SUSE-SU-2012:1679-1: moderate: Security update for Linux kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Dec 19 17:08:24 MST 2012


   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1679-1
Rating:             moderate
References:         #705551 #708296 #722560 #723776 #725152 #725355 
                    #730660 #731739 #739728 #741814 #744692 #748896 
                    #752067 #752544 #754898 #760833 #762158 #762214 
                    #762259 #763628 #763654 #763858 #763954 #766410 
                    #766654 #767469 #767610 #769251 #772427 #772454 
                    #772483 #773267 #773383 #773699 #773831 #774500 
                    #774523 #774612 #774859 #774964 #775394 #775577 
                    #776044 #776081 #776127 #776144 #777024 #777283 
                    #778334 #778630 #779294 #779462 #779699 #779750 
                    #779969 #780008 #780012 #780216 #780461 #780876 
                    #781018 #781327 #781484 #781574 #782369 #783965 
                    #784192 #784334 #784576 #785100 #785496 #785554 
                    #785851 #786976 #787168 #787202 #787821 #787848 
                    #788277 #788452 #789010 #789235 #789703 #789836 
                    #789993 #790457 #790498 #790920 #790935 #791498 
                    #791853 
Cross-References:   CVE-2012-1601 CVE-2012-2372 CVE-2012-3412
                    CVE-2012-3430 CVE-2012-4461 CVE-2012-4508
                    CVE-2012-5517
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise High Availability Extension 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has 84 fixes is
   now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 SP2 kernel has been updated to
   3.0.51 which  fixes various bugs and security issues.

   It contains the following feature enhancements:

   * The cachefiles framework is now supported
   (FATE#312793, bnc#782369). The userland utilities were
   published seperately to support this feature.
   * The ipset netfilter modules are now supported
   (FATE#313309) The ipset userland utility will be published
   seperately to support this feature.
   * The tipc kernel module is now externally supported
   (FATE#305033).
   * Hyper-V KVP IP injection was implemented
   (FATE#314441). A seperate hyper-v package will be published
   to support this feature.
   * Intel Lynx Point PCH chipset support was added.
   (FATE#313409)
   *

   Enable various md/raid10 and DASD enhancements.
   (FATE#311379) These make it possible for RAID10 to cope
   with DASD devices being slow for various reasons - the
   affected device will be temporarily removed from the array.

   Also added support for reshaping of RAID10 arrays.

   mdadm changes will be published to support this
   feature.

   The following security issues have been fixed:

   * CVE-2012-5517: A race condition on hot adding memory
   could be used by local attackers to crash the system during
   hot adding new memory.
   * CVE-2012-4461: A flaw has been found in the way Linux
   kernels KVM subsystem handled vcpu->arch.cr4
   X86_CR4_OSXSAVE bit set upon guest enter. On hosts without
   the XSAVE feature and using qemu userspace an unprivileged
   local user could have used this flaw to crash the system.
   * CVE-2012-1601: The KVM implementation in the Linux
   kernel allowed host OS users to cause a denial of service
   (NULL pointer dereference and host OS crash) by making a
   KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already
   exists.
   * CVE-2012-2372: Attempting an rds connection from the
   IP address of an IPoIB interface to itself causes a kernel
   panic due to a BUG_ON() being triggered. Making the test
   less strict allows rds-ping to work without crashing the
   machine. A local unprivileged user could use this flaw to
   crash the sytem.
   * CVE-2012-4508: Dimitry Monakhov, one of the ext4
   developers, has discovered a race involving asynchronous
   I/O and fallocate which can lead to the exposure of stale
   data --- that is, an extent which should have had the
   "uninitialized" bit set indicating that its blocks have not
   yet been written and thus contain data from a deleted file
   will get exposed to anyone with read access to the file.
   * CVE-2012-3430: The rds_recvmsg function in
   net/rds/recv.c in the Linux kernel did not initialize a
   certain structure member, which allows local users to
   obtain potentially sensitive information from kernel stack
   memory via a (1) recvfrom or (2) recvmsg system call on an
   RDS socket.
   * CVE-2012-3412: The sfc (aka Solarflare Solarstorm)
   driver in the Linux kernel allowed remote attackers to
   cause a denial of service (DMA descriptor consumption and
   network-controller outage) via crafted TCP packets that
   trigger a small MSS value.

