Security update for Linux kernel (important)

The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated
to fix security issues on kernels on the x86_64 architecture.

The following security bugs have been fixed:

   * CVE-2012-4398: The __request_module function in kernel/kmod.c in the
     Linux kernel before 3.4 did not set a certain killable attribute,
     which allowed local users to cause a denial of service (memory
     consumption) via a crafted application (bnc#779488).
   * CVE-2013-2893: The Human Interface Device (HID) subsystem in the
     Linux kernel through 3.11, when CONFIG_LOGITECH_FF,
     CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed
     physically proximate attackers to cause a denial of service
     (heap-based out-of-bounds write) via a crafted device, related to
     (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3)
     drivers/hid/hid-lg4ff.c (bnc#835839).
   * CVE-2013-2897: Multiple array index errors in
     drivers/hid/hid-multitouch.c in the Human Interface Device (HID)
     subsystem in the Linux kernel through 3.11, when
     CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate
     attackers to cause a denial of service (heap memory corruption, or
     NULL pointer dereference and OOPS) via a crafted device (bnc#835839).
   * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface
     Device (HID) subsystem in the Linux kernel through 3.11, when
     CONFIG_HID_PICOLCD is enabled, allowed physically proximate
     attackers to cause a denial of service (NULL pointer dereference and
     OOPS) via a crafted device (bnc#835839).
   * CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use
     the get_dumpable function, which allowed local users to bypass
     intended ptrace restrictions or obtain sensitive information from
     IA64 scratch registers via a crafted application, related to
     kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652).
   * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length
     values before ensuring that associated data structures have been
     initialized, which allowed local users to obtain sensitive
     information from kernel stack memory via a (1) recvfrom, (2)
     recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,
     net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c
     (bnc#857643).
   * CVE-2014-0131: Use-after-free vulnerability in the skb_segment
     function in net/core/skbuff.c in the Linux kernel through 3.13.6
     allowed attackers to obtain sensitive information from kernel memory
     by leveraging the absence of a certain orphaning operation
     (bnc#867723).
   * CVE-2014-0181: The Netlink implementation in the Linux kernel
     through 3.14.1 did not provide a mechanism for authorizing socket
     operations based on the opener of a socket, which allowed local
     users to bypass intended access restrictions and modify network
     configurations by using a Netlink socket for the (1) stdout or (2)
     stderr of a setuid program (bnc#875051).
   * CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the
     Linux kernel through 3.13.6 did not properly count the addition of
     routes, which allowed remote attackers to cause a denial of service
     (memory consumption) via a flood of ICMPv6 Router Advertisement
     packets (bnc#867531).
   * CVE-2014-3181: Multiple stack-based buffer overflows in the
     magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the
     Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed
     physically proximate attackers to cause a denial of service (system
     crash) or possibly execute arbitrary code via a crafted device that
     provides a large amount of (1) EHCI or (2) XHCI data associated with
     an event (bnc#896382).
   * CVE-2014-3184: The report_fixup functions in the HID subsystem in
     the Linux kernel before 3.16.2 might have allowed physically
     proximate attackers to cause a denial of service (out-of-bounds
     write) via a crafted device that provides a small report descriptor,
     related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c,
     (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)
     drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c
     (bnc#896390).
   * CVE-2014-3185: Multiple buffer overflows in the
     command_port_read_callback function in
     drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in
     the Linux kernel before 3.16.2 allowed physically proximate
     attackers to execute arbitrary code or cause a denial of service
     (memory corruption and system crash) via a crafted device that
     provides a large amount of (1) EHCI or (2) XHCI data associated with
     a bulk response (bnc#896391).
   * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in
     devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in
     the Linux kernel through 3.16.3, as used in Android on Nexus 7
     devices, allowed physically proximate attackers to cause a denial of
     service (system crash) or possibly execute arbitrary code via a
     crafted device that sends a large report (bnc#896392).
   * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c
     in the Linux kernel through 3.16.1 miscalculates the number of pages
     during the handling of a mapping failure, which allowed guest OS
     users to (1) cause a denial of service (host OS memory corruption)
     or possibly have unspecified other impact by triggering a large gfn
     value or (2) cause a denial of service (host OS memory consumption)
     by triggering a small gfn value that leads to permanently pinned
     pages (bnc#892782).
   * CVE-2014-3610: The WRMSR processing functionality in the KVM
     subsystem in the Linux kernel through 3.17.2 did not properly handle
     the writing of a non-canonical address to a model-specific register,
     which allowed guest OS users to cause a denial of service (host OS
     crash) by leveraging guest OS privileges, related to the
     wrmsr_interception function in arch/x86/kvm/svm.c and the
     handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192).
   * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
     kernel through 3.17.2 did not have an exit handler for the INVVPID
     instruction, which allowed guest OS users to cause a denial of
     service (guest OS crash) via a crafted application (bnc#899192).
   * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the
     Linux kernel through 3.17.2 did not properly perform RIP changes,
     which allowed guest OS users to cause a denial of service (guest OS
     crash) via a crafted application (bnc#899192).
   * CVE-2014-3673: The SCTP implementation in the Linux kernel through
     3.17.2 allowed remote attackers to cause a denial of service (system
     crash) via a malformed ASCONF chunk, related to
     net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).
   * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in
     net/sctp/associola.c in the SCTP implementation in the Linux kernel
     through 3.17.2 allowed remote attackers to cause a denial of service
     (panic) via duplicate ASCONF chunks that trigger an incorrect uncork
     within the side-effect interpreter (bnc#902349).
   * CVE-2014-3688: The SCTP implementation in the Linux kernel before
     3.17.4 allowed remote attackers to cause a denial of service (memory
     consumption) by triggering a large number of chunks in an
     associations output queue, as demonstrated by ASCONF probes, related
     to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).
   * CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
     kernel before 3.17.2 on Intel processors did not ensure that the
     value in the CR4 control register remains the same after a VM entry,
     which allowed host OS users to kill arbitrary processes or cause a
     denial of service (system disruption) by leveraging /dev/kvm access,
     as demonstrated by PR_SET_TSC prctl calls within a modified copy of
     QEMU (bnc#902232).
   * CVE-2014-4608: Multiple integer overflows in the
     lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in
     the LZO decompressor in the Linux kernel before 3.15.2 allowed
     context-dependent attackers to cause a denial of service (memory
     corruption) via a crafted Literal Run (bnc#883948).
   * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the
     Linux kernel through 3.15.6 allowed local users to gain privileges
     by leveraging data-structure differences between an l2tp socket and
     an inet socket (bnc#887082).
   * CVE-2014-5471: Stack consumption vulnerability in the
     parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the
     Linux kernel through 3.16.1 allowed local users to cause a denial of
     service (uncontrolled recursion, and system crash or reboot) via a
     crafted iso9660 image with a CL entry referring to a directory entry
     that has a CL entry (bnc#892490).
   * CVE-2014-5472: The parse_rock_ridge_inode_internal function in
     fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local
     users to cause a denial of service (unkillable mount process) via a
     crafted iso9660 image with a self-referential CL entry (bnc#892490).
   * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel
     through 3.17.2 did not properly handle private syscall numbers
     during use of the ftrace subsystem, which allowed local users to
     gain privileges or cause a denial of service (invalid pointer
     dereference) via a crafted application (bnc#904013).
   * CVE-2014-7841: The sctp_process_param function in
     net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux
     kernel before 3.17.4, when ASCONF is used, allowed remote attackers
     to cause a denial of service (NULL pointer dereference and system
     crash) via a malformed INIT chunk (bnc#905100).
   * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux
     kernel before 3.17.4 allowed guest OS users to cause a denial of
     service (guest OS crash) via a crafted application that performs an
     MMIO transaction or a PIO transaction to trigger a guest userspace
     emulation error report, a similar issue to CVE-2010-5313
     (bnc#905312).
   * CVE-2014-8134: The paravirt_ops_setup function in
     arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an
     improper paravirt_enabled setting for KVM guest kernels, which made
     it easier for guest OS users to bypass the ASLR protection mechanism
     via a crafted application that reads a 16-bit value (bnc#909078).
   * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c
     in the Linux kernel through 3.17.2 miscalculates the number of pages
     during the handling of a mapping failure, which allowed guest OS
     users to cause a denial of service (host OS page unpinning) or
     possibly have unspecified other impact by leveraging guest OS
     privileges. NOTE: this vulnerability exists because of an incorrect
     fix for CVE-2014-3601 (bnc#902675).
   * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux
     kernel through 3.17.2 did not properly maintain the semantics of
     rename_lock, which allowed local users to cause a denial of service
     (deadlock and system hang) via a crafted application (bnc#903640).
   * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c
     in the Linux kernel before 3.13.5 did not properly maintain a
     certain tail pointer, which allowed remote attackers to obtain
     sensitive cleartext information by reading packets (bnc#904700).
   * CVE-2014-9584: The parse_rock_ridge_inode_internal function in
     fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a
     length value in the Extensions Reference (ER) System Use Field,
     which allowed local users to obtain sensitive information from
     kernel memory via a crafted iso9660 image (bnc#912654).
   * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
     Linux kernel through 3.18.2 did not properly choose memory locations
     for the vDSO area, which made it easier for local users to bypass
     the ASLR protection mechanism by guessing a location at the end of a
     PMD (bnc#912705).

