openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
September 2013
- 1 participants
- 6 discussions
[security-announce] SUSE-SU-2013:1497-1: important: Security update for Mozilla Firefox
by opensuse-security@opensuse.org 27 Sep '13
by opensuse-security@opensuse.org 27 Sep '13
27 Sep '13
SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1497-1
Rating: important
References: #840485
Cross-References: CVE-2013-1705 CVE-2013-1718 CVE-2013-1722
CVE-2013-1725 CVE-2013-1726 CVE-2013-1730
CVE-2013-1732 CVE-2013-1735 CVE-2013-1736
CVE-2013-1737
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
It includes one version update.
Description:
This update to Firefox 17.0.9esr (bnc#840485) addresses:
* MFSA 2013-91 User-defined properties on DOM proxies
get the wrong "this" object o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling o
use-after-free in mozilla::layout::ScrollbarActivity
(CVE-2013-1735) o Memory corruption in
nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column,
lists, and floats o buffer overflow at
nsFloatManager::GetFlowArea() with multicol, list, floats
(CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching
XBL-backed nodes o compartment mismatch in
nsXBLBinding::DoInitJSClass (CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file
after signature verification o MAR signature bypass in
Updater could lead to downgrade (CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects
can lead to memory corruption o ABORT: bad scope for new
JSObjects: ReparentWrapper / document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager
during stylesheet cloning o Heap-use-after-free in
nsAnimationManager::BuildAnimations (CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards
(rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox
17.0.9 and Firefox 24.0 (CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF
requests o ASAN heap-buffer-overflow (read 1) in
cryptojs_interpret_key_gen_type (CVE-2013-1705)
Security Issue references:
* CVE-2013-1737
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737
>
* CVE-2013-1735
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735
>
* CVE-2013-1736
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736
>
* CVE-2013-1732
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732
>
* CVE-2013-1730
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730
>
* CVE-2013-1726
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726
>
* CVE-2013-1725
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725
>
* CVE-2013-1722
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722
>
* CVE-2013-1718
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718
>
* CVE-2013-1705
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-MozillaFirefox-8344
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-MozillaFirefox-8344
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-MozillaFirefox-8344
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-MozillaFirefox-8346
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-MozillaFirefox-8346
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-MozillaFirefox-8344
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-MozillaFirefox-8346
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-devel-17.0.9esr-0.7.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 17.0.9esr]:
MozillaFirefox-17.0.9esr-0.7.1
MozillaFirefox-translations-17.0.9esr-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.9esr]:
MozillaFirefox-17.0.9esr-0.7.1
MozillaFirefox-translations-17.0.9esr-0.7.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 17.0.9esr]:
MozillaFirefox-17.0.9esr-0.3.1
MozillaFirefox-translations-17.0.9esr-0.3.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.9esr]:
MozillaFirefox-17.0.9esr-0.3.1
MozillaFirefox-translations-17.0.9esr-0.3.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 17.0.9esr]:
MozillaFirefox-17.0.9esr-0.7.1
MozillaFirefox-translations-17.0.9esr-0.7.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 17.0.9esr]:
MozillaFirefox-17.0.9esr-0.3.1
MozillaFirefox-translations-17.0.9esr-0.3.1
References:
http://support.novell.com/security/cve/CVE-2013-1705.html
http://support.novell.com/security/cve/CVE-2013-1718.html
http://support.novell.com/security/cve/CVE-2013-1722.html
http://support.novell.com/security/cve/CVE-2013-1725.html
http://support.novell.com/security/cve/CVE-2013-1726.html
http://support.novell.com/security/cve/CVE-2013-1730.html
http://support.novell.com/security/cve/CVE-2013-1732.html
http://support.novell.com/security/cve/CVE-2013-1735.html
http://support.novell.com/security/cve/CVE-2013-1736.html
http://support.novell.com/security/cve/CVE-2013-1737.html
https://bugzilla.novell.com/840485
http://download.novell.com/patch/finder/?keywords=4df7bcc5f235f358ce6dcbd14…
http://download.novell.com/patch/finder/?keywords=a1902baf1b0df196651ea0bae…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2013:1474-1: important: Security update for Linux kernel
by opensuse-security@opensuse.org 20 Sep '13
by opensuse-security@opensuse.org 20 Sep '13
20 Sep '13
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1474-1
Rating: important
References: #745640 #760407 #765523 #773006 #773255 #773837
#783475 #785901 #789010 #801427 #803320 #804482
#805371 #806396 #806976 #807471 #807502 #808940
#809122 #812526 #812974 #813604 #813733 #814336
#815320 #816043 #817035 #817377 #818465 #819363
#819523 #820172 #820434 #821052 #821235 #822066
#822077 #822575 #822825 #823082 #823342 #823497
#823517 #824159 #824295 #824915 #825048 #825142
#825227 #825591 #825657 #825887 #826350 #826960
#827372 #827376 #827378 #827749 #827750 #828119
#828192 #828574 #828714 #829082 #829357 #829622
#830901 #831055 #831058 #831410 #831949
Cross-References: CVE-2013-1059 CVE-2013-1774 CVE-2013-1819
CVE-2013-1929 CVE-2013-2148 CVE-2013-2164
CVE-2013-2232 CVE-2013-2234 CVE-2013-2237
CVE-2013-2851 CVE-2013-4162 CVE-2013-4163
Affected Products:
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise High Availability Extension 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 59 fixes
is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 2 kernel has been
updated to version 3.0.93 and includes various bug and
security fixes.
The following security bugs have been fixed:
*
CVE-2013-2148: The fill_event_metadata function in
fs/notify/fanotify/fanotify_user.c in the Linux kernel did
not initialize a certain structure member, which allowed
local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.
*
CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel did not initialize
a certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy
interface of an IPSec key_socket.
*
CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.
*
CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel did not initialize certain structure
members, which allowed local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
*
CVE-2013-4162: The udp_v6_push_pending_frames
function in net/ipv6/udp.c in the IPv6 implementation in
the Linux kernel made an incorrect function call for
pending data, which allowed local users to cause a denial
of service (BUG and system crash) via a crafted application
that uses the UDP_CORK option in a setsockopt system call.
*
CVE-2013-1059: net/ceph/auth_none.c in the Linux
kernel allowed remote attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via an auth_reply
message that triggers an attempted build_request operation.
*
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory
via a read operation on a malfunctioning CD-ROM drive.
*
CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
allowed local users to gain privileges by leveraging root
access and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create
a crafted /dev/md device name.
*
CVE-2013-4163: The ip6_append_data_mtu function in
net/ipv6/ip6_output.c in the IPv6 implementation in the
Linux kernel did not properly maintain information about
whether the IPV6_MTU setsockopt option had been specified,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1929: Heap-based buffer overflow in the
tg3_read_vpd function in
drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
allowed physically proximate attackers to cause a denial of
service (system crash) or possibly execute arbitrary code
via crafted firmware that specifies a long string in the
Vital Product Data (VPD) data structure.
*
CVE-2013-1819: The _xfs_buf_find function in
fs/xfs/xfs_buf.c in the Linux kernel did not validate block
numbers, which allowed local users to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by leveraging the
ability to mount an XFS filesystem containing a metadata
inode with an invalid extent map.
*
CVE-2013-1774: The chase_port function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed
local users to cause a denial of service (NULL pointer
dereference and system crash) via an attempted /dev/ttyUSB
read or write operation on a disconnected Edgeport USB
serial converter.
