Security update for Linux kernel
SUSE Security Update: Security update for Linux kernel
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to version 3.0.93 and to fix various bugs and
security issues.
The following features have been added:
* NFS: Now supports a "nosharetransport" option
(bnc#807502, bnc#828192, FATE#315593).
* ALSA: virtuoso: Xonar DSX support was added
(FATE#316016).
The following security issues have been fixed:
*
CVE-2013-2148: The fill_event_metadata function in
fs/notify/fanotify/fanotify_user.c in the Linux kernel did
not initialize a certain structure member, which allowed
local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.
*
CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel did not initialize
a certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy
interface of an IPSec key_socket.
*
CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.
*
CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel did not initialize certain structure
members, which allowed local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
CVE-2013-4162: The udp_v6_push_pending_frames function in
net/ipv6/udp.c in the IPv6 implementation in the Linux
kernel made an incorrect function call for pending data,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1059: net/ceph/auth_none.c in the Linux
kernel allowed remote attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via an auth_reply
message that triggers an attempted build_request operation.
*
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory
via a read operation on a malfunctioning CD-ROM drive.
*
CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
allowed local users to gain privileges by leveraging root
access and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create
a crafted /dev/md device name.
*
CVE-2013-4163: The ip6_append_data_mtu function in
net/ipv6/ip6_output.c in the IPv6 implementation in the
Linux kernel did not properly maintain information about
whether the IPV6_MTU setsockopt option had been specified,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1929: Heap-based buffer overflow in the
tg3_read_vpd function in
drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
allowed physically proximate attackers to cause a denial of
service (system crash) or possibly execute arbitrary code
via crafted firmware that specifies a long string in the
Vital Product Data (VPD) data structure.
*
CVE-2013-1819: The _xfs_buf_find function in
fs/xfs/xfs_buf.c in the Linux kernel did not validate block
numbers, which allowed local users to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by leveraging the
ability to mount an XFS filesystem containing a metadata
inode with an invalid extent map.
Also the following non-security bugs have been fixed:
* ACPI / APEI: Force fatal AER severity when component
has been reset (bnc#828886 bnc#824568).
* PCI/AER: Move AER severity defines to aer.h
(bnc#828886 bnc#824568).
* PCI/AER: Set dev->__aer_firmware_first only for
matching devices (bnc#828886 bnc#824568).
* PCI/AER: Factor out HEST device type matching
(bnc#828886 bnc#824568).
* PCI/AER: Do not parse HEST table for non-PCIe devices
(bnc#828886 bnc#824568).
*
PCI/AER: Reset link for devices below Root Port or
Downstream Port (bnc#828886 bnc#824568).
*
zfcp: fix lock imbalance by reworking request queue
locking (bnc#835175, LTC#96825).
*
qeth: Fix crash on initial MTU size change
(bnc#835175, LTC#96809).
*
qeth: change default standard blkt settings for OSA
Express (bnc#835175, LTC#96808).
*
x86: Add workaround to NMI iret woes (bnc#831949).
*
x86: Do not schedule while still in NMI context
(bnc#831949).
*
drm/i915: no longer call drm_helper_resume_force_mode
(bnc#831424,bnc#800875).
*
bnx2x: protect different statistics flows
(bnc#814336).
* bnx2x: Avoid sending multiple statistics queries
(bnc#814336).
*
bnx2x: protect different statistics flows
(bnc#814336).
*
ALSA: hda - Fix unbalanced runtime pm refount
(bnc#834742).
*
xhci: directly calling _PS3 on suspend (bnc#833148).
*
futex: Take hugepages into account when generating
futex_key.
*
e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
* e1000e: helper functions for accessing EMI registers
(bnc#834647).
* e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
*
e1000e: helper functions for accessing EMI registers
(bnc#834647).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
printk: Add NMI ringbuffer (bnc#831949).
* printk: extract ringbuffer handling from vprintk
(bnc#831949).
* printk: NMI safe printk (bnc#831949).
* printk: Make NMI ringbuffer size independent on
log_buf_len (bnc#831949).
* printk: Do not call console_unlock from nmi context
(bnc#831949).
*
printk: Do not use printk_cpu from finish_printk
(bnc#831949).
*
zfcp: fix schedule-inside-lock in scsi_device list
loops (bnc#833073, LTC#94937).
*
uvc: increase number of buffers (bnc#822164,
bnc#805804).
*
drm/i915: Adding more reserved PCI IDs for Haswell
(bnc#834116).
*
Refresh patches.xen/xen-netback-generalize
(bnc#827378).
*
Update Xen patches to 3.0.87.
*
mlx4_en: Adding 40gb speed report for ethtool
(bnc#831410).
*
drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
* drm/i915: Fix write-read race with multiple rings
(bnc#831422).
* drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
*
drm/i915: Fix write-read race with multiple rings
(bnc#831422).
*
xhci: Add xhci_disable_ports boot option (bnc#822164).
*
xhci: set device to D3Cold on shutdown (bnc#833097).
*
reiserfs: Fixed double unlock in reiserfs_setattr
failure path.
* reiserfs: locking, release lock around quota
operations (bnc#815320).
* reiserfs: locking, push write lock out of xattr code
(bnc#815320).
* reiserfs: locking, handle nested locks properly
(bnc#815320).
* reiserfs: do not lock journal_init() (bnc#815320).
*
reiserfs: delay reiserfs lock until journal
initialization (bnc#815320).
