openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
July 2014
- 1 participants
- 25 discussions
[security-announce] SUSE-SU-2014:0955-1: important: Security update for lzo
by opensuse-security@opensuse.org 31 Jul '14
by opensuse-security@opensuse.org 31 Jul '14
31 Jul '14
SUSE Security Update: Security update for lzo
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0955-1
Rating: important
References: #883947
Cross-References: CVE-2014-4607
Affected Products:
SUSE Linux Enterprise Server 11 SP2 LTSS
SUSE Linux Enterprise Server 11 SP1 LTSS
SUSE Linux Enterprise Server 10 SP4 LTSS
SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
lzo has been updated to fix a potential denial of service issue or
possible remote code execution by allowing an attacker, if the LZO
decompression algorithm is used in a threaded or kernel context, to
corrupt memory structures that control the flow of execution in other
contexts. (CVE-2014-4607)
Security Issues:
* CVE-2014-4607
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 LTSS:
zypper in -t patch slessp2-liblzo2-2-9522
- SUSE Linux Enterprise Server 11 SP1 LTSS:
zypper in -t patch slessp1-liblzo2-2-9521
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64):
liblzo2-2-2.03-12.3.1
- SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64):
liblzo2-2-32bit-2.03-12.3.1
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):
liblzo2-2-2.03-12.3.1
- SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):
liblzo2-2-32bit-2.03-12.3.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
lzo-2.02-12.10.1
lzo-devel-2.02-12.10.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):
lzo-32bit-2.02-12.10.1
lzo-devel-32bit-2.02-12.10.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
lzo-2.02-12.10.1
lzo-devel-2.02-12.10.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):
lzo-32bit-2.02-12.10.1
lzo-devel-32bit-2.02-12.10.1
References:
http://support.novell.com/security/cve/CVE-2014-4607.html
https://bugzilla.novell.com/883947
http://download.suse.com/patch/finder/?keywords=53e03c0ab7cec114a28a4a37b4e…
http://download.suse.com/patch/finder/?keywords=8a13db4a6cefecad6461ab5197a…
http://download.suse.com/patch/finder/?keywords=ac9e06dc2568672fcb7aa56123a…
http://download.suse.com/patch/finder/?keywords=ece9a97b1932fc3a814dad7078f…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2014:0953-2: important: ppc64-diag: fix for tmp races and information disclosure
by opensuse-security@opensuse.org 31 Jul '14
by opensuse-security@opensuse.org 31 Jul '14
31 Jul '14
openSUSE Security Update: ppc64-diag: fix for tmp races and information disclosure
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0953-2
Rating: important
References: #882667
Cross-References: CVE-2014-4038 CVE-2014-4039
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
ppc64-diag was updated to fix tmp race issues (CVE-2014-4038) and a file
disclosure problem in snapshot tarball generation (CVE-2014-4039).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (ppc ppc64):
ppc64-diag-2.6.0-2.4.1
ppc64-diag-debuginfo-2.6.0-2.4.1
ppc64-diag-debugsource-2.6.0-2.4.1
References:
http://support.novell.com/security/cve/CVE-2014-4038.html
http://support.novell.com/security/cve/CVE-2014-4039.html
https://bugzilla.novell.com/882667
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2014:0953-1: important: ppc64-diag: fix for tmp races and information disclosure
by opensuse-security@opensuse.org 30 Jul '14
by opensuse-security@opensuse.org 30 Jul '14
30 Jul '14
openSUSE Security Update: ppc64-diag: fix for tmp races and information disclosure
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0953-1
Rating: important
References: #882667
Cross-References: CVE-2014-4038 CVE-2014-4039
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
ppc64-diag was updated to fix tmp race issues (CVE-2014-4038) and a file
disclosure problem in snapshot tarball generation (CVE-2014-4039).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (ppc ppc64):
ppc64-diag-2.6.1-2.4.1
ppc64-diag-debuginfo-2.6.1-2.4.1
ppc64-diag-debugsource-2.6.1-2.4.1
References:
http://support.novell.com/security/cve/CVE-2014-4038.html
http://support.novell.com/security/cve/CVE-2014-4039.html
https://bugzilla.novell.com/882667
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2014:0950-1: important: Mozilla updates 07/2014
by opensuse-security@opensuse.org 30 Jul '14
by opensuse-security@opensuse.org 30 Jul '14
30 Jul '14
openSUSE Security Update: Mozilla updates 07/2014
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0950-1
Rating: important
References: #887746
Cross-References: CVE-2014-1492 CVE-2014-1544 CVE-2014-1547
CVE-2014-1548 CVE-2014-1555 CVE-2014-1556
CVE-2014-1557
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
update to Firefox 24.7.0 and Thunderbird 24.7.0 including fixes for
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety
hazards
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with
FireOnStateChange event
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with
Cesium JavaScript library
* MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when
manipulating certificates in the trusted cache (solved with NSS 3.16.2
requirement)
* MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when
scaling high quality images
- require NSS 3.16.2
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2014-
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
MozillaFirefox-24.7.0-119.1
MozillaFirefox-branding-upstream-24.7.0-119.1
MozillaFirefox-buildsymbols-24.7.0-119.1
MozillaFirefox-debuginfo-24.7.0-119.1
MozillaFirefox-debugsource-24.7.0-119.1
MozillaFirefox-devel-24.7.0-119.1
MozillaFirefox-translations-common-24.7.0-119.1
MozillaFirefox-translations-other-24.7.0-119.1
MozillaThunderbird-24.7.0-101.1
MozillaThunderbird-buildsymbols-24.7.0-101.1
MozillaThunderbird-debuginfo-24.7.0-101.1
MozillaThunderbird-debugsource-24.7.0-101.1