Also the following bugs have been fixed:
BTRFS:
* btrfs: merge contigous regions when loading free
space cache
* btrfs: fix how we deal with the orphan block rsv
* btrfs: fix wrong check during log recovery
* btrfs: change how we indicate we are adding csums
* btrfs: flush delayed inodes if we are short on space
(bnc#801427).
* btrfs: rework shrink_delalloc (bnc#801427).
* btrfs: fix our overcommit math (bnc#801427).
* btrfs: delay block group item insertion (bnc#801427).
* btrfs: remove bytes argument from do_chunk_alloc
(bnc#801427).
* btrfs: run delayed refs first when out of space
(bnc#801427).
* btrfs: do not commit instead of overcommitting
(bnc#801427).
* btrfs: do not take inode delalloc mutex if we are a
free space inode (bnc#801427).
* btrfs: fix chunk allocation error handling
(bnc#801427).
* btrfs: remove extent mapping if we fail to add chunk
(bnc#801427).
* btrfs: do not overcommit if we do not have enough
space for global rsv (bnc#801427).
* btrfs: rework the overcommit logic to be based on the
total size (bnc#801427).
* btrfs: steal from global reserve if we are cleaning
up orphans (bnc#801427).
* btrfs: clear chunk_alloc flag on retryable failure
(bnc#801427).
* btrfs: use reserved space for creating a snapshot
(bnc#801427).
* btrfs: cleanup to make the function
btrfs_delalloc_reserve_metadata more logic (bnc#801427).
* btrfs: fix space leak when we fail to reserve
metadata space (bnc#801427).
* btrfs: fix space accounting for unlink and rename
(bnc#801427).
* btrfs: allocate new chunks if the space is not enough
for global rsv (bnc#801427).
* btrfs: various abort cleanups (bnc#812526 bnc#801427).
* btrfs: simplify unlink reservations (bnc#801427).
OTHER:
* x86: Add workaround to NMI iret woes (bnc#831949).
*
x86: Do not schedule while still in NMI context
(bnc#831949).
*
bnx2x: Avoid sending multiple statistics queries
(bnc#814336).
*
bnx2x: protect different statistics flows
(bnc#814336).
*
futex: Take hugepages into account when generating
futex_key.
*
drivers/hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
printk: Add NMI ringbuffer (bnc#831949).
* printk: extract ringbuffer handling from vprintk
(bnc#831949).
* printk: NMI safe printk (bnc#831949).
* printk: Make NMI ringbuffer size independent on
log_buf_len (bnc#831949).
* printk: Do not call console_unlock from nmi context
(bnc#831949).
*
printk: Do not use printk_cpu from finish_printk
(bnc#831949).
*
mlx4_en: Adding 40gb speed report for ethtool
(bnc#831410).
*
reiserfs: Fixed double unlock in reiserfs_setattr
failure path.
* reiserfs: delay reiserfs lock until journal
initialization (bnc#815320).
* reiserfs: do not lock journal_init() (bnc#815320).
* reiserfs: locking, handle nested locks properly
(bnc#815320).
* reiserfs: locking, push write lock out of xattr code
(bnc#815320).
*
reiserfs: locking, release lock around quota
operations (bnc#815320).
*
NFS: support "nosharetransport" option (bnc#807502,
bnc#828192, FATE#315593).
*
dm mpath: add retain_attached_hw_handler feature
(bnc#760407).
*
scsi_dh: add scsi_dh_attached_handler_name
(bnc#760407).
*
bonding: disallow change of MAC if fail_over_mac
enabled (bnc#827376).
* bonding: propagate unicast lists down to slaves
(bnc#773255 bnc#827372).
* bonding: emit address change event also in
bond_release (bnc#773255 bnc#827372).
*
bonding: emit event when bonding changes MAC
(bnc#773255 bnc#827372).
*
SUNRPC: Ensure we release the socket write lock if
the rpc_task exits early (bnc#830901).
*
ext4: force read-only unless rw=1 module option is
used (fate#314864).
*
HID: fix unused rsize usage (bnc#783475).
*
HID: fix data access in implement() (bnc#783475).
*
xfs: fix deadlock in xfs_rtfree_extent with kernel
v3.x (bnc#829622).
*
r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
*
r8169: move the firmware down into the device private
data (bnc#805371).
*
mm: link_mem_sections make sure nmi watchdog does not
trigger while linking memory sections (bnc#820434).
*
kernel: lost IPIs on CPU hotplug (bnc#825048,
LTC#94784).
*
iwlwifi: use correct supported firmware for 6035 and
6000g2 (bnc#825887).
*
watchdog: Update watchdog_thresh atomically
(bnc#829357).
* watchdog: update watchdog_tresh properly (bnc#829357).
* watchdog:
watchdog-make-disable-enable-hotplug-and-preempt-save.patch
(bnc#829357).
*
include/1/smp.h: define __smp_call_function_single
for !CONFIG_SMP (bnc#829357).
*
lpfc: Return correct error code on bsg_timeout
(bnc#816043).
*
dm-multipath: Drop table when retrying ioctl
(bnc#808940).
*
scsi: Do not retry invalid function error
(bnc#809122).
*
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
ibmvfc: Driver version 1.0.1 (bnc#825142).
* ibmvfc: Fix for offlining devices during error
recovery (bnc#825142).
* ibmvfc: Properly set cancel flags when cancelling
abort (bnc#825142).
* ibmvfc: Send cancel when link is down (bnc#825142).
* ibmvfc: Support FAST_IO_FAIL in EH handlers
(bnc#825142).
*
ibmvfc: Suppress ABTS if target gone (bnc#825142).
*
fs/dcache.c: add cond_resched() to
shrink_dcache_parent() (bnc#829082).
*
kmsg_dump: do not run on non-error paths by default
(bnc#820172).
*
mm: honor min_free_kbytes set by user (bnc#826960).
*
hyperv: Fix a kernel warning from
netvsc_linkstatus_callback() (bnc#828574).
*
RT: Fix up hardening patch to not gripe when avg >
available, which lockless access makes possible and happens
in -rt kernels running a cpubound ltp realtime testcase.
Just keep the output sane in that case.
*
md/raid10: Fix two bug affecting RAID10 reshape (-).
*
Allow NFSv4 to run execute-only files (bnc#765523).
*
fs/ocfs2/namei.c: remove unecessary ERROR when
removing non-empty directory (bnc#819363).
*
block: Reserve only one queue tag for sync IO if only
3 tags are available (bnc#806396).
*
drm/i915: Add wait_for in init_ring_common
(bnc#813604).
*
drm/i915: Mark the ringbuffers as being in the GTT
domain (bnc#813604).
*
ext4: avoid hang when mounting non-journal
filesystems with orphan list (bnc#817377).
*
autofs4 - fix get_next_positive_subdir() (bnc#819523).
*
ocfs2: Add bits_wanted while calculating credits in
ocfs2_calc_extend_credits (bnc#822077).
*
re-enable io tracing (bnc#785901).
*
SUNRPC: Prevent an rpc_task wakeup race (bnc#825591).
*
tg3: Prevent system hang during repeated EEH errors
(bnc#822066).
*
backends: Check for insane amounts of requests on the
ring.
*
Update Xen patches to 3.0.82.
*
netiucv: Hold rtnl between name allocation and device
registration (bnc#824159).
