The SUSE Linux Enterprise 11 SP2 kernel was updated to
3.0.34, fixing a lot of bugs and security issues.
The update from Linux kernel 3.0.31 to 3.0.34 also fixes
various bugs not listed here.
The following security issues have been fixed:
CVE-2012-2136: Local attackers could trigger an
overflow in sock_alloc_send_pksb(), potentially crashing
the machine or escalate privileges.
CVE-2012-2390: A memory leak in transparent hugepages
on mmap failure could be used by local attacker to run the
machine out of memory (local denial of service).
CVE-2012-2119: A malicious guest driver could
overflow the host stack by passing a long descriptor, so
potentially crashing the host system or escalating
privileges on the host.
CVE-2012-2375: Malicious NFS server could crash the
clients when more than 2 GETATTR bitmap words are returned
in response to the FATTR4_ACL attribute requests, only
incompletely fixed by CVE-2011-4131.
The following non-security bugs have been fixed:
Hyper-V:
- storvsc: Properly handle errors from the host
(bnc#747404).
- HID: hid-hyperv: Do not use hid_parse_report()
directly.
- HID: hyperv: Set the hid drvdata correctly.
- drivers/hv: Get rid of an unnecessary check in
vmbus_prep_negotiate_resp().
- drivers/hv: util: Properly handle version
negotiations.
- hv: fix return type of hv_post_message().
- net/hyperv: Add flow control based on hi/low
watermark.
- usb/net: rndis: break out <1/rndis.h> defines. only
net/hyperv part
- usb/net: rndis: remove ambigous status codes. only
net/hyperv part
- usb/net: rndis: merge command codes. only net/hyperv
part
- net/hyperv: Adding cancellation to ensure rndis
filter is closed.
- update hv drivers to 3.4-rc1, requires new
hv_kvp_daemon:
- drivers: hv: kvp: Add/cleanup connector defines.
- drivers: hv: kvp: Move the contents of hv_kvp.h to
hyperv.h.
- net/hyperv: Convert camel cased variables in
rndis_filter.c to lower cases.
- net/hyperv: Correct the assignment in
netvsc_recv_callback().
- net/hyperv: Remove the unnecessary memset in
rndis_filter_send().
- drivers: hv: Cleanup the kvp related state in
hyperv.h.
- tools: hv: Use hyperv.h to get the KVP definitions.
- drivers: hv: kvp: Cleanup the kernel/user protocol.
- drivers: hv: Increase the number of VCPUs supported
in the guest.
- net/hyperv: Fix data corruption in
rndis_filter_receive().
- net/hyperv: Add support for vlan trunking from guests.
- Drivers: hv: Add new message types to enhance KVP.
- Drivers: hv: Support the newly introduced KVP
messages in the driver.
- Tools: hv: Fully support the new KVP verbs in the
user level daemon.
- Tools: hv: Support enumeration from all the pools.
- net/hyperv: Fix the code handling tx busy.
- patches.suse/suse-hv-pata_piix-ignore-disks.patch
replace our version of this patch with upstream variant:
ata_piix: defer disks to the Hyper-V drivers by default
libata: add a host flag to ignore detected ATA devices.
Btrfs:
- btrfs: more module message prefixes.
- vfs: re-implement writeback_inodes_sb(_nr)_if_idle()
and rename them
- btrfs: flush all the dirty pages if
try_to_writeback_inodes_sb_nr() fails
- vfs: re-implement writeback_inodes_sb(_nr)_if_idle()
and rename them
- btrfs: fix locking in btrfs_destroy_delayed_refs
- btrfs: wake up transaction waiters when aborting a
transaction
- btrfs: abort the transaction if the commit fails
- btrfs: fix btrfs_destroy_marked_extents
- btrfs: unlock everything properly in the error case
for nocow
- btrfs: fix return code in drop_objectid_items
- btrfs: check to see if the inode is in the log before
fsyncing
- btrfs: pass locked_page into
extent_clear_unlock_delalloc if theres an error
- btrfs: check the return code of btrfs_save_ino_cache
- btrfs: do not update atime for RO snapshots
(FATE#306586).