MozillaThunderbird-devel-24.7.0-101.1
MozillaThunderbird-translations-common-24.7.0-101.1
MozillaThunderbird-translations-other-24.7.0-101.1
enigmail-1.7-2.1
enigmail-debuginfo-1.7-2.1
enigmail-debugsource-1.7-2.1
libfreebl3-3.16.3-86.1
libfreebl3-debuginfo-3.16.3-86.1
libsoftokn3-3.16.3-86.1
libsoftokn3-debuginfo-3.16.3-86.1
mozilla-nss-3.16.3-86.1
mozilla-nss-certs-3.16.3-86.1
mozilla-nss-certs-debuginfo-3.16.3-86.1
mozilla-nss-debuginfo-3.16.3-86.1
mozilla-nss-debugsource-3.16.3-86.1
mozilla-nss-devel-3.16.3-86.1
mozilla-nss-sysinit-3.16.3-86.1
mozilla-nss-sysinit-debuginfo-3.16.3-86.1
mozilla-nss-tools-3.16.3-86.1
mozilla-nss-tools-debuginfo-3.16.3-86.1
- openSUSE 11.4 (x86_64):
libfreebl3-32bit-3.16.3-86.1
libfreebl3-debuginfo-32bit-3.16.3-86.1
libsoftokn3-32bit-3.16.3-86.1
libsoftokn3-debuginfo-32bit-3.16.3-86.1
mozilla-nss-32bit-3.16.3-86.1
mozilla-nss-certs-32bit-3.16.3-86.1
mozilla-nss-certs-debuginfo-32bit-3.16.3-86.1
mozilla-nss-debuginfo-32bit-3.16.3-86.1
mozilla-nss-sysinit-32bit-3.16.3-86.1
mozilla-nss-sysinit-debuginfo-32bit-3.16.3-86.1
- openSUSE 11.4 (ia64):
libfreebl3-debuginfo-x86-3.16.3-86.1
libfreebl3-x86-3.16.3-86.1
libsoftokn3-debuginfo-x86-3.16.3-86.1
libsoftokn3-x86-3.16.3-86.1
mozilla-nss-certs-debuginfo-x86-3.16.3-86.1
mozilla-nss-certs-x86-3.16.3-86.1
mozilla-nss-debuginfo-x86-3.16.3-86.1
mozilla-nss-sysinit-debuginfo-x86-3.16.3-86.1
mozilla-nss-sysinit-x86-3.16.3-86.1
mozilla-nss-x86-3.16.3-86.1
References:
http://support.novell.com/security/cve/CVE-2014-1492.html
http://support.novell.com/security/cve/CVE-2014-1544.html
http://support.novell.com/security/cve/CVE-2014-1547.html
http://support.novell.com/security/cve/CVE-2014-1548.html
http://support.novell.com/security/cve/CVE-2014-1555.html
http://support.novell.com/security/cve/CVE-2014-1556.html
http://support.novell.com/security/cve/CVE-2014-1557.html
https://bugzilla.novell.com/887746
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2014:0939-1: important: MozillaFirefox: Update to Mozilla Firefox 31
by opensuse-security@opensuse.org 30 Jul '14
by opensuse-security@opensuse.org 30 Jul '14
30 Jul '14
openSUSE Security Update: MozillaFirefox: Update to Mozilla Firefox 31
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0939-1
Rating: important
References: #887746
Cross-References: CVE-2014-1544 CVE-2014-1547 CVE-2014-1548
CVE-2014-1549 CVE-2014-1550 CVE-2014-1552
CVE-2014-1555 CVE-2014-1556 CVE-2014-1557
CVE-2014-1558 CVE-2014-1559 CVE-2014-1560
CVE-2014-1561
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
MozillaFirefox was updated to version 31 to fix various security issues
and bugs:
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety
hazards
* MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow during Web
Audio buffering for playback
* MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free in Web Audio due
to incorrect control message ordering
* MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) Toolbar dialog
customization event spoofing
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with
FireOnStateChange event
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with
Cesium JavaScript library
* MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when
manipulating certificates in the trusted cache (solved with NSS 3.16.2
requirement)
* MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when
scaling high quality images
* MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 (bmo#1015973,
bmo#1026022, bmo#997795) Certificate parsing broken by non-standard
character encoding
* MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox same-origin
access through redirect
Mozilla-nss was updated to 3.16.3: New Functions:
* CERT_GetGeneralNameTypeFromString (This function was already added in
NSS 3.16.2, however, it wasn't declared in a public header file.)
Notable Changes:
* The following 1024-bit CA certificates were removed
- Entrust.net Secure Server Certification Authority
- GTE CyberTrust Global Root
- ValiCert Class 1 Policy Validation Authority
- ValiCert Class 2 Policy Validation Authority
- ValiCert Class 3 Policy Validation Authority
* Additionally, the following CA certificate was removed as requested by
the CA:
- TDC Internet Root CA
* The following CA certificates were added:
- Certification Authority of WoSign
- CA 沃通根证书
- DigiCert Assured ID Root G2
- DigiCert Assured ID Root G3
- DigiCert Global Root G2
- DigiCert Global Root G3
- DigiCert Trusted Root G4
- QuoVadis Root CA 1 G3
- QuoVadis Root CA 2 G3
- QuoVadis Root CA 3 G3
* The Trust Bits were changed for the following CA certificates
- Class 3 Public Primary Certification Authority
- Class 3 Public Primary Certification Authority
- Class 2 Public Primary Certification Authority - G2
- VeriSign Class 2 Public Primary Certification Authority - G3
- AC Raíz Certicámara S.A.
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado changes in 3.16.2 New
functionality:
* DTLS 1.2 is supported.
* The TLS application layer protocol negotiation (ALPN) extension is also
supported on the server side.
* RSA-OEAP is supported. Use the new PK11_PrivDecrypt and PK11_PubEncrypt
functions with the CKM_RSA_PKCS_OAEP mechanism.
* New Intel AES assembly code for 32-bit and 64-bit Windows, contributed
by Shay Gueron and Vlad Krasnov of Intel. Notable Changes:
* The btoa command has a new command-line option -w suffix, which causes
the output to be wrapped in BEGIN/END lines with the given suffix
* The certutil commands supports additionals types of subject alt name
extensions.
* The certutil command supports generic certificate extensions, by loading
binary data from files, which have been prepared using external tools,
or which have been extracted from other existing certificates and dumped
to file.
* The certutil command supports three new certificate usage specifiers.
* The pp command supports printing UTF-8 (-u).