*
drm/edid: Do not print messages regarding stereo or
csync by default (bnc #821235).
*
net/sunrpc: xpt_auth_cache should be ignored when
expired (bnc#803320).
* sunrpc/cache: ensure items removed from cache do not
have pending upcalls (bnc#803320).
* sunrpc/cache: remove races with queuing an upcall
(bnc#803320).
*
sunrpc/cache: use cache_fresh_unlocked consistently
and correctly (bnc#803320).
*
md/raid10 "enough" fixes (bnc#773837).
*
Update config files: disable IP_PNP (bnc#822825)
*
Disable efi pstore by default (bnc#804482 bnc#820172).
*
md: Fix problem with GET_BITMAP_FILE returning wrong
status (bnc#812974 bnc#823497).
*
USB: xHCI: override bogus bulk wMaxPacketSize values
(bnc#823082).
*
ALSA: hda - Fix system panic when DMA > 40 bits for
Nvidia audio controllers (bnc#818465).
*
USB: UHCI: fix for suspend of virtual HP controller
(bnc#817035).
*
mm: mmu_notifier: re-fix freed page still mapped in
secondary MMU (bnc#821052).
Security Issue references:
* CVE-2013-1059
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059
>
* CVE-2013-1774
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
>
* CVE-2013-1819
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1819
>
* CVE-2013-1929
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1929
>
* CVE-2013-2148
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2148
>
* CVE-2013-2164
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
>
* CVE-2013-2232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
>
* CVE-2013-2234
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
>
* CVE-2013-2237
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
>
* CVE-2013-2851
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851
>
* CVE-2013-4162
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
>
* CVE-2013-4163
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4163
>
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-kernel-8265 slessp2-kernel-8273
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-kernel-8263 slessp2-kernel-8265 slessp2-kernel-8266 slessp2-kernel-8268 slessp2-kernel-8273
- SUSE Linux Enterprise High Availability Extension 11 SP2:
zypper in -t patch sleshasp2-kernel-8263 sleshasp2-kernel-8265 sleshasp2-kernel-8266 sleshasp2-kernel-8268 sleshasp2-kernel-8273
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-kernel-8265 sledsp2-kernel-8273
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.93]:
kernel-default-3.0.93-0.5.1
kernel-default-base-3.0.93-0.5.1
kernel-default-devel-3.0.93-0.5.1
kernel-source-3.0.93-0.5.1
kernel-syms-3.0.93-0.5.1
kernel-trace-3.0.93-0.5.1
kernel-trace-base-3.0.93-0.5.1
kernel-trace-devel-3.0.93-0.5.1
kernel-xen-devel-3.0.93-0.5.1
xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.93]:
kernel-pae-3.0.93-0.5.1
kernel-pae-base-3.0.93-0.5.1
kernel-pae-devel-3.0.93-0.5.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.93]:
kernel-default-3.0.93-0.5.1
kernel-default-base-3.0.93-0.5.1
kernel-default-devel-3.0.93-0.5.1
kernel-source-3.0.93-0.5.1
kernel-syms-3.0.93-0.5.1
kernel-trace-3.0.93-0.5.1
kernel-trace-base-3.0.93-0.5.1
kernel-trace-devel-3.0.93-0.5.1
- SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.93]:
kernel-ec2-3.0.93-0.5.1
kernel-ec2-base-3.0.93-0.5.1
kernel-ec2-devel-3.0.93-0.5.1
kernel-xen-3.0.93-0.5.1
kernel-xen-base-3.0.93-0.5.1
kernel-xen-devel-3.0.93-0.5.1
xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39
xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39
- SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.93]:
kernel-default-man-3.0.93-0.5.1
- SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.93]:
kernel-ppc64-3.0.93-0.5.1
kernel-ppc64-base-3.0.93-0.5.1
kernel-ppc64-devel-3.0.93-0.5.1
- SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.93]:
kernel-pae-3.0.93-0.5.1
kernel-pae-base-3.0.93-0.5.1
kernel-pae-devel-3.0.93-0.5.1
xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):
cluster-network-kmp-default-1.4_3.0.93_0.5-2.18.61
cluster-network-kmp-trace-1.4_3.0.93_0.5-2.18.61
gfs2-kmp-default-2_3.0.93_0.5-0.7.91
gfs2-kmp-trace-2_3.0.93_0.5-0.7.91
ocfs2-kmp-default-1.6_3.0.93_0.5-0.11.60
ocfs2-kmp-trace-1.6_3.0.93_0.5-0.11.60
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):
cluster-network-kmp-xen-1.4_3.0.93_0.5-2.18.61
gfs2-kmp-xen-2_3.0.93_0.5-0.7.91
ocfs2-kmp-xen-1.6_3.0.93_0.5-0.11.60
- SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):
cluster-network-kmp-ppc64-1.4_3.0.93_0.5-2.18.61
gfs2-kmp-ppc64-2_3.0.93_0.5-0.7.91
ocfs2-kmp-ppc64-1.6_3.0.93_0.5-0.11.60
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):
cluster-network-kmp-pae-1.4_3.0.93_0.5-2.18.61
gfs2-kmp-pae-2_3.0.93_0.5-0.7.91
ocfs2-kmp-pae-1.6_3.0.93_0.5-0.11.60
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.93]:
kernel-default-3.0.93-0.5.1
kernel-default-base-3.0.93-0.5.1
kernel-default-devel-3.0.93-0.5.1
kernel-default-extra-3.0.93-0.5.1
kernel-source-3.0.93-0.5.1
kernel-syms-3.0.93-0.5.1
kernel-trace-3.0.93-0.5.1
kernel-trace-base-3.0.93-0.5.1
kernel-trace-devel-3.0.93-0.5.1
kernel-trace-extra-3.0.93-0.5.1
kernel-xen-3.0.93-0.5.1
kernel-xen-base-3.0.93-0.5.1
kernel-xen-devel-3.0.93-0.5.1
kernel-xen-extra-3.0.93-0.5.1
xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39
xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39
- SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.93]:
kernel-pae-3.0.93-0.5.1
kernel-pae-base-3.0.93-0.5.1
kernel-pae-devel-3.0.93-0.5.1
kernel-pae-extra-3.0.93-0.5.1
xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
ext4-writeable-kmp-default-0_3.0.93_0.5-0.14.72
ext4-writeable-kmp-trace-0_3.0.93_0.5-0.14.72
kernel-default-extra-3.0.93-0.5.1
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
ext4-writeable-kmp-xen-0_3.0.93_0.5-0.14.72
kernel-xen-extra-3.0.93-0.5.1
- SLE 11 SERVER Unsupported Extras (ppc64):
ext4-writeable-kmp-ppc64-0_3.0.93_0.5-0.14.72
kernel-ppc64-extra-3.0.93-0.5.1
- SLE 11 SERVER Unsupported Extras (i586):
ext4-writeable-kmp-pae-0_3.0.93_0.5-0.14.72
kernel-pae-extra-3.0.93-0.5.1
References:
http://support.novell.com/security/cve/CVE-2013-1059.html
http://support.novell.com/security/cve/CVE-2013-1774.html
http://support.novell.com/security/cve/CVE-2013-1819.html
http://support.novell.com/security/cve/CVE-2013-1929.html
http://support.novell.com/security/cve/CVE-2013-2148.html
http://support.novell.com/security/cve/CVE-2013-2164.html
http://support.novell.com/security/cve/CVE-2013-2232.html
http://support.novell.com/security/cve/CVE-2013-2234.html
http://support.novell.com/security/cve/CVE-2013-2237.html
http://support.novell.com/security/cve/CVE-2013-2851.html
http://support.novell.com/security/cve/CVE-2013-4162.html
http://support.novell.com/security/cve/CVE-2013-4163.html
https://bugzilla.novell.com/745640
https://bugzilla.novell.com/760407
https://bugzilla.novell.com/765523
https://bugzilla.novell.com/773006
https://bugzilla.novell.com/773255
https://bugzilla.novell.com/773837
https://bugzilla.novell.com/783475
https://bugzilla.novell.com/785901
