SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0759-2 Rating: important References: #578046 #651219 #714604 #722398 #730117 #736149 #738210 #744692 #753371 #754583 #754898 #758040 #758243 #761849 #762424 #763494 #767612 #768052 #773577 #776787 #777616 #777746 #779577 #780977 #786150 #786814 #786900 #787821 #788826 #789235 #789311 #789359 #790867 #792674 #792793 #793139 #793671 #794513 #794529 #794805 #795269 #795928 #795957 #795961 #796412 #796418 #796823 #797042 #797175 #798921 #799197 #799209 #799270 #799275 #799578 #799926 #800280 #800701 #801038 #801178 #801713 #801717 #801720 #801782 #802153 #802353 #802445 #802642 #802712 #803056 #803067 #803394 #803674 #803712 #804154 #804220 #804609 #804656 #805227 #805823 #806138 #806238 #806395 #806404 #806431 #806466 #806469 #806492 #806631 #806825 #806847 #806908 #806976 #806980 #807431 #807517 #807560 #807853 #808166 #808307 #808358 #808827 #808829 #808966 #808991 #809155 #809166 #809375 #809493 #809748 #809902 #809903 #810473 #812281 #812315 #813963 #816443 Cross-References: CVE-2012-2137 CVE-2012-6548 CVE-2012-6549 CVE-2013-0160 CVE-2013-0216 CVE-2013-0231 CVE-2013-0268 CVE-2013-0311 CVE-2013-0349 CVE-2013-0913 CVE-2013-0914 CVE-2013-1767 CVE-2013-1772 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1848 CVE-2013-1860 CVE-2013-2634 CVE-2013-2635 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 22 vulnerabilities and has 95 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.74 fix various security issues and bugs: This update brings some features: * Updated HD-audio drivers for Nvidia/AMD HDMI and Haswell audio (FATE#314311 FATE#313695) * Lustre enablement patches were added (FATE#314679). * SGI UV (Ultraviolet) platform support. (FATE#306952) Security issues fixed in this update: * CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel did not properly copy a certain name field, which allowed local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. * CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel allowed local users to cause a denial of service (crash) and to possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. * CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application. * CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application. * CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed by not updating accessed/modified time on the pty devices. Note that this might break pty idle detection, so it might get reverted again. * CVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. * CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. * CVE-2013-0311: The translate_desc function in drivers/vhost/vhost.c in the Linux kernel did not properly handle cross-region descriptors, which allowed guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. * CVE-2013-0913: Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel allowed local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. * CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. * CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel allowed local users to gain privileges or to cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. * CVE-2013-1772: The log_prefix function in kernel/printk.c in the Linux kernel 3.x did not properly remove a prefix string from a syslog header, which allowed local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call. * CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. * CVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. * CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel did not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allowed guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. * CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel allowed guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. * CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel did not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. * CVE-2013-1848: fs/ext3/super.c in the Linux kernel used incorrect arguments to functions in certain circumstances related to printk input, which allowed local