Hello community, here is the log from the commit of package patchinfo.2033 for openSUSE:12.2:Update checked in at 2013-10-31 22:58:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/patchinfo.2033 (Old) and /work/SRC/openSUSE:12.2:Update/.patchinfo.2033.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.2033" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <packager>jeff_mahoney</packager> <issue id="824171" tracker="bnc"></issue> <issue id="783858" tracker="bnc"></issue> <issue id="821612" tracker="bnc"></issue> <issue id="806976" tracker="bnc">VUL-1: CVE-2013-1774: kernel: usb: io_ti: NULL pointer dereference</issue> <issue id="785542" tracker="bnc">dangerous-looking kernel call trace for CIFS</issue> <issue id="801178" tracker="bnc">VUL-0: Xen: XSA-43: CVE-2013-0231: Linux pciback DoS via not rate limited log messages</issue> <issue id="817377" tracker="bnc">VUL-1: kernel: CVE-2013-2015: ext4 hang during mount</issue> <issue id="828714" tracker="bnc">Drivers: hv: util: Fix a bug in version negotiation code for util</issue> <issue id="823342" tracker="bnc">Frame too big on dom0 kills Xen vif of domU</issue> <issue id="827749" tracker="bnc">VUL-1: kernel: CVE-2013-2234: infoleak in AF_KEY notify messages</issue> <issue id="828119" tracker="bnc">VUL-1: CVE-2013-2237: kernel: information leak in AF_KEY</issue> <issue id="822575" tracker="bnc">VUL-1: kernel: CVE-2013-2851: block layer format string flaw</issue> <issue id="831058" tracker="bnc">VUL-0: CVE-2013-4162: kernel: ipv6: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled.</issue> <issue id="789598" tracker="bnc">kernel calltrace cifs access</issue> <issue id="838346" tracker="bnc">kernel update candidate 3.0.93-0.8: hyper-v interface defunct when running under Windows Server 2008 R2</issue> <issue id="831055" tracker="bnc">VUL-0: CVE-2013-4163: kernel: ipv6: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu</issue> <issue id="807153" tracker="bnc">xfsdump reports "WARNING: could not get list of non-root attributes ...."</issue> <issue id="815320" tracker="bnc">reiserfs hang</issue> <issue id="833321" tracker="bnc">Backport vmxnet3 fixes to SLES11 SP3</issue> <issue id="823517" tracker="bnc">VUL-0: CVE-2013-2148: kernel: fanotify: info leak in copy_event_to_user</issue> <issue id="827750" tracker="bnc">VUL-0: kernel: CVE-2013-2232: crash via AF_INET6 sockets</issue> <issue id="835414" tracker="bnc">Kernel 3.4.47 - Compile error: called object ‘efi_enabled’ is not a function</issue> <issue id="787649" tracker="bnc">Hard freeze when starting wpa_supplicant and radio turned off</issue> <issue id="818053" tracker="bnc">TiNa backups fail due to page allocation failure from getxattr</issue> <issue id="821560" tracker="bnc">VUL-0: kernel: CVE-2013-2850: iSCSI target heap overflow</issue> <issue id="794988" tracker="bnc">cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use</issue> <issue id="807471" tracker="bnc">VUL-1: CVE-2013-1819: kernel: xfs: _xfs_buf_find NULL pointer dereference</issue> <issue id="824295" tracker="bnc">VUL-0: kernel: CVE-2013-2164: Leak information in cdrom driver.</issue> <issue id="814336" tracker="bnc">L3: bnx2x_panic_dump</issue> <issue id="CVE-2013-2164" tracker="cve" /> <issue id="CVE-2013-2148" tracker="cve" /> <issue id="CVE-2013-2850" tracker="cve" /> <issue id="CVE-2013-2851" tracker="cve" /> <issue id="CVE-2013-2232" tracker="cve" /> <issue id="CVE-2013-0231" tracker="cve" /> <issue id="CVE-2013-1819" tracker="cve" /> <issue id="CVE-2013-2237" tracker="cve" /> <issue id="CVE-2013-1774" tracker="cve" /> <issue id="CVE-2013-2234" tracker="cve" /> <issue id="CVE-2013-4162" tracker="cve" /> <issue id="CVE-2013-4163" tracker="cve" /> <category>security</category> <rating>moderate</rating> <description> The Linux kernel was updated to 3.4.63, fixing various bugs and security issues. - Linux 3.4.59 (CVE-2013-2237 bnc#828119). - Linux 3.4.57 (CVE-2013-2148 bnc#823517). - Linux 3.4.55 (CVE-2013-2232 CVE-2013-2234 CVE-2013-4162 CVE-2013-4163 bnc#827749 bnc#827750 bnc#831055 bnc#831058). - Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). - bnx2x: protect different statistics flows (bnc#814336). - bnx2x: Avoid sending multiple statistics queries (bnc#814336). - Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). - Update Xen patches to 3.4.53. - netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - netback: don't disconnect frontend when seeing oversize packet (bnc#823342). - netfront: reduce gso_max_size to account for max TCP header. - backends: Check for insane amounts of requests on the ring. - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: locking, release lock around quota operations (bnc#815320). - reiserfs: locking, handle nested locks properly (bnc#815320). - reiserfs: locking, push write lock out of xattr code (bnc#815320). - ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (bnc#831055, CVE-2013-4163). - af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234). - af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237). - ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162). - ipv6: ip6_sk_dst_check() must not assume ipv6 dst. - xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471). - brcmsmac: don't start device when RfKill is engaged (bnc#787649). - CIFS: Protect i_nlink from being negative (bnc#785542 bnc#789598). - cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bnc#794988). - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053 bnc#807153). - Linux 3.4.53 (CVE-2013-2164 CVE-2013-2851 bnc#822575 bnc#824295). - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164). - fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517). - block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851). - ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377). - Linux 3.4.49 (CVE-2013-0231 XSA-43 bnc#801178). - Linux 3.4.48 (CVE-2013-1774 CVE-2013-2850 bnc#806976 bnc#821560). - Always include the git commit in KOTD builds This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - Bluetooth: Really fix registering hci with duplicate name (bnc#783858). - Bluetooth: Fix registering hci with duplicate name (bnc#783858). </description> <summary>kernel: security and bugfix update to 3.4.63</summary> <reboot_needed/> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org