Security update for Real Time Linux Kernel (important)

2013-11-22T08:04:29
ID SUSE-SU-2013:1750-1
Type suse
Reporter Suse
Modified 2013-11-22T08:04:29

Description

The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was updated to version 3.0.101 to fix various bugs and security issues.

The following features have been added:

  • Drivers: hv: Support handling multiple VMBUS versions (FATE#314665).
  • Drivers: hv: Save and export negotiated vmbus version (FATE#314665).
  • Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665).

The following security issue has been fixed:

  • CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102)

The following non-security bugs have been fixed:

  • kernel: sclp console hangs (bnc#841498, LTC#95711).
  • kernel: allow program interruption filtering in user space (bnc#837596, LTC#97332).
  • Audit: do not print error when LSMs disabled (bnc#842057).
  • i2c: ismt: initialize DMA buffer (bnc#843753).
  • powerpc/irq: Run softirqs off the top of the irq stack (bnc#847319).
  • softirq: reduce latencies (bnc#797526).
  • softirq: Fix lockup related to stop_machine being stuck in __do_softirq (bnc#797526).
  • thp: reduce khugepaged freezing latency (khugepaged blocking suspend-to-ram (bnc#825291)).
  • X.509: Remove certificate date checks (bnc#841656).
  • splice: fix racy pipe->buffers uses (bnc#827246).
  • blktrace: fix race with open trace files and directory removal (bnc#832292).
  • writeback: Do not sync data dirtied after sync start (bnc#833820).
  • elousb: some systems cannot stomach work around (bnc#840830).
  • bounce: allow use of bounce pool via config option (Bounce memory pool initialisation (bnc#836347)).
  • block: initialize the bounce pool if high memory may be added later (Bounce memory pool initialization (bnc#836347)).
  • config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG (bnc#837372).
  • xhci: Fix spurious wakeups after S5 on Haswell (bnc#833097).
  • cio: add message for timeouts on internal I/O (bnc#837741,LTC#97048).
  • elousb: some systems cannot stomach work around (bnc#830985).
  • s390/cio: handle unknown pgroup state (bnc#837741,LTC#97048).
  • s390/cio: export vpm via sysfs (bnc#837741,LTC#97048).
  • s390/cio: skip broken paths (bnc#837741,LTC#97048).
  • s390/cio: dont abort verification after missing irq (bnc#837741,LTC#97048).
  • bio-integrity: track owner of integrity payload (bnc#831380).
  • iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513).
  • x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513).
  • iommu/vt-d: Only warn about broken interrupt remapping (bnc#844513).
  • iommu: Remove stack trace from broken irq remapping warning (bnc#844513).
  • intel-iommu: Fix leaks in pagetable freeing (bnc#841402).
  • mm: Do not walk all of system memory during show_mem (Reduce tasklist_lock hold times (bnc#821259)).
  • mm, memcg: introduce own oom handler to iterate only over its own threads.
  • mm, memcg: move all oom handling to memcontrol.c.
  • mm, oom: avoid looping when chosen thread detaches its mm.
  • mm, oom: fold oom_kill_task() into oom_kill_process().
  • mm, oom: introduce helper function to process threads during scan.
  • mm, oom: reduce dependency on tasklist_lock. (Reduce tasklist_lock hold times (bnc#821259).
  • mm: vmscan: Do not continue scanning if reclaim was aborted for compaction (Limit reclaim in the preserve of IO (bnc#754690)).
  • mm: vmscan: take page buffers dirty and locked state into account (Limit reclaim in the preserve of IO (bnc#754690)).
  • mm: vmscan: treat pages marked for immediate reclaim as zone congestion (Limit reclaim in the preserve of IO (bnc#754690)).