- btrfs: convert the inode bit field to use the actual
bit operations
- btrfs: fix deadlock when the process of delayed refs
fails
- btrfs: stop defrag the files automatically when doin
readonly remount or umount
- btrfs: avoid memory leak of extent state in error
handling routine
- btrfs: make sure that we have made everything in
pinned tree clean
- btrfs: destroy the items of the delayed inodes in
error handling routine
- btrfs: ulist realloc bugfix
- btrfs: bugfix in btrfs_find_parent_nodes
- btrfs: bugfix: ignore the wrong key for indirect tree
block backrefs
- btrfs: avoid buffer overrun in btrfs_printk
- btrfs: fall back to non-inline if we do not have
enough space
- btrfs: NUL-terminate path buffer in DEV_INFO ioctl
result
- btrfs: avoid buffer overrun in mount option handling
- btrfs: do not do balance in readonly mode
- btrfs: fix the same inode id problem when doing auto
defragment
- btrfs: fix wrong error returned by adding a device
- btrfs: use fastpath in extent state ops as much as
possible
Misc:
- tcp: drop SYN+FIN messages (bnc#765102).
- mm: avoid swapping out with swappiness==0
(swappiness).
- thp: avoid atomic64_read in pmd_read_atomic for 32bit
PAE (bnc#762991).
- paravirt: Split paravirt MMU ops (bnc#556135,
bnc#754690, FATE#306453).
- paravirt: Only export pv_mmu_ops symbol if
PARAVIRT_MMU
- parvirt: Stub support KABI for KVM_MMU (bnc#556135,
bnc#754690, FATE#306453).
- tmpfs: implement NUMA node interleaving (bnc#764209).
- synaptics-hp-clickpad: Fix the detection of LED on
the recent HP laptops (bnc#765524)
- supported.conf: mark xt_AUDIT as supported
(bnc#765253)
- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs
pmd_populate SMP race condition (bnc#762991 CVE-2012-2373).
- xhci: Do not free endpoints in xhci_mem_cleanup()
(bnc#763307).
- xhci: Fix invalid loop check in xhci_free_tt_info()
(bnc#763307).
- drm: Skip too big EDID extensions (bnc#764900).
- drm/i915: Add HP EliteBook to LVDS-temporary-disable
list (bnc#763717).
- hwmon: (fam15h_power) Increase output resolution
(bnc#759336).
- hwmon: (k10temp) Add support for AMD Trinity CPUs
(bnc#759336).
- rpm/kernel-binary.spec.in: Own the right -kdump
initrd (bnc#764500)
- memcg: prevent from OOM with too many dirty pages.
- dasd: re-prioritize partition detection message
(bnc#764091,LTC#81617).
- kernel: pfault task state race (bnc#764091,LTC#81724).
- kernel: clear page table for sw large page emulation
(bnc#764091,LTC#81933).
- USB: fix bug of device descriptor got from superspeed
device (bnc#761087).
- xfrm: take net hdr len into account for esp payload
size calculation (bnc#759545).
- st: clean up dev cleanup in st_probe (bnc#760806).
- st: clean up device file creation and removal
(bnc#760806).
- st: get rid of scsi_tapes array (bnc#760806).
- st: raise device limit (bnc#760806).
- st: Use static class attributes (bnc#760806).
- mm: Optimize put_mems_allowed() usage (VM
performance).
- cifs: fix oops while traversing open file list (try
#4) (bnc#756050).
- scsi: Fix dm-multipath starvation when scsi host is
busy (bnc#763485).
- dasd: process all requests in the device tasklet
(bnc#763267).
- rt2x00:Add RT539b chipset support (bnc#760237).
- kabi/severities: Ignore changes in
drivers/net/wireless/rt2x00, these are just exports used
among the rt2x00 modules.
- rt2800: radio 3xxx: reprogram only lower bits of
RF_R3 (bnc#759805).
- rt2800: radio 3xxx: program RF_R1 during channel
switch (bnc#759805).
- rt2800: radio 3xxxx: channel switch RX/TX calibration
fixes (bnc#759805).
- rt2x00: Avoid unnecessary uncached (bnc#759805).
- rt2x00: Introduce sta_add/remove callbacks
(bnc#759805).
- rt2x00: Add WCID to crypto struct (bnc#759805).
- rt2x00: Add WCID to HT TX descriptor (bnc#759805).
- rt2x00: Move bssidx calculation into its own function
(bnc#759805).
- rt2x00: Make use of sta_add/remove callbacks in
rt2800 (bnc#759805).
- rt2x00: Forbid aggregation for STAs not programmed
into the hw (bnc#759805).
- rt2x00: handle spurious pci interrupts (bnc#759805).
- rt2800: disable DMA after firmware load.
- rt2800: radio 3xxx: add channel switch calibration
routines (bnc#759805).
- rpm/kernel-binary.spec.in: Obsolete ath3k, as it is
now in the tree.
- floppy: remove floppy-specific O_EXCL handling
(bnc#757315).
- floppy: convert to delayed work and single-thread wq
(bnc#761245).