The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to version 3.0.93 and to fix various bugs and
security issues.
The following features have been added:
The following security issues have been fixed:
CVE-2013-2148: The fill_event_metadata function in
fs/notify/fanotify/fanotify_user.c in the Linux kernel did
not initialize a certain structure member, which allowed
local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.
CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel did not initialize
a certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy
interface of an IPSec key_socket.
CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.
CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel did not initialize certain structure
members, which allowed local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
CVE-2013-4162: The udp_v6_push_pending_frames function in
net/ipv6/udp.c in the IPv6 implementation in the Linux
kernel made an incorrect function call for pending data,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
CVE-2013-1059: net/ceph/auth_none.c in the Linux
kernel allowed remote attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via an auth_reply
message that triggers an attempted build_request operation.
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory
via a read operation on a malfunctioning CD-ROM drive.
CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
allowed local users to gain privileges by leveraging root
access and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create
a crafted /dev/md device name.
CVE-2013-4163: The ip6_append_data_mtu function in
net/ipv6/ip6_output.c in the IPv6 implementation in the
Linux kernel did not properly maintain information about
whether the IPV6_MTU setsockopt option had been specified,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
CVE-2013-1929: Heap-based buffer overflow in the
tg3_read_vpd function in
drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
allowed physically proximate attackers to cause a denial of
service (system crash) or possibly execute arbitrary code
via crafted firmware that specifies a long string in the
Vital Product Data (VPD) data structure.
CVE-2013-1819: The _xfs_buf_find function in
fs/xfs/xfs_buf.c in the Linux kernel did not validate block
numbers, which allowed local users to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by leveraging the
ability to mount an XFS filesystem containing a metadata
inode with an invalid extent map.
Also the following non-security bugs have been fixed:
PCI/AER: Reset link for devices below Root Port or
Downstream Port (bnc#828886 bnc#824568).
zfcp: fix lock imbalance by reworking request queue
locking (bnc#835175, LTC#96825).
qeth: Fix crash on initial MTU size change
(bnc#835175, LTC#96809).
qeth: change default standard blkt settings for OSA
Express (bnc#835175, LTC#96808).
x86: Add workaround to NMI iret woes (bnc#831949).
x86: Do not schedule while still in NMI context
(bnc#831949).
drm/i915: no longer call drm_helper_resume_force_mode
(bnc#831424,bnc#800875).
bnx2x: protect different statistics flows
(bnc#814336).
bnx2x: protect different statistics flows
(bnc#814336).
ALSA: hda - Fix unbalanced runtime pm refount
(bnc#834742).
xhci: directly calling _PS3 on suspend (bnc#833148).
futex: Take hugepages into account when generating
futex_key.
e1000e: workaround DMA unit hang on I218 (bnc#834647).
e1000e: helper functions for accessing EMI registers
(bnc#834647).
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
printk: Add NMI ringbuffer (bnc#831949).
printk: Do not use printk_cpu from finish_printk
(bnc#831949).
zfcp: fix schedule-inside-lock in scsi_device list
loops (bnc#833073, LTC#94937).
uvc: increase number of buffers (bnc#822164,
bnc#805804).
drm/i915: Adding more reserved PCI IDs for Haswell
(bnc#834116).
Refresh patches.xen/xen-netback-generalize
(bnc#827378).
Update Xen patches to 3.0.87.
mlx4_en: Adding 40gb speed report for ethtool
(bnc#831410).
drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
drm/i915: Fix write-read race with multiple rings
(bnc#831422).
xhci: Add xhci_disable_ports boot option (bnc#822164).
xhci: set device to D3Cold on shutdown (bnc#833097).
reiserfs: Fixed double unlock in reiserfs_setattr
failure path.
reiserfs: delay reiserfs lock until journal
initialization (bnc#815320).
NFS: support "nosharetransport" option (bnc#807502,
bnc#828192, FATE#315593).