  • mm: vmscan: move direct reclaim wait_iff_congested into shrink_list (Limit reclaim in the preserve of IO (bnc#754690)).
  • mm: vmscan: set zone flags before blocking (Limit reclaim in the preserve of IO (bnc#754690)).
  • mm: vmscan: stall page reclaim after a list of pages have been processed (Limit reclaim in the preserve of IO (bnc#754690)).
  • mm: vmscan: stall page reclaim and writeback pages based on dirty/writepage pages encountered (Limit reclaim in the reserve of IO (bnc#754690)).
  • mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas (bnc#822942).
  • Update EC2 config files (STRICT_DEVMEM off, bnc#843732).
  • Fixed Xen guest freezes (bnc#829682, bnc#842063).
  • rcu: Do not trigger false positive RCU stall detection (bnc#834204).
  • libata: Set proper SK when CK_COND is set (bnc#833588).
  • libata: Set proper Sense Key for Check Condition (bnc#833588).
  • lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463).
  • md: Throttle number of pending write requests in md/raid10 (bnc#833858).
  • dm: ignore merge_bvec for snapshots when safe (bnc#820848).
  • fs: do_add_mount()/umount -l races (bnc#836801).
  • SUNRPC: close a rare race in xs_tcp_setup_socket (bnc#794824).
  • NFS: make nfs_flush_incompatible more generous (bnc#816099).
  • NFS: don't try to use lock state when we hold a delegation (bnc#831029).
  • NFS: nfs_lookup_revalidate(): fix a leak (bnc#828894).
  • cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950).
  • xfs: growfs: use uncached buffers for new headers (bnc#842604).
  • xfs: avoid double-free in xfs_attr_node_addname.
  • xfs: Check the return value of xfs_buf_get() (bnc#842604).
  • cifs: revalidate directories instiantiated via FIND_* in order to handle DFS referrals (bnc#831143).
  • cifs: don't instantiate new dentries in readdir for inodes that need to be revalidated immediately (bnc#831143).
  • cifs: rename cifs_readdir_lookup to cifs_prime_dcache and make it void return (bnc#831143).
  • cifs: get rid of blind d_drop() in readdir (bnc#831143).
  • cifs: cleanup cifs_filldir (bnc#831143).
  • cifs: on send failure, readjust server sequence number downward (bnc#827966).
  • cifs: adjust sequence number downward after signing NT_CANCEL request (bnc#827966).
  • cifs: on send failure, readjust server sequence number downward (bnc#827966).
  • cifs: adjust sequence number downward after signing NT_CANCEL request (bnc#827966).
  • reiserfs: fix race with flush_used_journal_lists and flush_journal_list (bnc#837803).
  • reiserfs: remove useless flush_old_journal_lists.
  • mvsas: add support for 9480 device id (bnc#843950).
  • drm/i915: Disable GGTT PTEs on GEN6+ suspend (bnc#800875).
  • drm/i915/hsw: Disable L3 caching of atomic memory operations (bnc#800875).
  • r8169: fix argument in rtl_hw_init_8168g (bnc#845352,bnc#842820).
  • r8169: support RTL8168G (bnc#845352,bnc#842820).
  • r8169: abstract out loop conditions (bnc#845352,bnc#842820).
  • r8169: mdio_ops signature change (bnc#845352,bnc#842820).
  • megaraid_sas: Disable controller reset for ppc (bnc#841050).
  • scsi_dh_alua: simplify alua_check_sense() (bnc#843642).
  • scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642).
  • scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645).
  • scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445).
  • scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429).
  • iscsi: don't hang in endless loop if no targets present (bnc#841094).
  • scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407).
  • quirks: add touchscreen that is dazzeled by remote wakeup (bnc#835930).