   The following non-security issues have been fixed:

   BTRFS:

   * btrfs: fix double mntput() in mount_subvol().
   * btrfs: use common work instead of delayed work
   * btrfs: limit fallocate extent reservation to 256MB
   * btrfs: fix a double free on pending snapshots in
   error handling
   * btrfs: Do not trust the superblock label and simply
   printk("%s") it
   * patches.suse/btrfs-update-message-levels.patch:
   Refresh.
   * patches.suse/btrfs-enospc-debugging-messages.patch:
   Minor updates.
   * patches.suse/btrfs-update-message-levels.patch: Minor
   updates.
   * btrfs: continue after abort during snapshot drop
   (bnc#752067).
   * btrfs: Return EINVAL when length to trim is less than
   FSB.
   * btrfs: fix unnecessary while loop when search the
   free space, cache.
   * btrfs: Use btrfs_update_inode_fallback when creating
   a snapshot.
   * btrfs: do not bug when we fail to commit the
   transaction.
   * btrfs: fill the global reserve when unpinning space.
   * btrfs: do not allow degraded mount if too many
   devices are missing.
   *
   patches.suse/btrfs-8112-resume-balance-on-rw-re-mounts-prope
   rly.patch: fix mismerge.
   * btrfs: do not allocate chunks as agressively.
   * btrfs: btrfs_drop_extent_cache should never fail.
   * btrfs: fix full backref problem when inserting shared
   block reference.
   * btrfs: wait on async pages when shrinking delalloc.
   * btrfs: remove bytes argument from do_chunk_alloc.
   * btrfs: cleanup of error processing in
   btree_get_extent().
   * btrfs: remove unnecessary code in btree_get_extent().
   * btrfs: kill obsolete arguments in
   btrfs_wait_ordered_extents.
   * btrfs: do not do anything in our ->freeze_fs and
   ->unfreeze_fs.
   * btrfs: do not async metadata csumming in certain
   situations.
   * btrfs: do not hold the file extent leaf locked when
   adding extent item.
   * btrfs: cache extent state when writing out dirty
   metadata pages.
   * btrfs: do not lookup csums for prealloc extents.
   * btrfs: be smarter about dropping things from the tree
   log.
   * btrfs: confirmation of value is added before
   trace_btrfs_get_extent() is called.
   * btrfs: make filesystem read-only when submitting
   barrier fails.
   * btrfs: cleanup pages properly when ENOMEM in
   compression.
   * btrfs: do not bug on enomem in readpage.
   * btrfs: do not warn_on when we cannot alloc a page for
   an extent buffer.
   * btrfs: enospc debugging messages.

   S/390:

   * smsgiucv: reestablish IUCV path after resume
   (bnc#786976,LTC#86245).
   * dasd: move wake_up call (bnc#786976,LTC#86252).
   * kernel: fix get_user_pages_fast() page table walk
   (bnc#786976,LTC#86307).
   * qeth: Fix IPA_CMD_QIPASSIST return code handling
   (bnc#785851,LTC#86101).
   * mm: Fix XFS oops due to dirty pages without buffers
   on s390 (bnc#762259).
   * zfcp: only access zfcp_scsi_dev for valid scsi_device
   (bnc#781484,LTC#85285).
   * dasd: check count address during online setting
   (bnc#781484,LTC#85346).
   * hugetlbfs: fix deadlock in unmap_hugepage_range()
   (bnc#781484,LTC#85449).
   * kernel: make user-access pagetable walk code huge
   page aware (bnc#781484,LTC#85455).
   * hugetlbfs: add missing TLB invalidation
   (bnc#781484,LTC#85463).
   * zfcp: fix adapter (re)open recovery while link to SAN
   is down (bnc#789010,LTC#86283).
   * qeth: set new mac even if old mac is gone
   (bnc#789010,LTC#86643).
   * qdio: fix kernel panic for zfcp 31-bit
   (bnc#789010,LTC#86623).
   * crypto: msgType50 (RSA-CRT) Fix
   (bnc#789010,LTC#86378).

