kernel update for SLE11 SP3 (important)

The SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to 3.0.82 and to fix various bugs and security
issues.

Following security issues were fixed: CVE-2013-1774: The
chase_port function in drivers/usb/serial/io_ti.c in the
Linux kernel allowed local users to cause a denial of
service (NULL pointer dereference and system crash) via an
attempted /dev/ttyUSB read or write operation on a
disconnected Edgeport USB serial converter.

CVE-2013-0160: Timing side channel on attacks were possible
on /dev/ptmx that could allow local attackers to predict
keypresses like e.g. passwords. This has been fixed again
by updating accessed/modified time on the pty devices in
resolution of 8 seconds, so that idle time detection can
still work.

CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
in the Linux kernel did not initialize a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call.

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom
system call.

CVE-2013-3225: The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3227: The caif_seqpkt_recvmsg function in
net/caif/caif_socket.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3235: net/tipc/socket.c in the Linux kernel did
not initialize a certain data structure and a certain
length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3076: The crypto API in the Linux kernel did not
initialize certain length variables, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call,
related to the hash_recvmsg function in crypto/algif_hash.c
and the skcipher_recvmsg function in
crypto/algif_skcipher.c.

CVE-2013-1979: The scm_set_cred function in
include/net/scm.h in the Linux kernel used incorrect uid
and gid values during credentials passing, which allowed
local users to gain privileges via a crafted application.

A kernel information leak via tkill/tgkill was fixed.

Following non security bugs were fixed: S/390:

• af_iucv: Missing man page (bnc#825037, LTC#94825).
• iucv: fix kernel panic at reboot (bnc#825037, LTC#93803).
• kernel: lost IPIs on CPU hotplug (bnc#825037, LTC#94784).
• dasd: Add missing descriptions for dasd timeout messages
  (bnc#825037, LTC#94762).
• dasd: Fix hanging device after resume with internal error
  13 (bnc#825037, LTC#94554).
• cio: Suppress 2nd path verification during resume
  (bnc#825037, LTC#94554).
• vmcp: Missing man page (bnc#825037, LTC#94453).
• kernel: 3215 console crash (bnc#825037, LTC#94302).
• netiucv: Hold rtnl between name allocation and device
  registration (bnc#824159).
• s390/ftrace: fix mcount adjustment (bnc#809895).

HyperV:

• Drivers: hv: Fix a bug in get_vp_index().
• hyperv: Fix a compiler warning in netvsc_send().
• Tools: hv: Fix a checkpatch warning.
• tools: hv: skip iso9660 mounts in hv_vss_daemon.
• tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon.
• tools: hv: use getmntent in hv_vss_daemon.
• Tools: hv: Fix a checkpatch warning.
• tools: hv: fix checks for origin of netlink message in
  hv_vss_daemon.
• Tools: hv: fix warnings in hv_vss_daemon.
• x86, hyperv: Handle Xen emulation of Hyper-V more
  gracefully.
• hyperv: Fix a kernel warning from
  netvsc_linkstatus_callback().
• Drivers: hv: balloon: make local functions static.
• tools: hv: daemon should check type of received Netlink
  msg.
• tools: hv: daemon setsockopt should use options macros.
• tools: hv: daemon should subscribe only to CN_KVP_IDX
  group.
• driver: hv: remove cast for kmalloc return value.
• hyperv: use 3.4 as LIC version string (bnc#822431).

BTRFS:

• btrfs: flush delayed inodes if we are short on space
  (bnc#801427).
• btrfs: rework shrink_delalloc (bnc#801427).
• btrfs: fix our overcommit math (bnc#801427).
• btrfs: delay block group item insertion (bnc#801427).
• btrfs: remove bytes argument from do_chunk_alloc
  (bnc#801427).
• btrfs: run delayed refs first when out of space
  (bnc#801427).
• btrfs: do not commit instead of overcommitting
  (bnc#801427).
• btrfs: do not take inode delalloc mutex if we are a free
  space inode (bnc#801427).
• btrfs: fix chunk allocation error handling (bnc#801427).
• btrfs: remove extent mapping if we fail to add chunk
  (bnc#801427).
• btrfs: do not overcommit if we do not have enough space
  for global rsv (bnc#801427).
• btrfs: rework the overcommit logic to be based on the
  total size (bnc#801427).
• btrfs: steal from global reserve if we are cleaning up
  orphans (bnc#801427).
• btrfs: clear chunk_alloc flag on retryable failure
  (bnc#801427).
• btrfs: use reserved space for creating a snapshot
  (bnc#801427).
• btrfs: cleanup to make the function
  btrfs_delalloc_reserve_metadata more logic (bnc#801427).
• btrfs: fix space leak when we fail to reserve metadata
  space (bnc#801427).
• btrfs: fix space accounting for unlink and rename
  (bnc#801427).
• btrfs: allocate new chunks if the space is not enough for
  global rsv (bnc#801427).
• btrfs: various abort cleanups (bnc#812526 bnc#801427).
• btrfs: simplify unlink reservations (bnc#801427).