  • bnx2x: Change to D3hot only on removal (bnc#838448).
  • tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973,LTC#97595).
  • tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973,LTC#97595).
  • series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem (bnc#833635)
  • Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714).
  • Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346).
  • Drivers: hv: vmbus: Do not attempt to negoatiate a new version prematurely.
  • Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346).
  • Drivers: hv: vmbus: Terminate vmbus version negotiation on timeout.
  • Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714).
  • Drivers: hv: balloon: Initialize the transaction ID just before sending the packet.
  • Drivers: hv: remove HV_DRV_VERSION.
  • Drivers: hv: vmbus: Fix a bug in the handling of channel offers.
  • Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346).
  • mlx4: allow IB_QP_CREATE_USE_GFP_NOFS in mlx4_ib_create_qp() (bnc#822433).
  • drm/i915: disable sound first on intel_disable_ddi (bnc#833151).
  • ALSA: hda - Re-setup HDMI pin and audio infoframe on stream switches (bnc#833151).
  • drm/i915: HDMI/DP - ELD info refresh support for Haswell (bnc#833151).
  • drm/cirrus: This is a cirrus version of Egbert Eich's patch for mgag200 (bnc#808079).
  • vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321).
  • net/mlx4_en: Fix BlueFlame race (bnc#835684).
  • be2net: Check for POST state in suspend-resume sequence (bnc#835189).
  • be2net: bug fix on returning an invalid nic descriptor (bnc#835189).
  • be2net: provision VF resources before enabling SR-IOV (bnc#835189).
  • be2net: Fix firmware download for Lancer (bnc#835189).
  • be2net: Fix to use version 2 of cq_create for SkyHawk-R devices (bnc#835189).
  • be2net: Use GET_FUNCTION_CONFIG V1 cmd (bnc#835189).
  • be2net: Avoid flashing BE3 UFI on BE3-R chip (bnc#835189).
  • be2net: Use TXQ_CREATE_V2 cmd (bnc#835189).
  • ipv6: don't call fib6_run_gc() until routing is ready (bnc#836218).
  • ipv6: prevent fib6_run_gc() contention (bnc#797526).
  • ipv6: update ip6_rt_last_gc every time GC is run (bnc#797526).
  • netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853 bugzilla.netfilter.org:714).
  • netfilter: prevent race condition breaking net reference counting (bnc#835094).
  • sctp: deal with multiple COOKIE_ECHO chunks (bnc#826102).
  • net: remove skb_orphan_try() (bnc#834600).
  • bonding: check bond->vlgrp in bond_vlan_rx_kill_vid() (bnc#834905).
  • tools: hv: Improve error logging in VSS daemon.
  • tools: hv: Check return value of poll call.
  • tools: hv: Check return value of setsockopt call.
  • Tools: hv: fix send/recv buffer allocation.
  • Tools: hv: check return value of daemon to fix compiler warning.
  • Tools: hv: in kvp_set_ip_info free mac_addr right after usage.
  • Tools: hv: check return value of system in hv_kvp_daemon.
  • Tools: hv: correct payload size in netlink_send.
  • Tools: hv: use full nlmsghdr in netlink_send.
  • rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors (bnc#821465).
  • rpm/kernel-binary.spec.in: Move the xenpae obsolete to the old-flavors file.
  • rpm/old-flavors: Convert the old-packages.conf file to a flat list.
  • rpm/old-packages.conf: Drop bogus obsoletes for "smp" (bnc#821465).
  • rpm/kernel-binary.spec.in: Make sure that all KMP obsoletes are versioned (bnc#821465).
  • rpm/kernel-binary.spec.in: Remove unversioned provides/obsoletes for packages that were only seen in openSUSE releases up to 11.0. (bnc#821465).
  • sched/workqueue: Only wake up idle workers if not blocked on sleeping spin lock.
