Security update for Linux kernel (important)

The SUSE Linux Enterprise 11 SP2 kernel was updated to
3.0.34, fixing a lot of bugs and security issues.

The update from Linux kernel 3.0.31 to 3.0.34 also fixes
various bugs not listed here.

The following security issues have been fixed:

CVE-2012-2136: Local attackers could trigger an
overflow in sock_alloc_send_pksb(), potentially crashing
the machine or escalate privileges.

CVE-2012-2390: A memory leak in transparent hugepages
on mmap failure could be used by local attacker to run the
machine out of memory (local denial of service).

CVE-2012-2119: A malicious guest driver could
overflow the host stack by passing a long descriptor, so
potentially crashing the host system or escalating
privileges on the host.

CVE-2012-2375: Malicious NFS server could crash the
clients when more than 2 GETATTR bitmap words are returned
in response to the FATTR4_ACL attribute requests, only
incompletely fixed by CVE-2011-4131.

The following non-security bugs have been fixed:

Hyper-V:

• storvsc: Properly handle errors from the host
  (bnc#747404).
• HID: hid-hyperv: Do not use hid_parse_report()
  directly.
• HID: hyperv: Set the hid drvdata correctly.
• drivers/hv: Get rid of an unnecessary check in
  vmbus_prep_negotiate_resp().
• drivers/hv: util: Properly handle version
  negotiations.
• hv: fix return type of hv_post_message().
• net/hyperv: Add flow control based on hi/low
  watermark.
• usb/net: rndis: break out <1/rndis.h> defines. only
  net/hyperv part
• usb/net: rndis: remove ambigous status codes. only
  net/hyperv part
• usb/net: rndis: merge command codes. only net/hyperv
  part
• net/hyperv: Adding cancellation to ensure rndis
  filter is closed.
• update hv drivers to 3.4-rc1, requires new
  hv_kvp_daemon:
• drivers: hv: kvp: Add/cleanup connector defines.
• drivers: hv: kvp: Move the contents of hv_kvp.h to
  hyperv.h.
• net/hyperv: Convert camel cased variables in
  rndis_filter.c to lower cases.
• net/hyperv: Correct the assignment in
  netvsc_recv_callback().
• net/hyperv: Remove the unnecessary memset in
  rndis_filter_send().
• drivers: hv: Cleanup the kvp related state in
  hyperv.h.
• tools: hv: Use hyperv.h to get the KVP definitions.
• drivers: hv: kvp: Cleanup the kernel/user protocol.
• drivers: hv: Increase the number of VCPUs supported
  in the guest.
• net/hyperv: Fix data corruption in
  rndis_filter_receive().
• net/hyperv: Add support for vlan trunking from guests.
• Drivers: hv: Add new message types to enhance KVP.
• Drivers: hv: Support the newly introduced KVP
  messages in the driver.
• Tools: hv: Fully support the new KVP verbs in the
  user level daemon.
• Tools: hv: Support enumeration from all the pools.
• net/hyperv: Fix the code handling tx busy.
• patches.suse/suse-hv-pata_piix-ignore-disks.patch
  replace our version of this patch with upstream variant:
  ata_piix: defer disks to the Hyper-V drivers by default
  libata: add a host flag to ignore detected ATA devices.

Btrfs:

• btrfs: more module message prefixes.
• vfs: re-implement writeback_inodes_sb(_nr)_if_idle()
  and rename them
• btrfs: flush all the dirty pages if
  try_to_writeback_inodes_sb_nr() fails
• vfs: re-implement writeback_inodes_sb(_nr)_if_idle()
  and rename them
• btrfs: fix locking in btrfs_destroy_delayed_refs
• btrfs: wake up transaction waiters when aborting a
  transaction
• btrfs: abort the transaction if the commit fails
• btrfs: fix btrfs_destroy_marked_extents
• btrfs: unlock everything properly in the error case
  for nocow
• btrfs: fix return code in drop_objectid_items
• btrfs: check to see if the inode is in the log before
  fsyncing
• btrfs: pass locked_page into
  extent_clear_unlock_delalloc if theres an error
• btrfs: check the return code of btrfs_save_ino_cache
• btrfs: do not update atime for RO snapshots
  (FATE#306586).
• btrfs: convert the inode bit field to use the actual
  bit operations
• btrfs: fix deadlock when the process of delayed refs
  fails
• btrfs: stop defrag the files automatically when doin
  readonly remount or umount
• btrfs: avoid memory leak of extent state in error
  handling routine
• btrfs: make sure that we have made everything in
  pinned tree clean
• btrfs: destroy the items of the delayed inodes in
  error handling routine
• btrfs: ulist realloc bugfix
• btrfs: bugfix in btrfs_find_parent_nodes
• btrfs: bugfix: ignore the wrong key for indirect tree
  block backrefs
• btrfs: avoid buffer overrun in btrfs_printk
• btrfs: fall back to non-inline if we do not have
  enough space
• btrfs: NUL-terminate path buffer in DEV_INFO ioctl
  result
• btrfs: avoid buffer overrun in mount option handling
• btrfs: do not do balance in readonly mode
• btrfs: fix the same inode id problem when doing auto
  defragment
• btrfs: fix wrong error returned by adding a device
• btrfs: use fastpath in extent state ops as much as
  possible

