SUSE-SU-2014:0536-1: important: Security update for Linux kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Apr 16 12:04:30 MDT 2014


   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0536-1
Rating:             important
References:         #702014 #703156 #790920 #798050 #805226 #806219 
                    #808827 #809889 #809891 #809892 #809893 #809894 
                    #809898 #809899 #809900 #809901 #809903 #811354 
                    #816668 #820338 #822722 #823267 #824295 #825052 
                    #826102 #826551 #827362 #827749 #827750 #827855 
                    #827983 #828119 #830344 #831058 #832603 #835839 
                    #842239 #843430 #845028 #847672 #848321 #849765 
                    #850241 #851095 #852558 #853501 #857597 #858869 
                    #858870 #858872 
Cross-References:   CVE-2011-2492 CVE-2011-2494 CVE-2012-6537
                    CVE-2012-6539 CVE-2012-6540 CVE-2012-6541
                    CVE-2012-6542 CVE-2012-6544 CVE-2012-6545
                    CVE-2012-6546 CVE-2012-6547 CVE-2012-6549
                    CVE-2013-0343 CVE-2013-0914 CVE-2013-1827
                    CVE-2013-2141 CVE-2013-2164 CVE-2013-2206
                    CVE-2013-2232 CVE-2013-2234 CVE-2013-2237
                    CVE-2013-2888 CVE-2013-2893 CVE-2013-2897
                    CVE-2013-3222 CVE-2013-3223 CVE-2013-3224
                    CVE-2013-3228 CVE-2013-3229 CVE-2013-3231
                    CVE-2013-3232 CVE-2013-3234 CVE-2013-3235
                    CVE-2013-4162 CVE-2013-4387 CVE-2013-4470
                    CVE-2013-4483 CVE-2013-4588 CVE-2013-6383
                    CVE-2014-1444 CVE-2014-1445 CVE-2014-1446
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that solves 42 vulnerabilities and has 8 fixes is
   now available.

Description:


   The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS
   kernel has been  updated to fix various security issues and
   several bugs.

   The following security issues have been addressed:

   *

   CVE-2011-2492: The bluetooth subsystem in the Linux
   kernel before 3.0-rc4 does not properly initialize certain
   data structures, which allows local users to obtain
   potentially sensitive information from kernel memory via a
   crafted getsockopt system call, related to (1) the
   l2cap_sock_getsockopt_old function in
   net/bluetooth/l2cap_sock.c and (2) the
   rfcomm_sock_getsockopt_old function in
   net/bluetooth/rfcomm/sock.c. (bnc#702014)

   *

   CVE-2011-2494: kernel/taskstats.c in the Linux kernel
   before 3.1 allows local users to obtain sensitive I/O
   statistics by sending taskstats commands to a netlink
   socket, as demonstrated by discovering the length of
   another user's password. (bnc#703156)

   *

   CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux
   kernel before 3.6 does not initialize certain structures,
   which allows local users to obtain sensitive information
   from kernel memory by leveraging the CAP_NET_ADMIN
   capability. (bnc#809889)

   *

   CVE-2012-6539: The dev_ifconf function in
   net/socket.c in the Linux kernel before 3.6 does not
   initialize a certain structure, which allows local users to
   obtain sensitive information from kernel stack memory via a
   crafted application. (bnc#809891)

   *

   CVE-2012-6540: The do_ip_vs_get_ctl function in
   net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
   3.6 does not initialize a certain structure for
   IP_VS_SO_GET_TIMEOUT commands, which allows local users to
   obtain sensitive information from kernel stack memory via a
   crafted application. (bnc#809892)

   *

   CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
   net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does
   not initialize a certain structure, which allows local
   users to obtain sensitive information from kernel stack
   memory via a crafted application. (bnc#809893)

   *

   CVE-2012-6542: The llc_ui_getname function in
   net/llc/af_llc.c in the Linux kernel before 3.6 has an
   incorrect return value in certain circumstances, which
   allows local users to obtain sensitive information from
   kernel stack memory via a crafted application that
   leverages an uninitialized pointer argument. (bnc#809894)

   *

   CVE-2012-6544: The Bluetooth protocol stack in the
   Linux kernel before 3.6 does not properly initialize
   certain structures, which allows local users to obtain
   sensitive information from kernel stack memory via a
   crafted application that targets the (1) L2CAP or (2) HCI
   implementation. (bnc#809898)