  • genirq: Set irq thread to RT priority on creation.
  • timers: prepare for full preemption improve.
  • kernel/cpu: fix cpu down problem if kthread's cpu is going down.
  • kernel/hotplug: restore original cpu mask oncpu/down.
  • drm/i915: drop trace_i915_gem_ring_dispatch on rt.
  • rt,ntp: Move call to schedule_delayed_work() to helper thread.
  • hwlat-detector: Update hwlat_detector to add outer loop detection.
  • hwlat-detect/trace: Export trace_clock_local for hwlat-detector.
  • hwlat-detector: Use trace_clock_local if available.
  • hwlat-detector: Use thread instead of stop machine.
  • genirq: do not invoke the affinity callback via a workqueue.
  • Btrfs: fix negative qgroup tracking from owner accounting (bnc#821948).
  • Btrfs: add missing error checks to add_data_references.
  • Btrfs: change how we queue blocks for backref checking.
  • Btrfs: add missing error handling to read_tree_block.
  • Btrfs: handle errors when doing slow caching.
  • Btrfs: fix inode leak on kmalloc failure in tree-log.c.
  • Btrfs: don't ignore errors from btrfs_run_delayed_items.
  • Btrfs: fix oops when writing dirty qgroups to disk.
  • Btrfs: do not clear our orphan item runtime flag on eexist.
  • Btrfs: remove ourselves from the cluster list under lock.
  • Btrfs: remove unnecessary ->s_umount in cleaner_kthread().
  • Btrfs: make the cleaner complete early when the fs is going to be umounted.
  • Btrfs: move the R/O check out of btrfs_clean_one_deleted_snapshot().
  • Btrfs: make the snap/subv deletion end more early when the fs is R/O.
  • Btrfs: optimize key searches in btrfs_search_slot.
  • Btrfs: fix printing of non NULL terminated string.
  • Btrfs: fix memory leak of orphan block rsv.
  • Btrfs: don't miss inode ref items in BTRFS_IOC_INO_LOOKUP.
  • Btrfs: add missing error code to BTRFS_IOC_INO_LOOKUP handler.
  • Btrfs: fix the error handling wrt orphan items.
  • Btrfs: don't allow a subvol to be deleted if it is the default subovl.
  • Btrfs: return ENOSPC when target space is full.
  • Btrfs: don't bug_on when we fail when cleaning up transactions.
  • Btrfs: add missing mounting options in btrfs_show_options().
  • Btrfs: use u64 for subvolid when parsing mount options.
  • Btrfs: add sanity checks regarding to parsing mount options.
  • Btrfs: cleanup reloc roots properly on error.
  • Btrfs: reset ret in record_one_backref.
  • Btrfs: fix get set label blocking against balance.
  • Btrfs: fall back to global reservation when removing subvolumes.
  • Btrfs: Release uuid_mutex for shrink during device delete.
  • Btrfs: update fixups from 3.11
  • Btrfs: add ioctl to wait for qgroup rescan completion.
  • Btrfs: remove useless copy in quota_ctl.
  • Btrfs: do delay iput in sync_fs.
  • Btrfs: fix estale with btrfs send.
  • Btrfs: return error code in btrfs_check_trunc_cache_free_space().
  • Btrfs: dont do log_removal in insert_new_root.
  • Btrfs: check if leaf's parent exists before pushing items around.
  • Btrfs: allow file data clone within a file.
  • Btrfs: simplify unlink reservations.
  • Btrfs: fix qgroup rescan resume on mount.
  • Btrfs: do not pin while under spin lock.
  • Btrfs: add some missing iput()'s in btrfs_orphan_cleanup.
  • Btrfs: put our inode if orphan cleanup fails.
  • Btrfs: exclude logged extents before replying when we are mixed.
  • Btrfs: fix broken nocow after balance.
  • Btrfs: wake up delayed ref flushing waiters on abort.
  • Btrfs: stop waiting on current trans if we aborted.
  • Btrfs: fix transaction throttling for delayed refs.
  • Btrfs: free csums when we're done scrubbing an extent.
  • Btrfs: unlock extent range on enospc in compressed submit.