https://bugzilla.novell.com/789010
https://bugzilla.novell.com/801427
https://bugzilla.novell.com/803320
https://bugzilla.novell.com/804482
https://bugzilla.novell.com/805371
https://bugzilla.novell.com/806396
https://bugzilla.novell.com/806976
https://bugzilla.novell.com/807471
https://bugzilla.novell.com/807502
https://bugzilla.novell.com/808940
https://bugzilla.novell.com/809122
https://bugzilla.novell.com/812526
https://bugzilla.novell.com/812974
https://bugzilla.novell.com/813604
https://bugzilla.novell.com/813733
https://bugzilla.novell.com/814336
https://bugzilla.novell.com/815320
https://bugzilla.novell.com/816043
https://bugzilla.novell.com/817035
https://bugzilla.novell.com/817377
https://bugzilla.novell.com/818465
https://bugzilla.novell.com/819363
https://bugzilla.novell.com/819523
https://bugzilla.novell.com/820172
https://bugzilla.novell.com/820434
https://bugzilla.novell.com/821052
https://bugzilla.novell.com/821235
https://bugzilla.novell.com/822066
https://bugzilla.novell.com/822077
https://bugzilla.novell.com/822575
https://bugzilla.novell.com/822825
https://bugzilla.novell.com/823082
https://bugzilla.novell.com/823342
https://bugzilla.novell.com/823497
https://bugzilla.novell.com/823517
https://bugzilla.novell.com/824159
https://bugzilla.novell.com/824295
https://bugzilla.novell.com/824915
https://bugzilla.novell.com/825048
https://bugzilla.novell.com/825142
https://bugzilla.novell.com/825227
https://bugzilla.novell.com/825591
https://bugzilla.novell.com/825657
https://bugzilla.novell.com/825887
https://bugzilla.novell.com/826350
https://bugzilla.novell.com/826960
https://bugzilla.novell.com/827372
https://bugzilla.novell.com/827376
https://bugzilla.novell.com/827378
https://bugzilla.novell.com/827749
https://bugzilla.novell.com/827750
https://bugzilla.novell.com/828119
https://bugzilla.novell.com/828192
https://bugzilla.novell.com/828574
https://bugzilla.novell.com/828714
https://bugzilla.novell.com/829082
https://bugzilla.novell.com/829357
https://bugzilla.novell.com/829622
https://bugzilla.novell.com/830901
https://bugzilla.novell.com/831055
https://bugzilla.novell.com/831058
https://bugzilla.novell.com/831410
https://bugzilla.novell.com/831949
http://download.novell.com/patch/finder/?keywords=37bf52c8f30673eaef1970970…
http://download.novell.com/patch/finder/?keywords=4a2bbac89400f453e7fd3d5ec…
http://download.novell.com/patch/finder/?keywords=64fe0c8fdb37a802ba1d3ab22…
http://download.novell.com/patch/finder/?keywords=7522b3dcec7839a895be8a909…
http://download.novell.com/patch/finder/?keywords=c4c1ef1e3b6233de0340a6812…
http://download.novell.com/patch/finder/?keywords=c98e807bf90b60764d8c0872c…
http://download.novell.com/patch/finder/?keywords=d97a0a8ee838ab1460d0786af…
http://download.novell.com/patch/finder/?keywords=dc6670827fef356e4d0d6ee07…
http://download.novell.com/patch/finder/?keywords=f12db006ffe558db54493c844…
http://download.novell.com/patch/finder/?keywords=f931e6a6db71d7ce590fa7844…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2013:1473-1: important: Security update for Linux kernel
by opensuse-security@opensuse.org 20 Sep '13
by opensuse-security@opensuse.org 20 Sep '13
20 Sep '13
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1473-1
Rating: important
References: #745640 #760407 #765523 #773006 #773255 #783475
#789010 #797909 #800875 #801341 #805371 #805740
#805804 #806396 #807471 #807502 #808940 #809122
#809463 #812274 #813733 #814336 #815256 #815320
#816043 #818047 #819363 #820172 #820434 #822052
#822164 #822225 #822575 #822579 #822878 #823517
#824256 #824295 #824568 #824915 #825048 #825142
#825227 #825887 #826350 #826960 #827271 #827372
#827376 #827378 #827749 #827750 #827930 #828087
#828119 #828192 #828265 #828574 #828714 #828886
#828914 #829001 #829082 #829357 #829539 #829622
#830346 #830478 #830766 #830822 #830901 #831055
#831058 #831410 #831422 #831424 #831438 #831623
#831949 #832318 #833073 #833097 #833148 #834116
#834647 #834742 #835175
Cross-References: CVE-2013-1059 CVE-2013-1819 CVE-2013-1929
CVE-2013-2148 CVE-2013-2164 CVE-2013-2232
CVE-2013-2234 CVE-2013-2237 CVE-2013-2851
CVE-2013-2852 CVE-2013-3301 CVE-2013-4162
CVE-2013-4163
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise High Availability Extension 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves 13 vulnerabilities and has 74 fixes
is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to version 3.0.93 and to fix various bugs and
security issues.
The following features have been added:
* NFS: Now supports a "nosharetransport" option
(bnc#807502, bnc#828192, FATE#315593).
* ALSA: virtuoso: Xonar DSX support was added
(FATE#316016).
The following security issues have been fixed:
*
CVE-2013-2148: The fill_event_metadata function in
fs/notify/fanotify/fanotify_user.c in the Linux kernel did
not initialize a certain structure member, which allowed
local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.
*
CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel did not initialize
a certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy
interface of an IPSec key_socket.
*
CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.
*
CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel did not initialize certain structure
members, which allowed local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
CVE-2013-4162: The udp_v6_push_pending_frames function in
net/ipv6/udp.c in the IPv6 implementation in the Linux
kernel made an incorrect function call for pending data,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1059: net/ceph/auth_none.c in the Linux
kernel allowed remote attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via an auth_reply
message that triggers an attempted build_request operation.
*
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory
via a read operation on a malfunctioning CD-ROM drive.
*
CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
allowed local users to gain privileges by leveraging root
access and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create
a crafted /dev/md device name.
*
CVE-2013-4163: The ip6_append_data_mtu function in
net/ipv6/ip6_output.c in the IPv6 implementation in the
Linux kernel did not properly maintain information about
whether the IPV6_MTU setsockopt option had been specified,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1929: Heap-based buffer overflow in the
tg3_read_vpd function in
drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
allowed physically proximate attackers to cause a denial of
service (system crash) or possibly execute arbitrary code
via crafted firmware that specifies a long string in the
Vital Product Data (VPD) data structure.
*
CVE-2013-1819: The _xfs_buf_find function in
fs/xfs/xfs_buf.c in the Linux kernel did not validate block
numbers, which allowed local users to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by leveraging the
ability to mount an XFS filesystem containing a metadata
inode with an invalid extent map.