HID: hyperv: convert alloc+memcpy to memdup.
Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
(bnc#828714).
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
dm mpath: add retain_attached_hw_handler feature
(bnc#760407).
scsi_dh: add scsi_dh_attached_handler_name
(bnc#760407).
af_key: fix info leaks in notify messages (bnc#827749
CVE-2013-2234).
af_key: initialize satype in
key_notify_policy_flush() (bnc#828119 CVE-2013-2237).
ipv6: call udp_push_pending_frames when uncorking a
socket with (bnc#831058, CVE-2013-4162).
tg3: fix length overflow in VPD firmware parsing
(bnc#813733 CVE-2013-1929).
xfs: fix _xfs_buf_find oops on blocks beyond the
filesystem end (CVE-2013-1819 bnc#807471).
ipv6: ip6_sk_dst_check() must not assume ipv6 dst
(bnc#827750, CVE-2013-2232).
dasd: fix hanging devices after path events
(bnc#831623, LTC#96336).
kernel: z90crypt module load crash (bnc#831623,
LTC#96214).
ata: Fix DVD not dectected at some platform with
Wellsburg PCH (bnc#822225).
drm/i915: edp: add standard modes (bnc#832318).
Do not switch camera on yet more HP machines
(bnc#822164).
Do not switch camera on HP EB 820 G1 (bnc#822164).
xhci: Avoid NULL pointer deref when host dies
(bnc#827271).
bonding: disallow change of MAC if fail_over_mac
enabled (bnc#827376).
bonding: emit event when bonding changes MAC
(bnc#773255 bnc#827372).
usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
controllers with xhci 1.0 (bnc#797909).
xhci: fix null pointer dereference on
ring_doorbell_for_active_rings (bnc#827271).
updated reference for security issue fixed inside
(CVE-2013-3301 bnc#815256)
qla2xxx: Clear the MBX_INTR_WAIT flag when the
mailbox time-out happens (bnc#830478).
drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
drm/i915: fix up gt init sequence fallout
(bnc#801341).
timer_list: Correct the iterator for timer_list
(bnc#818047).
firmware: do not spew errors in normal boot
(bnc#831438, fate#314574).
ALSA: virtuoso: Xonar DSX support (FATE#316016).
SUNRPC: Ensure we release the socket write lock if
the rpc_task exits early (bnc#830901).
ext4: Re-add config option Building ext4 as the
ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that
read-write module should be enabled. This update just
defaults allow_rw to true if it is set.
e1000: fix vlan processing regression (bnc#830766).
ext4: force read-only unless rw=1 module option is
used (fate#314864).
dm mpath: fix ioctl deadlock when no paths
(bnc#808940).
HID: fix unused rsize usage (bnc#783475).
add reference for b43 format string flaw (bnc#822579
CVE-2013-2852)
HID: fix data access in implement() (bnc#783475).
xfs: fix deadlock in xfs_rtfree_extent with kernel
v3.x (bnc#829622).
kernel: sclp console hangs (bnc#830346, LTC#95711).
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
Delete
patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi
rst-occurrence. It was removed from series.conf in
063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was
not deleted.
Drivers: hv: balloon: Do not post pressure status if
interrupted (bnc#829539).
Drivers: hv: balloon: Fix a bug in the hot-add code
(bnc#829539).
drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
r8169: move the firmware down into the device private
data (bnc#805371).
patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:
mm: link_mem_sections make sure nmi watchdog does not
trigger while linking memory sections (bnc#820434).
drm/i915: fix long-standing SNB regression in power
consumption after resume v2 (bnc#801341).
