SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0908-1 Rating: important References: #767610 #786450 #792271 #821619 #832710 #837563 #840524 #846404 #846690 #847652 #850915 #851426 #851603 #852553 #855126 #857926 #858869 #858870 #858872 #859840 #861636 #861980 #862429 #862934 #863300 #863335 #863410 #863873 #864404 #864464 #865310 #865330 #865882 #866081 #866102 #866615 #866800 #866864 #867362 #867517 #867531 #867723 #867953 #868488 #868528 #868653 #868748 #869033 #869414 #869563 #869934 #870173 #870335 #870450 #870496 #870498 #870576 #870591 #870618 #870877 #870958 #871561 #871634 #871676 #871728 #871854 #871861 #871899 #872188 #872540 #872634 #873061 #873374 #873463 #874108 #874145 #874440 #874577 #875386 #876102 #876114 #876176 #876463 #877013 #877257 #877497 #877775 #878115 #878123 #878274 #878407 #878509 #879921 #879957 #880007 #880357 #880437 #880484 #881571 #881761 #881939 #882324 #883380 #883724 #883795 #885725 Cross-References: CVE-2012-2372 CVE-2013-2929 CVE-2013-4299 CVE-2013-4579 CVE-2013-6382 CVE-2013-7339 CVE-2014-0055 CVE-2014-0077 CVE-2014-0101 CVE-2014-0131 CVE-2014-0155 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2309 CVE-2014-2523 CVE-2014-2678 CVE-2014-2851 CVE-2014-3122 CVE-2014-3144 CVE-2014-3145 CVE-2014-3917 CVE-2014-4508 CVE-2014-4652 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-4699 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves 30 vulnerabilities and has 76 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 Real Time Extension kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610) * CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652) * CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (bnc#846404) * CVE-2013-4579: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (bnc#851426) * CVE-2013-6382: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553) * CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#869563) * CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (bnc#870173) * CVE-2014-0077: drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (bnc#870576) * CVE-2014-0101: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. (bnc#866102) * CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (bnc#867723) * CVE-2014-0155: The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (bnc#872540) * CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) * CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) * CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) * CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (bnc#863335) * CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. (bnc#867531) * CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (bnc#868653) * CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#871561) * CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (bnc#873374) * CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (bnc#876102) * CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257) * CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257) * CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484) * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number * (bnc#883724) * CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795) * CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795) * CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795) * CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725) Also the following non-security bugs have been fixed: * kernel: avoid page table walk on user space access (bnc#878407, LTC#110316). * spinlock: fix system hang with spin_retry <= 0 (bnc#874145, LTC#110189). * x86/UV: Set n_lshift based on GAM_GR_CONFIG MMR for UV3 (bnc#876176). * x86: Enable multiple CPUs in crash kernel (bnc#846690). * x86/mce: Fix CMCI preemption bugs (bnc#786450). * x86, CMCI: Add proper detection of end of CMCI storms (bnc#786450). * futex: revert back to the explicit waiter counting code (bnc#851603). * futex: avoid race between requeue and wake (bnc#851603). * intel-iommu: fix off-by-one in