* On Linux, NSS is built with the -ffunction-sections -fdata-sections
compiler flags and the --gc-sections linker flag to allow unused
functions to be discarded. changes in 3.16.1 New functionality:
* Added the "ECC" flag for modutil to select the module used for elliptic
curve cryptography (ECC) operations. New Macros
* PUBLIC_MECH_ECC_FLAG a public mechanism flag for elliptic curve
cryptography (ECC)
operations
* SECMOD_ECC_FLAG an NSS-internal mechanism flag for elliptic curve
cryptography (ECC) operations. This macro has the same numeric value as
PUBLIC_MECH_ECC_FLAG. Notable Changes:
* Imposed name constraints on the French government root CA ANSSI (DCISS).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
MozillaFirefox-31.0-33.1
MozillaFirefox-branding-upstream-31.0-33.1
MozillaFirefox-buildsymbols-31.0-33.1
MozillaFirefox-debuginfo-31.0-33.1
MozillaFirefox-debugsource-31.0-33.1
MozillaFirefox-devel-31.0-33.1
MozillaFirefox-translations-common-31.0-33.1
MozillaFirefox-translations-other-31.0-33.1
libfreebl3-3.16.3-27.1
libfreebl3-debuginfo-3.16.3-27.1
libsoftokn3-3.16.3-27.1
libsoftokn3-debuginfo-3.16.3-27.1
mozilla-nss-3.16.3-27.1
mozilla-nss-certs-3.16.3-27.1
mozilla-nss-certs-debuginfo-3.16.3-27.1
mozilla-nss-debuginfo-3.16.3-27.1
mozilla-nss-debugsource-3.16.3-27.1
mozilla-nss-devel-3.16.3-27.1
mozilla-nss-sysinit-3.16.3-27.1
mozilla-nss-sysinit-debuginfo-3.16.3-27.1
mozilla-nss-tools-3.16.3-27.1
mozilla-nss-tools-debuginfo-3.16.3-27.1
- openSUSE 13.1 (x86_64):
libfreebl3-32bit-3.16.3-27.1
libfreebl3-debuginfo-32bit-3.16.3-27.1
libsoftokn3-32bit-3.16.3-27.1
libsoftokn3-debuginfo-32bit-3.16.3-27.1
mozilla-nss-32bit-3.16.3-27.1
mozilla-nss-certs-32bit-3.16.3-27.1
mozilla-nss-certs-debuginfo-32bit-3.16.3-27.1
mozilla-nss-debuginfo-32bit-3.16.3-27.1
mozilla-nss-sysinit-32bit-3.16.3-27.1
mozilla-nss-sysinit-debuginfo-32bit-3.16.3-27.1
- openSUSE 12.3 (i586 x86_64):
MozillaFirefox-31.0-1.72.1
MozillaFirefox-branding-upstream-31.0-1.72.1
MozillaFirefox-buildsymbols-31.0-1.72.1
MozillaFirefox-debuginfo-31.0-1.72.1
MozillaFirefox-debugsource-31.0-1.72.1
MozillaFirefox-devel-31.0-1.72.1
MozillaFirefox-translations-common-31.0-1.72.1
MozillaFirefox-translations-other-31.0-1.72.1
libfreebl3-3.16.3-1.43.1
libfreebl3-debuginfo-3.16.3-1.43.1
libsoftokn3-3.16.3-1.43.1
libsoftokn3-debuginfo-3.16.3-1.43.1
mozilla-nss-3.16.3-1.43.1
mozilla-nss-certs-3.16.3-1.43.1
mozilla-nss-certs-debuginfo-3.16.3-1.43.1
mozilla-nss-debuginfo-3.16.3-1.43.1
mozilla-nss-debugsource-3.16.3-1.43.1
mozilla-nss-devel-3.16.3-1.43.1
mozilla-nss-sysinit-3.16.3-1.43.1
mozilla-nss-sysinit-debuginfo-3.16.3-1.43.1
mozilla-nss-tools-3.16.3-1.43.1
mozilla-nss-tools-debuginfo-3.16.3-1.43.1
- openSUSE 12.3 (x86_64):
libfreebl3-32bit-3.16.3-1.43.1
libfreebl3-debuginfo-32bit-3.16.3-1.43.1
libsoftokn3-32bit-3.16.3-1.43.1
libsoftokn3-debuginfo-32bit-3.16.3-1.43.1
mozilla-nss-32bit-3.16.3-1.43.1
mozilla-nss-certs-32bit-3.16.3-1.43.1
mozilla-nss-certs-debuginfo-32bit-3.16.3-1.43.1
mozilla-nss-debuginfo-32bit-3.16.3-1.43.1
mozilla-nss-sysinit-32bit-3.16.3-1.43.1
mozilla-nss-sysinit-debuginfo-32bit-3.16.3-1.43.1
References:
http://support.novell.com/security/cve/CVE-2014-1544.html
http://support.novell.com/security/cve/CVE-2014-1547.html
http://support.novell.com/security/cve/CVE-2014-1548.html
http://support.novell.com/security/cve/CVE-2014-1549.html
http://support.novell.com/security/cve/CVE-2014-1550.html
http://support.novell.com/security/cve/CVE-2014-1552.html
http://support.novell.com/security/cve/CVE-2014-1555.html
http://support.novell.com/security/cve/CVE-2014-1556.html
http://support.novell.com/security/cve/CVE-2014-1557.html
http://support.novell.com/security/cve/CVE-2014-1558.html
http://support.novell.com/security/cve/CVE-2014-1559.html
http://support.novell.com/security/cve/CVE-2014-1560.html
http://support.novell.com/security/cve/CVE-2014-1561.html
https://bugzilla.novell.com/887746
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2014:0931-1: important: Security update for libtasn1
by opensuse-security@opensuse.org 24 Jul '14
by opensuse-security@opensuse.org 24 Jul '14
24 Jul '14
SUSE Security Update: Security update for libtasn1
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0931-1
Rating: important
References: #880735 #880737 #880738
Cross-References: CVE-2014-3467 CVE-2014-3468 CVE-2014-3469
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
libtasn1 has been updated to fix three security issues:
* asn1_get_bit_der() could have returned negative bit length
(CVE-2014-3468)
* Multiple boundary check issues could have allowed DoS (CVE-2014-3467)
* Possible DoS by NULL pointer dereference in asn1_read_value_type
(CVE-2014-3469)
Security Issues:
* CVE-2014-3468
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468>
* CVE-2014-3467
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467>
* CVE-2014-3469
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-libtasn1-9528
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-libtasn1-9528
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-libtasn1-9528
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-libtasn1-9528
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
libtasn1-devel-1.5-1.28.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
libtasn1-1.5-1.28.1
libtasn1-3-1.5-1.28.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64):
libtasn1-3-32bit-1.5-1.28.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
libtasn1-1.5-1.28.1
libtasn1-3-1.5-1.28.1
- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64):
libtasn1-3-32bit-1.5-1.28.1
- SUSE Linux Enterprise Server 11 SP3 (ia64):
libtasn1-3-x86-1.5-1.28.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
libtasn1-1.5-1.28.1
libtasn1-3-1.5-1.28.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
libtasn1-3-32bit-1.5-1.28.1
References:
http://support.novell.com/security/cve/CVE-2014-3467.html
http://support.novell.com/security/cve/CVE-2014-3468.html
http://support.novell.com/security/cve/CVE-2014-3469.html
https://bugzilla.novell.com/880735
https://bugzilla.novell.com/880737
https://bugzilla.novell.com/880738
http://download.suse.com/patch/finder/?keywords=c519e17b9f1f9f2c0888e237f0b…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2014:0928-1: important: Security update for ppc64-diag
by opensuse-security@opensuse.org 23 Jul '14
by opensuse-security@opensuse.org 23 Jul '14
23 Jul '14
SUSE Security Update: Security update for ppc64-diag
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0928-1
Rating: important
References: #882667
Cross-References: CVE-2014-4038 CVE-2014-4039
Affected Products:
SUSE Linux Enterprise Server 11 SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
ppc64-diag has been updated to prevent the usage of predictable filenames
in /tmp in various scripts and daemons (CVE-2014-4038) Also the snapshot
tarball was previously generated world readable, which could have leaked
sensible information, which is only visible to root, to all users. It is
now readable for root only (CVE-2014-4039).