users to conduct format-string attacks and possibly gain privileges via a crafted application. * CVE-2013-1860: Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or to possibly execute arbitrary code via a crafted cdc-wdm USB device. * CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2013-2635: The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. Bugs fixed in this update: BTRFS: * btrfs: do not try to notify udev about missing devices. * btrfs: add cancellation points to defrag. * btrfs: define BTRFS_MAGIC as a u64 value. * btrfs: make sure NODATACOW also gets NODATASUM set. * btrfs: enforce min_bytes parameter during extent allocation. * btrfs: build up error handling for merge_reloc_roots. * btrfs: free all recorded tree blocks on error . * btrfs: do not BUG_ON in prepare_to_reloc . * btrfs: do not BUG_ON on aborted situation . * btrfs: handle a bogus chunk tree nicely . * btrfs: do not drop path when printing out tree errors in scrub . * btrfs: make subvol creation/deletion killable in the early stages. * btrfs: abort unlink trans in missed error case. * btrfs: fix reada debug code compilation. * btrfs: return error when we specify wrong start to defrag. * btrfs: do not force pages under writeback to finish when aborting. USB: * USB: move usb_translate_errors to 1/usb (bnc#806908). * USB: add EOPNOTSUPP to usb_translate_errors (bnc#806908). * USB: cdc-wdm: sanitize error returns (bnc#806908). * USB: cdc-wdm: cleanup error codes (bnc#806908). * USB: cdc-wdm: add helper to preserve kABI (bnc#806908). * USB: Do not use EHCI port sempahore for USB 3.0 hubs (bnc#807560). * USB: Prepare for refactoring by adding extra udev checks (bnc#807560). * USB: Rip out recursive call on warm port reset (bnc#807560). * USB: Fix connected device switch to Inactive state (bnc#807560). * USB: modify hub to detect unplugs in all states (bnc#807560). * USB: io_ti: Fix NULL dereference in chase_port() (bnc#806976, CVE-2013-1774). * USB: cdc-wdm: fix buffer overflow (bnc#806431). * USB: cdc-wdm: cannot use dev_printk when device is gone (bnc#806469). * USB: cdc-wdm: fix memory leak (bnc#806466). * elousb: really long delays for broken devices (bnc#795269). * xhci: Fix conditional check in bandwidth calculation (bnc#795961). * xHCI: Fix TD Size calculation on 1.0 hosts (bnc#795957). * xhci: avoid dead ports, add roothub port polling (bnc#799197). * USB: Handle warm reset failure on empty port (bnc#799926). * USB: Ignore port state until reset completes (bnc#799926). * Allow USB 3.0 ports to be disabled (bnc#799926). * USB: Ignore xHCI Reset Device status (bnc#799926). * USB: Handle auto-transition from hot to warm reset (bnc#799926). S/390: * ipl: Implement diag308 loop for zfcpdump (bnc#801720, LTC#88197). * zcore: Add hsa file (bnc#801720, LTC#88198). * kernel: support physical memory > 4TB (bnc#801720, LTC#88787). * mm: Fix crst upgrade of mmap with MAP_FIXED (bnc#801720, LTC#88797). * Update patches.suse/zcrypt-feed-hwrandom (bnc#806825). Allow zcrypt module unload even when the thread is blocked writing to a full random pool. * dca: check against empty dca_domains list before unregister provider fix. * s390/kvm: Fix store status for ACRS/FPRS fix. * series.conf: disabled patches.arch/s390-64-03-kernel-inc-phys-mem.patch due to excessive kabi break. (bnc#801720) ALSA: * patches.drivers/alsa-sp3-pre-695-Yet-another-fix-for-broken- HSW-HDMI-pin: Refresh. Fix the invalid PCI SSID check (bnc#806404) * ALSA: hda - Support mute LED on HP AiO buttons (bnc#808991). * ALSA: hda: Allow multple SPDIF controls per codec (bnc#780977). * ALSA: hda: Virtualize SPDIF out controls (bnc#780977). * ALSA: hda: Separate generic and non-generic implementations. * ALSA: hda: hdmi_eld_update_pcm_info: update a stream in place. * ALSA: hda: HDMI: Support codecs with fewer cvts than pins. * ALSA: hda - Add snd_hda_get_conn_list() helper function. * ALSA: hda - Add snd_hda_override_conn_list() helper function. * ALSA: hda - Increase the max number of coverters/pins in patch_hdmi.c (bnc#780977). * ALSA: hda - Check non-snoop in a single place (bnc#801713). * ALSA: HDA: Use LPIB Position fix for Intel SCH Poulsbo (bnc#801713). * ALSA: hda_intel: Add Oaktrail identifiers (bnc#801713). * ALSA: HDA: Use LPIB position fix for Oaktrail (bnc#801713). * ALSA: hda - add id for Atom Cedar Trail HDMI codec (bnc#801713). * ALSA: hda - Fix detection of Creative SoundCore3D controllers (bnc#762424). * ALSA: hda - add power states information in proc (bnc#801713). * ALSA: hda - Show D3cold state in proc files (bnc#801713). * ALSA: hda - check supported power states (bnc#801713). * ALSA: hda - reduce msleep time if EPSS power states supported (bnc#801713). * ALSA: hda - check proper return value (bnc#801713). * ALSA: hda - power setting error check (bnc#801713). * ALSA: hda - Add DeviceID for Haswell HDA (bnc#801713). * ALSA: hda - add Haswell HDMI codec id (bnc#801713). * ALSA: hda - Fix driver type of Haswell controller to AZX_DRIVER_SCH. * ALSA: hda - Add new GPU codec ID to snd-hda (bnc#780977). * ALSA: HDMI - Fix channel_allocation array wrong order (bnc#801713). * ALSA: hda - Avoid BDL position workaround when no_period_wakeup is set (bnc#801713). * ALSA: hda - Allow to pass position_fix=0 explicitly (bnc#801713). * ALSA: hda - Add another pci id for Haswell board. * ALSA: hda - force use of SSYNC bits (bnc#801713). * ALSA: hda - use LPIB for delay estimation (bnc#801713). * ALSA: hda - add PCI identifier for Intel 5 Series/3400 (bnc#801713). * ALSA: hda - Add workaround for conflicting IEC958 controls (FATE#314311). * ALSA: hda - Stop LPIB delay counting on broken hardware (FATE#313695). * ALSA: hda - Always turn on pins for HDMI/DP (FATE#313695). * ALSA: hda - bug fix for invalid connection list of Haswell HDMI codec pins (FATE#313695). * ALSA - HDA: New PCI ID for Haswell ULT (bnc#801713). * ALSA: hda - Release assigned pin/cvt at error path of hdmi_pcm_open() (bnc#801713). * ALSA: hda - Support rereading widgets under the function group (bnc#801713). * ALSA: hda - Add fixup for Haswell to enable all pin and convertor widgets (bnc#801713). * ALSA: hda - Yet another fix for broken HSW HDMI pin connections (bnc#801713). * patches.kabi/alsa-spdif-update-kabi-fixes: Fix kABI breakage due to HD-audio HDMI updates (bnc#780977). * ALSA: hda - Fix non-snoop page handling (bnc#800701). * ALSA: hda - Apply mic-mute LED fixup for new HP laptops (bnc#796418). * patches.drivers/alsa-sp3-pre-695-Yet-another-fix-for-broken- HSW-HDMI-pin: Refresh. Fix a superfluous incremental leading to the double array size (bnc#808966) XEN: * pciback: notify hypervisor about devices intended to be assigned to guests. * patches.xen/xen-clockevents: Update (bnc#803712). * patches.xen/xen-ipi-per-cpu-irq: Update (bnc#803712). * patches.xen/xen3-patch-2.6.19: Update (bnc#809166). * Update Xen patches to 3.0.68. * Update Xen patches to 3.0.63. * netback: fix netbk_count_requests(). * x86/mm: Check if PUD is large when validating a kerneladdress (bnc#794805). OTHER: * Revert dmi_scan: fix missing check for _DMI_ signature in smbios_present(). * Revert drivers/firmware/dmi_scan.c: fetch dmi version from SMBIOS if it exists. * Revert drivers/firmware/dmi_scan.c: check dmi version when get system uuid. * sysfs: Revert sysfs: fix race between readdir and lseek (bnc#816443). * 8021q: Revert 8021q: fix a potential use-after-free. * /dev/urandom returning EOF: trim down revert to not change kabi. (bnc#789359). * tun: reserves space for network in skb (bnc#803394). * Fixed /dev/urandom returning EOF (bnc#789359). * mm: Make snapshotting pages for stable writes a per-bio operation * fs: Only enable stable page writes when necessary (bnc#807517). * patches.drivers/ixgbe-Address-fact-that-RSC-was-not-setting- GSO-size.patch: Fix bnc#802712 * Fix build error without CONFIG_BOOTSPLASH * Fix bootsplash breakage due to 3.0.67 stable fix (bnc#813963) * drivers/base/memory.c: fix memory_dev_init() long delay (bnc#804609). * mtd: drop physmap_configure (bnc#809375). * Bluetooth: btusb: hide more usb_submit_urb errors (bnc#812281). * o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper (bnc#806492) * qeth: fix