*
NFS: support "nosharetransport" option (bnc#807502,
bnc#828192, FATE#315593).
*
HID: hyperv: convert alloc+memcpy to memdup.
* Drivers: hv: vmbus: Implement multi-channel support
(fate#316098).
* Drivers: hv: Add the GUID fot synthetic fibre channel
device (fate#316098).
* tools: hv: Check return value of setsockopt call.
* tools: hv: Check return value of poll call.
* tools: hv: Check retrun value of strchr call.
* tools: hv: Fix file descriptor leaks.
* tools: hv: Improve error logging in KVP daemon.
* drivers: hv: switch to use mb() instead of smp_mb().
* drivers: hv: check interrupt mask before read_index.
* drivers: hv: allocate synic structures before
hv_synic_init().
* storvsc: Increase the value of scsi timeout for
storvsc devices (fate#316098).
* storvsc: Update the storage protocol to win8 level
(fate#316098).
* storvsc: Implement multi-channel support
(fate#316098).
* storvsc: Support FC devices (fate#316098).
* storvsc: Increase the value of
STORVSC_MAX_IO_REQUESTS (fate#316098).
* hyperv: Fix the NETIF_F_SG flag setting in netvsc.
* Drivers: hv: vmbus: incorrect device name is printed
when child device is unregistered.
*
Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
(bnc#828714).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
dm mpath: add retain_attached_hw_handler feature
(bnc#760407).
*
scsi_dh: add scsi_dh_attached_handler_name
(bnc#760407).
*
af_key: fix info leaks in notify messages (bnc#827749
CVE-2013-2234).
*
af_key: initialize satype in
key_notify_policy_flush() (bnc#828119 CVE-2013-2237).
*
ipv6: call udp_push_pending_frames when uncorking a
socket with (bnc#831058, CVE-2013-4162).
*
tg3: fix length overflow in VPD firmware parsing
(bnc#813733 CVE-2013-1929).
*
xfs: fix _xfs_buf_find oops on blocks beyond the
filesystem end (CVE-2013-1819 bnc#807471).
*
ipv6: ip6_sk_dst_check() must not assume ipv6 dst
(bnc#827750, CVE-2013-2232).
*
dasd: fix hanging devices after path events
(bnc#831623, LTC#96336).
*
kernel: z90crypt module load crash (bnc#831623,
LTC#96214).
*
ata: Fix DVD not dectected at some platform with
Wellsburg PCH (bnc#822225).
*
drm/i915: edp: add standard modes (bnc#832318).
*
Do not switch camera on yet more HP machines
(bnc#822164).
*
Do not switch camera on HP EB 820 G1 (bnc#822164).
*
xhci: Avoid NULL pointer deref when host dies
(bnc#827271).
*
bonding: disallow change of MAC if fail_over_mac
enabled (bnc#827376).
* bonding: propagate unicast lists down to slaves
(bnc#773255 bnc#827372).
* net/bonding: emit address change event also in
bond_release (bnc#773255 bnc#827372).
*
bonding: emit event when bonding changes MAC
(bnc#773255 bnc#827372).
*
usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
controllers with xhci 1.0 (bnc#797909).
*
xhci: fix null pointer dereference on
ring_doorbell_for_active_rings (bnc#827271).
*
updated reference for security issue fixed inside
(CVE-2013-3301 bnc#815256)
*
qla2xxx: Clear the MBX_INTR_WAIT flag when the
mailbox time-out happens (bnc#830478).
*
drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
* drm/i915: fix up gt init sequence fallout
(bnc#801341).
* drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
*
drm/i915: fix up gt init sequence fallout
(bnc#801341).
*
timer_list: Correct the iterator for timer_list
(bnc#818047).
*
firmware: do not spew errors in normal boot
(bnc#831438, fate#314574).
*
ALSA: virtuoso: Xonar DSX support (FATE#316016).
*
SUNRPC: Ensure we release the socket write lock if
the rpc_task exits early (bnc#830901).
*
ext4: Re-add config option Building ext4 as the
ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that
read-write module should be enabled. This update just
defaults allow_rw to true if it is set.
*
e1000: fix vlan processing regression (bnc#830766).
*
ext4: force read-only unless rw=1 module option is
used (fate#314864).
*
dm mpath: fix ioctl deadlock when no paths
(bnc#808940).
*
HID: fix unused rsize usage (bnc#783475).
*
add reference for b43 format string flaw (bnc#822579
CVE-2013-2852)
*
HID: fix data access in implement() (bnc#783475).
*
xfs: fix deadlock in xfs_rtfree_extent with kernel
v3.x (bnc#829622).
*
kernel: sclp console hangs (bnc#830346, LTC#95711).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
Delete
patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi
rst-occurrence. It was removed from series.conf in
063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was
not deleted.
*
Drivers: hv: balloon: Do not post pressure status if
interrupted (bnc#829539).
*
Drivers: hv: balloon: Fix a bug in the hot-add code
(bnc#829539).
*
drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
* drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
* drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
*
drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
* r8169: move the firmware down into the device private
data (bnc#805371).
* r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
*
r8169: move the firmware down into the device private
data (bnc#805371).
*
patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:
mm: link_mem_sections make sure nmi watchdog does not
trigger while linking memory sections (bnc#820434).
*
drm/i915: fix long-standing SNB regression in power
consumption after resume v2 (bnc#801341).