Also the following non-security bugs have been fixed:
* ACPI / APEI: Force fatal AER severity when component
has been reset (bnc#828886 bnc#824568).
* PCI/AER: Move AER severity defines to aer.h
(bnc#828886 bnc#824568).
* PCI/AER: Set dev->__aer_firmware_first only for
matching devices (bnc#828886 bnc#824568).
* PCI/AER: Factor out HEST device type matching
(bnc#828886 bnc#824568).
* PCI/AER: Do not parse HEST table for non-PCIe devices
(bnc#828886 bnc#824568).
*
PCI/AER: Reset link for devices below Root Port or
Downstream Port (bnc#828886 bnc#824568).
*
zfcp: fix lock imbalance by reworking request queue
locking (bnc#835175, LTC#96825).
*
qeth: Fix crash on initial MTU size change
(bnc#835175, LTC#96809).
*
qeth: change default standard blkt settings for OSA
Express (bnc#835175, LTC#96808).
*
x86: Add workaround to NMI iret woes (bnc#831949).
*
x86: Do not schedule while still in NMI context
(bnc#831949).
*
drm/i915: no longer call drm_helper_resume_force_mode
(bnc#831424,bnc#800875).
*
bnx2x: protect different statistics flows
(bnc#814336).
* bnx2x: Avoid sending multiple statistics queries
(bnc#814336).
*
bnx2x: protect different statistics flows
(bnc#814336).
*
ALSA: hda - Fix unbalanced runtime pm refount
(bnc#834742).
*
xhci: directly calling _PS3 on suspend (bnc#833148).
*
futex: Take hugepages into account when generating
futex_key.
*
e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
* e1000e: helper functions for accessing EMI registers
(bnc#834647).
* e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
*
e1000e: helper functions for accessing EMI registers
(bnc#834647).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
printk: Add NMI ringbuffer (bnc#831949).
* printk: extract ringbuffer handling from vprintk
(bnc#831949).
* printk: NMI safe printk (bnc#831949).
* printk: Make NMI ringbuffer size independent on
log_buf_len (bnc#831949).
* printk: Do not call console_unlock from nmi context
(bnc#831949).
*
printk: Do not use printk_cpu from finish_printk
(bnc#831949).
*
zfcp: fix schedule-inside-lock in scsi_device list
loops (bnc#833073, LTC#94937).
*
uvc: increase number of buffers (bnc#822164,
bnc#805804).
*
drm/i915: Adding more reserved PCI IDs for Haswell
(bnc#834116).
*
Refresh patches.xen/xen-netback-generalize
(bnc#827378).
*
Update Xen patches to 3.0.87.
*
mlx4_en: Adding 40gb speed report for ethtool
(bnc#831410).
*
drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
* drm/i915: Fix write-read race with multiple rings
(bnc#831422).
* drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
*
drm/i915: Fix write-read race with multiple rings
(bnc#831422).
*
xhci: Add xhci_disable_ports boot option (bnc#822164).
*
xhci: set device to D3Cold on shutdown (bnc#833097).
*
reiserfs: Fixed double unlock in reiserfs_setattr
failure path.
* reiserfs: locking, release lock around quota
operations (bnc#815320).
* reiserfs: locking, push write lock out of xattr code
(bnc#815320).
* reiserfs: locking, handle nested locks properly
(bnc#815320).
* reiserfs: do not lock journal_init() (bnc#815320).
*
reiserfs: delay reiserfs lock until journal
initialization (bnc#815320).
*
NFS: support "nosharetransport" option (bnc#807502,
bnc#828192, FATE#315593).
*
HID: hyperv: convert alloc+memcpy to memdup.
* Drivers: hv: vmbus: Implement multi-channel support
(fate#316098).
* Drivers: hv: Add the GUID fot synthetic fibre channel
device (fate#316098).
* tools: hv: Check return value of setsockopt call.
* tools: hv: Check return value of poll call.
* tools: hv: Check retrun value of strchr call.
* tools: hv: Fix file descriptor leaks.
* tools: hv: Improve error logging in KVP daemon.
* drivers: hv: switch to use mb() instead of smp_mb().
* drivers: hv: check interrupt mask before read_index.
* drivers: hv: allocate synic structures before
hv_synic_init().
* storvsc: Increase the value of scsi timeout for
storvsc devices (fate#316098).
* storvsc: Update the storage protocol to win8 level
(fate#316098).
* storvsc: Implement multi-channel support
(fate#316098).
* storvsc: Support FC devices (fate#316098).
* storvsc: Increase the value of
STORVSC_MAX_IO_REQUESTS (fate#316098).
* hyperv: Fix the NETIF_F_SG flag setting in netvsc.
* Drivers: hv: vmbus: incorrect device name is printed
when child device is unregistered.
*
Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
(bnc#828714).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
dm mpath: add retain_attached_hw_handler feature
(bnc#760407).
*
scsi_dh: add scsi_dh_attached_handler_name
(bnc#760407).
*
af_key: fix info leaks in notify messages (bnc#827749
CVE-2013-2234).
*
af_key: initialize satype in
key_notify_policy_flush() (bnc#828119 CVE-2013-2237).
*
ipv6: call udp_push_pending_frames when uncorking a
socket with (bnc#831058, CVE-2013-4162).
*
tg3: fix length overflow in VPD firmware parsing
(bnc#813733 CVE-2013-1929).
*
xfs: fix _xfs_buf_find oops on blocks beyond the
filesystem end (CVE-2013-1819 bnc#807471).
*
ipv6: ip6_sk_dst_check() must not assume ipv6 dst
(bnc#827750, CVE-2013-2232).
*
dasd: fix hanging devices after path events
(bnc#831623, LTC#96336).
*
kernel: z90crypt module load crash (bnc#831623,
LTC#96214).
*
ata: Fix DVD not dectected at some platform with
Wellsburg PCH (bnc#822225).
*
drm/i915: edp: add standard modes (bnc#832318).
*
Do not switch camera on yet more HP machines
(bnc#822164).
*
Do not switch camera on HP EB 820 G1 (bnc#822164).
*
xhci: Avoid NULL pointer deref when host dies
(bnc#827271).
*
bonding: disallow change of MAC if fail_over_mac
enabled (bnc#827376).
* bonding: propagate unicast lists down to slaves
(bnc#773255 bnc#827372).
* net/bonding: emit address change event also in
bond_release (bnc#773255 bnc#827372).
*
bonding: emit event when bonding changes MAC
(bnc#773255 bnc#827372).
*
usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
controllers with xhci 1.0 (bnc#797909).
*
xhci: fix null pointer dereference on
ring_doorbell_for_active_rings (bnc#827271).
*
updated reference for security issue fixed inside
(CVE-2013-3301 bnc#815256)
*
qla2xxx: Clear the MBX_INTR_WAIT flag when the
mailbox time-out happens (bnc#830478).
*
drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
* drm/i915: fix up gt init sequence fallout
(bnc#801341).
* drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
*
drm/i915: fix up gt init sequence fallout
(bnc#801341).
*
timer_list: Correct the iterator for timer_list
(bnc#818047).
*
firmware: do not spew errors in normal boot
(bnc#831438, fate#314574).
*
ALSA: virtuoso: Xonar DSX support (FATE#316016).
*
SUNRPC: Ensure we release the socket write lock if
the rpc_task exits early (bnc#830901).