pagetable freeing (bnc#874577). * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237) (bnc#874108). * drivers/rtc/interface.c: fix infinite loop in initializing the alarm (bnc#871676). * drm/ast: Fix double lock at PM resume (bnc#883380). * drm/ast: add widescreen + rb modes from X.org driver (v2) (bnc#883380). * drm/ast: deal with bo reserve fail in dirty update path (bnc#883380). * drm/ast: do not attempt to acquire a reservation while in an interrupt handler (bnc#883380). * drm/ast: fix the ast open key function (bnc#883380). * drm/ast: fix value check in cbr_scan2 (bnc#883380). * drm/ast: inline reservations (bnc#883380). * drm/ast: invalidate page tables when pinning a BO (bnc#883380). * drm/ast: rename the mindwm/moutdwm and deinline them (bnc#883380). * drm/ast: resync the dram post code with upstream (bnc#883380). * drm: ast: use drm_can_sleep (bnc#883380). * drm/ast: use drm_modeset_lock_all (bnc#883380). * drm/: Unified handling of unimplemented fb->create_handle (bnc#883380). * drm/mgag200,ast,cirrus: fix regression with drm_can_sleep conversion (bnc#883380). * drm/mgag200: Consolidate depth/bpp handling (bnc#882324). * drm/ast: Initialized data needed to map fbdev memory (bnc#880007). * drm/ast: add AST 2400 support (bnc#880007). * drm/ast: Initialized data needed to map fbdev memory (bnc#880007). * drm/mgag200: on cards with < 2MB VRAM default to 16-bit (bnc#882324). * drm/mgag200: fix typo causing bw limits to be ignored on some chips (bnc#882324). * drm/ttm: do not oops if no invalidate_caches() (bnc#869414). * drm/i915: Break encoder->crtc link separately in intel_sanitize_crtc() (bnc#855126). * dlm: keep listening connection alive with sctp mode (bnc#881939) * series.conf: Clarify comment about Xen kabi adjustments (bnc#876114#c25) * btrfs: fix a crash when running balance and defrag concurrently. * btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). * btrfs: free delayed node outside of root->inode_lock (bnc#866864). * btrfs: return EPERM when deleting a default subvolume (bnc#869934). * btrfs: do not loop on large offsets in readdir (bnc#863300) * sched: Consider pi boosting in setscheduler. * sched: Queue RT tasks to head when prio drops. * sched: Adjust sched_reset_on_fork when nothing else changes. * sched: Fix clock_gettime(CLOCK__CPUTIME_ID) monotonicity (bnc#880357). * sched: Do not allow scheduler time to go backwards (bnc#880357). * sched: Make scale_rt_power() deal with backward clocks (bnc#865310). * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check (bnc#871861). * sched: update_rq_clock() must skip ONE update (bnc#869033, bnc#868528). * tcp: allow to disable cwnd moderation in TCP_CA_Loss state (bnc#879921). * tcp: clear xmit timers in tcp_v4_syn_recv_sock() (bnc#862429). * net: add missing bh_unlock_sock() calls (bnc#862429). * bonding: fix vlan_features computing (bnc#872634). * vlan: more careful checksum features handling (bnc#872634). * xfrm: fix race between netns cleanup and state expire notification (bnc#879957). * xfrm: check peer pointer for null before calling inet_putpeer() (bnc#877775). * ipv6: do not overwrite inetpeer metrics prematurely (bnc#867362). * pagecachelimit: reduce lru_lock contention for heavy parallel kabi fixup: (bnc#878509, bnc#864464). * pagecachelimit: reduce lru_lock contention for heavy parallel reclaim (bnc#878509, bnc#864464). * TTY: serial, cleanup include file (bnc#881571). * TTY: serial, fix includes in some drivers (bnc#881571). * serial_core: Fix race in uart_handle_dcd_change (bnc#881571). * powerpc/perf: Power8 PMU support (bnc#832710). * powerpc/perf: Add support for SIER (bnc#832710). * powerpc/perf: Add regs_no_sipr() (bnc#832710). * powerpc/perf: Add an accessor for regs->result (bnc#832710). * powerpc/perf: Convert mmcra_sipr/sihv() to regs_sipr/sihv() (bnc#832710). * powerpc/perf: Add an explict flag indicating presence of SLOT field (bnc#832710). * swiotlb: do not assume PA 0 is invalid (bnc#865882). * lockref: implement lockless reference count updates using