XFS:

• xfs: Move allocation stack switch up to xfs_bmapi
  (bnc#815356).
• xfs: introduce XFS_BMAPI_STACK_SWITCH (bnc#815356).
• xfs: zero allocation_args on the kernel stack
  (bnc#815356).
• xfs: fix debug_object WARN at xfs_alloc_vextent()
  (bnc#815356).
• xfs: do not defer metadata allocation to the workqueue
  (bnc#815356).
• xfs: introduce an allocation workqueue (bnc#815356).
• xfs: fix race while discarding buffers [V4] (bnc#815356
  (comment 36)).
• xfs: Serialize file-extending direct IO (bnc#818371).
• xfs: Do not allocate new buffers on every call to
  _xfs_buf_find (bnc#763968).
• xfs: fix buffer lookup race on allocation failure
  (bnc#763968).

ALSA:

• Fix VT1708 jack detection on SLEPOS machines (bnc#813922).
• ALSA: hda - Avoid choose same converter for unused pins
  (bnc#826186).
• ALSA: hda - Cache the MUX selection for generic HDMI
  (bnc#826186).
• ALSA: hda - Haswell converter power state D0 verify
  (bnc#826186).
• ALSA: hda - Do not take unresponsive D3 transition too
  serious (bnc#823597).
• ALSA: hda - Introduce bit flags to
  snd_hda_codec_read/write() (bnc#823597).
• ALSA: hda - Check CORB overflow (bnc#823597).
• ALSA: hda - Check validity of CORB/RIRB WP reads
  (bnc#823597).
• ALSA: hda - Fix system panic when DMA > 40 bits for
  Nvidia audio controllers (bnc#818465).
• ALSA: hda - Add hint for suppressing lower cap for IDT
  codecs (bnc#812332).
• ALSA: hda - Enable mic-mute LED on more HP laptops
  (bnc#821859).

Direct Rendering Manager (DRM):

• drm/i915: Add wait_for in init_ring_common (bnc#813604).
• drm/i915: Mark the ringbuffers as being in the GTT domain
  (bnc#813604).
• drm/edid: Do not print messages regarding stereo or csync
  by default (bnc #821235).
• drm/i915: force full modeset if the connector is in DPMS
  OFF mode (bnc #809975).
• drm/i915/sdvo: Use &intel_sdvo->ddc instead of
  intel_sdvo->i2c for DDC (bnc #808855).
• drm/mm: fix dump table BUG. (bnc#808837)
• drm/i915: Clear the stolen fb before enabling
  (bnc#808015).

XEN:

• xen/netback: Update references (bnc#823342).
• xen: Check for insane amounts of requests on the ring.
• Update Xen patches to 3.0.82.
• netback: do not disconnect frontend when seeing oversize
  packet.
• netfront: reduce gso_max_size to account for max TCP
  header.
• netfront: fix kABI after "reduce gso_max_size to account
  for max TCP header".

Other:

• x86, efi: retry ExitBootServices() on failure
  (bnc#823386).

• x86/efi: Fix dummy variable buffer allocation
  (bnc#822080).

• ext4: avoid hang when mounting non-journal filesystems
  with orphan list (bnc#817377).

• mm: compaction: Scan PFN caching KABI workaround (Fix
  KABI breakage (bnc#825657)).

• autofs4 - fix get_next_positive_subdir() (bnc#819523).

• ocfs2: Add bits_wanted while calculating credits in
  ocfs2_calc_extend_credits (bnc#822077).

• writeback: Avoid needless scanning of b_dirty list
  (bnc#819018).

• writeback: Do not sort b_io list only because of block
  device inode (bnc#819018).

• re-enable io tracing (bnc#785901).

• pciehp: Corrected the old mismatching DMI strings.

• SUNRPC: Prevent an rpc_task wakeup race (bnc#825591).

• tg3: Prevent system hang during repeated EEH errors
  (bnc#822066).

• scsi_dh_alua: multipath failover fails with error 15
  (bnc#825696).