   DRM:

   * drm/915: Update references, fixed a missing patch
   chunk (bnc#725355).
   * drm/dp: Document DP spec versions for various DPCD
   registers (bnc#780461).
   * drm/dp: Make sink count DP 1.2 aware (bnc#780461).
   * DRM/i915: Restore sdvo_flags after dtd->mode->dtd
   Roundrtrip (bnc#775577).
   * DRM/i915: Do not clone SDVO LVDS with analog
   (bnc#766410).
   * DRM/radeon: For single CRTC GPUs move handling of
   CRTC_CRT_ON to crtc_dpms() (bnc#725152).
   * DRM/Radeon: Fix TV DAC Load Detection for single CRTC
   chips (bnc#725152).
   * DRM/Radeon: Clean up code in TV DAC load detection
   (bnc#725152).
   * DRM/Radeon: On DVI-I use Load Detection when EDID is
   bogus (bnc#725152).
   * DRM/Radeon: Fix primary DAC Load Detection for RV100
   chips (bnc#725152).
   * DRM/Radeon: Fix Load Detection on legacy primary DAC
   (bnc#725152).
   * drm/i915: enable plain RC6 on Sandy Bridge by default
   (bnc#725355).

   Hyper-V:

   * Hyper-V KVP IP injection (fate#31441):
   * drivers: net: Remove casts to same type.
   * drivers: hv: remove IRQF_SAMPLE_RANDOM which is now a
   no-op.
   * hyperv: Move wait completion msg code into
   rndis_filter_halt_device().
   * hyperv: Add comments for the extended buffer after
   RNDIS message.
   * Drivers: hv: Cleanup the guest ID computation.
   * Drivers: hv: vmbus: Use the standard format string to
   format GUIDs.
   * Drivers: hv: Add KVP definitions for IP address
   injection.
   * Drivers: hv: kvp: Cleanup error handling in KVP.
   * Drivers: hv: kvp: Support the new IP injection
   messages.
   * Tools: hv: Prepare to expand kvp_get_ip_address()
   functionality.
   * Tools: hv: Further refactor kvp_get_ip_address().
   * Tools: hv: Gather address family information.
   * Tools: hv: Gather subnet information.
   * Tools: hv: Represent the ipv6 mask using CIDR
   notation.
   * Tools: hv: Gather ipv[4,6] gateway information.
   * hv: fail the probing immediately when we are not in
   hyperv platform.
   * hv: vmbus_drv: detect hyperv through x86_hyper.
   * Tools: hv: Get rid of some unused variables.
   * Tools: hv: Correctly type string variables.
   * Tools: hv: Add an example script to retrieve DNS
   entries.
   * Tools: hv: Gather DNS information.
   * Drivers: hv: kvp: Copy the address family information.
   * Tools: hv: Add an example script to retrieve dhcp
   state.
   * Tools: hv: Gather DHCP information.
   * Tools: hv: Add an example script to configure an
   interface.
   * Tools: hv: Implement the KVP verb -
   KVP_OP_SET_IP_INFO.
   * Tools: hv: Rename the function kvp_get_ip_address().
   * Tools: hv: Implement the KVP verb -
   KVP_OP_GET_IP_INFO.
   * tools/hv: Fix file handle leak.
   * tools/hv: Fix exit() error code.
   * tools/hv: Check for read/write errors.
   * tools/hv: Parse /etc/os-release.
   * hyperv: Fix the max_xfer_size in RNDIS initialization.
   * hyperv: Fix the missing return value in
   rndis_filter_set_packet_filter().
   * hyperv: Fix page buffer handling in
   rndis_filter_send_request().
   * hyperv: Remove extra allocated space for
   recv_pkt_list elements.
   * hyperv: Report actual status in receive completion
   packet.
   * hyperv: Add buffer for extended info after the RNDIS
   response message.

   Other:

   * net: prevent NULL dereference in check_peer_redir()
   (bnc#776044 bnc#784576).
   *
   patches.fixes/mm-hotplug-correctly-add-zone-to-other-nodes-l
   ist.patch: Refresh.
   * igb: fix recent VLAN changes that would leave VLANs
   disabled after reset (bnc#787168).
   * md: Change goto target to avoid pointless bug
   messages in normal error cases. (bnc#787848)
   * intel_idle: IVB support (fate#313719).
   * x86 cpufreq: Do not complain on missing cpufreq
   tables on ProLiants (bnc#787202).
   * hpilo: remove pci_disable_device (bnc#752544).
   * ixgbe: Address fact that RSC was not setting GSO size
   for incoming frames (bnc#776144).
   * hv: Cleanup error handling in vmbus_open().
   * [SCSI] storvsc: Account for in-transit packets in the
   RESET path.
   * sg: remove sg_mutex. (bnc#785496)
   * perf: Do no try to schedule task events if there are
   none (bnc#781574).
   * perf: Do not set task_ctx pointer in cpuctx if there
   are no events in the context (bnc#781574).
   * mm: swap: Implement generic handlers for swap-related
   address ops fix. (bnc#778334)
   * hpwdt: Only BYTE reads/writes to WD Timer port 0x72.
   * xenbus: fix overflow check in xenbus_dev_write().
   * xen/x86: do not corrupt %eip when returning from a
   signal handler.
   * Update Xen patches to 3.0.46.
   * Update Xen patches to 3.0.51.
   * mm: Check if PTE is already allocated during page
   fault.
   * rpm/kernel-binary.spec.in: Revert f266e647f to allow
   building with icecream again, as
   patches.rpmify/kbuild-fix-gcc-x-syntax.patch is a real fix
   now.
   * ipmi: decrease the IPMI message transaction time in
   interrupt mode (bnc#763654).
   * ipmi: simplify locking (bnc#763654).
   * ipmi: use a tasklet for handling received messages
   (bnc#763654).
   * cxgb3: Set vlan_feature on net_device (bnc#776127,
   LTC#84260).
   * qlge: Add offload features to vlan interfaces
   (bnc#776081,LTC#84322).
   * mlx4_en: Added missing iounmap upon releasing a
   device (bnc#774964,LTC#82768).
   * mlx4: allow device removal by fixing dma unmap size
   (bnc#774964,LTC#82768).
   * qeth: fix deadlock between recovery and bonding
   driver (bnc#785100,LTC#85905).
   * SCSI st: add st_nowait_eof param to module
   (bnc#775394).
   *
   patches.fixes/sched-fix-migration-thread-accounting-woes.pat
   ch: Update references (bnc#773699, bnc#769251).
   * memcg: oom: fix totalpages calculation for
   swappiness==0 (bnc#783965).
   * fs: cachefiles: add support for large files in
   filesystem caching (FATE#312793, bnc#782369).
   * mm/mempolicy.c: use enum value MPOL_REBIND_ONCE in
   mpol_rebind_policy().
   * mm, mempolicy: fix mbind() to do synchronous
   migration.
   * revert "mm: mempolicy: Let vma_merge and vma_split
   handle vma->vm_policy linkages".
   * mempolicy: fix a race in shared_policy_replace().
   * mempolicy: fix refcount leak in
   mpol_set_shared_policy().
   * mempolicy: fix a memory corruption by refcount
   imbalance in alloc_pages_vma().
   * mempolicy: remove mempolicy sharing. Memory policy
   enhancements for robustness against fuzz attacks and force
   mbind to use synchronous migration.
   * Update scsi_dh_alua to mainline version (bnc#708296,
   bnc#784334): o scsi_dh_alua: Enable STPG for unavailable
   ports o scsi_dh_alua: Re-enable STPG for unavailable ports
   o scsi_dh_alua: backoff alua rtpg retry linearly vs.
   geometrically o scsi_dh_alua: implement implied transition
   timeout o scsi_dh_alua: retry alua rtpg extended header for
   illegal request response
   * Revert removal of ACPI procfs entries (bnc#777283).
   * x86: Clear HPET configuration registers on startup
   (bnc#748896).
   * mlx4: Fixed build warning, update references
   (bnc#774500,LTC#83966).
   * xen/frontends: handle backend CLOSED without CLOSING.
   * xen/pciback: properly clean up after calling
   pcistub_device_find().
   * xen/netfront: add netconsole support (bnc#763858
   fate#313830).
   * netfilter: nf_conntrack_ipv6: fix tracking of ICMPv6
   error messages containing fragments (bnc#779750).
   * ipv6, xfrm: use conntrack-reassembled packet for
   policy lookup (bnc#780216).
   * inetpeer: add namespace support for inetpeer
   (bnc#779969).
   * inetpeer: add parameter net for inet_getpeer_v4,v6
   (bnc#779969).
   * inetpeer: make unused_peers list per-netns
   (bnc#779969).
   * kABI: use net_generic to protect struct
   netns_ipv{4,6} (bnc#779969).
   * patches.rpmify/kbuild-fix-gcc-x-syntax.patch: kbuild:
   Fix gcc -x syntax (bnc#773831).
   * patches.suse/supported-flag: Re-enabled warning on