*
ext4: Re-add config option Building ext4 as the
ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that
read-write module should be enabled. This update just
defaults allow_rw to true if it is set.
*
e1000: fix vlan processing regression (bnc#830766).
*
ext4: force read-only unless rw=1 module option is
used (fate#314864).
*
dm mpath: fix ioctl deadlock when no paths
(bnc#808940).
*
HID: fix unused rsize usage (bnc#783475).
*
add reference for b43 format string flaw (bnc#822579
CVE-2013-2852)
*
HID: fix data access in implement() (bnc#783475).
*
xfs: fix deadlock in xfs_rtfree_extent with kernel
v3.x (bnc#829622).
*
kernel: sclp console hangs (bnc#830346, LTC#95711).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
Delete
patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi
rst-occurrence. It was removed from series.conf in
063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was
not deleted.
*
Drivers: hv: balloon: Do not post pressure status if
interrupted (bnc#829539).
*
Drivers: hv: balloon: Fix a bug in the hot-add code
(bnc#829539).
*
drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
* drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
* drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
*
drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
* r8169: move the firmware down into the device private
data (bnc#805371).
* r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
*
r8169: move the firmware down into the device private
data (bnc#805371).
*
patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:
mm: link_mem_sections make sure nmi watchdog does not
trigger while linking memory sections (bnc#820434).
*
drm/i915: fix long-standing SNB regression in power
consumption after resume v2 (bnc#801341).
*
RTC: Add an alarm disable quirk (bnc#805740).
*
drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
* drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
* drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
*
drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
*
drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
* drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
* drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
*
drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
*
patches.arch/s390-66-02-smp-ipi.patch: kernel: lost
IPIs on CPU hotplug (bnc#825048, LTC#94784).
*
patches.fixes/iwlwifi-use-correct-supported-firmware-for-603
5-and-.patch: iwlwifi: use correct supported firmware for
6035 and 6000g2 (bnc#825887).
*
patches.fixes/watchdog-update-watchdog_thresh-atomically.pat
ch: watchdog: Update watchdog_thresh atomically
(bnc#829357).
*
patches.fixes/watchdog-update-watchdog_tresh-properly.patch:
watchdog: update watchdog_tresh properly (bnc#829357).
*
patches.fixes/watchdog-make-disable-enable-hotplug-and-preem
pt-save.patch:
watchdog-make-disable-enable-hotplug-and-preempt-save.patch
(bnc#829357).
*
kabi/severities: Ignore changes in drivers/hv
*
patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou
t.patch: lpfc: Return correct error code on bsg_timeout
(bnc#816043).
*
patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:
dm-multipath: Drop table when retrying ioctl (bnc#808940).
*
scsi: Do not retry invalid function error
(bnc#809122).
*
patches.suse/scsi-do-not-retry-invalid-function-error.patch:
scsi: Do not retry invalid function error (bnc#809122).
*
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.suse/scsi-always-retry-internal-target-error.patch:
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.drivers/drm-edid-Don-t-print-messages-regarding-ster
eo-or-csync-by-default.patch: Refresh: add upstream commit
ID.
*
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
Refresh. (bnc#824915).
*
Refresh
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch
(bnc#824915).
*
Update kabi files.
*
ACPI:remove panic in case hardware has changed after
S4 (bnc#829001).
*
ibmvfc: Driver version 1.0.1 (bnc#825142).
* ibmvfc: Fix for offlining devices during error
recovery (bnc#825142).
* ibmvfc: Properly set cancel flags when cancelling
abort (bnc#825142).
* ibmvfc: Send cancel when link is down (bnc#825142).
* ibmvfc: Support FAST_IO_FAIL in EH handlers
(bnc#825142).
*
ibmvfc: Suppress ABTS if target gone (bnc#825142).
*
fs/dcache.c: add cond_resched() to
shrink_dcache_parent() (bnc#829082).
*
drivers/cdrom/cdrom.c: use kzalloc() for failing
hardware (bnc#824295, CVE-2013-2164).
*
kmsg_dump: do not run on non-error paths by default
(bnc#820172).
*
supported.conf: mark tcm_qla2xxx as supported
*
mm: honor min_free_kbytes set by user (bnc#826960).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
hyperv: Fix a kernel warning from
netvsc_linkstatus_callback() (bnc#828574).
*
RT: Fix up hardening patch to not gripe when avg >
available, which lockless access makes possible and happens
in -rt kernels running a cpubound ltp realtime testcase.
Just keep the output sane in that case.
*
kabi/severities: Add exception for
aer_recover_queue() There should not be any user besides
ghes.ko.
*
Fix rpm changelog
*
PCI / PM: restore the original behavior of
pci_set_power_state() (bnc#827930).
*
fanotify: info leak in copy_event_to_user()
(CVE-2013-2148 bnc#823517).
*
usb: xhci: check usb2 port capabilities before adding
hw link PM support (bnc#828265).
*
aerdrv: Move cper_print_aer() call out of interrupt
context (bnc#822052, bnc#824568).
*
PCI/AER: pci_get_domain_bus_and_slot() call missing
required pci_dev_put() (bnc#822052, bnc#824568).
*
patches.fixes/block-do-not-pass-disk-names-as-format-strings
.patch: block: do not pass disk names as format strings
(bnc#822575 CVE-2013-2851).
*
powerpc: POWER8 cputable entries (bnc#824256).
*
libceph: Fix NULL pointer dereference in auth client
code. (CVE-2013-1059, bnc#826350)
*
md/raid10: Fix two bug affecting RAID10 reshape.
*
Allow NFSv4 to run execute-only files (bnc#765523).
*
fs/ocfs2/namei.c: remove unecessary ERROR when
removing non-empty directory (bnc#819363).
*
block: Reserve only one queue tag for sync IO if only
3 tags are available (bnc#806396).
*
btrfs: merge contigous regions when loading free
space cache
*
btrfs: fix how we deal with the orphan block rsv.
* btrfs: fix wrong check during log recovery.
* btrfs: change how we indicate we are adding csums.