   *

   CVE-2012-6545: The Bluetooth RFCOMM implementation in
   the Linux kernel before 3.6 does not properly initialize
   certain structures, which allows local users to obtain
   sensitive information from kernel memory via a crafted
   application. (bnc#809899)

   *

   CVE-2012-6546: The ATM implementation in the Linux
   kernel before 3.6 does not initialize certain structures,
   which allows local users to obtain sensitive information
   from kernel stack memory via a crafted application.
   (bnc#809900)

   *

   CVE-2012-6547: The __tun_chr_ioctl function in
   drivers/net/tun.c in the Linux kernel before 3.6 does not
   initialize a certain structure, which allows local users to
   obtain sensitive information from kernel stack memory via a
   crafted application. (bnc#809901)

   *

   CVE-2012-6549: The isofs_export_encode_fh function in
   fs/isofs/export.c in the Linux kernel before 3.6 does not
   initialize a certain structure member, which allows local
   users to obtain sensitive information from kernel heap
   memory via a crafted application. (bnc#809903)

   *

   CVE-2013-0343: The ipv6_create_tempaddr function in
   net/ipv6/addrconf.c in the Linux kernel through 3.8 does
   not properly handle problems with the generation of IPv6
   temporary addresses, which allows remote attackers to cause
   a denial of service (excessive retries and
   address-generation outage), and consequently obtain
   sensitive information, via ICMPv6 Router Advertisement (RA)
   messages. (bnc#805226)

   *

   CVE-2013-0914: The flush_signal_handlers function in
   kernel/signal.c in the Linux kernel before 3.8.4 preserves
   the value of the sa_restorer field across an exec
   operation, which makes it easier for local users to bypass
   the ASLR protection mechanism via a crafted application
   containing a sigaction system call. (bnc#808827)

   *

   CVE-2013-1827: net/dccp/ccid.h in the Linux kernel
   before 3.5.4 allows local users to gain privileges or cause
   a denial of service (NULL pointer dereference and system
   crash) by leveraging the CAP_NET_ADMIN capability for a
   certain (1) sender or (2) receiver getsockopt call.
   (bnc#811354)

   *

   CVE-2013-2141: The do_tkill function in
   kernel/signal.c in the Linux kernel before 3.8.9 does not
   initialize a certain data structure, which allows local
   users to obtain sensitive information from kernel memory
   via a crafted application that makes a (1) tkill or (2)
   tgkill system call. (bnc#823267)

   *

   CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
   in drivers/cdrom/cdrom.c in the Linux kernel through 3.10
   allows local users to obtain sensitive information from
   kernel memory via a read operation on a malfunctioning
   CD-ROM drive. (bnc#824295)

   *

   CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
   in net/sctp/sm_statefuns.c in the SCTP implementation in
   the Linux kernel before 3.8.5 does not properly handle
   associations during the processing of a duplicate COOKIE
   ECHO chunk, which allows remote attackers to cause a denial
   of service (NULL pointer dereference and system crash) or
   possibly have unspecified other impact via crafted SCTP
   traffic. (bnc#826102)

   *

   CVE-2013-2232: The ip6_sk_dst_check function in
   net/ipv6/ip6_output.c in the Linux kernel before 3.10
   allows local users to cause a denial of service (system
   crash) by using an AF_INET6 socket for a connection to an
   IPv4 interface. (bnc#827750)

   *

   CVE-2013-2234: The (1) key_notify_sa_flush and (2)
   key_notify_policy_flush functions in net/key/af_key.c in
   the Linux kernel before 3.10 do not initialize certain
   structure members, which allows local users to obtain
   sensitive information from kernel heap memory by reading a
   broadcast message from the notify interface of an IPSec
   key_socket. (bnc#827749)

   *

   CVE-2013-2237: The key_notify_policy_flush function
   in net/key/af_key.c in the Linux kernel before 3.9 does not
   initialize a certain structure member, which allows local
   users to obtain sensitive information from kernel heap
   memory by reading a broadcast message from the
   notify_policy interface of an IPSec key_socket. (bnc#828119)

   *

   CVE-2013-2888: Multiple array index errors in
   drivers/hid/hid-core.c in the Human Interface Device (HID)
   subsystem in the Linux kernel through 3.11 allow physically
   proximate attackers to execute arbitrary code or cause a
   denial of service (heap memory corruption) via a crafted
   device that provides an invalid Report ID. (bnc#835839)

