Security update for Linux kernel

SUSE Security Update: Security update for Linux kernel
Announcement ID: SUSE-SU-2013:1473-1
Rating: important
References: #745640 #760407 #765523 #773006 #773255 #783475 #789010 #797909 #800875 #801341 #805371 #805740 #805804 #806396 #807471 #807502 #808940 #809122 #809463 #812274 #813733 #814336 #815256 #815320 #816043 #818047 #819363 #820172 #820434 #822052 #822164 #822225 #822575 #822579 #822878 #823517 #824256 #824295 #824568 #824915 #825048 #825142 #825227 #825887 #826350 #826960 #827271 #827372 #827376 #827378 #827749 #827750 #827930 #828087 #828119 #828192 #828265 #828574 #828714 #828886 #828914 #829001 #829082 #829357 #829539 #829622 #830346 #830478 #830766 #830822 #830901 #831055 #831058 #831410 #831422 #831424 #831438 #831623 #831949 #832318 #833073 #833097 #833148 #834116 #834647 #834742 #835175
Affected Products:
  • SUSE Linux Enterprise Server 11 SP3 for VMware
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise High Availability Extension 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP3
  • SLE 11 SERVER Unsupported Extras

  • An update that solves 13 vulnerabilities and has 74 fixes is now available. It includes one version update.

    Description:


    The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
    updated to version 3.0.93 and to fix various bugs and
    security issues.

    The following features have been added:

    * NFS: Now supports a "nosharetransport" option
    (bnc#807502, bnc#828192, FATE#315593).
    * ALSA: virtuoso: Xonar DSX support was added
    (FATE#316016).

    The following security issues have been fixed:

    *

    CVE-2013-2148: The fill_event_metadata function in
    fs/notify/fanotify/fanotify_user.c in the Linux kernel did
    not initialize a certain structure member, which allowed
    local users to obtain sensitive information from kernel
    memory via a read operation on the fanotify descriptor.

    *

    CVE-2013-2237: The key_notify_policy_flush function
    in net/key/af_key.c in the Linux kernel did not initialize
    a certain structure member, which allowed local users to
    obtain sensitive information from kernel heap memory by
    reading a broadcast message from the notify_policy
    interface of an IPSec key_socket.

    *

    CVE-2013-2232: The ip6_sk_dst_check function in
    net/ipv6/ip6_output.c in the Linux kernel allowed local
    users to cause a denial of service (system crash) by using
    an AF_INET6 socket for a connection to an IPv4 interface.

    *

    CVE-2013-2234: The (1) key_notify_sa_flush and (2)
    key_notify_policy_flush functions in net/key/af_key.c in
    the Linux kernel did not initialize certain structure
    members, which allowed local users to obtain sensitive
    information from kernel heap memory by reading a broadcast
    message from the notify interface of an IPSec key_socket.
    CVE-2013-4162: The udp_v6_push_pending_frames function in
    net/ipv6/udp.c in the IPv6 implementation in the Linux
    kernel made an incorrect function call for pending data,
    which allowed local users to cause a denial of service (BUG
    and system crash) via a crafted application that uses the
    UDP_CORK option in a setsockopt system call.

    *

    CVE-2013-1059: net/ceph/auth_none.c in the Linux
    kernel allowed remote attackers to cause a denial of
    service (NULL pointer dereference and system crash) or
    possibly have unspecified other impact via an auth_reply
    message that triggers an attempted build_request operation.

    *

    CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
    in drivers/cdrom/cdrom.c in the Linux kernel allowed local
    users to obtain sensitive information from kernel memory
    via a read operation on a malfunctioning CD-ROM drive.

    *

    CVE-2013-2851: Format string vulnerability in the
    register_disk function in block/genhd.c in the Linux kernel
    allowed local users to gain privileges by leveraging root
    access and writing format string specifiers to
    /sys/module/md_mod/parameters/new_array in order to create
    a crafted /dev/md device name.

    *

    CVE-2013-4163: The ip6_append_data_mtu function in
    net/ipv6/ip6_output.c in the IPv6 implementation in the
    Linux kernel did not properly maintain information about
    whether the IPV6_MTU setsockopt option had been specified,
    which allowed local users to cause a denial of service (BUG
    and system crash) via a crafted application that uses the
    UDP_CORK option in a setsockopt system call.

    *

    CVE-2013-1929: Heap-based buffer overflow in the
    tg3_read_vpd function in
    drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
    allowed physically proximate attackers to cause a denial of
    service (system crash) or possibly execute arbitrary code
    via crafted firmware that specifies a long string in the
    Vital Product Data (VPD) data structure.