Security Issues:
* CVE-2014-4038
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4038>
* CVE-2014-4039
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4039>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-ppc64-diag-9533
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 (ppc64):
ppc64-diag-2.6.1-0.14.1
References:
http://support.novell.com/security/cve/CVE-2014-4038.html
http://support.novell.com/security/cve/CVE-2014-4039.html
https://bugzilla.novell.com/882667
http://download.suse.com/patch/finder/?keywords=26da23b6b57c4c1578e0de40de5…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2014:0913-1: critical: flash-player
by opensuse-security@opensuse.org 17 Jul '14
by opensuse-security@opensuse.org 17 Jul '14
17 Jul '14
openSUSE Security Update: flash-player
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0913-1
Rating: critical
References: #886472
Cross-References: CVE-2014-0537 CVE-2014-0539 CVE-2014-4671
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
- Security update to 11.2.202.394 (bnc#886472):
* APSB14-17, CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
- License update (LICENSE -> Flash%20Player_14.0.pdf).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2014-70
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
flash-player-11.2.202.394-119.1
flash-player-gnome-11.2.202.394-119.1
flash-player-kde4-11.2.202.394-119.1
References:
http://support.novell.com/security/cve/CVE-2014-0537.html
http://support.novell.com/security/cve/CVE-2014-0539.html
http://support.novell.com/security/cve/CVE-2014-4671.html
https://bugzilla.novell.com/886472
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2014:0912-1: important: Security update for Linux kernel
by opensuse-security@opensuse.org 17 Jul '14
by opensuse-security@opensuse.org 17 Jul '14
17 Jul '14
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0912-1
Rating: important
References: #767610 #786450 #792271 #821619 #832710 #837563
#840524 #846404 #846690 #847652 #850915 #851426
#851603 #852553 #855126 #857926 #858869 #858870
#858872 #859840 #861636 #861980 #862429 #862934
#863300 #863335 #863410 #863873 #864404 #864464
#865310 #865330 #865882 #866081 #866102 #866615
#866800 #866864 #867362 #867517 #867531 #867723
#867953 #868488 #868528 #868653 #868748 #869033
#869414 #869563 #869934 #870173 #870335 #870450
#870496 #870498 #870576 #870591 #870618 #870877
#870958 #871561 #871634 #871676 #871728 #871854
#871861 #871899 #872188 #872540 #872634 #873061
#873374 #873463 #874108 #874145 #874440 #874577
#875386 #876102 #876114 #876176 #876463 #877013
#877257 #877497 #877775 #878115 #878123 #878274
#878407 #878509 #879921 #879957 #880007 #880357
#880437 #880484 #881571 #881761 #881939 #882324
#883380 #883795 #885725
Cross-References: CVE-2012-2372 CVE-2013-2929 CVE-2013-4299
CVE-2013-4579 CVE-2013-6382 CVE-2013-7339
CVE-2014-0055 CVE-2014-0077 CVE-2014-0101
CVE-2014-0131 CVE-2014-0155 CVE-2014-1444
CVE-2014-1445 CVE-2014-1446 CVE-2014-1874
CVE-2014-2309 CVE-2014-2523 CVE-2014-2678
CVE-2014-2851 CVE-2014-3122 CVE-2014-3144
CVE-2014-3145 CVE-2014-3917 CVE-2014-4652
CVE-2014-4653 CVE-2014-4654 CVE-2014-4655
CVE-2014-4656 CVE-2014-4699
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise High Availability Extension 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves 29 vulnerabilities and has 76 fixes
is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix
various bugs and security issues.
The following security bugs have been fixed:
*
CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the
Reliable Datagram Sockets (RDS) protocol implementation in the Linux
kernel 3.7.4 and earlier allows local users to cause a denial of service
(BUG_ON and kernel panic) by establishing an RDS connection with the
source IP address equal to the IPoIB interfaces own IP address, as
demonstrated by rds-ping. (bnc#767610)
*
CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use
the get_dumpable function, which allows local users to bypass intended
ptrace restrictions or obtain sensitive information from IA64 scratch
registers via a crafted application, related to kernel/ptrace.c and
arch/ia64/include/asm/processor.h. (bnc#847652)
*
CVE-2013-4299: Interpretation conflict in
drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows
remote authenticated users to obtain sensitive information or modify data
via a crafted mapping to a snapshot block device. (bnc#846404)
*
CVE-2013-4579: The ath9k_htc_set_bssid_mask function in
drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through
3.12 uses a BSSID masking approach to determine the set of MAC addresses
on which a Wi-Fi device is listening, which allows remote attackers to
discover the original MAC address after spoofing by sending a series of
packets to MAC addresses with certain bit manipulations. (bnc#851426)
*
CVE-2013-6382: Multiple buffer underflows in the XFS implementation
in the Linux kernel through 3.12.1 allow local users to cause a denial of
service (memory corruption) or possibly have unspecified
other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call
with a crafted length value, related to the xfs_attrlist_by_handle
function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
function in fs/xfs/xfs_ioctl32.c. (bnc#852553)
*
CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in
the Linux kernel before 3.12.8 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via a bind system call for an RDS socket on a
system that lacks RDS transports. (bnc#869563)
*
CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in
the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2
on Red Hat Enterprise Linux (RHEL) 6 does not properly handle
vhost_get_vq_desc errors, which allows guest OS users to cause a denial of
service (host OS crash) via unspecified vectors. (bnc#870173)
*
CVE-2014-0077: drivers/vhost/net.c in the Linux kernel before
3.13.10, when mergeable buffers are disabled, does not properly validate
packet lengths, which allows guest OS users to cause a denial of service
(memory corruption and host OS crash) or possibly gain privileges on the
host OS via crafted packets, related to the handle_rx and get_rx_bufs
functions. (bnc#870576)
*
CVE-2014-0101: The sctp_sf_do_5_1D_ce function in
net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not
validate certain auth_enable and auth_capable fields before making an
sctp_sf_authenticate call, which allows remote attackers to cause a denial
of service (NULL pointer dereference and system crash) via an SCTP
handshake with a modified INIT chunk and a crafted AUTH chunk before a
COOKIE_ECHO chunk. (bnc#866102)
*
CVE-2014-0131: Use-after-free vulnerability in the skb_segment
function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows
attackers to obtain sensitive information from kernel memory by leveraging
the absence of a certain orphaning operation. (bnc#867723)
*
CVE-2014-0155: The ioapic_deliver function in virt/kvm/ioapic.c in
the Linux kernel through 3.14.1 does not properly validate the
kvm_irq_delivery_to_apic return value, which allows guest OS users to
cause a denial of service (host OS crash) via a crafted entry in the
redirection table of an I/O APIC. NOTE: the affected code was moved to the
ioapic_service function before the vulnerability was announced.