qeth_wait_for_threads() deadlock for OSN devices (bnc#812315, LTC#90910). * Fix NULL pointer dereference in o2dlm_blocking_ast_wrapper (bnc#806492) * mm: fix ALLOC_WMARK_MASK check (bnc#808166) * pciehp: Fix dmi match table definition and missing space in printk (bnc#796412). * fnic: Fix SGEs limit (bnc#807431). * pciehp: Ignore missing surprise bit on some hosts (bnc#796412). * ipv6: Queue fragments per interface for multicast/link-local addresses (bnc#804220). * netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577). * netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577). * jbd: clear revoked flag on buffers before a new transaction started (bnc#806395). * xfrm6: count extension headers into payload length (bnc#794513). * mm: page_alloc: Avoid marking zones full prematurely after zone_reclaim() (Evict inactive pages when zone_reclaim is enabled (bnc#808166)). * st: Take additional queue ref in st_probe (bnc#801038, bnc#788826). * drivers: xhci: fix incorrect bit test (bnc#714604). * xfrm: remove unused xfrm4_policy_fini() (bnc#801717). * xfrm: make gc_thresh configurable in all namespaces (bnc#801717). * kabi: use net_generic to avoid changes in struct net (bnc#801717). * xfs: Fix WARN_ON(delalloc) in xfs_vm_releasepage() (bnc#806631). * patches.drivers/alsa-sp2-hda-033-Support-mute-LED-on-HP-AiO- buttons: Refresh tags. * block: use i_size_write() in bd_set_size() (bnc#809748). * loopdev: fix a deadlock (bnc#809748). * patches.suse/supported-flag: fix mis-reported supported status (bnc#809493). * patches.suse/supported-flag-enterprise: Refresh. * KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797). * KVM: Fix bounds checking in ioapic indirect register read (bnc#806980 CVE-2013-1798). * KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796). * KVM: introduce kvm_read_guest_cached (bnc#806980). * x86/numa: Add constraints check for nid parameters (Cope with negative SRAT distances (bnc#807853)). * drm/i915: Periodically sanity check power management (bnc#808307). * drm/i915: bounds check execbuffer relocation count (bnc#808829,CVE-2013-0913). * ext3: Fix format string issues (bnc#809155, CVE-2013-1848). * x86-64: Fix memset() to support sizes of 4Gb and above (Properly initialise memmap on large machines (bnc#802353)). * bdi: allow block devices to say that they require stable page writes * mm: only enforce stable page writes if the backing device requires it * block: optionally snapshot page contents to provide stable pages during write * 9pfs: fix filesystem to wait for stable page writeback * ocfs2: wait for page writeback to provide stable pages * ubifs: wait for page writeback to provide stable pages * Only enable stable page writes when required by underlying BDI (bnc#807517). * KVM: emulator: drop RPL check from linearize() function (bnc#754583). * mlx4: Correct calls to to_ib_ah_attr() (bnc#806847). * DRM/i915: On G45 enable cursor plane briefly after enabling the display plane (bnc #753371) [backported from drm-intel-fixes]. * cxgb4i: Remove the scsi host device when removing device (bnc#722398) * xprtrdma: The transport should not bug-check when a dup reply is received (bnc#763494). * tmpfs: fix use-after-free of mempolicy object (bnc#806138, CVE-2013-1767). * lpfc: Check fc_block_scsi_eh return value correctly for lpfc_abort_handler (bnc#803674). * md: fix bug in handling of new_data_offset (bnc#805823). * md: Avoid OOPS when reshaping raid1 to raid0 (Useful OOPS fix). * md: fix two bugs when attempting to resize RAID0 array (Useful BUG() fix). * md: raid0: fix error return from create_stripe_zones (useful bug fix). * ext4: add missing kfree() on error return path in add_new_gdb(). * ext4: Free resources in some error path in ext4_fill_super. * intel_idle: support Haswell (fate#313720). * hp_accel: Add a new PnP ID HPQ6007 for new HP laptops (bnc#802445). * nfs: Ensure NFS does not block on dead server during unmount (bnc#794529). * block: disable discard request merge temporarily (bnc#803067). * mm: mmu_notifier: have mmu_notifiers use a global SRCU so they may safely schedule * mm: mmu_notifier: make the mmu_notifier srcu static * mmu_notifier_unregister NULL Pointer deref and multiple ->release() callouts * Have mmu_notifiers use SRCU so they may safely schedule kabi compatability * patches.fixes/Have-mmu_notifiers-use-SRCU-so-they-may-safely -schedule.patch: * patches.fixes/Have-mmu_notifiers-use-SRCU-so-they-may-safely -schedule-build-fix.patch: Delete, replace with upstream equivalent and add KABI workaround (bnc#578046, bnc#786814, FATE#306952). * ipv6: Do not send packet to big messages to self (bnc#786150). * hpwdt: Unregister NMI events on exit (bnc#777746). * x86/mm: Check if PUD is large when validating a kernel address (bnc#794805). * ata: Fix DVD not dectected at some Haswell platforms (bnc#792674). * Avoid softlockups in printk (bnc#744692, bnc#789311). * Do not pack credentials for dying processes (bnc#779577, bnc#803056). * xfs: punch new delalloc blocks out of failed writes inside EOF (bnc#761849). * xfs: xfs_sync_data is redundant (bnc#761849). * Add GPIO support for Intel Centerton SOC (bnc#792793). * Add Multifunction Device support for Intel Centerton SOC (bnc#792793). * Add Intel Legacy Block support for Intel Centerton SOC (bnc#792793). * mm: net: Allow some !SOCK_MEMALLOC traffic through even if skb_pfmemalloc (Allow GPFS network traffic despite PF_MEMALLOC misuse (bnc#786900)). * kernel/resource.c: fix stack overflow in __reserve_region_with_split() (bnc#801782). * Lustre enablement patches * block: add dev_check_rdonly and friends for Lustre testing (FATE#314679). * dcache: Add DCACHE_LUSTRE_INVALID flag for Lustre to handle its own invalidation (FATE#314679). * lsm: export security_inode_unlink (FATE#315679). * lustre: Add lustre kernel version (FATE#314679). * st: fix memory leak with >1MB tape I/O (bnc#798921). * cifs: lower default wsize when 1 extensions are not used (bnc#799578). * ata_generic: Skip is_intel_ider() check when ata_generic=1 is set (bnc#777616). * quota: autoload the quota_v2 module for QFMT_VFS_V1 quota format (bnc#802153). * xen: properly bound buffer access when parsing cpu/availability. * netback: shutdown the ring if it contains garbage (CVE-2013-0216 XSA-39 bnc#800280). * netback: correct netbk_tx_err() to handle wrap around (CVE-2013-0216 XSA-39 bnc#800280). * pciback: rate limit error message from pciback_enable_msi() (CVE-2013-0231 XSA-43 bnc#801178). * scsiback/usbback: move cond_resched() invocations to proper place. * drm/i915: Implement workaround for broken CS tlb on i830/845 (bnc #758040). * drivers: scsi: storvsc: Initialize the sglist. * e1000e: 82571 Fix Tx Data Corruption during Tx hang recovery (bnc#790867). * KVM: Fix buffer overflow in kvm_set_irq() (bnc#767612 CVE-2012-2137). * mm: compaction: Abort async compaction if locks are contended or taking too long. * mm: compaction: abort compaction loop if lock is contended or run too long. * mm: compaction: acquire the zone->lock as late as possible. * mm: compaction: acquire the zone->lru_lock as late as possible. * mm: compaction: move fatal signal check out of compact_checklock_irqsave. Reduce LRU and zone lock contention when compacting memory for THP (bnc#796823). Security Issue references: * CVE-2012-6548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6548
* CVE-2012-6549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6549
* CVE-2012-2137 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2137
* CVE-2013-0160 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160
* CVE-2013-0216 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0216
* CVE-2013-0231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
* CVE-2013-0913 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0913
* CVE-2013-0914 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
* CVE-2013-1767 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
* CVE-2013-1774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
* CVE-2013-1796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796
* CVE-2013-1797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797
* CVE-2013-1798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798
