Security update for Real Time Linux Kernel (important)

2013-11-22T05:04:54
ID SUSE-SU-2013:1744-1
Type suse
Reporter Suse
Modified 2013-11-22T05:04:54

Description

The SUSE Linux Enterprise 11 Service Pack 2 kernel for RealTime was updated to version 3.0.101 and also includes various other bug and security fixes.

The following features have been added:

  • Drivers: hv: Support handling multiple VMBUS versions (FATE#314665).
  • Drivers: hv: Save and export negotiated vmbus version (FATE#314665).
  • Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665).

The following security issue has been fixed:

  • CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102)

The following non-security bugs have been fixed:

  • mm: Do not walk all of system memory during show_mem (Reduce tasklist_lock hold times (bnc#821259)).
  • mm, memcg: introduce own oom handler to iterate only over its own threads.
  • mm, memcg: move all oom handling to memcontrol.c.
  • mm, oom: avoid looping when chosen thread detaches its mm.
  • mm, oom: fold oom_kill_task() into oom_kill_process().
  • mm, oom: introduce helper function to process threads during scan.
  • mm, oom: reduce dependency on tasklist_lock.
  • kernel: sclp console hangs (bnc#841498, LTC#95711).
  • splice: fix racy pipe->buffers uses (bnc#827246).
  • blktrace: fix race with open trace files and directory removal (bnc#832292).
  • Set proper SK when CK_COND is set (bnc#833588).
  • iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513).
  • x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513).
  • iommu/vt-d: Only warn about broken interrupt remapping (bnc#844513).
  • iommu: Remove stack trace from broken irq remapping warning (bnc#844513).
  • intel-iommu: Fix leaks in pagetable freeing (bnc#841402).
  • softirq: reduce latencies (bnc#797526).
  • softirq: Fix lockup related to stop_machine being stuck in __do_softirq (bnc#797526).
  • bounce: Bounce memory pool initialisation (bnc#836347)
  • writeback: Do not sync data dirtied after sync start (bnc#833820).
  • config//debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG (bnc#837372).
  • Fixed Xen guest freezes (bnc#829682, bnc#842063).
  • SUNRPC: close a rare race in xs_tcp_setup_socket (bnc#794824).
  • NFS: make nfs_flush_incompatible more generous (bnc#816099).
  • NFS: don't try to use lock state when we hold a delegation (bnc#831029).
  • nfs_lookup_revalidate(): fix a leak (bnc#828894).
  • fs: do_add_mount()/umount -l races (bnc#836801).
  • cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950).
  • cifs: Fix EREMOTE errors encountered on DFS links (bnc#831143).
  • xfs: growfs: use uncached buffers for new headers (bnc#842604).
  • xfs: avoid double-free in xfs_attr_node_addname.
  • xfs: Check the return value of xfs_buf_get() (bnc#842604).
  • iscsi: don't hang in endless loop if no targets present (bnc#841094).
  • reiserfs: fix race with flush_used_journal_lists and flush_journal_list (bnc#837803).
  • md: Throttle number of pending write requests in md/raid10 (bnc#833858).
  • dm: ignore merge_bvec for snapshots when safe (bnc#820848).
  • rcu: Do not trigger false positive RCU stall detection (bnc#834204).
  • net/mlx4_en: Fix BlueFlame race (bnc#835684).
  • net: remove skb_orphan_try() (bnc#834600).
  • bonding: check bond->vlgrp in bond_vlan_rx_kill_vid() (bnc#834905).
  • ipv6: don't call fib6_run_gc() until routing is ready (bnc#836218).
  • ipv6: prevent fib6_run_gc() contention (bnc#797526).
  • ipv6: update ip6_rt_last_gc every time GC is run (bnc#797526).
  • netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853 bugzilla.netfilter.org:714).
  • netfilter: prevent race condition breaking net reference counting (bnc#835094).
  • sctp: deal with multiple COOKIE_ECHO chunks (bnc#826102).
  • quirks: add touchscreen that is dazzeled by remote wakeup (bnc#835930).
  • bnx2x: Change to D3hot only on removal (bnc#838448).
  • vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321).
  • Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714).
  • Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346).
  • Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346).
  • elousb: some systems cannot stomach work around (bnc#840830).
  • bio-integrity: track owner of integrity payload (bnc#831380).
  • lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463).
  • series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem (bnc#833635)
  • rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors (bnc#821465).
  • rpm/kernel-binary.spec.in: Move the xenpae obsolete to the old-flavors file.
  • rpm/old-flavors: Convert the old-packages.conf file to a flat list.
  • rpm/old-packages.conf: Drop bogus obsoletes for "smp" (bnc#821465).
  • rpm/kernel-binary.spec.in: Make sure that all KMP obsoletes are versioned (bnc#821465).
  • rpm/kernel-binary.spec.in: Remove unversioned provides/obsoletes for packages that were only seen in openSUSE releases up to 11.0. (bnc#821465).
  • sched/workqueue: Only wake up idle workers if not blocked on sleeping spin lock.
  • genirq: Set irq thread to RT priority on creation.
  • timers: prepare for full preemption improve.
  • kernel/cpu: fix cpu down problem if kthread's cpu is going down.
  • kernel/hotplug: restore original cpu mask oncpu/down.
  • drm/i915: drop trace_i915_gem_ring_dispatch on rt.
  • rt,ntp: Move call to schedule_delayed_work() to helper thread.
  • hwlat-detector: Update hwlat_detector to add outer loop detection.
  • hwlat-detect/trace: Export trace_clock_local for hwlat-detector.
  • hwlat-detector: Use trace_clock_local if available.
  • hwlat-detector: Use thread instead of stop machine.
  • genirq: do not invoke the affinity callback via a workqueue.

Security Issues:

  • CVE-2013-2206 <<a rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206</a> >