    *

    CVE-2013-1819: The _xfs_buf_find function in
    fs/xfs/xfs_buf.c in the Linux kernel did not validate block
    numbers, which allowed local users to cause a denial of
    service (NULL pointer dereference and system crash) or
    possibly have unspecified other impact by leveraging the
    ability to mount an XFS filesystem containing a metadata
    inode with an invalid extent map.

    Also the following non-security bugs have been fixed:

    * ACPI / APEI: Force fatal AER severity when component
    has been reset (bnc#828886 bnc#824568).
    * PCI/AER: Move AER severity defines to aer.h
    (bnc#828886 bnc#824568).
    * PCI/AER: Set dev->__aer_firmware_first only for
    matching devices (bnc#828886 bnc#824568).
    * PCI/AER: Factor out HEST device type matching
    (bnc#828886 bnc#824568).
    * PCI/AER: Do not parse HEST table for non-PCIe devices
    (bnc#828886 bnc#824568).
    *

    PCI/AER: Reset link for devices below Root Port or
    Downstream Port (bnc#828886 bnc#824568).

    *

    zfcp: fix lock imbalance by reworking request queue
    locking (bnc#835175, LTC#96825).

    *

    qeth: Fix crash on initial MTU size change
    (bnc#835175, LTC#96809).

    *

    qeth: change default standard blkt settings for OSA
    Express (bnc#835175, LTC#96808).

    *

    x86: Add workaround to NMI iret woes (bnc#831949).

    *

    x86: Do not schedule while still in NMI context
    (bnc#831949).

    *

    drm/i915: no longer call drm_helper_resume_force_mode
    (bnc#831424,bnc#800875).

    *

    bnx2x: protect different statistics flows
    (bnc#814336).

    * bnx2x: Avoid sending multiple statistics queries
    (bnc#814336).
    *

    bnx2x: protect different statistics flows
    (bnc#814336).

    *

    ALSA: hda - Fix unbalanced runtime pm refount
    (bnc#834742).

    *

    xhci: directly calling _PS3 on suspend (bnc#833148).

    *

    futex: Take hugepages into account when generating
    futex_key.

    *

    e1000e: workaround DMA unit hang on I218 (bnc#834647).

    * e1000e: unexpected "Reset adapter" message when cable
    pulled (bnc#834647).
    * e1000e: 82577: workaround for link drop issue
    (bnc#834647).
    * e1000e: helper functions for accessing EMI registers
    (bnc#834647).
    * e1000e: workaround DMA unit hang on I218 (bnc#834647).
    * e1000e: unexpected "Reset adapter" message when cable
    pulled (bnc#834647).
    * e1000e: 82577: workaround for link drop issue
    (bnc#834647).
    *

    e1000e: helper functions for accessing EMI registers
    (bnc#834647).

    *

    Drivers: hv: util: Fix a bug in version negotiation
    code for util services (bnc#828714).

    *

    printk: Add NMI ringbuffer (bnc#831949).

    * printk: extract ringbuffer handling from vprintk
    (bnc#831949).
    * printk: NMI safe printk (bnc#831949).
    * printk: Make NMI ringbuffer size independent on
    log_buf_len (bnc#831949).
    * printk: Do not call console_unlock from nmi context
    (bnc#831949).
    *

    printk: Do not use printk_cpu from finish_printk
    (bnc#831949).

    *

    zfcp: fix schedule-inside-lock in scsi_device list
    loops (bnc#833073, LTC#94937).

    *

    uvc: increase number of buffers (bnc#822164,
    bnc#805804).

    *

    drm/i915: Adding more reserved PCI IDs for Haswell
    (bnc#834116).

    *

    Refresh patches.xen/xen-netback-generalize
    (bnc#827378).

    *

    Update Xen patches to 3.0.87.

    *

    mlx4_en: Adding 40gb speed report for ethtool
    (bnc#831410).

    *

    drm/i915: Retry DP aux_ch communications with a
    different clock after failure (bnc#831422).

    * drm/i915: split aux_clock_divider logic in a
    separated function for reuse (bnc#831422).
    * drm/i915: dp: increase probe retries (bnc#831422).
    * drm/i915: Only clear write-domains after a successful
    wait-seqno (bnc#831422).
    * drm/i915: Fix write-read race with multiple rings
    (bnc#831422).
    * drm/i915: Retry DP aux_ch communications with a
    different clock after failure (bnc#831422).
    * drm/i915: split aux_clock_divider logic in a
    separated function for reuse (bnc#831422).
    * drm/i915: dp: increase probe retries (bnc#831422).
    * drm/i915: Only clear write-domains after a successful
    wait-seqno (bnc#831422).
    *

    drm/i915: Fix write-read race with multiple rings
    (bnc#831422).