Misc:

• tcp: drop SYN+FIN messages (bnc#765102).
• mm: avoid swapping out with swappiness==0
  (swappiness).
• thp: avoid atomic64_read in pmd_read_atomic for 32bit
  PAE (bnc#762991).
• paravirt: Split paravirt MMU ops (bnc#556135,
  bnc#754690, FATE#306453).
• paravirt: Only export pv_mmu_ops symbol if
  PARAVIRT_MMU
• parvirt: Stub support KABI for KVM_MMU (bnc#556135,
  bnc#754690, FATE#306453).
• tmpfs: implement NUMA node interleaving (bnc#764209).
• synaptics-hp-clickpad: Fix the detection of LED on
  the recent HP laptops (bnc#765524)
• supported.conf: mark xt_AUDIT as supported
  (bnc#765253)
• mm: pmd_read_atomic: fix 32bit PAE pmd walk vs
  pmd_populate SMP race condition (bnc#762991 CVE-2012-2373).
• xhci: Do not free endpoints in xhci_mem_cleanup()
  (bnc#763307).
• xhci: Fix invalid loop check in xhci_free_tt_info()
  (bnc#763307).
• drm: Skip too big EDID extensions (bnc#764900).
• drm/i915: Add HP EliteBook to LVDS-temporary-disable
  list (bnc#763717).
• hwmon: (fam15h_power) Increase output resolution
  (bnc#759336).
• hwmon: (k10temp) Add support for AMD Trinity CPUs
  (bnc#759336).
• rpm/kernel-binary.spec.in: Own the right -kdump
  initrd (bnc#764500)
• memcg: prevent from OOM with too many dirty pages.
• dasd: re-prioritize partition detection message
  (bnc#764091,LTC#81617).
• kernel: pfault task state race (bnc#764091,LTC#81724).
• kernel: clear page table for sw large page emulation
  (bnc#764091,LTC#81933).
• USB: fix bug of device descriptor got from superspeed
  device (bnc#761087).
• xfrm: take net hdr len into account for esp payload
  size calculation (bnc#759545).
• st: clean up dev cleanup in st_probe (bnc#760806).
• st: clean up device file creation and removal
  (bnc#760806).
• st: get rid of scsi_tapes array (bnc#760806).
• st: raise device limit (bnc#760806).
• st: Use static class attributes (bnc#760806).
• mm: Optimize put_mems_allowed() usage (VM
  performance).
• cifs: fix oops while traversing open file list (try
  #4) (bnc#756050).
• scsi: Fix dm-multipath starvation when scsi host is
  busy (bnc#763485).
• dasd: process all requests in the device tasklet
  (bnc#763267).
• rt2x00:Add RT539b chipset support (bnc#760237).
• kabi/severities: Ignore changes in
  drivers/net/wireless/rt2x00, these are just exports used
  among the rt2x00 modules.
• rt2800: radio 3xxx: reprogram only lower bits of
  RF_R3 (bnc#759805).
• rt2800: radio 3xxx: program RF_R1 during channel
  switch (bnc#759805).
• rt2800: radio 3xxxx: channel switch RX/TX calibration
  fixes (bnc#759805).
• rt2x00: Avoid unnecessary uncached (bnc#759805).
• rt2x00: Introduce sta_add/remove callbacks
  (bnc#759805).
• rt2x00: Add WCID to crypto struct (bnc#759805).
• rt2x00: Add WCID to HT TX descriptor (bnc#759805).
• rt2x00: Move bssidx calculation into its own function
  (bnc#759805).
• rt2x00: Make use of sta_add/remove callbacks in
  rt2800 (bnc#759805).
• rt2x00: Forbid aggregation for STAs not programmed
  into the hw (bnc#759805).
• rt2x00: handle spurious pci interrupts (bnc#759805).
• rt2800: disable DMA after firmware load.
• rt2800: radio 3xxx: add channel switch calibration
  routines (bnc#759805).
• rpm/kernel-binary.spec.in: Obsolete ath3k, as it is
  now in the tree.
• floppy: remove floppy-specific O_EXCL handling
  (bnc#757315).
• floppy: convert to delayed work and single-thread wq
  (bnc#761245).