SUSE-SU-2012:1350-1: moderate: Security update for Linux kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Oct 15 16:09:05 MDT 2012


   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1350-1
Rating:             moderate
References:         #698102 #731035 #740291 #744198 #753617 #754670 
                    #761774 #762099 #762214 #762693 #763198 #763954 
                    #764209 #764900 #766156 #766654 #768084 #768504 
                    #769035 #769195 #769251 #769407 #770034 #770695 
                    #770763 #771706 #772407 #772427 #772473 #772786 
                    #772831 #773007 #773319 #773320 #773688 #773831 
                    #774073 #774289 #774612 #774902 #774973 #775182 
                    #775373 #775984 #776019 #776095 #776787 #776896 
                    #777024 #777269 #778082 #778822 #779330 #779461 
                    #779699 #780012 #780461 #781018 #781134 
Cross-References:   CVE-2012-2745
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise High Availability Extension 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves one vulnerability and has 58 fixes is
   now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 SP2 kernel was updated to
   3.0.42 which fixes  various bugs and security issues.

   The following security issues have been fixed:

   * CVE-2012-2745: A denial of service in key management
   was fixed. (This was fixed in 3.0.28 already, but is listed
   here.)

   Some more security and bug fixes might already be part of
   the 3.0.42 stable  kernel release which is included here.

   The following non security issues have been fixed:

   BTRFS:

   * btrfs: allow setting NOCOW for a zero sized file via
   ioctl
   * btrfs: fix a bug of per-file nocow
   * btrfs: fix the missing error information in
   create_pending_snapshot()
   * btrfs: fix off-by-one in file clone
   * btrfs: move transaction aborts to the point of failure
   * btrfs: fix unnecessary warning when the fragments
   make the space alloc fail
   * btrfs: return EPERM upon rmdir on a subvolume
   * btrfs: cleanup for duplicated code in find_free_extent
   * btrfs: cleanup fs_info->hashers
   * btrfs: use vfree instead of kfree
   * btrfs: fix error path in create_pending_snapshot()
   * btrfs: fix file extent discount problem in the,
   snapshot
   * btrfs: fix full backref problem when inserting shared
   block reference
   * btrfs: fix wrong size for the reservation of the,
   snapshot creation
   * btrfs: fix error handling in
   delete_block_group_cache()
   * btrfs: polish names of kmem caches
   * btrfs: update last trans if we do not update the inode
   * btrfs: fix possible corruption when fsyncing written
   prealloced extents
   * btrfs: set journal_info in async trans commit worker
   * btrfs: fix a bug in parsing return value in logical
   resolve
   * btrfs: use helper for logical resolve
   * btrfs: use larger limit for translation of logical to
   inode
   * btrfs: use a slab for ordered extents allocation
   * btrfs: fix unprotected ->log_batch
   * btrfs: output more information when aborting a unused
   transaction handle
   * btrfs: fix wrong size for the reservation when doing,
   file pre-allocation
   * btrfs: cleanup for unused ref cache stuff
   * btrfs: fix a misplaced address operator in a condition
   * btrfs: fix that error value is changed by mistake
   * btrfs: fix second lock in btrfs_delete_delayed_items()
   * btrfs: increase the size of the free space cache
   * btrfs: fix enospc problems when deleting a subvol
   * btrfs: fix wrong mtime and ctime when creating
   snapshots
   * btrfs: fix race in run_clustered_refs

   S/390:

   * zfcp: remove invalid reference to list iterator
   variable (bnc#779461).
   * zfcp: Make trace record tags unique
   (bnc#780012,LTC#84941).
   * zfcp: Do not wakeup while suspended
   (bnc#780012,LTC#84816).
   * zfcp: restore refcount check on port_remove
   (bnc#780012,LTC#84942).
   * zfcp: No automatic port_rescan on events
   (bnc#780012,LTC#84817).
   * dasd: System hang after all channel were lost
   (bnc#780012,LTC#85025).
   * Added
   patches.arch/s390-54-01-hypfs-missing-files.patch to
   series.conf. (bnc#769407)
   * dasd: set and unset TIMEOUT flag automatically
   (bnc#768084).
   * kernel: incorrect task size after fork of a 31 bit
   process (bnc#772407,LTC#83674).
   * patches.arch/s390-55-03-crst-table-downgrade.patch:
   Deleted due to 31bit compile error.

   ALSA:

   * ALSA: hda - Add mic-mute LED control for HP laptop
   (bnc#779330).
   * ALSA: hda - Add 3stack-automute model to AD1882 codec
   (bnc#775373).