    *

    xhci: Add xhci_disable_ports boot option (bnc#822164).

    *

    xhci: set device to D3Cold on shutdown (bnc#833097).

    *

    reiserfs: Fixed double unlock in reiserfs_setattr
    failure path.

    * reiserfs: locking, release lock around quota
    operations (bnc#815320).
    * reiserfs: locking, push write lock out of xattr code
    (bnc#815320).
    * reiserfs: locking, handle nested locks properly
    (bnc#815320).
    * reiserfs: do not lock journal_init() (bnc#815320).
    *

    reiserfs: delay reiserfs lock until journal
    initialization (bnc#815320).

    *

    NFS: support "nosharetransport" option (bnc#807502,
    bnc#828192, FATE#315593).

    *

    HID: hyperv: convert alloc+memcpy to memdup.

    * Drivers: hv: vmbus: Implement multi-channel support
    (fate#316098).
    * Drivers: hv: Add the GUID fot synthetic fibre channel
    device (fate#316098).
    * tools: hv: Check return value of setsockopt call.
    * tools: hv: Check return value of poll call.
    * tools: hv: Check retrun value of strchr call.
    * tools: hv: Fix file descriptor leaks.
    * tools: hv: Improve error logging in KVP daemon.
    * drivers: hv: switch to use mb() instead of smp_mb().
    * drivers: hv: check interrupt mask before read_index.
    * drivers: hv: allocate synic structures before
    hv_synic_init().
    * storvsc: Increase the value of scsi timeout for
    storvsc devices (fate#316098).
    * storvsc: Update the storage protocol to win8 level
    (fate#316098).
    * storvsc: Implement multi-channel support
    (fate#316098).
    * storvsc: Support FC devices (fate#316098).
    * storvsc: Increase the value of
    STORVSC_MAX_IO_REQUESTS (fate#316098).
    * hyperv: Fix the NETIF_F_SG flag setting in netvsc.
    * Drivers: hv: vmbus: incorrect device name is printed
    when child device is unregistered.
    *

    Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
    (bnc#828714).

    *

    ipv6: ip6_append_data_mtu did not care about pmtudisc
    and frag_size (bnc#831055, CVE-2013-4163).

    *

    ipv6: ip6_append_data_mtu did not care about pmtudisc
    and frag_size (bnc#831055, CVE-2013-4163).

    *

    dm mpath: add retain_attached_hw_handler feature
    (bnc#760407).

    *

    scsi_dh: add scsi_dh_attached_handler_name
    (bnc#760407).

    *

    af_key: fix info leaks in notify messages (bnc#827749
    CVE-2013-2234).

    *

    af_key: initialize satype in
    key_notify_policy_flush() (bnc#828119 CVE-2013-2237).

    *

    ipv6: call udp_push_pending_frames when uncorking a
    socket with (bnc#831058, CVE-2013-4162).

    *

    tg3: fix length overflow in VPD firmware parsing
    (bnc#813733 CVE-2013-1929).

    *

    xfs: fix _xfs_buf_find oops on blocks beyond the
    filesystem end (CVE-2013-1819 bnc#807471).

    *

    ipv6: ip6_sk_dst_check() must not assume ipv6 dst
    (bnc#827750, CVE-2013-2232).

    *

    dasd: fix hanging devices after path events
    (bnc#831623, LTC#96336).

    *

    kernel: z90crypt module load crash (bnc#831623,
    LTC#96214).

    *

    ata: Fix DVD not dectected at some platform with
    Wellsburg PCH (bnc#822225).

    *

    drm/i915: edp: add standard modes (bnc#832318).

    *

    Do not switch camera on yet more HP machines
    (bnc#822164).

    *

    Do not switch camera on HP EB 820 G1 (bnc#822164).

    *

    xhci: Avoid NULL pointer deref when host dies
    (bnc#827271).

    *

    bonding: disallow change of MAC if fail_over_mac
    enabled (bnc#827376).

    * bonding: propagate unicast lists down to slaves
    (bnc#773255 bnc#827372).
    * net/bonding: emit address change event also in
    bond_release (bnc#773255 bnc#827372).
    *

    bonding: emit event when bonding changes MAC
    (bnc#773255 bnc#827372).

    *

    usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
    controllers with xhci 1.0 (bnc#797909).

    *

    xhci: fix null pointer dereference on
    ring_doorbell_for_active_rings (bnc#827271).

    *

    updated reference for security issue fixed inside
    (CVE-2013-3301 bnc#815256)

    *

    qla2xxx: Clear the MBX_INTR_WAIT flag when the
    mailbox time-out happens (bnc#830478).

    *

    drm/i915: initialize gt_lock early with other spin
    locks (bnc#801341).