* CVE-2013-1848 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1848
* CVE-2013-1860 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1860
* CVE-2013-2634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634
* CVE-2013-2635 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2635
* CVE-2013-1792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792
* CVE-2013-0311 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0311
* CVE-2013-1772 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1772
* CVE-2013-0268 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268
* CVE-2013-0349 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0349
Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-7675 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-7675 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-7675 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-7675 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.0.74]: kernel-default-3.0.74-0.6.6.2 kernel-default-base-3.0.74-0.6.6.2 kernel-default-devel-3.0.74-0.6.6.2 kernel-source-3.0.74-0.6.6.2 kernel-syms-3.0.74-0.6.6.2 kernel-trace-3.0.74-0.6.6.2 kernel-trace-base-3.0.74-0.6.6.2 kernel-trace-devel-3.0.74-0.6.6.2 kernel-xen-devel-3.0.74-0.6.6.2 xen-kmp-trace-4.1.4_02_3.0.74_0.6.6-0.5.22 - SUSE Linux Enterprise Server 11 SP2 (x86_64) [New Version: 3.0.74]: kernel-default-3.0.74-0.6.6.2 kernel-default-base-3.0.74-0.6.6.2 kernel-default-devel-3.0.74-0.6.6.2 kernel-ec2-3.0.74-0.6.6.2 kernel-ec2-base-3.0.74-0.6.6.2 kernel-ec2-devel-3.0.74-0.6.6.2 kernel-source-3.0.74-0.6.6.2 kernel-syms-3.0.74-0.6.6.2 kernel-trace-3.0.74-0.6.6.2 kernel-trace-base-3.0.74-0.6.6.2 kernel-trace-devel-3.0.74-0.6.6.2 kernel-xen-3.0.74-0.6.6.2 kernel-xen-base-3.0.74-0.6.6.2 kernel-xen-devel-3.0.74-0.6.6.2 xen-kmp-default-4.1.4_02_3.0.74_0.6.6-0.5.22 xen-kmp-trace-4.1.4_02_3.0.74_0.6.6-0.5.22 - SUSE Linux Enterprise High Availability Extension 11 SP2 (x86_64): cluster-network-kmp-default-1.4_3.0.74_0.6.6-2.18.36 cluster-network-kmp-trace-1.4_3.0.74_0.6.6-2.18.36 cluster-network-kmp-xen-1.4_3.0.74_0.6.6-2.18.36 gfs2-kmp-default-2_3.0.74_0.6.6-0.7.69 gfs2-kmp-trace-2_3.0.74_0.6.6-0.7.69 gfs2-kmp-xen-2_3.0.74_0.6.6-0.7.69 ocfs2-kmp-default-1.6_3.0.74_0.6.6-0.11.35 ocfs2-kmp-trace-1.6_3.0.74_0.6.6-0.11.35 ocfs2-kmp-xen-1.6_3.0.74_0.6.6-0.11.35 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.0.74]: kernel-default-3.0.74-0.6.6.2 kernel-default-base-3.0.74-0.6.6.2 kernel-default-devel-3.0.74-0.6.6.2 kernel-default-extra-3.0.74-0.6.6.2 kernel-source-3.0.74-0.6.6.2 kernel-syms-3.0.74-0.6.6.2 kernel-trace-3.0.74-0.6.6.2 kernel-trace-base-3.0.74-0.6.6.2 kernel-trace-devel-3.0.74-0.6.6.2 kernel-trace-extra-3.0.74-0.6.6.2 kernel-xen-3.0.74-0.6.6.2 kernel-xen-base-3.0.74-0.6.6.2 kernel-xen-devel-3.0.74-0.6.6.2 kernel-xen-extra-3.0.74-0.6.6.2 xen-kmp-default-4.1.4_02_3.0.74_0.6.6-0.5.22 xen-kmp-trace-4.1.4_02_3.0.74_0.6.6-0.5.22 References: http://support.novell.com/security/cve/CVE-2012-2137.html http://support.novell.com/security/cve/CVE-2012-6548.html http://support.novell.com/security/cve/CVE-2012-6549.html http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-0216.html http://support.novell.com/security/cve/CVE-2013-0231.html http://support.novell.com/security/cve/CVE-2013-0268.html http://support.novell.com/security/cve/CVE-2013-0311.html http://support.novell.com/security/cve/CVE-2013-0349.html http://support.novell.com/security/cve/CVE-2013-0913.html http://support.novell.com/security/cve/CVE-2013-0914.html http://support.novell.com/security/cve/CVE-2013-1767.html http://support.novell.com/security/cve/CVE-2013-1772.