE-2013-1819.html
   http://support.novell.com/security/cve/CVE-2013-1929.html
   http://support.novell.com/security/cve/CVE-2013-2094.html
   http://support.novell.com/security/cve/CVE-2013-2148.html
   http://support.novell.com/security/cve/CVE-2013-2164.html
   http://support.novell.com/security/cve/CVE-2013-2232.html
   http://support.novell.com/security/cve/CVE-2013-2234.html
   http://support.novell.com/security/cve/CVE-2013-2237.html
   http://support.novell.com/security/cve/CVE-2013-2850.html
   http://support.novell.com/security/cve/CVE-2013-2851.html
   http://support.novell.com/security/cve/CVE-2013-2852.html
   http://support.novell.com/security/cve/CVE-2013-3301.html
   http://support.novell.com/security/cve/CVE-2013-4162.html
   http://support.novell.com/security/cve/CVE-2013-4163.html
   https://bugzilla.novell.com/708296
   https://bugzilla.novell.com/745640
   https://bugzilla.novell.com/754690
   https://bugzilla.novell.com/760407
   https://bugzilla.novell.com/763968
   https://bugzilla.novell.com/765523
   https://bugzilla.novell.com/773006
   https://bugzilla.novell.com/773255
   https://bugzilla.novell.com/773837
   https://bugzilla.novell.com/783475
   https://bugzilla.novell.com/785901
   https://bugzilla.novell.com/789010
   https://bugzilla.novell.com/792991
   https://bugzilla.novell.com/797090
   https://bugzilla.novell.com/797727
   https://bugzilla.novell.com/797909
   https://bugzilla.novell.com/800875
   https://bugzilla.novell.com/800907
   https://bugzilla.novell.com/801341
   https://bugzilla.novell.com/801427
   https://bugzilla.novell.com/803320
   https://bugzilla.novell.com/804482
   https://bugzilla.novell.com/804609
   https://bugzilla.novell.com/805371
   https://bugzilla.novell.com/805740
   https://bugzilla.novell.com/805804
   https://bugzilla.novell.com/805945
   https://bugzilla.novell.com/806396
   https://bugzilla.novell.com/806976
   https://bugzilla.novell.com/807471
   https://bugzilla.novell.com/807502
   https://bugzilla.novell.com/808015
   https://bugzilla.novell.com/808136
   https://bugzilla.novell.com/808647
   https://bugzilla.novell.com/808837
   https://bugzilla.novell.com/808855
   https://bugzilla.novell.com/808940
   https://bugzilla.novell.com/809122
   https://bugzilla.novell.com/809130
   https://bugzilla.novell.com/809220
   https://bugzilla.novell.com/809463
   https://bugzilla.novell.com/809617
   https://bugzilla.novell.com/809895
   https://bugzilla.novell.com/809975
   https://bugzilla.novell.com/810098
   https://bugzilla.novell.com/810210
   https://bugzilla.novell.com/810722
   https://bugzilla.novell.com/812274
   https://bugzilla.novell.com/812281
   https://bugzilla.novell.com/812332
   https://bugzilla.novell.com/812526
   https://bugzilla.novell.com/812974
   https://bugzilla.novell.com/813604
   https://bugzilla.novell.com/813733
   https://bugzilla.novell.com/813922
   https://bugzilla.novell.com/814336
   https://bugzilla.novell.com/815256
   https://bugzilla.novell.com/815320
   https://bugzilla.novell.com/815356
   https://bugzilla.novell.com/816043
   https://bugzilla.novell.com/816065
   https://bugzilla.novell.com/816403
   https://bugzilla.novell.com/816451
   https://bugzilla.novell.com/816892
   https://bugzilla.novell.com/816925
   https://bugzilla.novell.com/816971
   https://bugzilla.novell.com/817035
   https://bugzilla.novell.com/817339
   https://bugzilla.novell.com/817377
   https://bugzilla.novell.com/818047
   https://bugzilla.novell.com/818053
   https://bugzilla.novell.com/818064
   https://bugzilla.novell.com/818154
   https://bugzilla.novell.com/818371
   https://bugzilla.novell.com/818465
   https://bugzilla.novell.com/818497
   https://bugzilla.novell.com/819018
   https://bugzilla.novell.com/819195
   https://bugzilla.novell.com/819295
   https://bugzilla.novell.com/819363
   https://bugzilla.novell.com/819519
