The SUSE Linux Enterprise 11 Service Pack 3 RealTime
Extension kernel has been updated to fix various bugs and
security issues.
The following security bugs have been fixed:
CVE-2013-4470: The Linux kernel before 3.12, when UDP
Fragmentation Offload (UFO) is enabled, does not properly
initialize certain data structures, which allows local
users to cause a denial of service (memory corruption and
system crash) or possibly gain privileges via a crafted
application that uses the UDP_CORK option in a setsockopt
system call and sends both short and long packets, related
to the ip_ufo_append_data function in net/ipv4/ip_output.c
and the ip6_ufo_append_data function in
net/ipv6/ip6_output.c. (bnc#847672)
CVE-2013-6368: The KVM subsystem in the Linux kernel
through 3.12.5 allows local users to gain privileges or
cause a denial of service (system crash) via a VAPIC
synchronization operation involving a page-end address.
(bnc#853052)
CVE-2013-6885: The microcode on AMD 16h 00h through
0Fh processors does not properly handle the interaction
between locked instructions and write-combined memory
types, which allows local users to cause a denial of
service (system hang) via a crafted application, aka the
errata 793 issue. (bnc#852967)
CVE-2013-7263: The Linux kernel before 3.12.4 updates
certain length values before ensuring that associated data
structures have been initialized, which allows local users
to obtain sensitive information from kernel stack memory
via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
call, related to net/ipv4/ping.c, net/ipv4/raw.c,
net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
(bnc#857643)
CVE-2013-7264: The l2tp_ip_recvmsg function in
net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4
updates a certain length value before ensuring that an
associated data structure has been initialized, which
allows local users to obtain sensitive information from
kernel stack memory via a (1) recvfrom, (2) recvmmsg, or
(3) recvmsg system call. (bnc#857643)
CVE-2013-7265: The pn_recvmsg function in
net/phonet/datagram.c in the Linux kernel before 3.12.4
updates a certain length value before ensuring that an
associated data structure has been initialized, which
allows local users to obtain sensitive information from
kernel stack memory via a (1) recvfrom, (2) recvmmsg, or
(3) recvmsg system call. (bnc#857643)
CVE-2014-0069: The cifs_iovec_write function in
fs/cifs/file.c in the Linux kernel through 3.13.5 does not
properly handle uncached write operations that copy fewer
than the requested number of bytes, which allows local
users to obtain sensitive information from kernel memory,
cause a denial of service (memory corruption and system
crash), or possibly gain privileges via a writev system
call with a crafted pointer. (bnc#864025)
Also the following non-security bugs have been fixed:
mm: reschedule to avoid RCU stall triggering during
boot of large machines (bnc#820434,bnc#852153).
arch/x86: Fix incorrect config symbol in #ifdef
(bnc#844513).
x86/dumpstack: Fix printk_address for direct
addresses (bnc#845621).
ipv6 routing, NLM_F_* flag support: REPLACE and EXCL
flags support, warn about missing CREATE flag (bnc#865783).
macvlan: disable LRO on lower device instead of
macvlan (bnc#846984).
dlm: remove get_comm (bnc#827670).
dlm: fix return value from lockspace_busy()
(bnc#827670).
NFSD/sunrpc: avoid deadlock on TCP connection due to
memory pressure (bnc#853455).
fs/buffer.c: change type of max_buffer_heads to
unsigned long (bnc#864058).
dm-multipath: abort all requests when failing a path
(bnc#798050).
dm-multipath: Do not stall on invalid ioctls
(bnc#865342).
scsi: kABI fixes (bnc#798050).
scsi_dh_rdac: Add new IBM 1813 product id to rdac
devlist (bnc#846654).
xhci: Fix resume issues on Renesas chips in Samsung
laptops (bnc#866253).
md: Change handling of save_raid_disk and metadata
update during recovery (bnc#849364).
s390: Avoid kabi change due to newly visible
structures.
s390/pci: remove PCI/MSI interruption class
(FATE#83037, LTC#94737).
advansys: Remove "last_reset" references (bnc#798050).
bnx2x: remove false warning regarding interrupt
number (bnc#769035).
block: factor out vector mergeable decision to a
helper function (bnc#769644).
block: modify __bio_add_page check to accept pages
that do not start a new segment (bnc#769644).
HID: multitouch: Add support for NextWindow 0340
touchscreen (bnc#849855).
download.suse.com/patch/finder/?keywords=8d7793c0cc8432bc1d41b3b09abc3f8a
bugzilla.novell.com/599263
bugzilla.novell.com/769035
bugzilla.novell.com/769644
bugzilla.novell.com/793727
bugzilla.novell.com/798050
bugzilla.novell.com/805114
bugzilla.novell.com/805740
bugzilla.novell.com/820434
bugzilla.novell.com/823618
bugzilla.novell.com/827670
bugzilla.novell.com/833968
bugzilla.novell.com/844513
bugzilla.novell.com/845378
bugzilla.novell.com/845621
bugzilla.novell.com/846654
bugzilla.novell.com/846790
bugzilla.novell.com/846984
bugzilla.novell.com/847672
bugzilla.novell.com/848055
bugzilla.novell.com/849364
bugzilla.novell.com/849855
bugzilla.novell.com/851603
bugzilla.novell.com/852153
bugzilla.novell.com/852488
bugzilla.novell.com/852967
bugzilla.novell.com/853052
bugzilla.novell.com/853162
bugzilla.novell.com/853166
bugzilla.novell.com/853455
bugzilla.novell.com/854025
bugzilla.novell.com/854445
bugzilla.novell.com/854516
bugzilla.novell.com/855825
bugzilla.novell.com/855885
bugzilla.novell.com/856848
bugzilla.novell.com/857358
bugzilla.novell.com/857643
bugzilla.novell.com/857919
bugzilla.novell.com/858534
bugzilla.novell.com/858604
bugzilla.novell.com/858831
bugzilla.novell.com/859225
bugzilla.novell.com/859342
bugzilla.novell.com/861093
bugzilla.novell.com/862796
bugzilla.novell.com/862957
bugzilla.novell.com/863178
bugzilla.novell.com/863526
bugzilla.novell.com/864025
bugzilla.novell.com/864058
bugzilla.novell.com/864833
bugzilla.novell.com/864880
bugzilla.novell.com/865342
bugzilla.novell.com/865783
bugzilla.novell.com/866253
bugzilla.novell.com/866428
bugzilla.novell.com/870801