   unsupported module loading.
   * nbd: clear waiting_queue on shutdown (bnc#778630).
   * nohz: fix idle ticks in cpu summary line of
   /proc/stat (follow up fix for bnc#767469, bnc#705551).
   * fix TAINT_NO_SUPPORT handling on module load.
   * NFS: Fix Oopses in nfs_lookup_revalidate and
   nfs4_lookup_revalidate (bnc#780008).
   * svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping
   (bnc at 779462).
   * net: do not disable sg for packets requiring no
   checksum (bnc#774859).
   * sfc: prevent extreme TSO parameters from stalling TX
   queues (bnc#774523 CVE-2012-3412).
   * X86 MCE: Fix correct ring/severity identification in
   V86 case (bnc#773267).
   * scsi_dh_rdac: Add a new netapp vendor/product string
   (bnc#772483).
   * scsi_dh_rdac : Consolidate rdac strings together
   (bnc#772483).
   * scsi_dh_rdac : minor return fix for rdac (bnc#772483).
   * dh_rdac: Associate HBA and storage in rdac_controller
   to support partitions in storage (bnc#772454).
   * scsi_dh_rdac: Fix error path (bnc#772454).
   * scsi_dh_rdac: Fix for unbalanced reference count
   (bnc#772454).
   * sd: Ensure we correctly disable devices with unknown
   protection type (bnc#780876).
   * netfilter: ipset: timeout can be modified for already
   added elements (bnc#790457).
   * netfilter: ipset: fix adding ranges to hash types
   (bnc#790498).
   * workqueue: exit rescuer_thread() as TASK_RUNNING
   (bnc#789993).
   * xhci: Add Lynx Point LP to list of Intel switchable
   hosts (bnc#791853).
   * tg3: Introduce separate functions to allocate/free
   RX/TX rings (bnc#785554).
   * net-next: Add netif_get_num_default_rss_queues
   (bnc#785554).
   * tg3: set maximal number of default RSS queues
   (bnc#785554).
   * tg3: Allow number of rx and tx rings to be set
   independently (bnc#785554).
   * tg3: Separate coalescing setup for rx and tx
   (bnc#785554).
   * tg3: Refactor tg3_open() (bnc#785554).
   * tg3: Refactor tg3_close() (bnc#785554).
   * tg3: Add support for ethtool -L|-l to get/set the
   number of rings (bnc#785554).
   * tg3: Disable multiple TX rings by default due to
   hardware flaw (bnc#785554).
   * x86, microcode, AMD: Add support for family 16h
   processors (bnc#791498,fate#314145).
   * scsi_remove_target: fix softlockup regression on hot
   remove (bnc#789836).
   * autofs4: allow autofs to work outside the initial PID
   namespace (bnc#779294).
   * autofs4: translate pids to the right namespace for
   the daemon (bnc#779294).
   * vfs: dont chain pipe/anon/socket on superblock
   s_inodes list (bnc#789703)
   * reiserfs: fix problems with chowning setuid file w/
   xattrs (bnc#790920).
   * reiserfs: fix double-lock while chowning setuid file
   w/ xattrs (bnc#790920).
   * ALSA: hda - Fix SSYNC register value for non-Intel
   controllers (fate#313409,bnc#760833).
   * ALSA: hda: option to enable arbitrary buffer/period
   sizes (fate#313409,bnc#760833).
   * ALSA: hda - Fix buffer-alignment regression with
   Nvidia HDMI (fate#313409,bnc#760833).
   * ALSA: hda - explicitly set buffer-align flag for
   Nvidia controllers (fate#313409,bnc#760833).
   * ALSA: hda - Add Lynx Point HD Audio Controller
   DeviceIDs (fate#313409,bnc#760833).
   * ALSA: hda_intel: Add Device IDs for Intel Lynx
   Point-LP PCH (fate#313409,bnc#760833).
   * USB: OHCI: workaround for hardware bug: retired TDs
   not added to the Done Queue (bnc#762158).
   * watchdog: iTCO_wdt: clean-up PCI device IDs
   (fate#313409, bnc#760833).
   * watchdog: iTCO_wdt: add Intel Lynx Point DeviceIDs
   (fate#313409, bnc#760833).
   * ahci: AHCI-mode SATA patch for Intel Lynx Point
   DeviceIDs (fate#313409, bnc#760833).
   * ata_piix: IDE-mode SATA patch for Intel Lynx Point
   DeviceIDs (fate#313409, bnc#760833).
   * i2c-i801: Add device IDs for Intel Lynx Point
   (fate#313409, bnc#760833).
   * jbd: Fix lock ordering bug in journal_unmap_buffer()
   (bnc#790935).
   * usb: host: xhci: Fix Compliance Mode on SN65LVPE502CP
   Hardware (bnc#788277).
   * usb: host: xhci: Fix Null pointer dereferencing with
   71c731a for non-x86 systems (bnc#788277).
   * Do not remove fillup from the buildsystem (bnc#781327)
   * ibmvfc: Fix double completion on abort timeout
   (bnc#788452)
   * ibmvfc: Ignore fabric RSCNs when link is dead
   (bnc#788452).
   * fs: only send IPI to invalidate LRU BH when needed
   (bnc#763628 bnc#744692).
   * smp: add func to IPI cpus based on parameter func
   (bnc#763628 bnc#744692).
   * smp: introduce a generic on_each_cpu_mask() function
   (bnc#763628 bnc#744692).