  • Btrfs: stop using try_to_writeback_inodes_sb_nr to flush delalloc.
  • Btrfs: check if we can nocow if we don't have data space.
  • Btrfs: cleanup orphaned root orphan item.
  • Btrfs: hold the tree mod lock in __tree_mod_log_rewind.
  • Btrfs: only do the tree_mod_log_free_eb if this is our last ref.
  • Btrfs: wait ordered range before doing direct io.
  • Btrfs: update drop progress before stopping snapshot dropping.
  • Btrfs: fix lock leak when resuming snapshot deletion.
  • Btrfs: re-add root to dead root list if we stop dropping it.
  • Btrfs: fix file truncation if FALLOC_FL_KEEP_SIZE is specified.
  • Btrfs: fix a bug of snapshot-aware defrag to make it work on partial extents.
  • Btrfs: fix extent buffer leak after backref walking.
  • Btrfs: do not offset physical if we're compressed.
  • Btrfs: fix backref walking when we hit a compressed extent.
  • Btrfs: make sure the backref walker catches all refs to our extent.
  • Btrfs: release both paths before logging dir/changed extents.
  • Btrfs: add btrfs_fs_incompat helper.
  • Btrfs: merge save_error_info helpers into one.
  • Btrfs: clean up transaction abort messages.
  • Btrfs: cleanup unused arguments of btrfs_csum_data.
  • Btrfs: use helper to cleanup tree roots.
  • Btrfs: share stop worker code.
  • Btrfs: Cleanup some redundant codes in btrfs_lookup_csums_range().
  • Btrfs: clean snapshots one by one.
  • Btrfs: deprecate subvolrootid mount option.
  • Btrfs: make orphan cleanup less verbose.
  • Btrfs: cover more error codes in btrfs_decode_error.
  • Btrfs: make subvol creation/deletion killable in the early stages.
  • Btrfs: fix a warning when disabling quota.
  • Btrfs: fix infinite loop when we abort on mount.
  • Btrfs: compare relevant parts of delayed tree refs.
  • Btrfs: kill some BUG_ONs() in the find_parent_nodes().
  • Btrfs: fix double free in the iterate_extent_inodes().
  • Btrfs: fix error handling in make/read block group.
  • Btrfs: don't wait on ordered extents if we have a trans open.
  • Btrfs: log ram bytes properly.
  • Btrfs: fix bad extent logging.
  • Btrfs: improve the performance of the csums lookup.
  • Btrfs: ignore device open failures in __btrfs_open_devices.
  • Btrfs: abort unlink trans in missed error case.
  • Btrfs: creating the subvolume qgroup automatically when enabling quota.
  • Btrfs: introduce a mutex lock for btrfs quota operations.
  • Btrfs: remove some unnecessary spin_lock usages.
  • Btrfs: fix missing check before creating a qgroup relation.
  • Btrfs: fix missing check in the btrfs_qgroup_inherit().
  • Btrfs: fix a warning when updating qgroup limit.
  • Btrfs: use tree_root to avoid edquot when disabling quota.
  • Btrfs: remove some BUG_ONs() when walking backref tree.
  • Btrfs: make __merge_refs() return type be void.
  • Btrfs: add a rb_tree to improve performance of ulist search.
  • Btrfs: fix unblocked autodefraggers when remount.
  • Btrfs: fix tree mod log regression on root split operations.
  • Btrfs: fix accessing the root pointer in tree mod log functions.
  • Btrfs: fix unlock after free on rewinded tree blocks.
  • Btrfs: do not continue if out of memory happens.
  • Btrfs: fix confusing edquot happening case.
  • Btrfs: remove unused argument of fixup_low_keys().
  • Btrfs: fix reada debug code compilation.
  • Btrfs: return error when we specify wrong start to defrag.
  • Btrfs: don't force pages under writeback to finish when aborting.
  • Btrfs: clear received_uuid field for new writable snapshots.
  • Btrfs: fix missing check about ulist_add() in qgroup.c.
  • Btrfs: add all ioctl checks before user change for quota operations.