(bnc#872540)
*
CVE-2014-1444: The fst_get_iface function in
drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not
properly initialize a certain data structure, which allows local users to
obtain sensitive information from kernel memory by leveraging the
CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)
*
CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c
in the Linux kernel before 3.11.7 does not properly initialize a certain
data structure, which allows local users to obtain sensitive information
from kernel memory via an ioctl call. (bnc#858870)
*
CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c
in the Linux kernel before 3.12.8 does not initialize a certain structure
member, which allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability for an
SIOCYAMGCFG ioctl call. (bnc#858872)
*
CVE-2014-1874: The security_context_to_sid_core function in
security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows
local users to cause a denial of service (system crash) by leveraging the
CAP_MAC_ADMIN capability to set a zero-length security context.
(bnc#863335)
*
CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the
Linux kernel through 3.13.6 does not properly count the addition of
routes, which allows remote attackers to cause a denial of service (memory
consumption) via a flood of ICMPv6 Router Advertisement packets.
(bnc#867531)
*
CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux
kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows
remote attackers to cause a denial of service (system crash)
or possibly execute arbitrary code via a DCCP packet that triggers a
call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
(bnc#868653)
*
CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in
the Linux kernel through 3.14 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via a bind system call for an RDS socket on a
system that lacks RDS transports. (bnc#871561)
*
CVE-2014-2851: Integer overflow in the ping_init_sock function in
net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to
cause a denial of service (use-after-free and system crash) or possibly
gain privileges via a crafted application that leverages an improperly
managed reference counter. (bnc#873374)
*
CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the
Linux kernel before 3.14.3 does not properly consider which pages must be
locked, which allows local users to cause a denial of service (system
crash) by triggering a memory-usage pattern that requires removal of
page-table mappings. (bnc#876102)
*
CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2)
BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter
function in net/core/filter.c in the Linux kernel through 3.14.3 do not
check whether a certain length value is sufficiently large, which allows
local users to cause a denial of service (integer underflow and system
crash) via crafted BPF instructions. NOTE: the affected code was moved to
the __skb_get_nlattr and __skb_get_nlattr_nest functions before the
vulnerability was announced. (bnc#877257)
*
CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in
the sk_run_filter function in net/core/filter.c in the Linux kernel
through 3.14.3 uses the reverse order in a certain subtraction, which
allows local users to cause a denial of service (over-read and system
crash) via crafted BPF instructions. NOTE: the affected code was moved to
the __skb_get_nlattr_nest function before the vulnerability was announced.
(bnc#877257)
*
CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5,
when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows
local users to obtain potentially sensitive single-bit values from kernel
memory or cause a denial of service (OOPS) via a large value of a syscall
number. (bnc#880484)
*
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel
through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled
and the sep CPU feature flag is set, allows local users to cause a denial
of service (OOPS and system crash) via an invalid syscall number, as
demonstrated by number
*
(bnc#883724)
*
CVE-2014-4652: Race condition in the tlv handler functionality in
the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA
control implementation in the Linux kernel before 3.15.2 allows local
users to obtain sensitive information from kernel memory by leveraging
/dev/snd/controlCX access. (bnc#883795)
*
CVE-2014-4653: sound/core/control.c in the ALSA control
implementation in the Linux kernel before 3.15.2 does not ensure
possession of a read/write lock, which allows local users to cause a
denial of service (use-after-free) and obtain sensitive information from
kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795)
*
CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c
in the ALSA control implementation in the Linux kernel before 3.15.2 does
not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which
allows local users to remove kernel controls and cause a denial of service
(use-after-free and system crash) by leveraging /dev/snd/controlCX access
for an ioctl call. (bnc#883795)
*
CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c
in the ALSA control implementation in the Linux kernel before 3.15.2 does
not properly maintain the user_ctl_count value, which allows local users
to cause a denial of service (integer overflow and limit bypass) by
leveraging /dev/snd/controlCX access for a large number of
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795)
*
CVE-2014-4656: Multiple integer overflows in sound/core/control.c in
the ALSA control implementation in the Linux kernel before 3.15.2 allow
local users to cause a denial of service by leveraging /dev/snd/controlCX
access, related to (1) index values in the snd_ctl_add function and (2)
numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795)
*
CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors
does not properly restrict use of a non-canonical value for the saved RIP
address in the case of a system call that does not use IRET, which allows
local users to leverage a race condition and gain privileges, or cause a
denial of service (double fault), via a crafted application that makes
ptrace and fork system calls. (bnc#885725)
Also the following non-security bugs have been fixed:
* kernel: avoid page table walk on user space access (bnc#878407,
LTC#110316).
* spinlock: fix system hang with spin_retry <= 0 (bnc#874145,
LTC#110189).
* x86/UV: Set n_lshift based on GAM_GR_CONFIG MMR for UV3 (bnc#876176).
* x86: Enable multiple CPUs in crash kernel (bnc#846690).
* x86/mce: Fix CMCI preemption bugs (bnc#786450).
* x86, CMCI: Add proper detection of end of CMCI storms (bnc#786450).
* futex: revert back to the explicit waiter counting code (bnc#851603).
* futex: avoid race between requeue and wake (bnc#851603).
* intel-iommu: fix off-by-one in pagetable freeing (bnc#874577).
* ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)
(bnc#874108).
*
drivers/rtc/interface.c: fix infinite loop in initializing the alarm
(bnc#871676).
*
drm/ast: Fix double lock at PM resume (bnc#883380).
* drm/ast: add widescreen + rb modes from X.org driver (v2)
(bnc#883380).
* drm/ast: deal with bo reserve fail in dirty update path (bnc#883380).
* drm/ast: do not attempt to acquire a reservation while in an
interrupt handler (bnc#883380).
* drm/ast: fix the ast open key function (bnc#883380).
* drm/ast: fix value check in cbr_scan2 (bnc#883380).
* drm/ast: inline reservations (bnc#883380).