RTC: Add an alarm disable quirk (bnc#805740).
drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
patches.arch/s390-66-02-smp-ipi.patch: kernel: lost
IPIs on CPU hotplug (bnc#825048, LTC#94784).
patches.fixes/iwlwifi-use-correct-supported-firmware-for-603
5-and-.patch: iwlwifi: use correct supported firmware for
6035 and 6000g2 (bnc#825887).
patches.fixes/watchdog-update-watchdog_thresh-atomically.pat
ch: watchdog: Update watchdog_thresh atomically
(bnc#829357).
patches.fixes/watchdog-update-watchdog_tresh-properly.patch:
watchdog: update watchdog_tresh properly (bnc#829357).
*
patches.fixes/watchdog-make-disable-enable-hotplug-and-preem
pt-save.patch:
watchdog-make-disable-enable-hotplug-and-preempt-save.patch
(bnc#829357).
kabi/severities: Ignore changes in drivers/hv
patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou
t.patch: lpfc: Return correct error code on bsg_timeout
(bnc#816043).
patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:
dm-multipath: Drop table when retrying ioctl (bnc#808940).
scsi: Do not retry invalid function error
(bnc#809122).
patches.suse/scsi-do-not-retry-invalid-function-error.patch:
scsi: Do not retry invalid function error (bnc#809122).
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
patches.suse/scsi-always-retry-internal-target-error.patch:
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
patches.drivers/drm-edid-Don-t-print-messages-regarding-ster
eo-or-csync-by-default.patch: Refresh: add upstream commit
ID.
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
Refresh. (bnc#824915).
Refresh
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch
(bnc#824915).
Update kabi files.
ACPI:remove panic in case hardware has changed after
S4 (bnc#829001).
ibmvfc: Driver version 1.0.1 (bnc#825142).
ibmvfc: Suppress ABTS if target gone (bnc#825142).
fs/dcache.c: add cond_resched() to
shrink_dcache_parent() (bnc#829082).
drivers/cdrom/cdrom.c: use kzalloc() for failing
hardware (bnc#824295, CVE-2013-2164).
kmsg_dump: do not run on non-error paths by default
(bnc#820172).
supported.conf: mark tcm_qla2xxx as supported
mm: honor min_free_kbytes set by user (bnc#826960).
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
hyperv: Fix a kernel warning from
netvsc_linkstatus_callback() (bnc#828574).
RT: Fix up hardening patch to not gripe when avg >
available, which lockless access makes possible and happens
in -rt kernels running a cpubound ltp realtime testcase.
Just keep the output sane in that case.
kabi/severities: Add exception for
aer_recover_queue() There should not be any user besides
ghes.ko.
Fix rpm changelog
PCI / PM: restore the original behavior of
pci_set_power_state() (bnc#827930).
fanotify: info leak in copy_event_to_user()
(CVE-2013-2148 bnc#823517).
usb: xhci: check usb2 port capabilities before adding
hw link PM support (bnc#828265).
aerdrv: Move cper_print_aer() call out of interrupt
context (bnc#822052, bnc#824568).
PCI/AER: pci_get_domain_bus_and_slot() call missing
required pci_dev_put() (bnc#822052, bnc#824568).
patches.fixes/block-do-not-pass-disk-names-as-format-strings
.patch: block: do not pass disk names as format strings
(bnc#822575 CVE-2013-2851).
powerpc: POWER8 cputable entries (bnc#824256).
libceph: Fix NULL pointer dereference in auth client
code. (CVE-2013-1059, bnc#826350)
md/raid10: Fix two bug affecting RAID10 reshape.
Allow NFSv4 to run execute-only files (bnc#765523).
fs/ocfs2/namei.c: remove unecessary ERROR when
removing non-empty directory (bnc#819363).
block: Reserve only one queue tag for sync IO if only
3 tags are available (bnc#806396).
btrfs: merge contigous regions when loading free
space cache
btrfs: fix how we deal with the orphan block rsv.