*
RTC: Add an alarm disable quirk (bnc#805740).
*
drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
* drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
* drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
*
drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
*
drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
* drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
* drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
*
drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
*
patches.arch/s390-66-02-smp-ipi.patch: kernel: lost
IPIs on CPU hotplug (bnc#825048, LTC#94784).
*
patches.fixes/iwlwifi-use-correct-supported-firmware-for-603
5-and-.patch: iwlwifi: use correct supported firmware for
6035 and 6000g2 (bnc#825887).
*
patches.fixes/watchdog-update-watchdog_thresh-atomically.pat
ch: watchdog: Update watchdog_thresh atomically
(bnc#829357).
*
patches.fixes/watchdog-update-watchdog_tresh-properly.patch:
watchdog: update watchdog_tresh properly (bnc#829357).
*
patches.fixes/watchdog-make-disable-enable-hotplug-and-preem
pt-save.patch:
watchdog-make-disable-enable-hotplug-and-preempt-save.patch
(bnc#829357).
*
kabi/severities: Ignore changes in drivers/hv
*
patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou
t.patch: lpfc: Return correct error code on bsg_timeout
(bnc#816043).
*
patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:
dm-multipath: Drop table when retrying ioctl (bnc#808940).
*
scsi: Do not retry invalid function error
(bnc#809122).
*
patches.suse/scsi-do-not-retry-invalid-function-error.patch:
scsi: Do not retry invalid function error (bnc#809122).
*
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.suse/scsi-always-retry-internal-target-error.patch:
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.drivers/drm-edid-Don-t-print-messages-regarding-ster
eo-or-csync-by-default.patch: Refresh: add upstream commit
ID.
*
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
Refresh. (bnc#824915).
*
Refresh
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch
(bnc#824915).
*
Update kabi files.
*
ACPI:remove panic in case hardware has changed after
S4 (bnc#829001).
*
ibmvfc: Driver version 1.0.1 (bnc#825142).
* ibmvfc: Fix for offlining devices during error
recovery (bnc#825142).
* ibmvfc: Properly set cancel flags when cancelling
abort (bnc#825142).
* ibmvfc: Send cancel when link is down (bnc#825142).
* ibmvfc: Support FAST_IO_FAIL in EH handlers
(bnc#825142).
*
ibmvfc: Suppress ABTS if target gone (bnc#825142).
*
fs/dcache.c: add cond_resched() to
shrink_dcache_parent() (bnc#829082).
*
drivers/cdrom/cdrom.c: use kzalloc() for failing
hardware (bnc#824295, CVE-2013-2164).
*
kmsg_dump: do not run on non-error paths by default
(bnc#820172).
*
supported.conf: mark tcm_qla2xxx as supported
*
mm: honor min_free_kbytes set by user (bnc#826960).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
hyperv: Fix a kernel warning from
netvsc_linkstatus_callback() (bnc#828574).
*
RT: Fix up hardening patch to not gripe when avg >
available, which lockless access makes possible and happens
in -rt kernels running a cpubound ltp realtime testcase.
Just keep the output sane in that case.
*
kabi/severities: Add exception for
aer_recover_queue() There should not be any user besides
ghes.ko.
*
Fix rpm changelog
*
PCI / PM: restore the original behavior of
pci_set_power_state() (bnc#827930).
*
fanotify: info leak in copy_event_to_user()
(CVE-2013-2148 bnc#823517).
*
usb: xhci: check usb2 port capabilities before adding
hw link PM support (bnc#828265).
*
aerdrv: Move cper_print_aer() call out of interrupt
context (bnc#822052, bnc#824568).
*
PCI/AER: pci_get_domain_bus_and_slot() call missing
required pci_dev_put() (bnc#822052, bnc#824568).
*
patches.fixes/block-do-not-pass-disk-names-as-format-strings
.patch: block: do not pass disk names as format strings
(bnc#822575 CVE-2013-2851).
*
powerpc: POWER8 cputable entries (bnc#824256).
*
libceph: Fix NULL pointer dereference in auth client
code. (CVE-2013-1059, bnc#826350)
*
md/raid10: Fix two bug affecting RAID10 reshape.
*
Allow NFSv4 to run execute-only files (bnc#765523).
*
fs/ocfs2/namei.c: remove unecessary ERROR when
removing non-empty directory (bnc#819363).
*
block: Reserve only one queue tag for sync IO if only
3 tags are available (bnc#806396).
*
btrfs: merge contigous regions when loading free
space cache
*
btrfs: fix how we deal with the orphan block rsv.
* btrfs: fix wrong check during log recovery.
* btrfs: change how we indicate we are adding csums.