    * drm/i915: fix up gt init sequence fallout
    (bnc#801341).
    * drm/i915: initialize gt_lock early with other spin
    locks (bnc#801341).
    *

    drm/i915: fix up gt init sequence fallout
    (bnc#801341).

    *

    timer_list: Correct the iterator for timer_list
    (bnc#818047).

    *

    firmware: do not spew errors in normal boot
    (bnc#831438, fate#314574).

    *

    ALSA: virtuoso: Xonar DSX support (FATE#316016).

    *

    SUNRPC: Ensure we release the socket write lock if
    the rpc_task exits early (bnc#830901).

    *

    ext4: Re-add config option Building ext4 as the
    ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that
    read-write module should be enabled. This update just
    defaults allow_rw to true if it is set.

    *

    e1000: fix vlan processing regression (bnc#830766).

    *

    ext4: force read-only unless rw=1 module option is
    used (fate#314864).

    *

    dm mpath: fix ioctl deadlock when no paths
    (bnc#808940).

    *

    HID: fix unused rsize usage (bnc#783475).

    *

    add reference for b43 format string flaw (bnc#822579
    CVE-2013-2852)

    *

    HID: fix data access in implement() (bnc#783475).

    *

    xfs: fix deadlock in xfs_rtfree_extent with kernel
    v3.x (bnc#829622).

    *

    kernel: sclp console hangs (bnc#830346, LTC#95711).

    *

    Refresh
    patches.fixes/rtc-add-an-alarm-disable-quirk.patch.

    *

    Delete
    patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi
    rst-occurrence. It was removed from series.conf in
    063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was
    not deleted.

    *

    Drivers: hv: balloon: Do not post pressure status if
    interrupted (bnc#829539).

    *

    Drivers: hv: balloon: Fix a bug in the hot-add code
    (bnc#829539).

    *

    drm/i915: Fix incoherence with fence updates on
    Sandybridge+ (bnc#809463).

    * drm/i915: merge {i965, sandybridge}_write_fence_reg()
    (bnc#809463).
    * drm/i915: Fix incoherence with fence updates on
    Sandybridge+ (bnc#809463).
    *

    drm/i915: merge {i965, sandybridge}_write_fence_reg()
    (bnc#809463).

    *

    Refresh
    patches.fixes/rtc-add-an-alarm-disable-quirk.patch.

    *

    r8169: allow multicast packets on sub-8168f chipset
    (bnc#805371).

    * r8169: support new chips of RTL8111F (bnc#805371).
    * r8169: define the early size for 8111evl (bnc#805371).
    * r8169: fix the reset setting for 8111evl (bnc#805371).
    * r8169: add MODULE_FIRMWARE for the firmware of
    8111evl (bnc#805371).
    * r8169: fix sticky accepts packet bits in RxConfig
    (bnc#805371).
    * r8169: adjust the RxConfig settings (bnc#805371).
    * r8169: support RTL8111E-VL (bnc#805371).
    * r8169: add ERI functions (bnc#805371).
    * r8169: modify the flow of the hw reset (bnc#805371).
    * r8169: adjust some registers (bnc#805371).
    * r8169: check firmware content sooner (bnc#805371).
    * r8169: support new firmware format (bnc#805371).
    * r8169: explicit firmware format check (bnc#805371).
    * r8169: move the firmware down into the device private
    data (bnc#805371).
    * r8169: allow multicast packets on sub-8168f chipset
    (bnc#805371).
    * r8169: support new chips of RTL8111F (bnc#805371).
    * r8169: define the early size for 8111evl (bnc#805371).
    * r8169: fix the reset setting for 8111evl (bnc#805371).
    * r8169: add MODULE_FIRMWARE for the firmware of
    8111evl (bnc#805371).
    * r8169: fix sticky accepts packet bits in RxConfig
    (bnc#805371).
    * r8169: adjust the RxConfig settings (bnc#805371).
    * r8169: support RTL8111E-VL (bnc#805371).
    * r8169: add ERI functions (bnc#805371).
    * r8169: modify the flow of the hw reset (bnc#805371).
    * r8169: adjust some registers (bnc#805371).
    * r8169: check firmware content sooner (bnc#805371).
    * r8169: support new firmware format (bnc#805371).
    * r8169: explicit firmware format check (bnc#805371).
    *

    r8169: move the firmware down into the device private
    data (bnc#805371).

    *

    patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:
    mm: link_mem_sections make sure nmi watchdog does not
    trigger while linking memory sections (bnc#820434).

    *

    drm/i915: fix long-standing SNB regression in power
    consumption after resume v2 (bnc#801341).

    *

    RTC: Add an alarm disable quirk (bnc#805740).