cmpxchg() (FATE#317271). * af_iucv: wrong mapping of sent and confirmed skbs (bnc#878407, LTC#110452). * af_iucv: recvmsg problem for SOCK_STREAM sockets (bnc#878407, LTC#110452). * af_iucv: fix recvmsg by replacing skb_pull() function (bnc#878407, LTC#110452). * qla2xxx: Poll during initialization for ISP25xx and ISP83xx (bnc#837563). * qla2xxx: Fix request queue null dereference (bnc#859840). * lpfc 8.3.41: Fixed SLI3 failing FCP write on check-condition no-sense with residual zero (bnc#850915). * reiserfs: call truncate_setsize under tailpack mutex (bnc#878115). * reiserfs: drop vmtruncate (bnc#878115). * ipvs: handle IPv6 fragments with one-packet scheduling (bnc#861980). * kabi: hide modifications of struct sk_buff done by bnc#861980 fix (bnc#861980). * loop: remove the incorrect write_begin/write_end shortcut (bnc#878123). * watchdog: hpwdt patch to display informative string (bnc#862934). * watchdog: hpwdt: Patch to ignore auxilary iLO devices (bnc#862934). * watchdog: hpwdt: Add check for UEFI bits (bnc#862934). * watchdog: hpwdt.c: Increase version string (bnc#862934). * hpilo: Correct panic when an AUX iLO is detected (bnc#837563). * locking/mutexes: Introduce cancelable MCS lock for adaptive spinning (FATE#317271). * locking/mutexes: Modify the way optimistic spinners are queued (FATE#317271). * locking/mutexes: Return false if task need_resched() in mutex_can_spin_on_owner() (FATE#317271). * mutex: Enable the queuing of mutex spinners with MCS lock (FATE#317271). config: disabled on all flavors * mutex: Queue mutex spinners with MCS lock to reduce cacheline contention (FATE#317271). * memcg: deprecate memory.force_empty knob (bnc#878274). * kabi: protect struct net from bnc#877013 changes (bnc#877013). * netfilter: nfnetlink_queue: add net namespace support for nfnetlink_queue (bnc#877013). * netfilter: make /proc/net/netfilter pernet (bnc#877013). * netfilter: xt_hashlimit: fix proc entry leak in netns destroy path (bnc#871634). * netfilter: xt_hashlimit: fix namespace destroy path (bnc#871634). * netfilter: nf_queue: reject NF_STOLEN verdicts from userspace (bnc#870877). * netfilter: avoid double free in nf_reinject (bnc#870877). * netfilter: ctnetlink: fix race between delete and timeout expiration (bnc#863410). * netfilter: reuse skb->nfct_reasm for ipvs conn reference (bnc#861980). * mm: per-thread vma caching (FATE#317271). config: enable CONFIG_VMA_CACHE for x86_64/bigsmp * mm, hugetlb: improve page-fault scalability (FATE#317271). * mm: vmscan: Do not throttle based on pfmemalloc reserves if node has no ZONE_NORMAL (bnc#870496). * mm: fix off-by-one bug in print_nodes_state() (bnc#792271). * hugetlb: ensure hugepage access is denied if hugepages are not supported (PowerKVM crash when mounting hugetlbfs without hugepage support (bnc#870498)). * SELinux: Increase ebitmap_node size for 64-bit configuration (FATE#317271). * SELinux: Reduce overhead of mls_level_isvalid() function call (FATE#317271). * mutex: Fix debug_mutexes (FATE#317271). * mutex: Fix debug checks (FATE#317271). * locking/mutexes: Unlock the mutex without the wait_lock (FATE#317271). * epoll: do not take the nested ep->mtx on EPOLL_CTL_DEL (FATE#317271). * epoll: do not take global "epmutex" for simple topologies (FATE#317271). * epoll: optimize EPOLL_CTL_DEL using rcu (FATE#317271). * vfs: Fix missing unlock of vfsmount_lock in unlazy_walk (bnc#880437). * dcache: kABI fixes for lockref dentries (FATE#317271). * vfs: make sure we do not have a stale root path if unlazy_walk() fails (FATE#317271). * vfs: fix dentry RCU to refcounting possibly sleeping dput() (FATE#317271). * vfs: use lockref "dead" flag to mark unrecoverably dead dentries (FATE#317271). * vfs: reimplement d_rcu_to_refcount() using lockref_get_or_lock() (FATE#317271). * vfs: Remove second variable named error in __dentry_path (FATE#317271). * make prepend_name() work correctly when called with negative *buflen (FATE#317271). * prepend_path() needs to reinitialize dentry/vfsmount on restarts (FATE#317271). * dcache: get/release read lock in read_seqbegin_or_lock() & friend (FATE#317271). * seqlock: Add a new locking reader type (FATE#317271). * dcache: Translating dentry into pathname without taking rename_lock (FATE#317271). * vfs: make the dentry cache use the lockref infrastructure (FATE#317271). * vfs: Remove dentry->d_lock locking from shrink_dcache_for_umount_subtree() (FATE#317271). * vfs: use lockref_get_not_zero() for optimistic lockless dget_parent() (FATE#317271). * vfs: constify dentry parameter in d_count() (FATE#317271). * helper for reading ->d_count (FATE#317271). * lockref: use arch_mutex_cpu_relax() in CMPXCHG_LOOP() (FATE#317271). * lockref: allow relaxed cmpxchg64 variant for lockless updates (FATE#317271). * lockref: use cmpxchg64 explicitly for lockless updates (FATE#317271). * lockref: add ability to mark lockrefs "dead" (FATE#317271). * lockref: fix docbook argument names (FATE#317271). * lockref: Relax in cmpxchg loop (FATE#317271). * lockref: implement lockless reference count updates using cmpxchg() (FATE#317271). * lockref: uninline lockref helper functions (FATE#317271). * lockref: add lockref_get_or_lock() helper (FATE#317271). * Add new lockref infrastructure reference implementation (FATE#317271). * vfs: make lremovexattr retry once on ESTALE error (bnc#876463). * vfs: make removexattr retry once on ESTALE (bnc#876463). * vfs: make llistxattr retry once on ESTALE error (bnc#876463). * vfs: make listxattr retry once on ESTALE error (bnc#876463). * vfs: make lgetxattr retry once on ESTALE (bnc#876463). * vfs: make getxattr retry once on an ESTALE error (bnc#876463). * vfs: allow lsetxattr() to retry once on ESTALE errors (bnc#876463). * vfs: allow setxattr to retry once on ESTALE errors (bnc#876463). * vfs: allow utimensat() calls to retry once on an ESTALE error (bnc#876463). * vfs: fix user_statfs to retry once on ESTALE errors (bnc#876463). * vfs: make fchownat retry once on ESTALE errors (bnc#876463). * vfs: make fchmodat retry once on ESTALE errors (bnc#876463). * vfs: have chroot retry once on ESTALE error (bnc#876463). * vfs: have chdir retry lookup and call once on ESTALE error (bnc#876463). * vfs: have faccessat retry once on an ESTALE error (bnc#876463). * vfs: have do_sys_truncate retry once on an ESTALE error (bnc#876463). * vfs: fix renameat to retry on ESTALE errors (bnc#876463). * vfs: make do_unlinkat retry once on ESTALE errors (bnc#876463). * vfs: make do_rmdir retry once on ESTALE errors (bnc#876463). * vfs: fix linkat to retry once on ESTALE errors (bnc#876463). * vfs: fix symlinkat to retry on ESTALE errors (bnc#876463). * vfs: fix mkdirat to retry once on an ESTALE error (bnc#876463). * vfs: fix mknodat to retry on ESTALE errors (bnc#876463). * vfs: add a flags argument to user_path_parent (bnc#876463). * vfs: fix readlinkat to retry on ESTALE (bnc#876463). * vfs: make fstatat retry on ESTALE errors from getattr call (bnc#876463). * vfs: add a retry_estale helper function to handle retries on ESTALE (bnc#876463). * crypto: s390 - fix aes,des ctr mode concurrency finding (bnc#874145, LTC#110078). * s390/cio: fix unlocked access of global bitmap (bnc#874145, LTC#109378). * s390/css: stop stsch loop after cc 3 (bnc#874145, LTC#109378). * s390/pci: add kmsg man page (bnc#874145, LTC#109224). * s390/pci/dma: use correct segment boundary size (bnc#866081, LTC#104566). * cio: Fix missing subchannels after CHPID configure on (bnc#866081, LTC#104808). * cio: Fix process hangs during subchannel scan (bnc#866081, LTC#104805). * cio: fix unusable device (bnc#866081, LTC#104168). * qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873). * Fix race between starved list and device removal (bnc#861636). * namei.h: include errno.h (bnc#876463). * ALSA: hda - Implement bind mixer ctls for Conexant (bnc#872188). * ALSA: hda - Fix invalid Auto-Mute Mode enum from cxt codecs (bnc#872188). * ALSA: hda - Fix conflicting Capture Source on cxt codecs (bnc#872188). * ALSA: usb-audio: Fix NULL dereference while quick replugging (bnc#870335). * powerpc: Bring all threads online prior to migration/hibernation (bnc#870591). * powerpc/pseries: Update dynamic cache nodes for suspend/resume operation (bnc#873463). * powerpc/pseries: Device tree should only be updated once after suspend/migrate (bnc#873463). * powerpc/pseries: Expose in kernel device tree update to drmgr (bnc#873463). * powerpc: Add second POWER8 PVR entry (bnc#874440). * libata/ahci: accommodate tag ordered controllers (bnc#871728) * md: try to remove cause of a spinning md thread (bnc#875386). * md: fix up plugging (again) (bnc#866800). * NFSv4: Fix a reboot recovery race when opening a file (bnc#864404). * NFSv4: Ensure delegation recall and byte range lock removal do not conflict (bnc#864404). * NFSv4: Fix up the return values of nfs4_open_delegation_recall (bnc#864404). * NFSv4.1: Do not lose locks when a server reboots during delegation return (bnc#864404). * NFSv4.1: Prevent deadlocks between state recovery and file locking (bnc#864404). * NFSv4: Allow the state manager to mark an open_owner as being recovered (bnc#864404). * NFS: nfs_inode_return_delegation() should always flush dirty data (bnc#864404). * NFSv4: nfs_client_return_marked_delegations cannot flush data (bnc#864404). * NFS: avoid excessive GETATTR request when attributes expired but cached directory is valid (bnc#857926). * seqlock: add "raw_seqcount_begin()" function (bnc#864404). * Allow nfsdv4 to work when fips=1 (bnc#868488). * NFSv4: Add ACCESS operation to OPEN compound (bnc#870958). * NFSv4: Fix unnecessary delegation returns in nfs4_do_open (bnc#870958). * NFSv4: The NFSv4.0 client must send RENEW calls if it holds a delegation (bnc#863873). * NFSv4: nfs4_proc_renew should be declared static (bnc#863873). * NFSv4: do not put ACCESS in OPEN compound if O_EXCL (bnc#870958). * NFS: revalidate on open if dcache is negative (bnc#876463). * NFSD add module parameter to disable delegations (bnc#876463). * Do not lose sockets when nfsd shutdown races with connection timeout (bnc#871854). * timer: Prevent overflow in apply_slack (bnc#873061). * mei: me: do not load the driver if the FW does not support MEI interface (bnc#821619). * ipmi: Reset the KCS timeout when starting error recovery (bnc#870618). * ipmi: Fix a race restarting the timer (bnc#870618). * ipmi: increase KCS timeouts (bnc#870618). * bnx2x: Fix kernel crash and data miscompare after EEH recovery (bnc#881761). * bnx2x: Adapter not recovery from EEH error injection (bnc#881761). * kabi: hide modifications of struct inet_peer done by bnc#867953 fix (bnc#867953). * inetpeer: prevent unlinking from unused list twice (bnc#867953). * Ignore selected taints for tracepoint modules (bnc#870450, FATE#317134). * Use "E" instead of "X" for unsigned module taint flag (bnc#870450,FATE#317134). * Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE (bnc#870450,FATE#317134). * xhci: extend quirk for Renesas cards (bnc#877497). * scsi: return target failure on EMC inactive snapshot (bnc#840524). * virtio_balloon: do not softlockup on huge balloon changes (bnc#871899). * ch: add refcounting (bnc#867517). * storvsc: NULL pointer dereference fix (bnc#865330). * Unlock the rename_lock in dentry_path() in the case when path is too long (bnc#868748). Security Issue references: * CVE-2012-2372 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372> * CVE-2013-2929 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929> * CVE-2013-4299 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299> * CVE-2013-4579 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4579> * CVE-2013-6382 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382> * CVE-2013-7339 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339> * CVE-2014-0055 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0055> * CVE-2014-0077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0077> * CVE-2014-0101 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101> * CVE-2014-0131 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131> * CVE-2014-0155 