Security Issue references:
* CVE-2013-1059
>
* CVE-2013-1819
>
* CVE-2013-1929
>
* CVE-2013-2148
>
* CVE-2013-2164
>
* CVE-2013-2232
>
* CVE-2013-2234
>
* CVE-2013-2237
>
* CVE-2013-2851
>
* CVE-2013-2852
>
* CVE-2013-3301
>
* CVE-2013-4162
>
* CVE-2013-4163
>
Announcement ID: | SUSE-SU-2013:1473-1 |
Rating: | important |
References: | #745640 #760407 #765523 #773006 #773255 #783475 #789010 #797909 #800875 #801341 #805371 #805740 #805804 #806396 #807471 #807502 #808940 #809122 #809463 #812274 #813733 #814336 #815256 #815320 #816043 #818047 #819363 #820172 #820434 #822052 #822164 #822225 #822575 #822579 #822878 #823517 #824256 #824295 #824568 #824915 #825048 #825142 #825227 #825887 #826350 #826960 #827271 #827372 #827376 #827378 #827749 #827750 #827930 #828087 #828119 #828192 #828265 #828574 #828714 #828886 #828914 #829001 #829082 #829357 #829539 #829622 #830346 #830478 #830766 #830822 #830901 #831055 #831058 #831410 #831422 #831424 #831438 #831623 #831949 #832318 #833073 #833097 #833148 #834116 #834647 #834742 #835175 |
Affected Products: |
An update that solves 13 vulnerabilities and has 74 fixes is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to version 3.0.93 and to fix various bugs and
security issues.
The following features have been added:
* NFS: Now supports a "nosharetransport" option
(bnc#807502, bnc#828192, FATE#315593).
* ALSA: virtuoso: Xonar DSX support was added
(FATE#316016).
The following security issues have been fixed:
*
CVE-2013-2148: The fill_event_metadata function in
fs/notify/fanotify/fanotify_user.c in the Linux kernel did
not initialize a certain structure member, which allowed
local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.
*
CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel did not initialize
a certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy
interface of an IPSec key_socket.
*
CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.
*
CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel did not initialize certain structure
members, which allowed local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
CVE-2013-4162: The udp_v6_push_pending_frames function in
net/ipv6/udp.c in the IPv6 implementation in the Linux
kernel made an incorrect function call for pending data,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1059: net/ceph/auth_none.c in the Linux
kernel allowed remote attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via an auth_reply
message that triggers an attempted build_request operation.
*
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory
via a read operation on a malfunctioning CD-ROM drive.
*
CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
allowed local users to gain privileges by leveraging root
access and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create
a crafted /dev/md device name.
*
CVE-2013-4163: The ip6_append_data_mtu function in
net/ipv6/ip6_output.c in the IPv6 implementation in the
Linux kernel did not properly maintain information about
whether the IPV6_MTU setsockopt option had been specified,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1929: Heap-based buffer overflow in the
tg3_read_vpd function in
drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
allowed physically proximate attackers to cause a denial of
service (system crash) or possibly execute arbitrary code
via crafted firmware that specifies a long string in the
Vital Product Data (VPD) data structure.
*
CVE-2013-1819: The _xfs_buf_find function in
fs/xfs/xfs_buf.c in the Linux kernel did not validate block
numbers, which allowed local users to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by leveraging the
ability to mount an XFS filesystem containing a metadata
inode with an invalid extent map.
Also the following non-security bugs have been fixed:
* ACPI / APEI: Force fatal AER severity when component
has been reset (bnc#828886 bnc#824568).
* PCI/AER: Move AER severity defines to aer.h
(bnc#828886 bnc#824568).
* PCI/AER: Set dev->__aer_firmware_first only for
matching devices (bnc#828886 bnc#824568).
* PCI/AER: Factor out HEST device type matching
(bnc#828886 bnc#824568).
* PCI/AER: Do not parse HEST table for non-PCIe devices
(bnc#828886 bnc#824568).
*
PCI/AER: Reset link for devices below Root Port or
Downstream Port (bnc#828886 bnc#824568).
*
zfcp: fix lock imbalance by reworking request queue
locking (bnc#835175, LTC#96825).
*
qeth: Fix crash on initial MTU size change
(bnc#835175, LTC#96809).
*
qeth: change default standard blkt settings for OSA
Express (bnc#835175, LTC#96808).
*
x86: Add workaround to NMI iret woes (bnc#831949).
*
x86: Do not schedule while still in NMI context
(bnc#831949).
*
drm/i915: no longer call drm_helper_resume_force_mode
(bnc#831424,bnc#800875).
*
bnx2x: protect different statistics flows
(bnc#814336).
* bnx2x: Avoid sending multiple statistics queries
(bnc#814336).
*
bnx2x: protect different statistics flows
(bnc#814336).
*
ALSA: hda - Fix unbalanced runtime pm refount
(bnc#834742).
*
xhci: directly calling _PS3 on suspend (bnc#833148).
*
futex: Take hugepages into account when generating
futex_key.
*
e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
* e1000e: helper functions for accessing EMI registers
(bnc#834647).
* e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
*
e1000e: helper functions for accessing EMI registers
(bnc#834647).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
printk: Add NMI ringbuffer (bnc#831949).
* printk: extract ringbuffer handling from vprintk
(bnc#831949).
* printk: NMI safe printk (bnc#831949).
* printk: Make NMI ringbuffer size independent on
log_buf_len (bnc#831949).
* printk: Do not call console_unlock from nmi context
(bnc#831949).
*
printk: Do not use printk_cpu from finish_printk
(bnc#831949).
*
zfcp: fix schedule-inside-lock in scsi_device list
loops (bnc#833073, LTC#94937).
*
uvc: increase number of buffers (bnc#822164,
bnc#805804).
*
drm/i915: Adding more reserved PCI IDs for Haswell
(bnc#834116).
*
Refresh patches.xen/xen-netback-generalize
(bnc#827378).
*
Update Xen patches to 3.0.87.
*
mlx4_en: Adding 40gb speed report for ethtool
(bnc#831410).
*
drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
* drm/i915: Fix write-read race with multiple rings
(bnc#831422).
* drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
*
drm/i915: Fix write-read race with multiple rings
(bnc#831422).
*
xhci: Add xhci_disable_ports boot option (bnc#822164).
*
xhci: set device to D3Cold on shutdown (bnc#833097).
*
reiserfs: Fixed double unlock in reiserfs_setattr
failure path.
* reiserfs: locking, release lock around quota
operations (bnc#815320).
* reiserfs: locking, push write lock out of xattr code
(bnc#815320).
* reiserfs: locking, handle nested locks properly
(bnc#815320).
* reiserfs: do not lock journal_init() (bnc#815320).
*
reiserfs: delay reiserfs lock until journal
initialization (bnc#815320).
*
NFS: support "nosharetransport" option (bnc#807502,
bnc#828192, FATE#315593).
*
HID: hyperv: convert alloc+memcpy to memdup.
* Drivers: hv: vmbus: Implement multi-channel support
(fate#316098).
* Drivers: hv: Add the GUID fot synthetic fibre channel
device (fate#316098).
* tools: hv: Check return value of setsockopt call.
* tools: hv: Check return value of poll call.
* tools: hv: Check retrun value of strchr call.
* tools: hv: Fix file descriptor leaks.
* tools: hv: Improve error logging in KVP daemon.
* drivers: hv: switch to use mb() instead of smp_mb().
* drivers: hv: check interrupt mask before read_index.
* drivers: hv: allocate synic structures before
hv_synic_init().
* storvsc: Increase the value of scsi timeout for
storvsc devices (fate#316098).
* storvsc: Update the storage protocol to win8 level
(fate#316098).
* storvsc: Implement multi-channel support
(fate#316098).
* storvsc: Support FC devices (fate#316098).
* storvsc: Increase the value of
STORVSC_MAX_IO_REQUESTS (fate#316098).
* hyperv: Fix the NETIF_F_SG flag setting in netvsc.
* Drivers: hv: vmbus: incorrect device name is printed
when child device is unregistered.
*
Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
(bnc#828714).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
dm mpath: add retain_attached_hw_handler feature
(bnc#760407).
*
scsi_dh: add scsi_dh_attached_handler_name
(bnc#760407).
*
af_key: fix info leaks in notify messages (bnc#827749
CVE-2013-2234).
*
af_key: initialize satype in
key_notify_policy_flush() (bnc#828119 CVE-2013-2237).
*
ipv6: call udp_push_pending_frames when uncorking a
socket with (bnc#831058, CVE-2013-4162).
*
tg3: fix length overflow in VPD firmware parsing
(bnc#813733 CVE-2013-1929).
*
xfs: fix _xfs_buf_find oops on blocks beyond the
filesystem end (CVE-2013-1819 bnc#807471).
*
ipv6: ip6_sk_dst_check() must not assume ipv6 dst
(bnc#827750, CVE-2013-2232).
*
dasd: fix hanging devices after path events
(bnc#831623, LTC#96336).
*
kernel: z90crypt module load crash (bnc#831623,
LTC#96214).
*
ata: Fix DVD not dectected at some platform with
Wellsburg PCH (bnc#822225).
*
drm/i915: edp: add standard modes (bnc#832318).
*
Do not switch camera on yet more HP machines
(bnc#822164).
*
Do not switch camera on HP EB 820 G1 (bnc#822164).
*
xhci: Avoid NULL pointer deref when host dies
(bnc#827271).
*
bonding: disallow change of MAC if fail_over_mac
enabled (bnc#827376).
* bonding: propagate unicast lists down to slaves
(bnc#773255 bnc#827372).
* net/bonding: emit address change event also in
bond_release (bnc#773255 bnc#827372).
*
bonding: emit event when bonding changes MAC
(bnc#773255 bnc#827372).
*
usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
controllers with xhci 1.0 (bnc#797909).
*
xhci: fix null pointer dereference on
ring_doorbell_for_active_rings (bnc#827271).
*
updated reference for security issue fixed inside
(CVE-2013-3301 bnc#815256)
*
qla2xxx: Clear the MBX_INTR_WAIT flag when the
mailbox time-out happens (bnc#830478).
*
drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
* drm/i915: fix up gt init sequence fallout
(bnc#801341).
* drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
*
drm/i915: fix up gt init sequence fallout
(bnc#801341).
*
timer_list: Correct the iterator for timer_list
(bnc#818047).
*
firmware: do not spew errors in normal boot
(bnc#831438, fate#314574).
*
ALSA: virtuoso: Xonar DSX support (FATE#316016).
*
SUNRPC: Ensure we release the socket write lock if
the rpc_task exits early (bnc#830901).
*
ext4: Re-add config option Building ext4 as the
ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that
read-write module should be enabled. This update just
defaults allow_rw to true if it is set.
*
e1000: fix vlan processing regression (bnc#830766).
*
ext4: force read-only unless rw=1 module option is
used (fate#314864).
*
dm mpath: fix ioctl deadlock when no paths
(bnc#808940).
*
HID: fix unused rsize usage (bnc#783475).
*
add reference for b43 format string flaw (bnc#822579
CVE-2013-2852)
*
HID: fix data access in implement() (bnc#783475).
*
xfs: fix deadlock in xfs_rtfree_extent with kernel
v3.x (bnc#829622).
*
kernel: sclp console hangs (bnc#830346, LTC#95711).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
Delete
patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi
rst-occurrence. It was removed from series.conf in
063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was
not deleted.