The following non-security bugs have been fixed:

   * Fix HDIO_DRIVE_* ioctl() Linux 3.9 regression (bnc#833588,
     bnc#905799).
   * HID: add usage_index in struct hid_usage (bnc#835839).
   * Revert PM / reboot: call syscore_shutdown() after
     disable_nonboot_cpus() Reduce time to shutdown large machines
     (bnc#865442 bnc#907396).
   * Revert kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()
     Reduce time to shutdown large machines (bnc#865442 bnc#907396).
   * dm-mpath: fix panic on deleting sg device (bnc#870161).
   * futex: Unlock hb->lock in futex_wait_requeue_pi() error path (fix
     bnc#880892).
   * handle more than just WS2008 in heartbeat negotiation (bnc#901885).
   * memcg: do not expose uninitialized mem_cgroup_per_node to world
     (bnc#883096).
   * mm: fix BUG in __split_huge_page_pmd (bnc#906586).
   * pagecachelimit: reduce lru_lock congestion for heavy parallel
     reclaim fix (bnc#895680, bnc#907189).
   * s390/3215: fix hanging console issue (bnc#898693, bnc#897995,
     LTC#115466).
   * s390/cio: improve cio_commit_config (bnc#864049, bnc#898693,
     LTC#104168).
   * scsi_dh_alua: disable ALUA handling for non-disk devices
     (bnc#876633).
   * target/rd: Refactor rd_build_device_space + rd_release_device_space.
   * timekeeping: Avoid possible deadlock from clock_was_set_delayed
     (bnc#771619, bnc#915335).
   * xfs: recheck buffer pinned status after push trylock failure
     (bnc#907338).
   * xfs: remove log force from xfs_buf_trylock() (bnc#907338).

Security Issues:

   * CVE-2012-4398
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398</a>&gt;
   * CVE-2013-2893
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893</a>&gt;
   * CVE-2013-2897
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897</a>&gt;
   * CVE-2013-2899
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899</a>&gt;
   * CVE-2013-2929
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929</a>&gt;
   * CVE-2013-7263
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>&gt;
   * CVE-2014-0131
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131</a>&gt;
   * CVE-2014-0181
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>&gt;
   * CVE-2014-2309
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309</a>&gt;
   * CVE-2014-3181
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181</a>&gt;
   * CVE-2014-3184
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>&gt;
   * CVE-2014-3185
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>&gt;
   * CVE-2014-3186
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186</a>&gt;
   * CVE-2014-3601
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601</a>&gt;
   * CVE-2014-3610
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610</a>&gt;
   * CVE-2014-3646
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646</a>&gt;
   * CVE-2014-3647
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647</a>&gt;
   * CVE-2014-3673
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>&gt;
   * CVE-2014-3687
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>&gt;
   * CVE-2014-3688
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>&gt;
   * CVE-2014-3690
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690</a>&gt;
   * CVE-2014-4608
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>&gt;
   * CVE-2014-4943
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943</a>&gt;
   * CVE-2014-5471
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471</a>&gt;
   * CVE-2014-5472
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472</a>&gt;
   * CVE-2014-7826
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826</a>&gt;
   * CVE-2014-7841
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>&gt;
   * CVE-2014-7842
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>&gt;
   * CVE-2014-8134
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134</a>&gt;
   * CVE-2014-8369
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369</a>&gt;
   * CVE-2014-8559
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559</a>&gt;
   * CVE-2014-8709
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>&gt;
   * CVE-2014-9584
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>&gt;
   * CVE-2014-9585
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>&gt;