    *

    drm/i915: Fix bogus hotplug warnings at resume
    (bnc#828087).

    * drm/i915: Serialize all register access
    (bnc#809463,bnc#812274,bnc#822878,bnc#828914).
    * drm/i915: Resurrect ring kicking for semaphores,
    selectively (bnc#828087).
    * drm/i915: Fix bogus hotplug warnings at resume
    (bnc#828087).
    * drm/i915: Serialize all register access
    (bnc#809463,bnc#812274,bnc#822878,bnc#828914).
    *

    drm/i915: Resurrect ring kicking for semaphores,
    selectively (bnc#828087).

    *

    drm/i915: use lower aux clock divider on non-ULT HSW
    (bnc#800875).

    * drm/i915: preserve the PBC bits of TRANS_CHICKEN2
    (bnc#828087).
    * drm/i915: set CPT FDI RX polarity bits based on VBT
    (bnc#828087).
    * drm/i915: hsw: fix link training for eDP on port-A
    (bnc#800875).
    * drm/i915: use lower aux clock divider on non-ULT HSW
    (bnc#800875).
    * drm/i915: preserve the PBC bits of TRANS_CHICKEN2
    (bnc#828087).
    * drm/i915: set CPT FDI RX polarity bits based on VBT
    (bnc#828087).
    *

    drm/i915: hsw: fix link training for eDP on port-A
    (bnc#800875).

    *

    patches.arch/s390-66-02-smp-ipi.patch: kernel: lost
    IPIs on CPU hotplug (bnc#825048, LTC#94784).

    *

    patches.fixes/iwlwifi-use-correct-supported-firmware-for-603
    5-and-.patch: iwlwifi: use correct supported firmware for
    6035 and 6000g2 (bnc#825887).

    *

    patches.fixes/watchdog-update-watchdog_thresh-atomically.pat
    ch: watchdog: Update watchdog_thresh atomically
    (bnc#829357).

    *
    patches.fixes/watchdog-update-watchdog_tresh-properly.patch:
    watchdog: update watchdog_tresh properly (bnc#829357).
    *

    patches.fixes/watchdog-make-disable-enable-hotplug-and-preem
    pt-save.patch:
    watchdog-make-disable-enable-hotplug-and-preempt-save.patch
    (bnc#829357).

    *

    kabi/severities: Ignore changes in drivers/hv

    *

    patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou
    t.patch: lpfc: Return correct error code on bsg_timeout
    (bnc#816043).

    *

    patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:
    dm-multipath: Drop table when retrying ioctl (bnc#808940).

    *

    scsi: Do not retry invalid function error
    (bnc#809122).

    *

    patches.suse/scsi-do-not-retry-invalid-function-error.patch:
    scsi: Do not retry invalid function error (bnc#809122).

    *

    scsi: Always retry internal target error (bnc#745640,
    bnc#825227).

    *

    patches.suse/scsi-always-retry-internal-target-error.patch:
    scsi: Always retry internal target error (bnc#745640,
    bnc#825227).

    *

    patches.drivers/drm-edid-Don-t-print-messages-regarding-ster
    eo-or-csync-by-default.patch: Refresh: add upstream commit
    ID.

    *

    patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
    Refresh. (bnc#824915).

    *

    Refresh
    patches.suse/acpiphp-match-to-Bochs-dmi-data.patch
    (bnc#824915).

    *

    Update kabi files.

    *

    ACPI:remove panic in case hardware has changed after
    S4 (bnc#829001).

    *

    ibmvfc: Driver version 1.0.1 (bnc#825142).

    * ibmvfc: Fix for offlining devices during error
    recovery (bnc#825142).
    * ibmvfc: Properly set cancel flags when cancelling
    abort (bnc#825142).
    * ibmvfc: Send cancel when link is down (bnc#825142).
    * ibmvfc: Support FAST_IO_FAIL in EH handlers
    (bnc#825142).
    *

    ibmvfc: Suppress ABTS if target gone (bnc#825142).

    *

    fs/dcache.c: add cond_resched() to
    shrink_dcache_parent() (bnc#829082).

    *

    drivers/cdrom/cdrom.c: use kzalloc() for failing
    hardware (bnc#824295, CVE-2013-2164).

    *

    kmsg_dump: do not run on non-error paths by default
    (bnc#820172).

    *

    supported.conf: mark tcm_qla2xxx as supported

    *

    mm: honor min_free_kbytes set by user (bnc#826960).

    *

    Drivers: hv: util: Fix a bug in version negotiation
    code for util services (bnc#828714).

    *

    hyperv: Fix a kernel warning from
    netvsc_linkstatus_callback() (bnc#828574).