*
Drivers: hv: balloon: Do not post pressure status if
interrupted (bnc#829539).
*
Drivers: hv: balloon: Fix a bug in the hot-add code
(bnc#829539).
*
drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
* drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
* drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
*
drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
* r8169: move the firmware down into the device private
data (bnc#805371).
* r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
*
r8169: move the firmware down into the device private
data (bnc#805371).
*
patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:
mm: link_mem_sections make sure nmi watchdog does not
trigger while linking memory sections (bnc#820434).
*
drm/i915: fix long-standing SNB regression in power
consumption after resume v2 (bnc#801341).
*
RTC: Add an alarm disable quirk (bnc#805740).
*
drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
* drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
* drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
*
drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
*
drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
* drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
* drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
*
drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
*
patches.arch/s390-66-02-smp-ipi.patch: kernel: lost
IPIs on CPU hotplug (bnc#825048, LTC#94784).
*
patches.fixes/iwlwifi-use-correct-supported-firmware-for-603
5-and-.patch: iwlwifi: use correct supported firmware for
6035 and 6000g2 (bnc#825887).
*
patches.fixes/watchdog-update-watchdog_thresh-atomically.pat
ch: watchdog: Update watchdog_thresh atomically
(bnc#829357).
*
patches.fixes/watchdog-update-watchdog_tresh-properly.patch:
watchdog: update watchdog_tresh properly (bnc#829357).
*
patches.fixes/watchdog-make-disable-enable-hotplug-and-preem
pt-save.patch:
watchdog-make-disable-enable-hotplug-and-preempt-save.patch
(bnc#829357).
*
kabi/severities: Ignore changes in drivers/hv
*
patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou
t.patch: lpfc: Return correct error code on bsg_timeout
(bnc#816043).
*
patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:
dm-multipath: Drop table when retrying ioctl (bnc#808940).
*
scsi: Do not retry invalid function error
(bnc#809122).
*
patches.suse/scsi-do-not-retry-invalid-function-error.patch:
scsi: Do not retry invalid function error (bnc#809122).
*
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.suse/scsi-always-retry-internal-target-error.patch:
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.drivers/drm-edid-Don-t-print-messages-regarding-ster
eo-or-csync-by-default.patch: Refresh: add upstream commit
ID.
*
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
Refresh. (bnc#824915).
*
Refresh
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch
(bnc#824915).
*
Update kabi files.
*
ACPI:remove panic in case hardware has changed after
S4 (bnc#829001).
*
ibmvfc: Driver version 1.0.1 (bnc#825142).
* ibmvfc: Fix for offlining devices during error
recovery (bnc#825142).
* ibmvfc: Properly set cancel flags when cancelling
abort (bnc#825142).
* ibmvfc: Send cancel when link is down (bnc#825142).
* ibmvfc: Support FAST_IO_FAIL in EH handlers
(bnc#825142).
*
ibmvfc: Suppress ABTS if target gone (bnc#825142).
*
fs/dcache.c: add cond_resched() to
shrink_dcache_parent() (bnc#829082).
*
drivers/cdrom/cdrom.c: use kzalloc() for failing
hardware (bnc#824295, CVE-2013-2164).
*
kmsg_dump: do not run on non-error paths by default
(bnc#820172).
*
supported.conf: mark tcm_qla2xxx as supported
*
mm: honor min_free_kbytes set by user (bnc#826960).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
hyperv: Fix a kernel warning from
netvsc_linkstatus_callback() (bnc#828574).
*
RT: Fix up hardening patch to not gripe when avg >
available, which lockless access makes possible and happens
in -rt kernels running a cpubound ltp realtime testcase.
Just keep the output sane in that case.
*
kabi/severities: Add exception for
aer_recover_queue() There should not be any user besides
ghes.ko.
*
Fix rpm changelog
*
PCI / PM: restore the original behavior of
pci_set_power_state() (bnc#827930).
*
fanotify: info leak in copy_event_to_user()
(CVE-2013-2148 bnc#823517).
*
usb: xhci: check usb2 port capabilities before adding
hw link PM support (bnc#828265).
*
aerdrv: Move cper_print_aer() call out of interrupt
context (bnc#822052, bnc#824568).
*
PCI/AER: pci_get_domain_bus_and_slot() call missing
required pci_dev_put() (bnc#822052, bnc#824568).
*
patches.fixes/block-do-not-pass-disk-names-as-format-strings
.patch: block: do not pass disk names as format strings
(bnc#822575 CVE-2013-2851).
*
powerpc: POWER8 cputable entries (bnc#824256).
*
libceph: Fix NULL pointer dereference in auth client
code. (CVE-2013-1059, bnc#826350)
*
md/raid10: Fix two bug affecting RAID10 reshape.
*
Allow NFSv4 to run execute-only files (bnc#765523).
*
fs/ocfs2/namei.c: remove unecessary ERROR when
removing non-empty directory (bnc#819363).
*
block: Reserve only one queue tag for sync IO if only
3 tags are available (bnc#806396).
*
btrfs: merge contigous regions when loading free
space cache
*
btrfs: fix how we deal with the orphan block rsv.
* btrfs: fix wrong check during log recovery.
* btrfs: change how we indicate we are adding csums.