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0155> * CVE-2014-1444 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444> * CVE-2014-1445 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445> * CVE-2014-1446 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446> * CVE-2014-1874 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874> * CVE-2014-2309 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309> * CVE-2014-2523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523> * CVE-2014-2678 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678> * CVE-2014-2851 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851> * CVE-2014-3122 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122> * CVE-2014-3144 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144> * CVE-2014-3145 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145> * CVE-2014-3917 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4652 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652> * CVE-2014-4653 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653> * CVE-2014-4654 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654> * CVE-2014-4655 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655> * CVE-2014-4656 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656> * CVE-2014-4699 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699> Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-9504 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.24-2.27.79 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.24-2.27.79 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.24-0.22.45 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.24-0.22.45 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.24-0.38.64 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.24-0.38.64 kernel-rt-3.0.101.rt130-0.24.1 kernel-rt-base-3.0.101.rt130-0.24.1 kernel-rt-devel-3.0.101.rt130-0.24.1 kernel-rt_trace-3.0.101.rt130-0.24.1 kernel-rt_trace-base-3.0.101.rt130-0.24.1 kernel-rt_trace-devel-3.0.101.rt130-0.24.1 kernel-source-rt-3.0.101.rt130-0.24.1 kernel-syms-rt-3.0.101.rt130-0.24.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.24-0.11.57 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.24-0.11.57 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.24-0.20.79 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.24-0.20.79 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.24-0.13.70 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.24-0.13.70 References: http://support.novell.com/security/cve/CVE-2012-2372.html http://support.novell.com/security/cve/CVE-2013-2929.html http://support.novell.com/security/cve/CVE-2013-4299.html http://support.novell.com/security/cve/CVE-2013-4579.html http://support.novell.com/security/cve/CVE-2013-6382.html http://support.novell.com/security/cve/CVE-2013-7339.html http://support.novell.com/security/cve/CVE-2014-0055.html http://support.novell.com/security/cve/CVE-2014-0077.html http://support.novell.com/security/cve/CVE-2014-0101.html http://support.novell.com/security/cve/CVE-2014-0131.html http://support.novell.com/security/cve/CVE-2014-0155.html http://support.novell.com/security/cve/CVE-2014-1444.html http://support.novell.com/security/cve/CVE-2014-1445.html http://support.novell.com/security/cve/CVE-2014-1446.html http://support.novell.com/security/cve/CVE-2014-1874.html http://support.novell.com/security/cve/CVE-2014-2309.html http://support.novell.com/security/cve/CVE-2014-2523.html http://support.novell.com/security/cve/CVE-2014-2678.html http://support.novell.com/security/cve/CVE-2014-2851.html http://support.novell.com/security/cve/CVE-2014-3122.html http://support.novell.com/security/cve/CVE-2014-3144.html http://support.novell.com/security/cve/CVE-2014-3145.html http://support.novell.com/security/cve/CVE-2014-3917.