* drm/ast: invalidate page tables when pinning a BO (bnc#883380).
* drm/ast: rename the mindwm/moutdwm and deinline them (bnc#883380).
* drm/ast: resync the dram post code with upstream (bnc#883380).
* drm: ast: use drm_can_sleep (bnc#883380).
* drm/ast: use drm_modeset_lock_all (bnc#883380).
* drm/: Unified handling of unimplemented fb->create_handle
(bnc#883380).
* drm/mgag200,ast,cirrus: fix regression with drm_can_sleep conversion
(bnc#883380).
* drm/mgag200: Consolidate depth/bpp handling (bnc#882324).
* drm/ast: Initialized data needed to map fbdev memory (bnc#880007).
* drm/ast: add AST 2400 support (bnc#880007).
* drm/ast: Initialized data needed to map fbdev memory (bnc#880007).
* drm/mgag200: on cards with < 2MB VRAM default to 16-bit (bnc#882324).
* drm/mgag200: fix typo causing bw limits to be ignored on some chips
(bnc#882324).
* drm/ttm: do not oops if no invalidate_caches() (bnc#869414).
*
drm/i915: Break encoder->crtc link separately in
intel_sanitize_crtc() (bnc#855126).
*
dlm: keep listening connection alive with sctp mode (bnc#881939)
*
series.conf: Clarify comment about Xen kabi adjustments
(bnc#876114#c25)
*
btrfs: fix a crash when running balance and defrag concurrently.
* btrfs: unset DCACHE_DISCONNECTED when mounting default subvol
(bnc#866615).
* btrfs: free delayed node outside of root->inode_lock (bnc#866864).
* btrfs: return EPERM when deleting a default subvolume (bnc#869934).
*
btrfs: do not loop on large offsets in readdir (bnc#863300)
*
sched: Consider pi boosting in setscheduler.
* sched: Queue RT tasks to head when prio drops.
* sched: Adjust sched_reset_on_fork when nothing else changes.
* sched: Fix clock_gettime(CLOCK__CPUTIME_ID) monotonicity
(bnc#880357).
* sched: Do not allow scheduler time to go backwards (bnc#880357).
* sched: Make scale_rt_power() deal with backward clocks (bnc#865310).
* sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri
check (bnc#871861).
*
sched: update_rq_clock() must skip ONE update (bnc#869033,
bnc#868528).
*
tcp: allow to disable cwnd moderation in TCP_CA_Loss state
(bnc#879921).
* tcp: clear xmit timers in tcp_v4_syn_recv_sock() (bnc#862429).
* net: add missing bh_unlock_sock() calls (bnc#862429).
* bonding: fix vlan_features computing (bnc#872634).
* vlan: more careful checksum features handling (bnc#872634).
* xfrm: fix race between netns cleanup and state expire notification
(bnc#879957).
* xfrm: check peer pointer for null before calling inet_putpeer()
(bnc#877775).
*
ipv6: do not overwrite inetpeer metrics prematurely (bnc#867362).
*
pagecachelimit: reduce lru_lock contention for heavy parallel kabi
fixup: (bnc#878509, bnc#864464).
*
pagecachelimit: reduce lru_lock contention for heavy parallel
reclaim (bnc#878509, bnc#864464).
*
TTY: serial, cleanup include file (bnc#881571).
* TTY: serial, fix includes in some drivers (bnc#881571).
*
serial_core: Fix race in uart_handle_dcd_change (bnc#881571).
*
powerpc/perf: Power8 PMU support (bnc#832710).
* powerpc/perf: Add support for SIER (bnc#832710).
* powerpc/perf: Add regs_no_sipr() (bnc#832710).
* powerpc/perf: Add an accessor for regs->result (bnc#832710).
* powerpc/perf: Convert mmcra_sipr/sihv() to regs_sipr/sihv()
(bnc#832710).
*
powerpc/perf: Add an explict flag indicating presence of SLOT field
(bnc#832710).
*
swiotlb: do not assume PA 0 is invalid (bnc#865882).
*
lockref: implement lockless reference count updates using cmpxchg()
(FATE#317271).
*
af_iucv: wrong mapping of sent and confirmed skbs (bnc#878407,
LTC#110452).
* af_iucv: recvmsg problem for SOCK_STREAM sockets (bnc#878407,
LTC#110452).
*
af_iucv: fix recvmsg by replacing skb_pull() function (bnc#878407,
LTC#110452).
*
qla2xxx: Poll during initialization for ISP25xx and ISP83xx
(bnc#837563).
*
qla2xxx: Fix request queue null dereference (bnc#859840).
*
lpfc 8.3.41: Fixed SLI3 failing FCP write on check-condition
no-sense with residual zero (bnc#850915).
*
reiserfs: call truncate_setsize under tailpack mutex (bnc#878115).
*
reiserfs: drop vmtruncate (bnc#878115).
*
ipvs: handle IPv6 fragments with one-packet scheduling (bnc#861980).
*
kabi: hide modifications of struct sk_buff done by bnc#861980 fix
(bnc#861980).
*
loop: remove the incorrect write_begin/write_end shortcut
(bnc#878123).
*
watchdog: hpwdt patch to display informative string (bnc#862934).
* watchdog: hpwdt: Patch to ignore auxilary iLO devices (bnc#862934).
* watchdog: hpwdt: Add check for UEFI bits (bnc#862934).
*
watchdog: hpwdt.c: Increase version string (bnc#862934).
*
hpilo: Correct panic when an AUX iLO is detected (bnc#837563).
*
locking/mutexes: Introduce cancelable MCS lock for adaptive spinning
(FATE#317271).
*
locking/mutexes: Modify the way optimistic spinners are queued
(FATE#317271).
* locking/mutexes: Return false if task need_resched() in
mutex_can_spin_on_owner() (FATE#317271).
* mutex: Enable the queuing of mutex spinners with MCS lock
(FATE#317271). config: disabled on all flavors
*
mutex: Queue mutex spinners with MCS lock to reduce cacheline
contention (FATE#317271).
*
memcg: deprecate memory.force_empty knob (bnc#878274).
*
kabi: protect struct net from bnc#877013 changes (bnc#877013).
* netfilter: nfnetlink_queue: add net namespace support for
nfnetlink_queue (bnc#877013).
* netfilter: make /proc/net/netfilter pernet (bnc#877013).
* netfilter: xt_hashlimit: fix proc entry leak in netns destroy path
(bnc#871634).
* netfilter: xt_hashlimit: fix namespace destroy path (bnc#871634).
* netfilter: nf_queue: reject NF_STOLEN verdicts from userspace
(bnc#870877).
* netfilter: avoid double free in nf_reinject (bnc#870877).
