commit patchinfo.2033 for openSUSE:12.2:Update
Hello community,
here is the log from the commit of package patchinfo.2033 for openSUSE:12.2:Update checked in at 2013-10-31 22:58:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/patchinfo.2033 (Old)
and /work/SRC/openSUSE:12.2:Update/.patchinfo.2033.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.2033"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo>
<packager>jeff_mahoney</packager>
<issue id="824171" tracker="bnc"></issue>
<issue id="783858" tracker="bnc"></issue>
<issue id="821612" tracker="bnc"></issue>
<issue id="806976" tracker="bnc">VUL-1: CVE-2013-1774: kernel: usb: io_ti: NULL pointer dereference</issue>
<issue id="785542" tracker="bnc">dangerous-looking kernel call trace for CIFS</issue>
<issue id="801178" tracker="bnc">VUL-0: Xen: XSA-43: CVE-2013-0231: Linux pciback DoS via not rate limited log messages</issue>
<issue id="817377" tracker="bnc">VUL-1: kernel: CVE-2013-2015: ext4 hang during mount</issue>
<issue id="828714" tracker="bnc">Drivers: hv: util: Fix a bug in version negotiation code for util</issue>
<issue id="823342" tracker="bnc">Frame too big on dom0 kills Xen vif of domU</issue>
<issue id="827749" tracker="bnc">VUL-1: kernel: CVE-2013-2234: infoleak in AF_KEY notify messages</issue>
<issue id="828119" tracker="bnc">VUL-1: CVE-2013-2237: kernel: information leak in AF_KEY</issue>
<issue id="822575" tracker="bnc">VUL-1: kernel: CVE-2013-2851: block layer format string flaw</issue>
<issue id="831058" tracker="bnc">VUL-0: CVE-2013-4162: kernel: ipv6: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled.</issue>
<issue id="789598" tracker="bnc">kernel calltrace cifs access</issue>
<issue id="838346" tracker="bnc">kernel update candidate 3.0.93-0.8: hyper-v interface defunct when running under Windows Server 2008 R2</issue>
<issue id="831055" tracker="bnc">VUL-0: CVE-2013-4163: kernel: ipv6: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu</issue>
<issue id="807153" tracker="bnc">xfsdump reports "WARNING: could not get list of non-root attributes ...."</issue>
<issue id="815320" tracker="bnc">reiserfs hang</issue>
<issue id="833321" tracker="bnc">Backport vmxnet3 fixes to SLES11 SP3</issue>
<issue id="823517" tracker="bnc">VUL-0: CVE-2013-2148: kernel: fanotify: info leak in copy_event_to_user</issue>
<issue id="827750" tracker="bnc">VUL-0: kernel: CVE-2013-2232: crash via AF_INET6 sockets</issue>
<issue id="835414" tracker="bnc">Kernel 3.4.47 - Compile error: called object ‘efi_enabled’ is not a function</issue>
<issue id="787649" tracker="bnc">Hard freeze when starting wpa_supplicant and radio turned off</issue>
<issue id="818053" tracker="bnc">TiNa backups fail due to page allocation failure from getxattr</issue>
<issue id="821560" tracker="bnc">VUL-0: kernel: CVE-2013-2850: iSCSI target heap overflow</issue>
<issue id="794988" tracker="bnc">cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use</issue>
<issue id="807471" tracker="bnc">VUL-1: CVE-2013-1819: kernel: xfs: _xfs_buf_find NULL pointer dereference</issue>
<issue id="824295" tracker="bnc">VUL-0: kernel: CVE-2013-2164: Leak information in cdrom driver.</issue>
<issue id="814336" tracker="bnc">L3: bnx2x_panic_dump</issue>
<issue id="CVE-2013-2164" tracker="cve" />
<issue id="CVE-2013-2148" tracker="cve" />
<issue id="CVE-2013-2850" tracker="cve" />
<issue id="CVE-2013-2851" tracker="cve" />
<issue id="CVE-2013-2232" tracker="cve" />
<issue id="CVE-2013-0231" tracker="cve" />
<issue id="CVE-2013-1819" tracker="cve" />
<issue id="CVE-2013-2237" tracker="cve" />
<issue id="CVE-2013-1774" tracker="cve" />
<issue id="CVE-2013-2234" tracker="cve" />
<issue id="CVE-2013-4162" tracker="cve" />
<issue id="CVE-2013-4163" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<description>
The Linux kernel was updated to 3.4.63, fixing various bugs and security issues.