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4652.html http://support.novell.com/security/cve/CVE-2014-4653.html http://support.novell.com/security/cve/CVE-2014-4654.html http://support.novell.com/security/cve/CVE-2014-4655.html http://support.novell.com/security/cve/CVE-2014-4656.html http://support.novell.com/security/cve/CVE-2014-4699.html https://bugzilla.novell.com/767610 https://bugzilla.novell.com/786450 https://bugzilla.novell.com/792271 https://bugzilla.novell.com/821619 https://bugzilla.novell.com/832710 https://bugzilla.novell.com/837563 https://bugzilla.novell.com/840524 https://bugzilla.novell.com/846404 https://bugzilla.novell.com/846690 https://bugzilla.novell.com/847652 https://bugzilla.novell.com/850915 https://bugzilla.novell.com/851426 https://bugzilla.novell.com/851603 https://bugzilla.novell.com/852553 https://bugzilla.novell.com/855126 https://bugzilla.novell.com/857926 https://bugzilla.novell.com/858869 https://bugzilla.novell.com/858870 https://bugzilla.novell.com/858872 https://bugzilla.novell.com/859840 https://bugzilla.novell.com/861636 https://bugzilla.novell.com/861980 https://bugzilla.novell.com/862429 https://bugzilla.novell.com/862934 https://bugzilla.novell.com/863300 https://bugzilla.novell.com/863335 https://bugzilla.novell.com/863410 https://bugzilla.novell.com/863873 https://bugzilla.novell.com/864404 https://bugzilla.novell.com/864464 https://bugzilla.novell.com/865310 https://bugzilla.novell.com/865330 https://bugzilla.novell.com/865882 https://bugzilla.novell.com/866081 https://bugzilla.novell.com/866102 https://bugzilla.novell.com/866615 https://bugzilla.novell.com/866800 https://bugzilla.novell.com/866864 https://bugzilla.novell.com/867362 https://bugzilla.novell.com/867517 https://bugzilla.novell.com/867531 https://bugzilla.novell.com/867723 https://bugzilla.novell.com/867953 https://bugzilla.novell.com/868488 https://bugzilla.novell.com/868528 https://bugzilla.novell.com/868653 https://bugzilla.novell.com/868748 https://bugzilla.novell.com/869033 https://bugzilla.novell.com/869414 https://bugzilla.novell.com/869563 https://bugzilla.novell.com/869934 https://bugzilla.novell.com/870173 https://bugzilla.novell.com/870335 https://bugzilla.novell.com/870450 https://bugzilla.novell.com/870496 https://bugzilla.novell.com/870498 https://bugzilla.novell.com/870576 https://bugzilla.novell.com/870591 https://bugzilla.novell.com/870618 https://bugzilla.novell.com/870877 https://bugzilla.novell.com/870958 https://bugzilla.novell.com/871561 https://bugzilla.novell.com/871634 https://bugzilla.novell.com/871676 https://bugzilla.novell.com/871728 https://bugzilla.novell.com/871854 https://bugzilla.novell.com/871861 https://bugzilla.novell.com/871899 https://bugzilla.novell.com/872188 https://bugzilla.novell.com/872540 https://bugzilla.novell.com/872634 https://bugzilla.novell.com/873061 https://bugzilla.novell.com/873374 https://bugzilla.novell.com/873463 https://bugzilla.novell.com/874108 https://bugzilla.novell.com/874145 https://bugzilla.novell.com/874440 https://bugzilla.novell.com/874577 https://bugzilla.novell.com/875386 https://bugzilla.novell.com/876102 https://bugzilla.novell.com/876114 https://bugzilla.novell.com/876176 https://bugzilla.novell.com/876463 https://bugzilla.novell.com/877013 https://bugzilla.novell.com/877257 https://bugzilla.novell.com/877497 https://bugzilla.novell.com/877775 https://bugzilla.novell.com/878115 https://bugzilla.novell.com/878123 https://bugzilla.novell.com/878274 https://bugzilla.novell.com/878407 https://bugzilla.novell.com/878509 https://bugzilla.novell.com/879921 https://bugzilla.novell.com/879957 https://bugzilla.novell.com/880007 https://bugzilla.novell.com/880357 https://bugzilla.novell.com/880437 https://bugzilla.novell.com/880484 https://bugzilla.novell.com/881571 https://bugzilla.novell.com/881761 https://bugzilla.novell.com/881939 https://bugzilla.novell.com/882324 https://bugzilla.novell.com/883380 https://bugzilla.novell.com/883724 https://bugzilla.novell.com/883795 https://bugzilla.novell.com/885725 http://download.suse.com/patch/finder/?keywords=e918aa8e64a8846df0931a844c09... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org