* netfilter: ctnetlink: fix race between delete and timeout expiration
(bnc#863410).
*
netfilter: reuse skb->nfct_reasm for ipvs conn reference
(bnc#861980).
*
mm: per-thread vma caching (FATE#317271). config: enable
CONFIG_VMA_CACHE for x86_64/bigsmp
* mm, hugetlb: improve page-fault scalability (FATE#317271).
* mm: vmscan: Do not throttle based on pfmemalloc reserves if node has
no ZONE_NORMAL (bnc#870496).
* mm: fix off-by-one bug in print_nodes_state() (bnc#792271).
*
hugetlb: ensure hugepage access is denied if hugepages are not
supported (PowerKVM crash when mounting hugetlbfs without hugepage support
(bnc#870498)).
*
SELinux: Increase ebitmap_node size for 64-bit configuration
(FATE#317271).
*
SELinux: Reduce overhead of mls_level_isvalid() function call
(FATE#317271).
*
mutex: Fix debug_mutexes (FATE#317271).
* mutex: Fix debug checks (FATE#317271).
*
locking/mutexes: Unlock the mutex without the wait_lock
(FATE#317271).
*
epoll: do not take the nested ep->mtx on EPOLL_CTL_DEL (FATE#317271).
* epoll: do not take global "epmutex" for simple topologies
(FATE#317271).
*
epoll: optimize EPOLL_CTL_DEL using rcu (FATE#317271).
*
vfs: Fix missing unlock of vfsmount_lock in unlazy_walk (bnc#880437).
* dcache: kABI fixes for lockref dentries (FATE#317271).
* vfs: make sure we do not have a stale root path if unlazy_walk()
fails (FATE#317271).
* vfs: fix dentry RCU to refcounting possibly sleeping dput()
(FATE#317271).
* vfs: use lockref "dead" flag to mark unrecoverably dead dentries
(FATE#317271).
* vfs: reimplement d_rcu_to_refcount() using lockref_get_or_lock()
(FATE#317271).
* vfs: Remove second variable named error in __dentry_path
(FATE#317271).
* make prepend_name() work correctly when called with negative *buflen
(FATE#317271).
* prepend_path() needs to reinitialize dentry/vfsmount on restarts
(FATE#317271).
* dcache: get/release read lock in read_seqbegin_or_lock() & friend
(FATE#317271).
* seqlock: Add a new locking reader type (FATE#317271).
* dcache: Translating dentry into pathname without taking rename_lock
(FATE#317271).
* vfs: make the dentry cache use the lockref infrastructure
(FATE#317271).
* vfs: Remove dentry->d_lock locking from
shrink_dcache_for_umount_subtree() (FATE#317271).
* vfs: use lockref_get_not_zero() for optimistic lockless
dget_parent() (FATE#317271).
* vfs: constify dentry parameter in d_count() (FATE#317271).
* helper for reading ->d_count (FATE#317271).
* lockref: use arch_mutex_cpu_relax() in CMPXCHG_LOOP() (FATE#317271).
* lockref: allow relaxed cmpxchg64 variant for lockless updates
(FATE#317271).
* lockref: use cmpxchg64 explicitly for lockless updates (FATE#317271).
* lockref: add ability to mark lockrefs "dead" (FATE#317271).
* lockref: fix docbook argument names (FATE#317271).
* lockref: Relax in cmpxchg loop (FATE#317271).
* lockref: implement lockless reference count updates using cmpxchg()
(FATE#317271).
* lockref: uninline lockref helper functions (FATE#317271).
* lockref: add lockref_get_or_lock() helper (FATE#317271).
*
Add new lockref infrastructure reference implementation
(FATE#317271).
*
vfs: make lremovexattr retry once on ESTALE error (bnc#876463).
* vfs: make removexattr retry once on ESTALE (bnc#876463).
* vfs: make llistxattr retry once on ESTALE error (bnc#876463).
* vfs: make listxattr retry once on ESTALE error (bnc#876463).
* vfs: make lgetxattr retry once on ESTALE (bnc#876463).
* vfs: make getxattr retry once on an ESTALE error (bnc#876463).
* vfs: allow lsetxattr() to retry once on ESTALE errors (bnc#876463).
* vfs: allow setxattr to retry once on ESTALE errors (bnc#876463).
* vfs: allow utimensat() calls to retry once on an ESTALE error
(bnc#876463).
* vfs: fix user_statfs to retry once on ESTALE errors (bnc#876463).
* vfs: make fchownat retry once on ESTALE errors (bnc#876463).
* vfs: make fchmodat retry once on ESTALE errors (bnc#876463).
* vfs: have chroot retry once on ESTALE error (bnc#876463).
* vfs: have chdir retry lookup and call once on ESTALE error
(bnc#876463).
* vfs: have faccessat retry once on an ESTALE error (bnc#876463).
* vfs: have do_sys_truncate retry once on an ESTALE error (bnc#876463).
* vfs: fix renameat to retry on ESTALE errors (bnc#876463).
* vfs: make do_unlinkat retry once on ESTALE errors (bnc#876463).
* vfs: make do_rmdir retry once on ESTALE errors (bnc#876463).
* vfs: fix linkat to retry once on ESTALE errors (bnc#876463).
* vfs: fix symlinkat to retry on ESTALE errors (bnc#876463).
* vfs: fix mkdirat to retry once on an ESTALE error (bnc#876463).
* vfs: fix mknodat to retry on ESTALE errors (bnc#876463).
* vfs: add a flags argument to user_path_parent (bnc#876463).
* vfs: fix readlinkat to retry on ESTALE (bnc#876463).
* vfs: make fstatat retry on ESTALE errors from getattr call
(bnc#876463).
*
vfs: add a retry_estale helper function to handle retries on ESTALE
(bnc#876463).
*
crypto: s390 - fix aes,des ctr mode concurrency finding (bnc#874145,
LTC#110078).
* s390/cio: fix unlocked access of global bitmap (bnc#874145,
LTC#109378).
* s390/css: stop stsch loop after cc 3 (bnc#874145, LTC#109378).
* s390/pci: add kmsg man page (bnc#874145, LTC#109224).
* s390/pci/dma: use correct segment boundary size (bnc#866081,
LTC#104566).
* cio: Fix missing subchannels after CHPID configure on (bnc#866081,
LTC#104808).
* cio: Fix process hangs during subchannel scan (bnc#866081,
LTC#104805).
*
cio: fix unusable device (bnc#866081, LTC#104168).
*
qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873).
*
Fix race between starved list and device removal (bnc#861636).
*
namei.h: include errno.h (bnc#876463).