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1792.html http://support.novell.com/security/cve/CVE-2013-1796.html http://support.novell.com/security/cve/CVE-2013-1797.html http://support.novell.com/security/cve/CVE-2013-1798.html http://support.novell.com/security/cve/CVE-2013-1848.html http://support.novell.com/security/cve/CVE-2013-1860.html http://support.novell.com/security/cve/CVE-2013-2634.html http://support.novell.com/security/cve/CVE-2013-2635.html https://bugzilla.novell.com/578046 https://bugzilla.novell.com/651219 https://bugzilla.novell.com/714604 https://bugzilla.novell.com/722398 https://bugzilla.novell.com/730117 https://bugzilla.novell.com/736149 https://bugzilla.novell.com/738210 https://bugzilla.novell.com/744692 https://bugzilla.novell.com/753371 https://bugzilla.novell.com/754583 https://bugzilla.novell.com/754898 https://bugzilla.novell.com/758040 https://bugzilla.novell.com/758243 https://bugzilla.novell.com/761849 https://bugzilla.novell.com/762424 https://bugzilla.novell.com/763494 https://bugzilla.novell.com/767612 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/773577 https://bugzilla.novell.com/776787 https://bugzilla.novell.com/777616 https://bugzilla.novell.com/777746 https://bugzilla.novell.com/779577 https://bugzilla.novell.com/780977 https://bugzilla.novell.com/786150 https://bugzilla.novell.com/786814 https://bugzilla.novell.com/786900 https://bugzilla.novell.com/787821 https://bugzilla.novell.com/788826 https://bugzilla.novell.com/789235 https://bugzilla.novell.com/789311 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/790867 https://bugzilla.novell.com/792674 https://bugzilla.novell.com/792793 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/793671 https://bugzilla.novell.com/794513 https://bugzilla.novell.com/794529 https://bugzilla.novell.com/794805 https://bugzilla.novell.com/795269 https://bugzilla.novell.com/795928 https://bugzilla.novell.com/795957 https://bugzilla.novell.com/795961 https://bugzilla.novell.com/796412 https://bugzilla.novell.com/796418 https://bugzilla.novell.com/796823 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/798921 https://bugzilla.novell.com/799197 https://bugzilla.novell.com/799209 https://bugzilla.novell.com/799270 https://bugzilla.novell.com/799275 https://bugzilla.novell.com/799578 https://bugzilla.novell.com/799926 https://bugzilla.novell.com/800280 https://bugzilla.novell.com/800701 https://bugzilla.novell.com/801038 https://bugzilla.novell.com/801178 https://bugzilla.novell.com/801713 https://bugzilla.novell.com/801717 https://bugzilla.novell.com/801720 https://bugzilla.novell.com/801782 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/802353 https://bugzilla.novell.com/802445 https://bugzilla.novell.com/802642 https://bugzilla.novell.com/802712 https://bugzilla.novell.com/803056 https://bugzilla.novell.com/803067 https://bugzilla.novell.com/803394 https://bugzilla.novell.com/803674 https://bugzilla.novell.com/803712 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804220 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/804656 https://bugzilla.novell.com/805227 https://bugzilla.novell.com/805823 https://bugzilla.novell.com/806138 https://bugzilla.novell.com/806238 https://bugzilla.novell.com/806395 https://bugzilla.novell.com/806404 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806466 https://bugzilla.novell.com/806469 https://bugzilla.novell.com/806492 https://bugzilla.novell.com/806631 https://bugzilla.novell.com/806825 https://bugzilla.novell.com/806847 https://bugzilla.novell.com/806908 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/807431 https://bugzilla.novell.com/807517 https://bugzilla.novell.com/807560 https://bugzilla.novell.com/807853 https://bugzilla.novell.com/808166 https://bugzilla.novell.com/808307 https://bugzilla.novell.com/808358 https://bugzilla.novell.com/808827 https://bugzilla.novell.com/808829 https://bugzilla.novell.com/808966 https://bugzilla.novell.com/808991 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809166 https://bugzilla.novell.com/809375 https://bugzilla.novell.com/809493 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809902 https://bugzilla.novell.com/809903 https://bugzilla.novell.com/810473 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/812315 https://bugzilla.novell.com/813963 https://bugzilla.novell.com/816443 http://download.novell.com/patch/finder/?keywords=2f736fd60525e237201b485f49... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org