   Security Issue references:

   * CVE-2012-1601
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1601
   >
   * CVE-2012-2372
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372
   >
   * CVE-2012-3412
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3412
   >
   * CVE-2012-3430
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3430
   >
   * CVE-2012-4461
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461
   >
   * CVE-2012-5517
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5517
   >
   * CVE-2012-4508
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508
   >

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-kernel-7123 slessp2-kernel-7127

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-kernel-7123 slessp2-kernel-7124 slessp2-kernel-7125 slessp2-kernel-7127

   - SUSE Linux Enterprise High Availability Extension 11 SP2:

      zypper in -t patch sleshasp2-kernel-7123 sleshasp2-kernel-7124 sleshasp2-kernel-7125 sleshasp2-kernel-7127

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-kernel-7123 sledsp2-kernel-7127

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.51]:

      kernel-default-3.0.51-0.7.9.1
      kernel-default-base-3.0.51-0.7.9.1
      kernel-default-devel-3.0.51-0.7.9.1
      kernel-source-3.0.51-0.7.9.1
      kernel-syms-3.0.51-0.7.9.1
      kernel-trace-3.0.51-0.7.9.1
      kernel-trace-base-3.0.51-0.7.9.1
      kernel-trace-devel-3.0.51-0.7.9.1
      kernel-xen-devel-3.0.51-0.7.9.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.51]:

      kernel-pae-3.0.51-0.7.9.1
      kernel-pae-base-3.0.51-0.7.9.1
      kernel-pae-devel-3.0.51-0.7.9.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 x86_64) [New Version: 3.0.51]:

      kernel-default-3.0.51-0.7.9.1
      kernel-default-base-3.0.51-0.7.9.1
      kernel-default-devel-3.0.51-0.7.9.1
      kernel-source-3.0.51-0.7.9.1
      kernel-syms-3.0.51-0.7.9.1
      kernel-trace-3.0.51-0.7.9.1
      kernel-trace-base-3.0.51-0.7.9.1
      kernel-trace-devel-3.0.51-0.7.9.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.51]:

      kernel-ec2-3.0.51-0.7.9.1
      kernel-ec2-base-3.0.51-0.7.9.1
      kernel-ec2-devel-3.0.51-0.7.9.1
      kernel-xen-3.0.51-0.7.9.1
      kernel-xen-base-3.0.51-0.7.9.1
      kernel-xen-devel-3.0.51-0.7.9.1

   - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.51]:

      kernel-ppc64-3.0.51-0.7.9.1
      kernel-ppc64-base-3.0.51-0.7.9.1
      kernel-ppc64-devel-3.0.51-0.7.9.1

   - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.51]:

      kernel-pae-3.0.51-0.7.9.1
      kernel-pae-base-3.0.51-0.7.9.1
      kernel-pae-devel-3.0.51-0.7.9.1