download.novell.com/patch/finder/?keywords=0ac91b201b328861b832cc9a2d5a8c6b
download.novell.com/patch/finder/?keywords=191d1a273a8c36c8ea012d9d4b07dcbc
download.novell.com/patch/finder/?keywords=4ae0f4ab33ce6f2db597d9df8fc2fa01
download.novell.com/patch/finder/?keywords=4cd5eadeb6509d92f806e5cee6cfa82a
download.novell.com/patch/finder/?keywords=61459cd922860f9fa4e664f18e3931fd
download.novell.com/patch/finder/?keywords=644896ee11863828529ebdee6530d1ac
download.novell.com/patch/finder/?keywords=79b73575f6204cac04299c610e2aa8ac
download.novell.com/patch/finder/?keywords=c98e6cc38ee03dd039683da9b6305d2a
download.novell.com/patch/finder/?keywords=ebf6b9a0e30da81aed0eccbac2d7a3b7
download.novell.com/patch/finder/?keywords=ee2560c9159e67ffcb9684870a768e7d
bugzilla.novell.com/745640
bugzilla.novell.com/760407
bugzilla.novell.com/765523
bugzilla.novell.com/773006
bugzilla.novell.com/773255
bugzilla.novell.com/783475
bugzilla.novell.com/789010
bugzilla.novell.com/797909
bugzilla.novell.com/800875
bugzilla.novell.com/801341
bugzilla.novell.com/805371
bugzilla.novell.com/805740
bugzilla.novell.com/805804
bugzilla.novell.com/806396
bugzilla.novell.com/807471
bugzilla.novell.com/807502
bugzilla.novell.com/808940
bugzilla.novell.com/809122
bugzilla.novell.com/809463
bugzilla.novell.com/812274
bugzilla.novell.com/813733
bugzilla.novell.com/814336
bugzilla.novell.com/815256
bugzilla.novell.com/815320
bugzilla.novell.com/816043
bugzilla.novell.com/818047
bugzilla.novell.com/819363
bugzilla.novell.com/820172
bugzilla.novell.com/820434
bugzilla.novell.com/822052
bugzilla.novell.com/822164
bugzilla.novell.com/822225
bugzilla.novell.com/822575
bugzilla.novell.com/822579
bugzilla.novell.com/822878
bugzilla.novell.com/823517
bugzilla.novell.com/824256
bugzilla.novell.com/824295
bugzilla.novell.com/824568
bugzilla.novell.com/824915
bugzilla.novell.com/825048
bugzilla.novell.com/825142
bugzilla.novell.com/825227
bugzilla.novell.com/825887
bugzilla.novell.com/826350
bugzilla.novell.com/826960
bugzilla.novell.com/827271
bugzilla.novell.com/827372
bugzilla.novell.com/827376
bugzilla.novell.com/827378
bugzilla.novell.com/827749
bugzilla.novell.com/827750
bugzilla.novell.com/827930
bugzilla.novell.com/828087
bugzilla.novell.com/828119
bugzilla.novell.com/828192
bugzilla.novell.com/828265
bugzilla.novell.com/828574
bugzilla.novell.com/828714
bugzilla.novell.com/828886
bugzilla.novell.com/828914
bugzilla.novell.com/829001
bugzilla.novell.com/829082
bugzilla.novell.com/829357
bugzilla.novell.com/829539
bugzilla.novell.com/829622
bugzilla.novell.com/830346
bugzilla.novell.com/830478
bugzilla.novell.com/830766
bugzilla.novell.com/830822
bugzilla.novell.com/830901
bugzilla.novell.com/831055
bugzilla.novell.com/831058
bugzilla.novell.com/831410
bugzilla.novell.com/831422
bugzilla.novell.com/831424
bugzilla.novell.com/831438
bugzilla.novell.com/831623
bugzilla.novell.com/831949
bugzilla.novell.com/832318
bugzilla.novell.com/833073
bugzilla.novell.com/833097
bugzilla.novell.com/833148
bugzilla.novell.com/834116
bugzilla.novell.com/834647
bugzilla.novell.com/834742
bugzilla.novell.com/835175