• Do not switch camera on HP EB 8780 (bnc#797090).

• Do not switch webcam for HP EB 8580w (bnc#797090).

• mm: fixup compilation error due to an asm write through a
  const pointer. (bnc#823795)

• do not switch cam port on HP EliteBook 840 (bnc#822164).

• net/sunrpc: xpt_auth_cache should be ignored when expired
  (bnc#803320).

• sunrpc/cache: ensure items removed from cache do not have
  pending upcalls (bnc#803320).

• sunrpc/cache: remove races with queuing an upcall
  (bnc#803320).

• sunrpc/cache: use cache_fresh_unlocked consistently and
  correctly (bnc#803320).

• KVM: x86: emulate movdqa (bnc#821070).

• KVM: x86: emulator: add support for vector alignment
  (bnc#821070).

• KVM: x86: emulator: expand decode flags to 64 bits
  (bnc#821070).

• xhci - correct comp_mode_recovery_timer on return from
  hibernate (bnc#808136).

• md/raid10 enough fixes (bnc#773837).

• lib/Makefile: Fix oid_registry build dependency
  (bnc#823223).

• Update config files: disable IP_PNP (bnc#822825)

• Fix kABI breakage for addition of
  snd_hda_bus.no_response_fallback (bnc#823597).

• Disable efi pstore by default (bnc#804482 bnc#820172).

• md: Fix problem with GET_BITMAP_FILE returning wrong
  status (bnc#812974).

• bnx2x: Fix bridged GSO for 57710/57711 chips (bnc#819610).

• USB: xHCI: override bogus bulk wMaxPacketSize values
  (bnc#823082).

• BTUSB: Add MediaTek bluetooth MT76x0E support (bnc#797727
  bnc#822340).

• qlge: Update version to 1.00.00.32 (bnc#819195).

• qlge: Fix ethtool autoneg advertising (bnc#819195).

• qlge: Fix receive path to drop error frames (bnc#819195).

• qlge: remove NETIF_F_TSO6 flag (bnc#819195).

• remove init of dev->perm_addr in drivers (bnc#819195).

• drivers/net: fix up function prototypes after __dev*
  removals (bnc#819195).

• qlge: remove __dev* attributes (bnc#819195).

• drivers: ethernet: qlogic: qlge_dbg.c: Fixed a coding
  style issue (bnc#819195).

• cxgb4: Force uninitialized state if FW_ON_ADAPTER is <
  FW_VERSION and we are the MASTER_PF (bnc#809130).

• USB: UHCI: fix for suspend of virtual HP controller
  (bnc#817035).

• timer_list: Convert timer list to be a proper seq_file
  (bnc#818047).

• timer_list: Split timer_list_show_tickdevices
  (bnc#818047).

• sched: Fix /proc/sched_debug failure on very very large
  systems (bnc#818047).

• sched: Fix /proc/sched_stat failure on very very large
  systems (bnc#818047).

• reiserfs: fix spurious multiple-fill in
  reiserfs_readdir_dentry (bnc#822722).

• libfc: do not exch_done() on invalid sequence ptr
  (bnc#810722).

• netfilter: ip6t_LOG: fix logging of packet mark
  (bnc#821930).

• virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
  (bnc#819655).

• HWPOISON: fix misjudgement of page_action() for errors on
  mlocked pages (Memory failure RAS (bnc#821799)).

• HWPOISON: check dirty flag to match against clean page
  (Memory failure RAS (bnc#821799)).

• HWPOISON: change order of error_states elements (Memory
  failure RAS (bnc#821799)).

• mm: hwpoison: fix action_result() to print out
  dirty/clean (Memory failure RAS (bnc#821799)).

• mm: mmu_notifier: re-fix freed page still mapped in
  secondary MMU (bnc#821052).

• Do not switch webcams in some HP ProBooks to XHCI
  (bnc#805804).

• Do not switch BT on HP ProBook 4340 (bnc#812281).

• mm: memory_dev_init make sure nmi watchdog does not
  trigger while registering memory sections (bnc#804609,
  bnc#820434).

• mm: compaction: Restart compaction from near where it
  left off

• mm: compaction: cache if a pageblock was scanned and no
  pages were isolated

• mm: compaction: clear PG_migrate_skip based on compaction
  and reclaim activity

• mm: compaction: Scan PFN caching KABI workaround

• mm: page_allocator: Remove first_pass guard

• mm: vmscan: do not stall on writeback during memory
  compaction Cache compaction restart points for faster
  compaction cycles (bnc#816451)