   Wireless:

   * rt2x00: Remove incorrect led blink. (bnc#774902)
   * Revert "rt2x00: handle spurious pci interrupts".
   (bnc#774902)
   * rt2x00: Mark active channels survey data as "in use".
   (bnc#774902)
   * rt2x00: Convert big if-statements to
   switch-statements. (bnc#774902)
   * rt2800: zero MAC_SYS_CTRL bits during BBP and MAC
   reset. (bnc#774902)
   * rt2800lib: fix wrong -128dBm when signal is stronger
   than -12dBm. (bnc#774902)
   * rt2800: document RF_R03 register bits [7:4].
   (bnc#774902)
   * rt2x00: Introduce concept of driver data in struct
   rt2x00_dev. (bnc#774902)
   * rt2x00: Use struct rt2x00_dev driver data in
   rt2800{pci,usb}. (bnc#774902)
   * rt2x00: fix a possible NULL pointer dereference.
   (bnc#774902)
   * rt2x00:Add VCO recalibration. (bnc#774902)
   * rt2x00:Add RT5372 chipset support. (bnc#774902)
   * rt2x00: Set IEEE80211_HW_REPORTS_TX_ACK_STATUS in
   rt2800. (bnc#774902)
   * rt2800: introduce wpdma_disable function. (bnc#774902)
   * rt2800: initialize queues before giving up due to DMA
   error. (bnc#774902)
   * rt2800: zero registers of unused TX rings.
   (bnc#774902)
   * wireless: rt2x00: rt2800pci add more RT539x ids.
   (bnc#774902)
   * rt2x00:Add RT5392 chipset support. (bnc#774902)
   *
   patches.fixes/0012-rt2x00-Add-RT5372-chipset-support.patch:
   Fix typo.
   * rt2800: Add documentation on MCU requests.
   (bnc#744198)
   * rt2800pci: Fix "Error - MCU request failed" during
   initialization. (bnc#744198)

   Packaging:

   * rpm/kernel-binary.spec.in: Temporarily disable
   icecream builds until miscompilation is resolved
   (bnc#763954 bnc#773831)
   * rpm/kernel-binary.spec.in: add Conflicts for older
   hyper-v hv_kvp_daemon (bnc#770763) the kernel-user
   interface changed, old binaries will busyloop with newer
   kernel
   * rpm/kernel-binary.spec.in: Do not run debugedit -i,
   use eu-unstrip to retrieve the build-id instead
   (bnc#768504).
   * rpm/kernel-binary.spec.in: Fix Obsoletes: tag for the
   SLE11-SP1 realtek-r8192ce_pci-kmp package.

   Misc

   *

   patches.suse/no-partition-scan: Implement
   "no_partition_scan" commandline option (FATE#303697).

   *

   vfs: dcache: use DCACHE_DENTRY_KILLED instead of
   DCACHE_DISCONNECTED in d_kill() (bnc#779699).

   *

   igb: convert to ndo_fix_features (bnc#777269).

   *

   igb: do vlan cleanup (bnc#777269).

   *

   tcp: flush DMA queue before sk_wait_data if rcv_wnd
   is zero (bnc#777024).

   *

   drm: Export drm_probe_ddc() (bnc#780461).

   * drm/dp: Update DPCD defines (bnc#780461).
   * drm/i915/dp: Be smarter about connection sense for
   branch devices (bnc#780461).
   *

   drm/i915/dp: Fetch downstream port info if needed
   during DPCD fetch (bnc#780461).

   *

   md: fix so that GET_ARRAY_INFO and GET_DISK_INFO fail
   correctly when array has not "raid_disks" count yet.

   *

   sched: Fix ancient race in do_exit() (bnc#781018).

   * sched: fix divide by zero in
   thread_group/task_times() (bnc#761774).
   *

   sched: fix migration thread runtime bogosity
   (bnc#773688, bnc#769251).

   *

   megaraid_sas: boot hangs up while LD is offline issue
   (bnc#698102).

   *

   memcg: warn on deeper hierarchies with
   use_hierarchy==0 (bnc#781134).

   *

   scsi_dh_alua: Retry the check-condition in case Mode
   Parameters Changed (bnc#772473).

   * scsi: update scsi.h with SYNCHRONIZE_CACHE_16
   (FATE#313550,bnc#769195).
   *

   sd: Reshuffle init_sd to avoid crash (bnc#776787).

   *

   st: remove st_mutex (bnc#773007).

   *

   cifs: Assume passwords are encoded according to
   iocharset (try #2) (bnc#731035).

   *

   drm/fb-helper: delay hotplug handling when partially
   bound (bnc#778822).