  • Btrfs: fix lockdep warning.
  • Btrfs: fix possible infinite loop in slow caching.
  • Btrfs: use REQ_META for all metadata IO.
  • Btrfs: deal with bad mappings in btrfs_map_block.
  • Btrfs: don't call readahead hook until we have read the entire eb.
  • Btrfs: don't BUG_ON() in btrfs_num_copies.
  • Btrfs: don't try and free ebs twice in log replay.
  • Btrfs: add tree block level sanity check.
  • Btrfs: only exclude supers in the range of our block group.
  • Btrfs: fix all callers of read_tree_block.
  • Btrfs: fix extent logging with O_DIRECT into prealloc.
  • Btrfs: cleanup fs roots if we fail to mount.
  • Btrfs: don't panic if we're trying to drop too many refs.
  • Btrfs: check return value of commit when recovering log.
  • Btrfs: cleanup destroy_marked_extents.
  • Btrfs: various abort cleanups.
  • Btrfs: fix error handling in btrfs_ioctl_send().
  • Btrfs: set UUID in root_item for created trees.
  • Btrfs: return free space in cow error path.
  • Btrfs: separate sequence numbers for delayed ref tracking and tree mod log.
  • Btrfs: allocate new chunks if the space is not enough for global rsv.
  • Btrfs: split btrfs_qgroup_account_ref into four functions (FATE#312751).
  • Btrfs: rescan for qgroups (FATE#312751).
  • Btrfs: automatic rescan after "quota enable" command (FATE#312751).
  • Btrfs: deal with free space cache errors while replaying log.
  • Btrfs: remove almost all of the BUG()'s from tree-log.c.
  • Btrfs: deal with errors in write_dev_supers.
  • Btrfs: make static code static & remove dead code.
  • Btrfs: handle errors returned from get_tree_block_key.
  • Btrfs: remove unused gfp mask parameter from release_extent_buffer callchain.
  • Btrfs: read entire device info under lock.
  • Btrfs: improve the loop of scrub_stripe.
  • Btrfs: use unsigned long type for extent state bits.
  • Btrfs: enhance superblock checks.
  • Btrfs: allow superblock mismatch from older mkfs.
  • Btrfs: annotate quota tree for lockdep.
  • Btrfs: fix off-by-one in fiemap.
  • Btrfs: don't stop searching after encountering the wrong item.
  • Btrfs: don't null pointer deref on abort.
  • Btrfs: remove warn on in free space cache writeout.
  • Btrfs: fix possible memory leak in the find_parent_nodes().
  • Btrfs: fix possible memory leak in replace_path().
  • Btrfs: don't abort the current transaction if there is no enough space for inode cache.
  • Btrfs: don't use global block reservation for inode cache truncation.
  • Btrfs: optimize the error handle of use_block_rsv().
  • Btrfs: don't steal the reserved space from the global reserve if their space type is different.
  • Btrfs: update the global reserve if it is empty.
  • Btrfs: return errno if possible when we fail to allocate memory.
  • Btrfs: fix accessing a freed tree root.
  • Btrfs: fix unprotected root node of the subvolume's inode rb-tree.
  • Btrfs: pause the space balance when remounting to R/O.
  • Btrfs: remove BUG_ON() in btrfs_read_fs_tree_no_radix().
  • Btrfs: don't invoke btrfs_invalidate_inodes() in the spin lock context.
  • Btrfs: do away with non-whole_page extent I/O.
  • Btrfs: explicitly use global_block_rsv for quota_tree.
  • Btrfs: make sure roots are assigned before freeing their nodes.
  • Btrfs: don't delete fs_roots until after we cleanup the transaction.
  • Btrfs: Drop inode if inode root is NULL.
  • Btrfs: init relocate extent_io_tree with a mapping.
  • Btrfs: fix use-after-free bug during umount.
  • Btrfs: stop all workers before cleaning up roots.
  • Btrfs: add log message stubs.

Security Issues:

  • CVE-2013-2206 <<a rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206</a> >