Security Issue references:
* CVE-2013-1059
* CVE-2013-1819
* CVE-2013-1929
* CVE-2013-2148
* CVE-2013-2164
* CVE-2013-2232
* CVE-2013-2234
* CVE-2013-2237
* CVE-2013-2851
* CVE-2013-2852
* CVE-2013-3301
* CVE-2013-4162
* CVE-2013-4163
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-kernel-8270 slessp3-kernel-8283
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-kernel-8264 slessp3-kernel-8267 slessp3-kernel-8269 slessp3-kernel-8270 slessp3-kernel-8283
- SUSE Linux Enterprise High Availability Extension 11 SP3:
zypper in -t patch slehasp3-kernel-8264 slehasp3-kernel-8267 slehasp3-kernel-8269 slehasp3-kernel-8270 slehasp3-kernel-8283
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-kernel-8270 sledsp3-kernel-8283
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.93]:
- kernel-default-3.0.93-0.8.2
- kernel-default-base-3.0.93-0.8.2
- kernel-default-devel-3.0.93-0.8.2
- kernel-source-3.0.93-0.8.2
- kernel-syms-3.0.93-0.8.2
- kernel-trace-3.0.93-0.8.2
- kernel-trace-base-3.0.93-0.8.2
- kernel-trace-devel-3.0.93-0.8.2
- kernel-xen-devel-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.93]:
- kernel-pae-3.0.93-0.8.2
- kernel-pae-base-3.0.93-0.8.2
- kernel-pae-devel-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.93]:
- kernel-default-3.0.93-0.8.2
- kernel-default-base-3.0.93-0.8.2
- kernel-default-devel-3.0.93-0.8.2
- kernel-source-3.0.93-0.8.2
- kernel-syms-3.0.93-0.8.2
- kernel-trace-3.0.93-0.8.2
- kernel-trace-base-3.0.93-0.8.2
- kernel-trace-devel-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.93]:
- kernel-ec2-3.0.93-0.8.2
- kernel-ec2-base-3.0.93-0.8.2
- kernel-ec2-devel-3.0.93-0.8.2
- kernel-xen-3.0.93-0.8.2
- kernel-xen-base-3.0.93-0.8.2
- kernel-xen-devel-3.0.93-0.8.2
- xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17
- SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.93]:
- kernel-default-man-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.93]:
- kernel-ppc64-3.0.93-0.8.2
- kernel-ppc64-base-3.0.93-0.8.2
- kernel-ppc64-devel-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.93]:
- kernel-pae-3.0.93-0.8.2
- kernel-pae-base-3.0.93-0.8.2
- kernel-pae-devel-3.0.93-0.8.2
- xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- cluster-network-kmp-default-1.4_3.0.93_0.8-2.27.8
- cluster-network-kmp-trace-1.4_3.0.93_0.8-2.27.8
- gfs2-kmp-default-2_3.0.93_0.8-0.16.14
- gfs2-kmp-trace-2_3.0.93_0.8-0.16.14
- ocfs2-kmp-default-1.6_3.0.93_0.8-0.20.8
- ocfs2-kmp-trace-1.6_3.0.93_0.8-0.20.8
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):
- cluster-network-kmp-xen-1.4_3.0.93_0.8-2.27.8
- gfs2-kmp-xen-2_3.0.93_0.8-0.16.14
- ocfs2-kmp-xen-1.6_3.0.93_0.8-0.20.8
- SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):
- cluster-network-kmp-ppc64-1.4_3.0.93_0.8-2.27.8
- gfs2-kmp-ppc64-2_3.0.93_0.8-0.16.14
- ocfs2-kmp-ppc64-1.6_3.0.93_0.8-0.20.8
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):
- cluster-network-kmp-pae-1.4_3.0.93_0.8-2.27.8
- gfs2-kmp-pae-2_3.0.93_0.8-0.16.14
- ocfs2-kmp-pae-1.6_3.0.93_0.8-0.20.8
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.93]:
- kernel-default-3.0.93-0.8.2
- kernel-default-base-3.0.93-0.8.2
- kernel-default-devel-3.0.93-0.8.2
- kernel-default-extra-3.0.93-0.8.2
- kernel-source-3.0.93-0.8.2
- kernel-syms-3.0.93-0.8.2
- kernel-trace-devel-3.0.93-0.8.2
- kernel-xen-3.0.93-0.8.2
- kernel-xen-base-3.0.93-0.8.2
- kernel-xen-devel-3.0.93-0.8.2
- kernel-xen-extra-3.0.93-0.8.2
- xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17
- SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.93]:
- kernel-pae-3.0.93-0.8.2
- kernel-pae-base-3.0.93-0.8.2
- kernel-pae-devel-3.0.93-0.8.2
- kernel-pae-extra-3.0.93-0.8.2
- xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
- kernel-default-extra-3.0.93-0.8.2
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
- kernel-xen-extra-3.0.93-0.8.2
- SLE 11 SERVER Unsupported Extras (ppc64):
- kernel-ppc64-extra-3.0.93-0.8.2
- SLE 11 SERVER Unsupported Extras (i586):
- kernel-pae-extra-3.0.93-0.8.2
References:
- http://support.novell.com/security/cve/CVE-2013-1059.html
- http://support.novell.com/security/cve/CVE-2013-1819.html
- http://support.novell.com/security/cve/CVE-2013-1929.html
- http://support.novell.com/security/cve/CVE-2013-2148.html
- http://support.novell.com/security/cve/CVE-2013-2164.html
- http://support.novell.com/security/cve/CVE-2013-2232.html
- http://support.novell.com/security/cve/CVE-2013-2234.html