   *

   CVE-2013-2893: The Human Interface Device (HID)
   subsystem in the Linux kernel through 3.11, when
   CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or
   CONFIG_LOGIWHEELS_FF is enabled, allows physically
   proximate attackers to cause a denial of service
   (heap-based out-of-bounds write) via a crafted device,
   related to (1) drivers/hid/hid-lgff.c, (2)
   drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
   (bnc#835839)

   *

   CVE-2013-2897: Multiple array index errors in
   drivers/hid/hid-multitouch.c in the Human Interface Device
   (HID) subsystem in the Linux kernel through 3.11, when
   CONFIG_HID_MULTITOUCH is enabled, allow physically
   proximate attackers to cause a denial of service (heap
   memory corruption, or NULL pointer dereference and OOPS)
   via a crafted device. (bnc#835839)

   *

   CVE-2013-3222: The vcc_recvmsg function in
   net/atm/common.c in the Linux kernel before 3.9-rc7 does
   not initialize a certain length variable, which allows
   local users to obtain sensitive information from kernel
   stack memory via a crafted recvmsg or recvfrom system call.
   (bnc#816668)

   *

   CVE-2013-3223: The ax25_recvmsg function in
   net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does
   not initialize a certain data structure, which allows local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.
   (bnc#816668)

   *

   CVE-2013-3224: The bt_sock_recvmsg function in
   net/bluetooth/af_bluetooth.c in the Linux kernel before
   3.9-rc7 does not properly initialize a certain length
   variable, which allows local users to obtain sensitive
   information from kernel stack memory via a crafted recvmsg
   or recvfrom system call. (bnc#816668)

   *

   CVE-2013-3228: The irda_recvmsg_dgram function in
   net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does
   not initialize a certain length variable, which allows
   local users to obtain sensitive information from kernel
   stack memory via a crafted recvmsg or recvfrom system call.
   (bnc#816668)

   *

   CVE-2013-3229: The iucv_sock_recvmsg function in
   net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does
   not initialize a certain length variable, which allows
   local users to obtain sensitive information from kernel
   stack memory via a crafted recvmsg or recvfrom system call.
   (bnc#816668)

   *

   CVE-2013-3231: The llc_ui_recvmsg function in
   net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does
   not initialize a certain length variable, which allows
   local users to obtain sensitive information from kernel
   stack memory via a crafted recvmsg or recvfrom system call.
   (bnc#816668)

   *

   CVE-2013-3232: The nr_recvmsg function in
   net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7
   does not initialize a certain data structure, which allows
   local users to obtain sensitive information from kernel
   stack memory via a crafted recvmsg or recvfrom system call.
   (bnc#816668)

   *

   CVE-2013-3234: The rose_recvmsg function in
   net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does
   not initialize a certain data structure, which allows local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.
   (bnc#816668)

   *

   CVE-2013-3235: net/tipc/socket.c in the Linux kernel
   before 3.9-rc7 does not initialize a certain data structure
   and a certain length variable, which allows local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call. (bnc#816668)

   *

   CVE-2013-4162: The udp_v6_push_pending_frames
   function in net/ipv6/udp.c in the IPv6 implementation in
   the Linux kernel through 3.10.3 makes an incorrect function
   call for pending data, which allows local users to cause a
   denial of service (BUG and system crash) via a crafted
   application that uses the UDP_CORK option in a setsockopt
   system call. (bnc#831058)

   *

   CVE-2013-4387: net/ipv6/ip6_output.c in the Linux
   kernel through 3.11.4 does not properly determine the need
   for UDP Fragmentation Offload (UFO) processing of small
   packets after the UFO queueing of a large packet, which
   allows remote attackers to cause a denial of service
   (memory corruption and system crash) or possibly have
   unspecified other impact via network traffic that triggers
   a large response packet. (bnc#843430)

   *

   CVE-2013-4470: The Linux kernel before 3.12, when UDP
   Fragmentation Offload (UFO) is enabled, does not properly
   initialize certain data structures, which allows local
   users to cause a denial of service (memory corruption and
   system crash) or possibly gain privileges via a crafted
   application that uses the UDP_CORK option in a setsockopt
   system call and sends both short and long packets, related
   to the ip_ufo_append_data function in net/ipv4/ip_output.c
   and the ip6_ufo_append_data function in
   net/ipv6/ip6_output.c. (bnc#847672)

   *

   CVE-2013-4483: The ipc_rcu_putref function in
   ipc/util.c in the Linux kernel before 3.10 does not
   properly manage a reference count, which allows local users
   to cause a denial of service (memory consumption or system
   crash) via a crafted application. (bnc#848321)