- Linux 3.4.59 (CVE-2013-2237 bnc#828119).
- Linux 3.4.57 (CVE-2013-2148 bnc#823517).
- Linux 3.4.55 (CVE-2013-2232 CVE-2013-2234 CVE-2013-4162
CVE-2013-4163 bnc#827749 bnc#827750 bnc#831055 bnc#831058).
- Drivers: hv: util: Fix a bug in util version negotiation code
(bnc#838346).
- vmxnet3: prevent div-by-zero panic when ring resizing
uninitialized dev (bnc#833321).
- bnx2x: protect different statistics flows (bnc#814336).
- bnx2x: Avoid sending multiple statistics queries (bnc#814336).
- Drivers: hv: util: Fix a bug in version negotiation code for
util services (bnc#828714).
- Update Xen patches to 3.4.53.
- netfront: fix kABI after "reduce gso_max_size to account for
max TCP header".
- netback: don't disconnect frontend when seeing oversize packet
(bnc#823342).
- netfront: reduce gso_max_size to account for max TCP header.
- backends: Check for insane amounts of requests on the ring.
- reiserfs: Fixed double unlock in reiserfs_setattr failure path.
- reiserfs: locking, release lock around quota operations
(bnc#815320).
- reiserfs: locking, handle nested locks properly (bnc#815320).
- reiserfs: locking, push write lock out of xattr code
(bnc#815320).
- ipv6: ip6_append_data_mtu did not care about pmtudisc and
frag_size (bnc#831055, CVE-2013-4163).
- af_key: fix info leaks in notify messages (bnc#827749
CVE-2013-2234).
- af_key: initialize satype in key_notify_policy_flush()
(bnc#828119 CVE-2013-2237).
- ipv6: call udp_push_pending_frames when uncorking a socket with
(bnc#831058, CVE-2013-4162).
- ipv6: ip6_sk_dst_check() must not assume ipv6 dst.
- xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end
(CVE-2013-1819 bnc#807471).
- brcmsmac: don't start device when RfKill is engaged
(bnc#787649).
- CIFS: Protect i_nlink from being negative (bnc#785542
bnc#789598).
- cifs: don't compare uniqueids in cifs_prime_dcache unless
server inode numbers are in use (bnc#794988).
- xfs: xfs: fallback to vmalloc for large buffers in
xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153).
- xfs: fallback to vmalloc for large buffers in
xfs_attrlist_by_handle (bnc#818053 bnc#807153).
- Linux 3.4.53 (CVE-2013-2164 CVE-2013-2851 bnc#822575
bnc#824295).
- drivers/cdrom/cdrom.c: use kzalloc() for failing hardware
(bnc#824295, CVE-2013-2164).
- fanotify: info leak in copy_event_to_user() (CVE-2013-2148
bnc#823517).
- block: do not pass disk names as format strings (bnc#822575
CVE-2013-2851).
- ext4: avoid hang when mounting non-journal filesystems with
orphan list (bnc#817377).
- Linux 3.4.49 (CVE-2013-0231 XSA-43 bnc#801178).
- Linux 3.4.48 (CVE-2013-1774 CVE-2013-2850 bnc#806976
bnc#821560).
- Always include the git commit in KOTD builds
This allows us not to set it explicitly in builds submitted to the
official distribution (bnc#821612, bnc#824171).
- Bluetooth: Really fix registering hci with duplicate name
(bnc#783858).
- Bluetooth: Fix registering hci with duplicate name (bnc#783858).
</description>
<summary>kernel: security and bugfix update to 3.4.63</summary>
participants (1)
-
root@hilbert.suse.de