- http://support.novell.com/security/cve/CVE-2013-2237.html
- http://support.novell.com/security/cve/CVE-2013-2851.html
- http://support.novell.com/security/cve/CVE-2013-2852.html
- http://support.novell.com/security/cve/CVE-2013-3301.html
- http://support.novell.com/security/cve/CVE-2013-4162.html
- http://support.novell.com/security/cve/CVE-2013-4163.html
- https://bugzilla.novell.com/745640
- https://bugzilla.novell.com/760407
- https://bugzilla.novell.com/765523
- https://bugzilla.novell.com/773006
- https://bugzilla.novell.com/773255
- https://bugzilla.novell.com/783475
- https://bugzilla.novell.com/789010
- https://bugzilla.novell.com/797909
- https://bugzilla.novell.com/800875
- https://bugzilla.novell.com/801341
- https://bugzilla.novell.com/805371
- https://bugzilla.novell.com/805740
- https://bugzilla.novell.com/805804
- https://bugzilla.novell.com/806396
- https://bugzilla.novell.com/807471
- https://bugzilla.novell.com/807502
- https://bugzilla.novell.com/808940
- https://bugzilla.novell.com/809122
- https://bugzilla.novell.com/809463
- https://bugzilla.novell.com/812274
- https://bugzilla.novell.com/813733
- https://bugzilla.novell.com/814336
- https://bugzilla.novell.com/815256
- https://bugzilla.novell.com/815320
- https://bugzilla.novell.com/816043
- https://bugzilla.novell.com/818047
- https://bugzilla.novell.com/819363
- https://bugzilla.novell.com/820172
- https://bugzilla.novell.com/820434
- https://bugzilla.novell.com/822052
- https://bugzilla.novell.com/822164
- https://bugzilla.novell.com/822225
- https://bugzilla.novell.com/822575
- https://bugzilla.novell.com/822579
- https://bugzilla.novell.com/822878
- https://bugzilla.novell.com/823517
- https://bugzilla.novell.com/824256
- https://bugzilla.novell.com/824295
- https://bugzilla.novell.com/824568
- https://bugzilla.novell.com/824915
- https://bugzilla.novell.com/825048
- https://bugzilla.novell.com/825142
- https://bugzilla.novell.com/825227
- https://bugzilla.novell.com/825887
- https://bugzilla.novell.com/826350
- https://bugzilla.novell.com/826960
- https://bugzilla.novell.com/827271
- https://bugzilla.novell.com/827372
- https://bugzilla.novell.com/827376
- https://bugzilla.novell.com/827378
- https://bugzilla.novell.com/827749
- https://bugzilla.novell.com/827750
- https://bugzilla.novell.com/827930
- https://bugzilla.novell.com/828087
- https://bugzilla.novell.com/828119
- https://bugzilla.novell.com/828192
- https://bugzilla.novell.com/828265
- https://bugzilla.novell.com/828574
- https://bugzilla.novell.com/828714
- https://bugzilla.novell.com/828886
- https://bugzilla.novell.com/828914
- https://bugzilla.novell.com/829001
- https://bugzilla.novell.com/829082
- https://bugzilla.novell.com/829357
- https://bugzilla.novell.com/829539
- https://bugzilla.novell.com/829622
- https://bugzilla.novell.com/830346
- https://bugzilla.novell.com/830478
- https://bugzilla.novell.com/830766
- https://bugzilla.novell.com/830822
- https://bugzilla.novell.com/830901
- https://bugzilla.novell.com/831055
- https://bugzilla.novell.com/831058
- https://bugzilla.novell.com/831410
- https://bugzilla.novell.com/831422
- https://bugzilla.novell.com/831424
- https://bugzilla.novell.com/831438
- https://bugzilla.novell.com/831623
- https://bugzilla.novell.com/831949
- https://bugzilla.novell.com/832318
- https://bugzilla.novell.com/833073
- https://bugzilla.novell.com/833097
- https://bugzilla.novell.com/833148
- https://bugzilla.novell.com/834116
- https://bugzilla.novell.com/834647
- https://bugzilla.novell.com/834742
- https://bugzilla.novell.com/835175
- http://download.suse.com/patch/finder/?keywords=0ac91b201b328861b832cc9a2d5a8c6b
- http://download.suse.com/patch/finder/?keywords=191d1a273a8c36c8ea012d9d4b07dcbc
- http://download.suse.com/patch/finder/?keywords=4ae0f4ab33ce6f2db597d9df8fc2fa01
- http://download.suse.com/patch/finder/?keywords=4cd5eadeb6509d92f806e5cee6cfa82a
- http://download.suse.com/patch/finder/?keywords=61459cd922860f9fa4e664f18e3931fd
- http://download.suse.com/patch/finder/?keywords=644896ee11863828529ebdee6530d1ac
- http://download.suse.com/patch/finder/?keywords=79b73575f6204cac04299c610e2aa8ac
- http://download.suse.com/patch/finder/?keywords=c98e6cc38ee03dd039683da9b6305d2a
- http://download.suse.com/patch/finder/?keywords=ebf6b9a0e30da81aed0eccbac2d7a3b7
- http://download.suse.com/patch/finder/?keywords=ee2560c9159e67ffcb9684870a768e7d