    *

    RT: Fix up hardening patch to not gripe when avg >
    available, which lockless access makes possible and happens
    in -rt kernels running a cpubound ltp realtime testcase.
    Just keep the output sane in that case.

    *

    kabi/severities: Add exception for
    aer_recover_queue() There should not be any user besides
    ghes.ko.

    *

    Fix rpm changelog

    *

    PCI / PM: restore the original behavior of
    pci_set_power_state() (bnc#827930).

    *

    fanotify: info leak in copy_event_to_user()
    (CVE-2013-2148 bnc#823517).

    *

    usb: xhci: check usb2 port capabilities before adding
    hw link PM support (bnc#828265).

    *

    aerdrv: Move cper_print_aer() call out of interrupt
    context (bnc#822052, bnc#824568).

    *

    PCI/AER: pci_get_domain_bus_and_slot() call missing
    required pci_dev_put() (bnc#822052, bnc#824568).

    *

    patches.fixes/block-do-not-pass-disk-names-as-format-strings
    .patch: block: do not pass disk names as format strings
    (bnc#822575 CVE-2013-2851).

    *

    powerpc: POWER8 cputable entries (bnc#824256).

    *

    libceph: Fix NULL pointer dereference in auth client
    code. (CVE-2013-1059, bnc#826350)

    *

    md/raid10: Fix two bug affecting RAID10 reshape.

    *

    Allow NFSv4 to run execute-only files (bnc#765523).

    *

    fs/ocfs2/namei.c: remove unecessary ERROR when
    removing non-empty directory (bnc#819363).

    *

    block: Reserve only one queue tag for sync IO if only
    3 tags are available (bnc#806396).

    *

    btrfs: merge contigous regions when loading free
    space cache

    *

    btrfs: fix how we deal with the orphan block rsv.

    * btrfs: fix wrong check during log recovery.
    * btrfs: change how we indicate we are adding csums.

    Security Issue references:

    * CVE-2013-1059
    >
    * CVE-2013-1819
    >
    * CVE-2013-1929
    >
    * CVE-2013-2148
    >
    * CVE-2013-2164
    >
    * CVE-2013-2232
    >
    * CVE-2013-2234
    >
    * CVE-2013-2237
    >
    * CVE-2013-2851
    >
    * CVE-2013-2852
    >
    * CVE-2013-3301
    >
    * CVE-2013-4162
    >
    * CVE-2013-4163
    >

    Indications:

    Everyone using the Linux Kernel on x86_64 architecture should update.

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP3 for VMware:
      zypper in -t patch slessp3-kernel-8270 slessp3-kernel-8283
    • SUSE Linux Enterprise Server 11 SP3:
      zypper in -t patch slessp3-kernel-8264 slessp3-kernel-8267 slessp3-kernel-8269 slessp3-kernel-8270 slessp3-kernel-8283
    • SUSE Linux Enterprise High Availability Extension 11 SP3:
      zypper in -t patch slehasp3-kernel-8264 slehasp3-kernel-8267 slehasp3-kernel-8269 slehasp3-kernel-8270 slehasp3-kernel-8283
    • SUSE Linux Enterprise Desktop 11 SP3:
      zypper in -t patch sledsp3-kernel-8270 sledsp3-kernel-8283