   *

   CVE-2013-4588: Multiple stack-based buffer overflows
   in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel
   before 2.6.33, when CONFIG_IP_VS is used, allow local users
   to gain privileges by leveraging the CAP_NET_ADMIN
   capability for (1) a getsockopt system call, related to the
   do_ip_vs_get_ctl function, or (2) a setsockopt system call,
   related to the do_ip_vs_set_ctl function. (bnc#851095)

   *

   CVE-2013-6383: The aac_compat_ioctl function in
   drivers/scsi/aacraid/linit.c in the Linux kernel before
   3.11.8 does not require the CAP_SYS_RAWIO capability, which
   allows local users to bypass intended access restrictions
   via a crafted ioctl call. (bnc#852558)

   *

   CVE-2014-1444: The fst_get_iface function in
   drivers/net/wan/farsync.c in the Linux kernel before 3.11.7
   does not properly initialize a certain data structure,
   which allows local users to obtain sensitive information
   from kernel memory by leveraging the CAP_NET_ADMIN
   capability for an SIOCWANDEV ioctl call. (bnc#858869)

   *

   CVE-2014-1445: The wanxl_ioctl function in
   drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7
   does not properly initialize a certain data structure,
   which allows local users to obtain sensitive information
   from kernel memory via an ioctl call. (bnc#858870)

   *

   CVE-2014-1446: The yam_ioctl function in
   drivers/net/hamradio/yam.c in the Linux kernel before
   3.12.8 does not initialize a certain structure member,
   which allows local users to obtain sensitive information
   from kernel memory by leveraging the CAP_NET_ADMIN
   capability for an SIOCYAMGCFG ioctl call. (bnc#858872)

   Also the following non-security bugs have been fixed:

   * kernel: Remove newline from execve audit log
   (bnc#827855).
   * kernel: sclp console hangs (bnc#830344, LTC#95711).
   * kernel: fix flush_tlb_kernel_range (bnc#825052,
   LTC#94745).
   *

   kernel: lost IPIs on CPU hotplug (bnc#825052,
   LTC#94784).

   *

   sctp: deal with multiple COOKIE_ECHO chunks
   (bnc#826102).

   * net: Uninline kfree_skb and allow NULL argument
   (bnc#853501).
   * netback: don't disconnect frontend when seeing
   oversize packet.
   *

   netfront: reduce gso_max_size to account for max TCP
   header.

   *

   fs/dcache: Avoid race in d_splice_alias and vfs_rmdir
   (bnc#845028).

   * fs/proc: proc_task_lookup() fix memory pinning
   (bnc#827362 bnc#849765).
   * blkdev_max_block: make private to fs/buffer.c
   (bnc#820338).
   * vfs: avoid "attempt to access beyond end of device"
   warnings (bnc#820338).
   * vfs: fix O_DIRECT read past end of block device
   (bnc#820338).
   * cifs: don't use CIFSGetSrvInodeNumber in
   is_path_accessible (bnc#832603).
   * xfs: Fix kABI breakage caused by AIL list
   transformation (bnc#806219).
   * xfs: Replace custom AIL linked-list code with struct
   list_head (bnc#806219).
   * reiserfs: fix problems with chowning setuid file w/
   xattrs (bnc#790920).
   * reiserfs: fix spurious multiple-fill in
   reiserfs_readdir_dentry (bnc#822722).
   *

   jbd: Fix forever sleeping process in
   do_get_write_access() (bnc#827983).

   *

   HID: check for NULL field when setting values
   (bnc#835839).

   * HID: provide a helper for validating hid reports
   (bnc#835839).
   * bcm43xx: netlink deadlock fix (bnc#850241).
   * bnx2: Close device if tx_timeout reset fails
   (bnc#857597).
   * xfrm: invalidate dst on policy insertion/deletion
   (bnc#842239).
   * xfrm: prevent ipcomp scratch buffer race condition
   (bnc#842239).
   * lpfc: Update to 8.2.0.106 (bnc#798050).
   * Make lpfc task management timeout configurable
   (bnc#798050).
   * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).
   * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
   (bnc#798050).
   * advansys: Remove 'last_reset' references (bnc#798050).
   * tmscsim: Move 'last_reset' into host structure
   (bnc#798050).
   *

   dc395: Move 'last_reset' into internal host structure
   (bnc#798050).

   *

   scsi: remove check for 'resetting' (bnc#798050).