   * drm/fb helper: do not call drm_crtc_helper_set_config
   (bnc#778822).
   * patches.drivers/drm-Skip-too-big-EDID-extensions:
   Delete. Fixed in firmware, so no longer needed (bnc#764900)
   *

   drm/i915: Fix backlight control for systems which
   have bl polarity reversed (bnc #766156).

   *

   patches.kernel.org/patch-3.0.27-28: Update references
   (bnc#770695 CVE-2012-2745).

   *

   xen/x86-64: fix hypercall page unwind info.

   * patches.xen/xen3-patch-3.0.40-41: Linux 3.0.41.
   *

   Refresh other Xen patches (bnc#776019).

   *

   e1000e: clear REQ and GNT in EECD (82571 && 82572)
   (bnc#762099).

   *

   bonding: add some slack to arp monitoring time limits
   (bnc#776095).

   *

   patches.arch/x2apic_opt_out.patch: Refresh. bnc#778082

   *

   x86, mce: Do not call del_timer_sync() in IRQ context
   (bnc#776896).

   *

   cpufreq / ACPI: Fix not loading acpi-cpufreq driver
   regression (bnc#766654).

   *

   ida: Update references (bnc#740291).

   *

   audit: do not free_chunk() after fsnotify_add_mark()
   (bnc#762214).

   *

   audit: fix refcounting in audit-tree (bnc#762214).

   *

   mlx4_en: map entire pages to increase throughput.

   *

   usb: Add support for root hub port status CAS
   (bnc#774289).

   *

   fs,reiserfs: unlock superblock before calling
   reiserfs_quota_on_mount() (bnc#772786).

   *

   reiserfs: fix deadlock with nfs racing on
   create/lookup (bnc#762693).

   *

   NFS: Slow down state manager after an unhandled error
   (bnc#774973).

   * nfs: increase number of permitted callback
   connections (bnc#771706).
   *

   Freezer / sunrpc / NFS: do not allow TASK_KILLABLE
   sleeps to block the freezer (bnc#775182).

   *

   powerpc/pseries: Support lower minimum entitlement
   for virtual processors (bnc#775984).

   *

   powerpc: Disable /dev/port interface on systems
   without an ISA bridge (bnc#754670).

   *

   ocfs2: Add a missing journal credit in
   ocfs2_link_credits() -v2 (bnc#773320).

   *

   block: do not artificially constrain max_sectors for
   stacking drivers (bnc#774073).

   *

   bnx2x: Clear MDC/MDIO warning message (bnc#769035).

   * bnx2x: Fix BCM57810-KR AN speed transition
   (bnc#769035).
   * bnx2x: Fix BCM57810-KR FC (bnc#769035).
   * bnx2x: Fix BCM578x0-SFI pre-emphasis settings
   (bnc#769035).
   * bnx2x: Fix link issue for BCM8727 boards (bnc#769035).
   * bnx2x: PFC fix (bnc#769035).
   * bnx2x: fix checksum validation (bnc#769035).
   * bnx2x: fix panic when TX ring is full (bnc#769035).
   * bnx2x: previous driver unload revised (bnc#769035).
   * bnx2x: remove WARN_ON (bnc#769035).
   *

   bnx2x: update driver version (bnc#769035).

   *

   xhci: Fix a logical vs bitwise AND bug (bnc#772427).

   * xhci: Switch PPT ports to EHCI on shutdown
   (bnc#772427).
   * xhci: definitions of register definitions to preserve
   kABI (bnc#772427).
   *

   xhci: Introduce a private switchback method to
   preserve kABI (bnc#772427).

   *

   config.conf: Drop reference to a s390 vanilla config
   that does not exist.

   *

   block: eliminate potential for infinite loop in
   blkdev_issue_discard (bnc#773319).

   *

   Fix cosmetic (but worrisome to users) stop class
   accounting bug.

   *

   bluetooth: Another vendor specific ID for BCM20702A0
   [0a5c:21f1] (bnc#774612).

   *

   memcg: further prevent OOM with too many dirty pages
   (bnc#763198).

   *

   patches.fixes/mm-consider-PageReclaim-for-sync-reclaim.patch
   : Refresh to match the upstream version.

   *

   tmpfs: optimize clearing when writing (VM
   Performance).