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.93]:
    • kernel-default-3.0.93-0.8.2
    • kernel-default-base-3.0.93-0.8.2
    • kernel-default-devel-3.0.93-0.8.2
    • kernel-source-3.0.93-0.8.2
    • kernel-syms-3.0.93-0.8.2
    • kernel-trace-3.0.93-0.8.2
    • kernel-trace-base-3.0.93-0.8.2
    • kernel-trace-devel-3.0.93-0.8.2
    • kernel-xen-devel-3.0.93-0.8.2
    • SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.93]:
    • kernel-pae-3.0.93-0.8.2
    • kernel-pae-base-3.0.93-0.8.2
    • kernel-pae-devel-3.0.93-0.8.2
    • SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.93]:
    • kernel-default-3.0.93-0.8.2
    • kernel-default-base-3.0.93-0.8.2
    • kernel-default-devel-3.0.93-0.8.2
    • kernel-source-3.0.93-0.8.2
    • kernel-syms-3.0.93-0.8.2
    • kernel-trace-3.0.93-0.8.2
    • kernel-trace-base-3.0.93-0.8.2
    • kernel-trace-devel-3.0.93-0.8.2
    • SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.93]:
    • kernel-ec2-3.0.93-0.8.2
    • kernel-ec2-base-3.0.93-0.8.2
    • kernel-ec2-devel-3.0.93-0.8.2
    • kernel-xen-3.0.93-0.8.2
    • kernel-xen-base-3.0.93-0.8.2
    • kernel-xen-devel-3.0.93-0.8.2
    • xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17
    • SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.93]:
    • kernel-default-man-3.0.93-0.8.2
    • SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.93]:
    • kernel-ppc64-3.0.93-0.8.2
    • kernel-ppc64-base-3.0.93-0.8.2
    • kernel-ppc64-devel-3.0.93-0.8.2
    • SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.93]:
    • kernel-pae-3.0.93-0.8.2
    • kernel-pae-base-3.0.93-0.8.2
    • kernel-pae-devel-3.0.93-0.8.2
    • xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17
    • SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):
    • cluster-network-kmp-default-1.4_3.0.93_0.8-2.27.8
    • cluster-network-kmp-trace-1.4_3.0.93_0.8-2.27.8
    • gfs2-kmp-default-2_3.0.93_0.8-0.16.14
    • gfs2-kmp-trace-2_3.0.93_0.8-0.16.14
    • ocfs2-kmp-default-1.6_3.0.93_0.8-0.20.8
    • ocfs2-kmp-trace-1.6_3.0.93_0.8-0.20.8
    • SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):
    • cluster-network-kmp-xen-1.4_3.0.93_0.8-2.27.8
    • gfs2-kmp-xen-2_3.0.93_0.8-0.16.14
    • ocfs2-kmp-xen-1.6_3.0.93_0.8-0.20.8
    • SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):
    • cluster-network-kmp-ppc64-1.4_3.0.93_0.8-2.27.8
    • gfs2-kmp-ppc64-2_3.0.93_0.8-0.16.14
    • ocfs2-kmp-ppc64-1.6_3.0.93_0.8-0.20.8
    • SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):
    • cluster-network-kmp-pae-1.4_3.0.93_0.8-2.27.8
    • gfs2-kmp-pae-2_3.0.93_0.8-0.16.14
    • ocfs2-kmp-pae-1.6_3.0.93_0.8-0.20.8
    • SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.93]:
    • kernel-default-3.0.93-0.8.2
    • kernel-default-base-3.0.93-0.8.2
    • kernel-default-devel-3.0.93-0.8.2
    • kernel-default-extra-3.0.93-0.8.2
    • kernel-source-3.0.93-0.8.2
    • kernel-syms-3.0.93-0.8.2
    • kernel-trace-devel-3.0.93-0.8.2
    • kernel-xen-3.0.93-0.8.2
    • kernel-xen-base-3.0.93-0.8.2
    • kernel-xen-devel-3.0.93-0.8.2
    • kernel-xen-extra-3.0.93-0.8.2
    • xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17
    • SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.93]:
    • kernel-pae-3.0.93-0.8.2
    • kernel-pae-base-3.0.93-0.8.2
    • kernel-pae-devel-3.0.93-0.8.2
    • kernel-pae-extra-3.0.93-0.8.2
    • xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17
    • SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
    • kernel-default-extra-3.0.93-0.8.2
    • SLE 11 SERVER Unsupported Extras (i586 x86_64):
    • kernel-xen-extra-3.0.93-0.8.2
    • SLE 11 SERVER Unsupported Extras (ppc64):
    • kernel-ppc64-extra-3.0.93-0.8.2
    • SLE 11 SERVER Unsupported Extras (i586):
    • kernel-pae-extra-3.0.93-0.8.2

    References:

    • http://support.novell.com/security/cve/CVE-2013-1059.html
    • http://support.novell.com/security/cve/CVE-2013-1819.html
    • http://support.novell.com/security/cve/CVE-2013-1929.html
    • http://support.novell.com/security/cve/CVE-2013-2148.html
    • http://support.novell.com/security/cve/CVE-2013-2164.html
    • http://support.novell.com/security/cve/CVE-2013-2232.html
    • http://support.novell.com/security/cve/CVE-2013-2234.html
    • http://support.novell.com/security/cve/CVE-2013-2237.html
    • http://support.novell.com/security/cve/CVE-2013-2851.html
    • http://support.novell.com/security/cve/CVE-2013-2852.html
    • http://support.novell.com/security/cve/CVE-2013-3301.html
    • http://support.novell.com/security/cve/CVE-2013-4162.html
    • http://support.novell.com/security/cve/CVE-2013-4163.html
    • https://bugzilla.novell.com/745640
    • https://bugzilla.novell.com/760407
    • https://bugzilla.novell.com/765523
    • https://bugzilla.novell.com/773006
    • https://bugzilla.novell.com/773255
    • https://bugzilla.novell.com/783475
    • https://bugzilla.novell.com/789010
    • https://bugzilla.novell.com/797909
    • https://bugzilla.novell.com/800875
    • https://bugzilla.novell.com/801341
    • https://bugzilla.novell.com/805371
    • https://bugzilla.novell.com/805740
    • https://bugzilla.novell.com/805804
    • https://bugzilla.novell.com/806396
    • https://bugzilla.novell.com/807471
    • https://bugzilla.novell.com/807502
    • https://bugzilla.novell.com/808940
    • https://bugzilla.novell.com/809122
    • https://bugzilla.novell.com/809463
    • https://bugzilla.novell.com/812274
    • https://bugzilla.novell.com/813733
    • https://bugzilla.novell.com/814336
    • https://bugzilla.novell.com/815256
    • https://bugzilla.novell.com/815320
    • https://bugzilla.novell.com/816043
    • https://bugzilla.novell.com/818047
    • https://bugzilla.novell.com/819363
    • https://bugzilla.novell.com/820172
    • https://bugzilla.novell.com/820434
    • https://bugzilla.novell.com/822052
    • https://bugzilla.novell.com/822164
    • https://bugzilla.novell.com/822225
    • https://bugzilla.novell.com/822575
    • https://bugzilla.novell.com/822579
    • https://bugzilla.novell.com/822878
    • https://bugzilla.novell.com/823517
    • https://bugzilla.novell.com/824256
    • https://bugzilla.novell.com/824295
    • https://bugzilla.novell.com/824568
    • https://bugzilla.novell.com/824915
    • https://bugzilla.novell.com/825048
    • https://bugzilla.novell.com/825142
    • https://bugzilla.novell.com/825227
    • https://bugzilla.novell.com/825887
    • https://bugzilla.novell.com/826350
    • https://bugzilla.novell.com/826960
    • https://bugzilla.novell.com/827271
    • https://bugzilla.novell.com/827372
    • https://bugzilla.novell.com/827376
    • https://bugzilla.novell.com/827378
    • https://bugzilla.novell.com/827749
    • https://bugzilla.novell.com/827750
    • https://bugzilla.novell.com/827930
    • https://bugzilla.novell.com/828087
    • https://bugzilla.novell.com/828119
    • https://bugzilla.novell.com/828192
    • https://bugzilla.novell.com/828265
    • https://bugzilla.novell.com/828574
    • https://bugzilla.novell.com/828714
    • https://bugzilla.novell.com/828886
    • https://bugzilla.novell.com/828914
    • https://bugzilla.novell.com/829001
    • https://bugzilla.novell.com/829082
    • https://bugzilla.novell.com/829357
    • https://bugzilla.novell.com/829539
    • https://bugzilla.novell.com/829622
    • https://bugzilla.novell.com/830346
    • https://bugzilla.novell.com/830478
    • https://bugzilla.novell.com/830766
    • https://bugzilla.novell.com/830822
    • https://bugzilla.novell.com/830901
    • https://bugzilla.novell.com/831055
    • https://bugzilla.novell.com/831058
    • https://bugzilla.novell.com/831410
    • https://bugzilla.novell.com/831422
    • https://bugzilla.novell.com/831424
    • https://bugzilla.novell.com/831438
    • https://bugzilla.novell.com/831623
    • https://bugzilla.novell.com/831949
    • https://bugzilla.novell.com/832318
    • https://bugzilla.novell.com/833073
    • https://bugzilla.novell.com/833097
    • https://bugzilla.novell.com/833148
    • https://bugzilla.novell.com/834116
    • https://bugzilla.novell.com/834647
    • https://bugzilla.novell.com/834742
    • https://bugzilla.novell.com/835175
    • http://download.suse.com/patch/finder/?keywords=0ac91b201b328861b832cc9a2d5a8c6b
    • http://download.suse.com/patch/finder/?keywords=191d1a273a8c36c8ea012d9d4b07dcbc
    • http://download.suse.com/patch/finder/?keywords=4ae0f4ab33ce6f2db597d9df8fc2fa01
    • http://download.suse.com/patch/finder/?keywords=4cd5eadeb6509d92f806e5cee6cfa82a
    • http://download.suse.com/patch/finder/?keywords=61459cd922860f9fa4e664f18e3931fd
    • http://download.suse.com/patch/finder/?keywords=644896ee11863828529ebdee6530d1ac
    • http://download.suse.com/patch/finder/?keywords=79b73575f6204cac04299c610e2aa8ac
    • http://download.suse.com/patch/finder/?keywords=c98e6cc38ee03dd039683da9b6305d2a
    • http://download.suse.com/patch/finder/?keywords=ebf6b9a0e30da81aed0eccbac2d7a3b7
    • http://download.suse.com/patch/finder/?keywords=ee2560c9159e67ffcb9684870a768e7d