   * scsi: Allow error handling timeout to be specified
   (bnc#798050).
   * scsi: Eliminate error handler overload of the SCSI
   serial number (bnc#798050).
   * scsi: Reduce sequential pointer derefs in
   scsi_error.c and reduce size as well (bnc#798050).
   * scsi: Reduce error recovery time by reducing use of
   TURs (bnc#798050).
   * scsi: fix eh wakeup (scsi_schedule_eh vs
   scsi_restart_operations)
   * scsi: cleanup setting task state in
   scsi_error_handler() (bnc#798050).
   * scsi: Add 'eh_deadline' to limit SCSI EH runtime
   (bnc#798050).
   * scsi: Fixup compilation warning (bnc#798050).
   * scsi: fc class: fix scanning when devs are offline
   (bnc#798050).
   * scsi: Warn on invalid command completion (bnc#798050).
   * scsi: Retry failfast commands after EH (bnc#798050).
   * scsi: kABI fixes (bnc#798050).

   Security Issue references:

   * CVE-2011-2492
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
   >
   * CVE-2011-2494
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494
   >
   * CVE-2012-6537
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6537
   >
   * CVE-2012-6539
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6539
   >
   * CVE-2012-6540
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6540
   >
   * CVE-2012-6541
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6541
   >
   * CVE-2012-6542
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6542
   >
   * CVE-2012-6544
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6544
   >
   * CVE-2012-6545
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6545
   >
   * CVE-2012-6546
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6546
   >
   * CVE-2012-6547
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6547
   >
   * CVE-2012-6549
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6549
   >
   * CVE-2013-0343
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0343
   >
   * CVE-2013-0914
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
   >
   * CVE-2013-1827
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1827
   >
   * CVE-2013-2141
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
   >
   * CVE-2013-2164
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
   >
   * CVE-2013-2206
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206
   >
   * CVE-2013-2232
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
   >
   * CVE-2013-2234
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
   >
   * CVE-2013-2237
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
   >
   * CVE-2013-2888
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2888
   >
   * CVE-2013-2893
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893
   >
   * CVE-2013-2897
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897
   >
   * CVE-2013-3222
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222
   >
   * CVE-2013-3223
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223
   >
   * CVE-2013-3224
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224
   >
   * CVE-2013-3228
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228
   >
   * CVE-2013-3229
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229
   >
   * CVE-2013-3231
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231
   >
   * CVE-2013-3232
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232
   >
   * CVE-2013-3234
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234
   >
   * CVE-2013-3235
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235
   >
   * CVE-2013-4162
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
   >
   * CVE-2013-4387
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
   >
   * CVE-2013-4470
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
   >
   * CVE-2013-4483
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483
   >
   * CVE-2013-4588
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4588
   >
   * CVE-2013-6383
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
   >
   * CVE-2014-1444
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444
   >
   * CVE-2014-1445
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445
   >
   * CVE-2014-1446
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446
   >

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

      kernel-default-2.6.16.60-0.105.1
      kernel-source-2.6.16.60-0.105.1
      kernel-syms-2.6.16.60-0.105.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):

      kernel-debug-2.6.16.60-0.105.1
      kernel-kdump-2.6.16.60-0.105.1
      kernel-smp-2.6.16.60-0.105.1
      kernel-xen-2.6.16.60-0.105.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

      kernel-bigsmp-2.6.16.60-0.105.1
      kernel-kdumppae-2.6.16.60-0.105.1
      kernel-vmi-2.6.16.60-0.105.1
      kernel-vmipae-2.6.16.60-0.105.1
      kernel-xenpae-2.6.16.60-0.105.1


References:

   http://support.novell.com/security/cve/CVE-2011-2492.html
   http://support.novell.com/security/cve/CVE-2011-2494.html
   http://support.novell.com/security/cve/CVE-2012-6537.html
   http://support.novell.com/security/cve/CVE-2012-6539.html
   http://support.novell.com/security/cve/CVE-2012-6540.html
   http://support.novell.com/security/cve/CVE-2012-6541.html
   http://support.novell.com/security/cve/CVE-2012-6542.html
   http://support.novell.com/security/cve/CVE-2012-6544.html
   http://support.novell.com/security/cve/CVE-2012-6545.html
   http://support.novell.com/security/cve/CVE-2012-6546.html
   http://support.novell.com/security/cve/CVE-2012-6547.html
   http://support.novell.com/security/cve/CVE-2012-6549.html
   http://support.novell.com/security/cve/CVE-2013-0343.html
   http://support.novell.com/security/cve/CVE-2013-0914.html
   http://support.novell.com/security/cve/CVE-2013-1827.html
   http://support.novell.com/security/cve/CVE-2013-2141.html
   http://support.novell.com/security/cve/CVE-2013-2164.html
   http://support.novell.com/security/cve/CVE-2013-2206.html
   http://support.novell.com/security/cve/CVE-2013-2232.html
   http://support.novell.com/security/cve/CVE-2013-2234.html
   http://support.novell.com/security/cve/CVE-2013-2237.html
   http://support.novell.com/security/cve/CVE-2013-2888.html
   http://support.novell.com/security/cve/CVE-2013-2893.html
   http://support.novell.com/security/cve/CVE-2013-2897.html
   http://support.novell.com/security/cve/CVE-2013-3222.html
   http://support.novell.com/security/cve/CVE-2013-3223.html
   http://support.novell.com/security/cve/CVE-2013-3224.html
   http://support.novell.com/security/cve/CVE-2013-3228.html
   http://support.novell.com/security/cve/CVE-2013-3229.html
   http://support.novell.com/security/cve/CVE-2013-3231.html
   http://support.novell.com/security/cve/CVE-2013-3232.html
   http://support.novell.com/security/cve/CVE-2013-3234.html
   http://support.novell.com/security/cve/CVE-2013-3235.html
   http://support.novell.com/security/cve/CVE-2013-4162.html
   http://support.novell.com/security/cve/CVE-2013-4387.html
   http://support.novell.com/security/cve/CVE-2013-4470.html
   http://support.novell.com/security/cve/CVE-2013-4483.html
   http://support.novell.com/security/cve/CVE-2013-4588.html
   http://support.novell.com/security/cve/CVE-2013-6383.html
   http://support.novell.com/security/cve/CVE-2014-1444.html
   http://support.novell.com/security/cve/CVE-2014-1445.html
   http://support.novell.com/security/cve/CVE-2014-1446.html
   https://bugzilla.novell.com/702014
   https://bugzilla.novell.com/703156
   https://bugzilla.novell.com/790920
   https://bugzilla.novell.com/798050
   https://bugzilla.novell.com/805226
   https://bugzilla.novell.com/806219
   https://bugzilla.novell.com/808827
   https://bugzilla.novell.com/809889
   https://bugzilla.novell.com/809891
   https://bugzilla.novell.com/809892
   https://bugzilla.novell.com/809893
   https://bugzilla.novell.com/809894
   https://bugzilla.novell.com/809898
   https://bugzilla.novell.com/809899
   https://bugzilla.novell.com/809900
   https://bugzilla.novell.com/809901
   https://bugzilla.novell.com/809903
   https://bugzilla.novell.com/811354
   https://bugzilla.novell.com/816668
   https://bugzilla.novell.com/820338
   https://bugzilla.novell.com/822722
   https://bugzilla.novell.com/823267
   https://bugzilla.novell.com/824295
   https://bugzilla.novell.com/825052
   https://bugzilla.novell.com/826102
   https://bugzilla.novell.com/826551
   https://bugzilla.novell.com/827362
   https://bugzilla.novell.com/827749
   https://bugzilla.novell.com/827750
   https://bugzilla.novell.com/827855
   https://bugzilla.novell.com/827983
   https://bugzilla.novell.com/828119
   https://bugzilla.novell.com/830344
   https://bugzilla.novell.com/831058
   https://bugzilla.novell.com/832603
   https://bugzilla.novell.com/835839
   https://bugzilla.novell.com/842239
   https://bugzilla.novell.com/843430
   https://bugzilla.novell.com/845028
   https://bugzilla.novell.com/847672
   https://bugzilla.novell.com/848321
   https://bugzilla.novell.com/849765
   https://bugzilla.novell.com/850241
   https://bugzilla.novell.com/851095
   https://bugzilla.novell.com/852558
   https://bugzilla.novell.com/853501
   https://bugzilla.novell.com/857597
   https://bugzilla.novell.com/858869
   https://bugzilla.novell.com/858870
   https://bugzilla.novell.com/858872
   http://download.suse.com/patch/finder/?keywords=bd99d2fcd47fefd9c76757c1e9e1cccb
   http://download.suse.com/patch/finder/?keywords=d046a694b83b003f9bb6b21b6c0e8e6f
   http://download.suse.com/patch/finder/?keywords=e59a3c9997ba1bed5bbf01d34d34a3d7



More information about the sle-security-updates mailing list