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 x86_64):

      cluster-network-kmp-default-1.4_3.0.51_0.7.9-2.18.12
      cluster-network-kmp-trace-1.4_3.0.51_0.7.9-2.18.12
      gfs2-kmp-default-2_3.0.51_0.7.9-0.7.47
      gfs2-kmp-trace-2_3.0.51_0.7.9-0.7.47
      ocfs2-kmp-default-1.6_3.0.51_0.7.9-0.11.11
      ocfs2-kmp-trace-1.6_3.0.51_0.7.9-0.11.11

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.51_0.7.9-2.18.12
      gfs2-kmp-xen-2_3.0.51_0.7.9-0.7.47
      ocfs2-kmp-xen-1.6_3.0.51_0.7.9-0.11.11

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):

      cluster-network-kmp-ppc64-1.4_3.0.51_0.7.9-2.18.12
      gfs2-kmp-ppc64-2_3.0.51_0.7.9-0.7.47
      ocfs2-kmp-ppc64-1.6_3.0.51_0.7.9-0.11.11

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):

      cluster-network-kmp-pae-1.4_3.0.51_0.7.9-2.18.12
      gfs2-kmp-pae-2_3.0.51_0.7.9-0.7.47
      ocfs2-kmp-pae-1.6_3.0.51_0.7.9-0.11.11

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.51]:

      kernel-default-3.0.51-0.7.9.1
      kernel-default-base-3.0.51-0.7.9.1
      kernel-default-devel-3.0.51-0.7.9.1
      kernel-default-extra-3.0.51-0.7.9.1
      kernel-source-3.0.51-0.7.9.1
      kernel-syms-3.0.51-0.7.9.1
      kernel-trace-3.0.51-0.7.9.1
      kernel-trace-base-3.0.51-0.7.9.1
      kernel-trace-devel-3.0.51-0.7.9.1
      kernel-trace-extra-3.0.51-0.7.9.1
      kernel-xen-3.0.51-0.7.9.1
      kernel-xen-base-3.0.51-0.7.9.1
      kernel-xen-devel-3.0.51-0.7.9.1
      kernel-xen-extra-3.0.51-0.7.9.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.51]:

      kernel-pae-3.0.51-0.7.9.1
      kernel-pae-base-3.0.51-0.7.9.1
      kernel-pae-devel-3.0.51-0.7.9.1
      kernel-pae-extra-3.0.51-0.7.9.1

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 x86_64):

      ext4-writeable-kmp-default-0_3.0.51_0.7.9-0.14.28
      ext4-writeable-kmp-trace-0_3.0.51_0.7.9-0.14.28
      kernel-default-extra-3.0.51-0.7.9.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      ext4-writeable-kmp-xen-0_3.0.51_0.7.9-0.14.28
      kernel-xen-extra-3.0.51-0.7.9.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      ext4-writeable-kmp-ppc64-0_3.0.51_0.7.9-0.14.28
      kernel-ppc64-extra-3.0.51-0.7.9.1

   - SLE 11 SERVER Unsupported Extras (i586):

      ext4-writeable-kmp-pae-0_3.0.51_0.7.9-0.14.28
      kernel-pae-extra-3.0.51-0.7.9.1


References:

   http://support.novell.com/security/cve/CVE-2012-1601.html
   http://support.novell.com/security/cve/CVE-2012-2372.html
   http://support.novell.com/security/cve/CVE-2012-3412.html
   http://support.novell.com/security/cve/CVE-2012-3430.html
   http://support.novell.com/security/cve/CVE-2012-4461.html
   http://support.novell.com/security/cve/CVE-2012-4508.html
   http://support.novell.com/security/cve/CVE-2012-5517.html
   https://bugzilla.novell.com/705551
   https://bugzilla.novell.com/708296
   https://bugzilla.novell.com/722560
   https://bugzilla.novell.com/723776
   https://bugzilla.novell.com/725152
   https://bugzilla.novell.com/725355
   https://bugzilla.novell.com/730660
   https://bugzilla.novell.com/731739
   https://bugzilla.novell.com/739728
   https://bugzilla.novell.com/741814
   https://bugzilla.novell.com/744692
   https://bugzilla.novell.com/748896
   https://bugzilla.novell.com/752067
   https://bugzilla.novell.com/752544
   https://bugzilla.novell.com/754898
   https://bugzilla.novell.com/760833
   https://bugzilla.novell.com/762158
   https://bugzilla.novell.com/762214
   https://bugzilla.novell.com/762259
   https://bugzilla.novell.com/763628
   https://bugzilla.novell.com/763654
   https://bugzilla.novell.com/763858
   https://bugzilla.novell.com/763954
   https://bugzilla.novell.com/766410
   https://bugzilla.novell.com/766654
   https://bugzilla.novell.com/767469
   https://bugzilla.novell.com/767610
   https://bugzilla.novell.com/769251
   https://bugzilla.novell.com/772427
   https://bugzilla.novell.com/772454
   https://bugzilla.novell.com/772483
   https://bugzilla.novell.com/773267
   https://bugzilla.novell.com/773383
   https://bugzilla.novell.com/773699
   https://bugzilla.novell.com/773831
   https://bugzilla.novell.com/774500
   https://bugzilla.novell.com/774523
   https://bugzilla.novell.com/774612
   https://bugzilla.novell.com/774859
   https://bugzilla.novell.com/774964
   https://bugzilla.novell.com/775394
   https://bugzilla.novell.com/775577
   https://bugzilla.novell.com/776044
   https://bugzilla.novell.com/776081
   https://bugzilla.novell.com/776127
   https://bugzilla.novell.com/776144
   https://bugzilla.novell.com/777024
   https://bugzilla.novell.com/777283
   https://bugzilla.novell.com/778334
   https://bugzilla.novell.com/778630
   https://bugzilla.novell.com/779294
   https://bugzilla.novell.com/779462
   https://bugzilla.novell.com/779699
   https://bugzilla.novell.com/779750
   https://bugzilla.novell.com/779969
   https://bugzilla.novell.com/780008
   https://bugzilla.novell.com/780012
   https://bugzilla.novell.com/780216
   https://bugzilla.novell.com/780461
   https://bugzilla.novell.com/780876
   https://bugzilla.novell.com/781018
   https://bugzilla.novell.com/781327
   https://bugzilla.novell.com/781484
   https://bugzilla.novell.com/781574
   https://bugzilla.novell.com/782369
   https://bugzilla.novell.com/783965
   https://bugzilla.novell.com/784192
   https://bugzilla.novell.com/784334
   https://bugzilla.novell.com/784576
   https://bugzilla.novell.com/785100
   https://bugzilla.novell.com/785496
   https://bugzilla.novell.com/785554
   https://bugzilla.novell.com/785851
   https://bugzilla.novell.com/786976
   https://bugzilla.novell.com/787168
   https://bugzilla.novell.com/787202
   https://bugzilla.novell.com/787821
   https://bugzilla.novell.com/787848
   https://bugzilla.novell.com/788277
   https://bugzilla.novell.com/788452
   https://bugzilla.novell.com/789010
   https://bugzilla.novell.com/789235
   https://bugzilla.novell.com/789703
   https://bugzilla.novell.com/789836
   https://bugzilla.novell.com/789993
   https://bugzilla.novell.com/790457
   https://bugzilla.novell.com/790498
   https://bugzilla.novell.com/790920
   https://bugzilla.novell.com/790935
   https://bugzilla.novell.com/791498
   https://bugzilla.novell.com/791853
   http://download.novell.com/patch/finder/?keywords=04916b40a174e136e84bd6bf146087b4
   http://download.novell.com/patch/finder/?keywords=18b577ef642d4139c38be698b463eb5f
   http://download.novell.com/patch/finder/?keywords=4b267bc55902aa5c7ac3045e90addc0a
   http://download.novell.com/patch/finder/?keywords=60ae57a921e812799992d7e2cdb10be2
   http://download.novell.com/patch/finder/?keywords=86bed550f5d8ade87da027c780377d92
   http://download.novell.com/patch/finder/?keywords=96d3f57b021d0513268039a847f1bbad
   http://download.novell.com/patch/finder/?keywords=c1acdbd1c386e0806d555bd2e8270957
   http://download.novell.com/patch/finder/?keywords=d68b7b15a93ce00198155abc1df29bc6



More information about the sle-updates mailing list