   * tmpfs: distribute interleave better across nodes
   (bnc#764209).
   *
   patches.fixes/tmpfs-implement-NUMA-node-interleaving.patch:
   dropped in favor of the upstream patch

   Security Issue reference:

   * CVE-2012-2745
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2745
   >

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-kernel-6923 slessp2-kernel-6926

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-kernel-6923 slessp2-kernel-6924 slessp2-kernel-6925 slessp2-kernel-6926 slessp2-kernel-6931

   - SUSE Linux Enterprise High Availability Extension 11 SP2:

      zypper in -t patch sleshasp2-kernel-6923 sleshasp2-kernel-6924 sleshasp2-kernel-6925 sleshasp2-kernel-6926 sleshasp2-kernel-6931

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-kernel-6923 sledsp2-kernel-6926

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.42]:

      kernel-default-3.0.42-0.7.3
      kernel-default-base-3.0.42-0.7.3
      kernel-default-devel-3.0.42-0.7.3
      kernel-source-3.0.42-0.7.3
      kernel-syms-3.0.42-0.7.3
      kernel-trace-3.0.42-0.7.3
      kernel-trace-base-3.0.42-0.7.3
      kernel-trace-devel-3.0.42-0.7.3
      kernel-xen-devel-3.0.42-0.7.3

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.42]:

      kernel-pae-3.0.42-0.7.3
      kernel-pae-base-3.0.42-0.7.3
      kernel-pae-devel-3.0.42-0.7.3

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.42]:

      kernel-default-3.0.42-0.7.3
      kernel-default-base-3.0.42-0.7.3
      kernel-default-devel-3.0.42-0.7.3
      kernel-source-3.0.42-0.7.3
      kernel-syms-3.0.42-0.7.3
      kernel-trace-3.0.42-0.7.3
      kernel-trace-base-3.0.42-0.7.3
      kernel-trace-devel-3.0.42-0.7.3

   - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.42]:

      kernel-ec2-3.0.42-0.7.3
      kernel-ec2-base-3.0.42-0.7.3
      kernel-ec2-devel-3.0.42-0.7.3
      kernel-xen-3.0.42-0.7.3
      kernel-xen-base-3.0.42-0.7.3
      kernel-xen-devel-3.0.42-0.7.3

   - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.42]:

      kernel-default-man-3.0.42-0.7.3

   - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.42]:

      kernel-ppc64-3.0.42-0.7.3
      kernel-ppc64-base-3.0.42-0.7.3
      kernel-ppc64-devel-3.0.42-0.7.3

   - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.42]:

      kernel-pae-3.0.42-0.7.3
      kernel-pae-base-3.0.42-0.7.3
      kernel-pae-devel-3.0.42-0.7.3

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_3.0.42_0.7-2.18.7
      cluster-network-kmp-trace-1.4_3.0.42_0.7-2.18.7
      gfs2-kmp-default-2_3.0.42_0.7-0.7.42
      gfs2-kmp-trace-2_3.0.42_0.7-0.7.42
      ocfs2-kmp-default-1.6_3.0.42_0.7-0.11.6
      ocfs2-kmp-trace-1.6_3.0.42_0.7-0.11.6

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.42_0.7-2.18.7
      gfs2-kmp-xen-2_3.0.42_0.7-0.7.42
      ocfs2-kmp-xen-1.6_3.0.42_0.7-0.11.6

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):

      cluster-network-kmp-ppc64-1.4_3.0.42_0.7-2.18.7
      gfs2-kmp-ppc64-2_3.0.42_0.7-0.7.42
      ocfs2-kmp-ppc64-1.6_3.0.42_0.7-0.11.6

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):

      cluster-network-kmp-pae-1.4_3.0.42_0.7-2.18.7
      gfs2-kmp-pae-2_3.0.42_0.7-0.7.42
      ocfs2-kmp-pae-1.6_3.0.42_0.7-0.11.6

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.42]:

      kernel-default-3.0.42-0.7.3
      kernel-default-base-3.0.42-0.7.3
      kernel-default-devel-3.0.42-0.7.3
      kernel-default-extra-3.0.42-0.7.3
      kernel-source-3.0.42-0.7.3
      kernel-syms-3.0.42-0.7.3
      kernel-trace-3.0.42-0.7.3
      kernel-trace-base-3.0.42-0.7.3
      kernel-trace-devel-3.0.42-0.7.3
      kernel-trace-extra-3.0.42-0.7.3
      kernel-xen-3.0.42-0.7.3
      kernel-xen-base-3.0.42-0.7.3
      kernel-xen-devel-3.0.42-0.7.3
      kernel-xen-extra-3.0.42-0.7.3

   - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.42]:

      kernel-pae-3.0.42-0.7.3
      kernel-pae-base-3.0.42-0.7.3
      kernel-pae-devel-3.0.42-0.7.3
      kernel-pae-extra-3.0.42-0.7.3

