Security update for Linux kernel (important)

The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to fix
security issues on kernels on the x86_64 architecture.

The following security bugs have been fixed:

   * CVE-2013-4299: Interpretation conflict in
     drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6
     allowed remote authenticated users to obtain sensitive information
     or modify data via a crafted mapping to a snapshot block device
     (bnc#846404).
   * CVE-2014-8160: SCTP firewalling failed until the SCTP module was
     loaded (bnc#913059).
   * CVE-2014-9584: The parse_rock_ridge_inode_internal function in
     fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a
     length value in the Extensions Reference (ER) System Use Field,
     which allowed local users to obtain sensitive information from
     kernel memory via a crafted iso9660 image (bnc#912654).
   * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
     Linux kernel through 3.18.2 did not properly choose memory locations
     for the vDSO area, which made it easier for local users to bypass
     the ASLR protection mechanism by guessing a location at the end of a
     PMD (bnc#912705).
   * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
     Linux kernel through 3.18.1 did not restrict the number of Rock
     Ridge continuation entries, which allowed local users to cause a
     denial of service (infinite loop, and system crash or hang) via a
     crafted iso9660 image (bnc#911325).
   * CVE-2014-0181: The Netlink implementation in the Linux kernel
     through 3.14.1 did not provide a mechanism for authorizing socket
     operations based on the opener of a socket, which allowed local
     users to bypass intended access restrictions and modify network
     configurations by using a Netlink socket for the (1) stdout or (2)
     stderr of a setuid program (bnc#875051).
   * CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in the Linux
     kernel before 2.6.38 allowed L2 guest OS users to cause a denial of
     service (L1 guest OS crash) via a crafted instruction that triggers
     an L2 emulation failure report, a similar issue to CVE-2014-7842
     (bnc#907822).
   * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux
     kernel before 3.17.4 allowed guest OS users to cause a denial of
     service (guest OS crash) via a crafted application that performs an
     MMIO transaction or a PIO transaction to trigger a guest userspace
     emulation error report, a similar issue to CVE-2010-5313
     (bnc#905312).
   * CVE-2014-3688: The SCTP implementation in the Linux kernel before
     3.17.4 allowed remote attackers to cause a denial of service (memory
     consumption) by triggering a large number of chunks in an
     associations output queue, as demonstrated by ASCONF probes, related
     to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).
   * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in
     net/sctp/associola.c in the SCTP implementation in the Linux kernel
     through 3.17.2 allowed remote attackers to cause a denial of service
     (panic) via duplicate ASCONF chunks that trigger an incorrect uncork
     within the side-effect interpreter (bnc#902349).
   * CVE-2014-3673: The SCTP implementation in the Linux kernel through
     3.17.2 allowed remote attackers to cause a denial of service (system
     crash) via a malformed ASCONF chunk, related to
     net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).
   * CVE-2014-7841: The sctp_process_param function in
     net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux
     kernel before 3.17.4, when ASCONF is used, allowed remote attackers
     to cause a denial of service (NULL pointer dereference and system
     crash) via a malformed INIT chunk (bnc#905100).
   * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c
     in the Linux kernel before 3.13.5 did not properly maintain a
     certain tail pointer, which allowed remote attackers to obtain
     sensitive cleartext information by reading packets (bnc#904700).
   * CVE-2013-7263: The Linux kernel before 3.12.4 updated certain length
     values before ensuring that associated data structures have been
     initialized, which allowed local users to obtain sensitive
     information from kernel stack memory via a (1) recvfrom, (2)
     recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,
     net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c
     (bnc#857643).
   * CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in
     the Linux kernel before 3.5.7 did not ensure that a keepalive action
     is associated with a stream socket, which allowed local users to
     cause a denial of service (system crash) by leveraging the ability
     to create a raw socket (bnc#896779).
   * CVE-2014-3185: Multiple buffer overflows in the
     command_port_read_callback function in
     drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in
     the Linux kernel before 3.16.2 allowed physically proximate
     attackers to execute arbitrary code or cause a denial of service
     (memory corruption and system crash) via a crafted device that
     provides a large amount of (1) EHCI or (2) XHCI data associated with
     a bulk response (bnc#896391).
   * CVE-2014-3184: The report_fixup functions in the HID subsystem in
     the Linux kernel before 3.16.2 might allow physically proximate
     attackers to cause a denial of service (out-of-bounds write) via a
     crafted device that provides a small report descriptor, related to
     (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)
     drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)
     drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c
     (bnc#896390).

The following non-security bugs have been fixed:

   * KVM: SVM: Make Use of the generic guest-mode functions (bnc#907822).
   * KVM: inject #UD if instruction emulation fails and exit to userspace
     (bnc#907822).
   * block: Fix bogus partition statistics reports (bnc#885077
     bnc#891211).
   * block: skip request queue cleanup if no elevator is assigned
     (bnc#899338).
   * isofs: Fix unchecked printing of ER records.
   * Re-enable nested-spinlocks-backport patch for xen (bnc#908870).
   * time, ntp: Do not update time_state in middle of leap second
     (bnc#912916).
   * timekeeping: Avoid possible deadlock from clock_was_set_delayed
     (bnc#771619, bnc#915335).
   * udf: Check component length before reading it.
   * udf: Check path length when reading symlink.
   * udf: Verify i_size when loading inode.
   * udf: Verify symlink size before loading it.
   * vt: prevent race between modifying and reading unicode map
     (bnc#915826).
   * writeback: Do not sync data dirtied after sync start (bnc#833820).
   * xfs: Avoid blocking on inode flush in background inode reclaim
     (bnc#892235).

Security Issues:

   * CVE-2010-5313
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313</a>&gt;
   * CVE-2012-6657
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657</a>&gt;
   * CVE-2013-4299
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299</a>&gt;
   * CVE-2013-7263
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>&gt;
   * CVE-2014-0181
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>&gt;
   * CVE-2014-3184
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>&gt;
   * CVE-2014-3185
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>&gt;
   * CVE-2014-3673
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>&gt;
   * CVE-2014-3687
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>&gt;
   * CVE-2014-3688
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>&gt;
   * CVE-2014-7841
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>&gt;
   * CVE-2014-7842
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>&gt;
   * CVE-2014-8160
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160</a>&gt;
   * CVE-2014-8709
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>&gt;
   * CVE-2014-9420
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420</a>&gt;
   * CVE-2014-9584
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>&gt;
   * CVE-2014-9585
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>&gt;