   https://bugzilla.novell.com/819523
   https://bugzilla.novell.com/819610
   https://bugzilla.novell.com/819655
   https://bugzilla.novell.com/819789
   https://bugzilla.novell.com/819979
   https://bugzilla.novell.com/820172
   https://bugzilla.novell.com/820183
   https://bugzilla.novell.com/820434
   https://bugzilla.novell.com/820569
   https://bugzilla.novell.com/820738
   https://bugzilla.novell.com/820948
   https://bugzilla.novell.com/820982
   https://bugzilla.novell.com/821052
   https://bugzilla.novell.com/821070
   https://bugzilla.novell.com/821235
   https://bugzilla.novell.com/821560
   https://bugzilla.novell.com/821799
   https://bugzilla.novell.com/821802
   https://bugzilla.novell.com/821859
   https://bugzilla.novell.com/821930
   https://bugzilla.novell.com/821980
   https://bugzilla.novell.com/822052
   https://bugzilla.novell.com/822066
   https://bugzilla.novell.com/822077
   https://bugzilla.novell.com/822080
   https://bugzilla.novell.com/822164
   https://bugzilla.novell.com/822225
   https://bugzilla.novell.com/822340
   https://bugzilla.novell.com/822431
   https://bugzilla.novell.com/822575
   https://bugzilla.novell.com/822579
   https://bugzilla.novell.com/822722
   https://bugzilla.novell.com/822825
   https://bugzilla.novell.com/822878
   https://bugzilla.novell.com/823082
   https://bugzilla.novell.com/823191
   https://bugzilla.novell.com/823223
   https://bugzilla.novell.com/823342
   https://bugzilla.novell.com/823386
   https://bugzilla.novell.com/823517
   https://bugzilla.novell.com/823597
   https://bugzilla.novell.com/823795
   https://bugzilla.novell.com/824159
   https://bugzilla.novell.com/824256
   https://bugzilla.novell.com/824295
   https://bugzilla.novell.com/824568
   https://bugzilla.novell.com/824915
   https://bugzilla.novell.com/825037
   https://bugzilla.novell.com/825048
   https://bugzilla.novell.com/825142
   https://bugzilla.novell.com/825227
   https://bugzilla.novell.com/825591
   https://bugzilla.novell.com/825657
   https://bugzilla.novell.com/825696
   https://bugzilla.novell.com/825887
   https://bugzilla.novell.com/826186
   https://bugzilla.novell.com/826350
   https://bugzilla.novell.com/826960
   https://bugzilla.novell.com/827271
   https://bugzilla.novell.com/827372
   https://bugzilla.novell.com/827376
   https://bugzilla.novell.com/827378
   https://bugzilla.novell.com/827749
   https://bugzilla.novell.com/827750
   https://bugzilla.novell.com/827930
   https://bugzilla.novell.com/828087
   https://bugzilla.novell.com/828119
   https://bugzilla.novell.com/828192
   https://bugzilla.novell.com/828265
   https://bugzilla.novell.com/828574
   https://bugzilla.novell.com/828714
   https://bugzilla.novell.com/828886
   https://bugzilla.novell.com/828914
   https://bugzilla.novell.com/829001
   https://bugzilla.novell.com/829082
   https://bugzilla.novell.com/829357
   https://bugzilla.novell.com/829539
   https://bugzilla.novell.com/829622
   https://bugzilla.novell.com/830346
   https://bugzilla.novell.com/830478
   https://bugzilla.novell.com/830766
   https://bugzilla.novell.com/830822
   https://bugzilla.novell.com/830901
   https://bugzilla.novell.com/831055
   https://bugzilla.novell.com/831058
   https://bugzilla.novell.com/831410
   https://bugzilla.novell.com/831422
   https://bugzilla.novell.com/831424
   https://bugzilla.novell.com/831438
   https://bugzilla.novell.com/831623
   https://bugzilla.novell.com/831949
   https://bugzilla.novell.com/832318
   https://bugzilla.novell.com/833073
   https://bugzilla.novell.com/833097
   https://bugzilla.novell.com/833148
   https://bugzilla.novell.com/834116
   https://bugzilla.novell.com/834647
   https://bugzilla.novell.com/834742
   https://bugzilla.novell.com/835175
   http://download.novell.com/patch/finder/?keywords=48c5687a9cfba9c5cbed976a2680b095



More information about the sle-security-updates mailing list