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      ext4-writeable-kmp-default-0_3.0.42_0.7-0.14.23
      ext4-writeable-kmp-trace-0_3.0.42_0.7-0.14.23
      kernel-default-extra-3.0.42-0.7.3

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      ext4-writeable-kmp-xen-0_3.0.42_0.7-0.14.23
      kernel-xen-extra-3.0.42-0.7.3

   - SLE 11 SERVER Unsupported Extras (ppc64):

      ext4-writeable-kmp-ppc64-0_3.0.42_0.7-0.14.23
      kernel-ppc64-extra-3.0.42-0.7.3

   - SLE 11 SERVER Unsupported Extras (i586):

      ext4-writeable-kmp-pae-0_3.0.42_0.7-0.14.23
      kernel-pae-extra-3.0.42-0.7.3


References:

   http://support.novell.com/security/cve/CVE-2012-2745.html
   https://bugzilla.novell.com/698102
   https://bugzilla.novell.com/731035
   https://bugzilla.novell.com/740291
   https://bugzilla.novell.com/744198
   https://bugzilla.novell.com/753617
   https://bugzilla.novell.com/754670
   https://bugzilla.novell.com/761774
   https://bugzilla.novell.com/762099
   https://bugzilla.novell.com/762214
   https://bugzilla.novell.com/762693
   https://bugzilla.novell.com/763198
   https://bugzilla.novell.com/763954
   https://bugzilla.novell.com/764209
   https://bugzilla.novell.com/764900
   https://bugzilla.novell.com/766156
   https://bugzilla.novell.com/766654
   https://bugzilla.novell.com/768084
   https://bugzilla.novell.com/768504
   https://bugzilla.novell.com/769035
   https://bugzilla.novell.com/769195
   https://bugzilla.novell.com/769251
   https://bugzilla.novell.com/769407
   https://bugzilla.novell.com/770034
   https://bugzilla.novell.com/770695
   https://bugzilla.novell.com/770763
   https://bugzilla.novell.com/771706
   https://bugzilla.novell.com/772407
   https://bugzilla.novell.com/772427
   https://bugzilla.novell.com/772473
   https://bugzilla.novell.com/772786
   https://bugzilla.novell.com/772831
   https://bugzilla.novell.com/773007
   https://bugzilla.novell.com/773319
   https://bugzilla.novell.com/773320
   https://bugzilla.novell.com/773688
   https://bugzilla.novell.com/773831
   https://bugzilla.novell.com/774073
   https://bugzilla.novell.com/774289
   https://bugzilla.novell.com/774612
   https://bugzilla.novell.com/774902
   https://bugzilla.novell.com/774973
   https://bugzilla.novell.com/775182
   https://bugzilla.novell.com/775373
   https://bugzilla.novell.com/775984
   https://bugzilla.novell.com/776019
   https://bugzilla.novell.com/776095
   https://bugzilla.novell.com/776787
   https://bugzilla.novell.com/776896
   https://bugzilla.novell.com/777024
   https://bugzilla.novell.com/777269
   https://bugzilla.novell.com/778082
   https://bugzilla.novell.com/778822
   https://bugzilla.novell.com/779330
   https://bugzilla.novell.com/779461
   https://bugzilla.novell.com/779699
   https://bugzilla.novell.com/780012
   https://bugzilla.novell.com/780461
   https://bugzilla.novell.com/781018
   https://bugzilla.novell.com/781134
   http://download.novell.com/patch/finder/?keywords=093be6c543a0ba2b6ecf2968d4a92212
   http://download.novell.com/patch/finder/?keywords=0a2a6cf21f8291011c81928522f1063a
   http://download.novell.com/patch/finder/?keywords=2205d86ff343bf4bd4269c0ee1a36fce
   http://download.novell.com/patch/finder/?keywords=56bb8b246b094d7b9bb76894fbb7a521
   http://download.novell.com/patch/finder/?keywords=89ed32091b7cde5f4b5f62a8d0ae9f0f
   http://download.novell.com/patch/finder/?keywords=9bafa94f852e694b59b99001aa47a2b5
   http://download.novell.com/patch/finder/?keywords=c29b53bba0dc375ee51121e1a1619e8d
   http://download.novell.com/patch/finder/?keywords=d3169be940573b6d9ace41778ad0a84c
   http://download.novell.com/patch/finder/?keywords=d62b0fd1b9b16f9da1561454d3ac760d
   http://download.novell.com/patch/finder/?keywords=f6f94ee4ea8bc5fdac3a7d71f4d55ed9



More information about the sle-updates mailing list