Security Issue references:
* CVE-2013-1059
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059
>
* CVE-2013-1819
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1819
>
* CVE-2013-1929
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1929
>
* CVE-2013-2148
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2148
>
* CVE-2013-2164
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
>
* CVE-2013-2232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
>
* CVE-2013-2234
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
>
* CVE-2013-2237
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
>
* CVE-2013-2851
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851
>
* CVE-2013-2852
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
>
* CVE-2013-3301
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3301
>
* CVE-2013-4162
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
>
* CVE-2013-4163
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4163
>
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-kernel-8270 slessp3-kernel-8283
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-kernel-8264 slessp3-kernel-8267 slessp3-kernel-8269 slessp3-kernel-8270 slessp3-kernel-8283
- SUSE Linux Enterprise High Availability Extension 11 SP3:
zypper in -t patch slehasp3-kernel-8264 slehasp3-kernel-8267 slehasp3-kernel-8269 slehasp3-kernel-8270 slehasp3-kernel-8283
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-kernel-8270 sledsp3-kernel-8283
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.93]:
kernel-default-3.0.93-0.8.2
kernel-default-base-3.0.93-0.8.2
kernel-default-devel-3.0.93-0.8.2
kernel-source-3.0.93-0.8.2
kernel-syms-3.0.93-0.8.2
kernel-trace-3.0.93-0.8.2
kernel-trace-base-3.0.93-0.8.2
kernel-trace-devel-3.0.93-0.8.2
kernel-xen-devel-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.93]:
kernel-pae-3.0.93-0.8.2
kernel-pae-base-3.0.93-0.8.2
kernel-pae-devel-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.93]:
kernel-default-3.0.93-0.8.2
kernel-default-base-3.0.93-0.8.2
kernel-default-devel-3.0.93-0.8.2
kernel-source-3.0.93-0.8.2
kernel-syms-3.0.93-0.8.2
kernel-trace-3.0.93-0.8.2
kernel-trace-base-3.0.93-0.8.2
kernel-trace-devel-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.93]:
kernel-ec2-3.0.93-0.8.2
kernel-ec2-base-3.0.93-0.8.2
kernel-ec2-devel-3.0.93-0.8.2
kernel-xen-3.0.93-0.8.2
kernel-xen-base-3.0.93-0.8.2
kernel-xen-devel-3.0.93-0.8.2
xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17
- SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.93]:
kernel-default-man-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.93]:
kernel-ppc64-3.0.93-0.8.2
kernel-ppc64-base-3.0.93-0.8.2
kernel-ppc64-devel-3.0.93-0.8.2
- SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.93]:
kernel-pae-3.0.93-0.8.2
kernel-pae-base-3.0.93-0.8.2
kernel-pae-devel-3.0.93-0.8.2
xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):
cluster-network-kmp-default-1.4_3.0.93_0.8-2.27.8
cluster-network-kmp-trace-1.4_3.0.93_0.8-2.27.8
gfs2-kmp-default-2_3.0.93_0.8-0.16.14
gfs2-kmp-trace-2_3.0.93_0.8-0.16.14
ocfs2-kmp-default-1.6_3.0.93_0.8-0.20.8
ocfs2-kmp-trace-1.6_3.0.93_0.8-0.20.8
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):
cluster-network-kmp-xen-1.4_3.0.93_0.8-2.27.8
gfs2-kmp-xen-2_3.0.93_0.8-0.16.14
ocfs2-kmp-xen-1.6_3.0.93_0.8-0.20.8
- SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):
cluster-network-kmp-ppc64-1.4_3.0.93_0.8-2.27.8
gfs2-kmp-ppc64-2_3.0.93_0.8-0.16.14
ocfs2-kmp-ppc64-1.6_3.0.93_0.8-0.20.8
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):
cluster-network-kmp-pae-1.4_3.0.93_0.8-2.27.8
gfs2-kmp-pae-2_3.0.93_0.8-0.16.14
ocfs2-kmp-pae-1.6_3.0.93_0.8-0.20.8
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.93]:
kernel-default-3.0.93-0.8.2
kernel-default-base-3.0.93-0.8.2
kernel-default-devel-3.0.93-0.8.2
kernel-default-extra-3.0.93-0.8.2
kernel-source-3.0.93-0.8.2
kernel-syms-3.0.93-0.8.2
kernel-trace-devel-3.0.93-0.8.2
kernel-xen-3.0.93-0.8.2
kernel-xen-base-3.0.93-0.8.2
kernel-xen-devel-3.0.93-0.8.2
kernel-xen-extra-3.0.93-0.8.2
xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17
- SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.93]:
kernel-pae-3.0.93-0.8.2
kernel-pae-base-3.0.93-0.8.2
kernel-pae-devel-3.0.93-0.8.2
kernel-pae-extra-3.0.93-0.8.2
xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.93-0.8.2
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
kernel-xen-extra-3.0.93-0.8.2
- SLE 11 SERVER Unsupported Extras (ppc64):
kernel-ppc64-extra-3.0.93-0.8.2
- SLE 11 SERVER Unsupported Extras (i586):
kernel-pae-extra-3.0.93-0.8.2
References:
http://support.novell.com/security/cve/CVE-2013-1059.html
http://support.novell.com/security/cve/CVE-2013-1819.html
http://support.novell.com/security/cve/CVE-2013-1929.html
http://support.novell.com/security/cve/CVE-2013-2148.html
http://support.novell.com/security/cve/CVE-2013-2164.html
http://support.novell.com/security/cve/CVE-2013-2232.html
http://support.novell.com/security/cve/CVE-2013-2234.html
http://support.novell.com/security/cve/CVE-2013-2237.html
http://support.novell.com/security/cve/CVE-2013-2851.html
http://support.novell.com/security/cve/CVE-2013-2852.html
http://support.novell.com/security/cve/CVE-2013-3301.html
http://support.novell.com/security/cve/CVE-2013-4162.html
http://support.novell.com/security/cve/CVE-2013-4163.html
https://bugzilla.novell.com/745640
https://bugzilla.novell.com/760407
https://bugzilla.novell.com/765523
https://bugzilla.novell.com/773006
https://bugzilla.novell.com/773255
https://bugzilla.novell.com/783475
https://bugzilla.novell.com/789010
https://bugzilla.novell.com/797909
https://bugzilla.novell.com/800875
https://bugzilla.novell.com/801341
https://bugzilla.novell.com/805371
https://bugzilla.novell.com/805740
https://bugzilla.novell.com/805804
https://bugzilla.novell.com/806396
https://bugzilla.novell.com/807471
https://bugzilla.novell.com/807502
https://bugzilla.novell.com/808940
https://bugzilla.novell.com/809122
https://bugzilla.novell.com/809463
https://bugzilla.novell.com/812274
https://bugzilla.novell.com/813733
https://bugzilla.novell.com/814336
https://bugzilla.novell.com/815256
https://bugzilla.novell.com/815320
https://bugzilla.novell.com/816043
https://bugzilla.novell.com/818047
https://bugzilla.novell.com/819363
https://bugzilla.novell.com/820172
https://bugzilla.novell.com/820434
https://bugzilla.novell.com/822052
https://bugzilla.novell.com/822164
https://bugzilla.novell.com/822225
https://bugzilla.novell.com/822575
https://bugzilla.novell.com/822579
https://bugzilla.novell.com/822878
https://bugzilla.novell.com/823517
https://bugzilla.novell.com/824256
https://bugzilla.novell.com/824295
https://bugzilla.novell.com/824568
https://bugzilla.novell.com/824915
https://bugzilla.novell.com/825048
https://bugzilla.novell.com/825142
https://bugzilla.novell.com/825227
https://bugzilla.novell.com/825887
https://bugzilla.novell.com/826350
https://bugzilla.novell.com/826960
https://bugzilla.novell.com/827271
https://bugzilla.novell.com/827372
https://bugzilla.novell.com/827376
https://bugzilla.novell.com/827378
https://bugzilla.novell.com/827749
https://bugzilla.novell.com/827750
https://bugzilla.novell.com/827930
https://bugzilla.novell.com/828087
https://bugzilla.novell.com/828119
https://bugzilla.novell.com/828192
https://bugzilla.novell.com/828265
https://bugzilla.novell.com/828574
https://bugzilla.novell.com/828714
https://bugzilla.novell.com/828886
https://bugzilla.novell.com/828914
https://bugzilla.novell.com/829001
https://bugzilla.novell.com/829082
https://bugzilla.novell.com/829357
https://bugzilla.novell.com/829539
https://bugzilla.novell.com/829622
https://bugzilla.novell.com/830346
https://bugzilla.novell.com/830478
https://bugzilla.novell.com/830766
https://bugzilla.novell.com/830822
https://bugzilla.novell.com/830901
https://bugzilla.novell.com/831055
https://bugzilla.novell.com/831058
https://bugzilla.novell.com/831410
https://bugzilla.novell.com/831422
https://bugzilla.novell.com/831424
https://bugzilla.novell.com/831438
https://bugzilla.novell.com/831623
https://bugzilla.novell.com/831949
https://bugzilla.novell.com/832318
https://bugzilla.novell.com/833073
https://bugzilla.novell.com/833097
https://bugzilla.novell.com/833148
https://bugzilla.novell.com/834116
https://bugzilla.novell.com/834647
https://bugzilla.novell.com/834742
https://bugzilla.novell.com/835175
http://download.novell.com/patch/finder/?keywords=0ac91b201b328861b832cc9a2…
http://download.novell.com/patch/finder/?keywords=191d1a273a8c36c8ea012d9d4…
http://download.novell.com/patch/finder/?keywords=4ae0f4ab33ce6f2db597d9df8…
http://download.novell.com/patch/finder/?keywords=4cd5eadeb6509d92f806e5cee…
http://download.novell.com/patch/finder/?keywords=61459cd922860f9fa4e664f18…
http://download.novell.com/patch/finder/?keywords=644896ee11863828529ebdee6…
http://download.novell.com/patch/finder/?keywords=79b73575f6204cac04299c610…
http://download.novell.com/patch/finder/?keywords=c98e6cc38ee03dd039683da9b…
http://download.novell.com/patch/finder/?keywords=ebf6b9a0e30da81aed0eccbac…
http://download.novell.com/patch/finder/?keywords=ee2560c9159e67ffcb9684870…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2013:1464-1: important: Security update for flash-player
by opensuse-security@opensuse.org 18 Sep '13
by opensuse-security@opensuse.org 18 Sep '13
18 Sep '13
SUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1464-1
Rating: important
References: #839897
Cross-References: CVE-2013-3361 CVE-2013-3362 CVE-2013-3363
CVE-2013-5324
Affected Products:
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
It includes one version update.
Description:
Adobe flash-player has been updated to version 11.2.202.310
(ABSP13-21) which fixes several bugs and security issues.
(SUSE bnc#839897)
These updates resolve memory corruption vulnerabilities
that could have lead to code execution (CVE-2013-3361,
CVE-2013-3362, CVE-2013-3363, CVE-2013-5324).
The official advisory can be found on
https://www.adobe.com/support/security/bulletins/apsb13-21.h
tml
<https://www.adobe.com/support/security/bulletins/apsb13-21.
html>
Security Issue reference references:
* CVE-2013-3361
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3361
>
* CVE-2013-3362
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3362
>
* CVE-2013-3363
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3363
>
* CVE-2013-5324
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5324
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-flash-player-8331
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-flash-player-8330
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.310]:
flash-player-11.2.202.310-0.3.1
flash-player-gnome-11.2.202.310-0.3.1
flash-player-kde4-11.2.202.310-0.3.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.310]:
flash-player-11.2.202.310-0.3.1
flash-player-gnome-11.2.202.310-0.3.1
flash-player-kde4-11.2.202.310-0.3.1
References:
http://support.novell.com/security/cve/CVE-2013-3361.html
http://support.novell.com/security/cve/CVE-2013-3362.html
http://support.novell.com/security/cve/CVE-2013-3363.html
http://support.novell.com/security/cve/CVE-2013-5324.html
https://bugzilla.novell.com/839897
http://download.novell.com/patch/finder/?keywords=1f13c6255ccae0c6aefb9a7cb…
http://download.novell.com/patch/finder/?keywords=548169ecd92ed01c70cacd01e…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2013:1456-1: important: update for flash-player
by opensuse-security@opensuse.org 17 Sep '13
by opensuse-security@opensuse.org 17 Sep '13
17 Sep '13
openSUSE Security Update: update for flash-player
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:1456-1
Rating: important
References: #839897
Cross-References: CVE-2013-3361 CVE-2013-3362 CVE-2013-3363
CVE-2013-5324
Affected Products:
openSUSE 12.3:NonFree
openSUSE 12.2:NonFree
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
Adobe flash-player has been updated to version 11.2.202.310
(ABSP13-21) which fixes bugs and security issues.
(bnc#839897)
These updates resolve memory corruption vulnerabilities
that could lead to code execution.
(CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:NonFree:
zypper in -t patch openSUSE-2013-705
- openSUSE 12.2:NonFree:
zypper in -t patch openSUSE-2013-705
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3:NonFree (i586 x86_64):
flash-player-11.2.202.310-2.36.1
flash-player-gnome-11.2.202.310-2.36.1
flash-player-kde4-11.2.202.310-2.36.1
- openSUSE 12.2:NonFree (i586 x86_64):
flash-player-11.2.202.310-1.60.1
flash-player-gnome-11.2.202.310-1.60.1
flash-player-kde4-11.2.202.310-1.60.1
References:
http://support.novell.com/security/cve/CVE-2013-3361.html
http://support.novell.com/security/cve/CVE-2013-3362.html
http://support.novell.com/security/cve/CVE-2013-3363.html
http://support.novell.com/security/cve/CVE-2013-5324.html
https://bugzilla.novell.com/839897
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2013:1448-1: important: Security update for oracle-update
by opensuse-security@opensuse.org 13 Sep '13
by opensuse-security@opensuse.org 13 Sep '13
13 Sep '13
SUSE Security Update: Security update for oracle-update
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1448-1
Rating: important
References: #836732
Cross-References: CVE-2013-3751 CVE-2013-3760 CVE-2013-3771
CVE-2013-3774 CVE-2013-3789 CVE-2013-3790
Affected Products:
SUSE Manager 1.7 for SLE 11 SP2
SUSE Manager 1.2 for SLE 11 SP1
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This version upgrade of oracle-update fixed multiple
security issues. A detailed description can be found in
the original advisory:
http://www.oracle.com/technetwork/topics/security/cpujuly201
3-1899826.html
<http://www.oracle.com/technetwork/topics/security/cpujuly20
13-1899826.html>
Security Issue references:
* CVE-2013-3751
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3751
>
* CVE-2013-3774
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3774
>
* CVE-2013-3760
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3760
>
* CVE-2013-3771
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3771
>
* CVE-2013-3789
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3789
>
* CVE-2013-3790
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3790
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager 1.7 for SLE 11 SP2:
zypper in -t patch sleman17sp2-oracle-update-8249
- SUSE Manager 1.2 for SLE 11 SP1:
zypper in -t patch sleman12sp1-oracle-update-8248
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager 1.7 for SLE 11 SP2 (x86_64):
oracle-update-1.7-0.21.1
- SUSE Manager 1.2 for SLE 11 SP1 (x86_64):
oracle-update-1.7-0.4.22.1
References:
http://support.novell.com/security/cve/CVE-2013-3751.html
http://support.novell.com/security/cve/CVE-2013-3760.html
http://support.novell.com/security/cve/CVE-2013-3771.html
http://support.novell.com/security/cve/CVE-2013-3774.html
http://support.novell.com/security/cve/CVE-2013-3789.html
http://support.novell.com/security/cve/CVE-2013-3790.html
https://bugzilla.novell.com/836732
http://download.novell.com/patch/finder/?keywords=4c6053cb535cc190ac1d124f3…
http://download.novell.com/patch/finder/?keywords=e21c13500d5e8f7827e265a0e…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0