*
ALSA: hda - Implement bind mixer ctls for Conexant (bnc#872188).
* ALSA: hda - Fix invalid Auto-Mute Mode enum from cxt codecs
(bnc#872188).
* ALSA: hda - Fix conflicting Capture Source on cxt codecs
(bnc#872188).
*
ALSA: usb-audio: Fix NULL dereference while quick replugging
(bnc#870335).
*
powerpc: Bring all threads online prior to migration/hibernation
(bnc#870591).
* powerpc/pseries: Update dynamic cache nodes for suspend/resume
operation (bnc#873463).
* powerpc/pseries: Device tree should only be updated once after
suspend/migrate (bnc#873463).
* powerpc/pseries: Expose in kernel device tree update to drmgr
(bnc#873463).
*
powerpc: Add second POWER8 PVR entry (bnc#874440).
*
libata/ahci: accommodate tag ordered controllers (bnc#871728)
*
md: try to remove cause of a spinning md thread (bnc#875386).
*
md: fix up plugging (again) (bnc#866800).
*
NFSv4: Fix a reboot recovery race when opening a file (bnc#864404).
* NFSv4: Ensure delegation recall and byte range lock removal do not
conflict (bnc#864404).
* NFSv4: Fix up the return values of nfs4_open_delegation_recall
(bnc#864404).
* NFSv4.1: Do not lose locks when a server reboots during delegation
return (bnc#864404).
* NFSv4.1: Prevent deadlocks between state recovery and file locking
(bnc#864404).
* NFSv4: Allow the state manager to mark an open_owner as being
recovered (bnc#864404).
* NFS: nfs_inode_return_delegation() should always flush dirty data
(bnc#864404).
* NFSv4: nfs_client_return_marked_delegations cannot flush data
(bnc#864404).
* NFS: avoid excessive GETATTR request when attributes expired but
cached directory is valid (bnc#857926).
* seqlock: add "raw_seqcount_begin()" function (bnc#864404).
* Allow nfsdv4 to work when fips=1 (bnc#868488).
* NFSv4: Add ACCESS operation to OPEN compound (bnc#870958).
* NFSv4: Fix unnecessary delegation returns in nfs4_do_open
(bnc#870958).
* NFSv4: The NFSv4.0 client must send RENEW calls if it holds a
delegation (bnc#863873).
* NFSv4: nfs4_proc_renew should be declared static (bnc#863873).
* NFSv4: do not put ACCESS in OPEN compound if O_EXCL (bnc#870958).
* NFS: revalidate on open if dcache is negative (bnc#876463).
* NFSD add module parameter to disable delegations (bnc#876463).
*
Do not lose sockets when nfsd shutdown races with connection timeout
(bnc#871854).
*
timer: Prevent overflow in apply_slack (bnc#873061).
*
mei: me: do not load the driver if the FW does not support MEI
interface (bnc#821619).
*
ipmi: Reset the KCS timeout when starting error recovery
(bnc#870618).
* ipmi: Fix a race restarting the timer (bnc#870618).
*
ipmi: increase KCS timeouts (bnc#870618).
*
bnx2x: Fix kernel crash and data miscompare after EEH recovery
(bnc#881761).
*
bnx2x: Adapter not recovery from EEH error injection (bnc#881761).
*
kabi: hide modifications of struct inet_peer done by bnc#867953 fix
(bnc#867953).
*
inetpeer: prevent unlinking from unused list twice (bnc#867953).
*
Ignore selected taints for tracepoint modules (bnc#870450,
FATE#317134).
* Use "E" instead of "X" for unsigned module taint flag
(bnc#870450,FATE#317134).
*
Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE
(bnc#870450,FATE#317134).
*
xhci: extend quirk for Renesas cards (bnc#877497).
* scsi: return target failure on EMC inactive snapshot (bnc#840524).
* virtio_balloon: do not softlockup on huge balloon changes
(bnc#871899).
* ch: add refcounting (bnc#867517).
* storvsc: NULL pointer dereference fix (bnc#865330).
* Unlock the rename_lock in dentry_path() in the case when path is too
long (bnc#868748).
Security Issue references:
* CVE-2012-2372
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372>
* CVE-2013-2929
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929>
* CVE-2013-4299
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299>
* CVE-2013-4579
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4579>
* CVE-2013-6382
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382>
* CVE-2013-7339
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339>
* CVE-2014-0055
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0055>
* CVE-2014-0077
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0077>
* CVE-2014-0101
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101>
* CVE-2014-0131
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131>
* CVE-2014-0155
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0155>
* CVE-2014-1444
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444>
* CVE-2014-1445
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445>
* CVE-2014-1446
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446>
* CVE-2014-1874
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874>
* CVE-2014-2309
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309>
* CVE-2014-2523
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523>
* CVE-2014-2678
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678>
* CVE-2014-2851
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851>
* CVE-2014-3122
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122>
* CVE-2014-3144
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144>
* CVE-2014-3145
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145>
* CVE-2014-3917
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917>
* CVE-2014-4508
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508>
* CVE-2014-4652
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652>
* CVE-2014-4653
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653>
* CVE-2014-4654
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654>
* CVE-2014-4655
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655>
* CVE-2014-4656
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656>
* CVE-2014-4699
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699>
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-kernel-9488 slessp3-kernel-9493
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-kernel-9488 slessp3-kernel-9489 slessp3-kernel-9490 slessp3-kernel-9491 slessp3-kernel-9493
- SUSE Linux Enterprise High Availability Extension 11 SP3:
zypper in -t patch slehasp3-kernel-9488 slehasp3-kernel-9489 slehasp3-kernel-9490 slehasp3-kernel-9491 slehasp3-kernel-9493
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-kernel-9488 sledsp3-kernel-9493
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]:
kernel-default-3.0.101-0.35.1
kernel-default-base-3.0.101-0.35.1
kernel-default-devel-3.0.101-0.35.1
kernel-source-3.0.101-0.35.1
kernel-syms-3.0.101-0.35.1
kernel-trace-3.0.101-0.35.1
kernel-trace-base-3.0.101-0.35.1
kernel-trace-devel-3.0.101-0.35.1
kernel-xen-devel-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]:
kernel-pae-3.0.101-0.35.1
kernel-pae-base-3.0.101-0.35.1
kernel-pae-devel-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:
kernel-default-3.0.101-0.35.1
kernel-default-base-3.0.101-0.35.1
kernel-default-devel-3.0.101-0.35.1
kernel-source-3.0.101-0.35.1
kernel-syms-3.0.101-0.35.1
kernel-trace-3.0.101-0.35.1
kernel-trace-base-3.0.101-0.35.1
kernel-trace-devel-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:
kernel-ec2-3.0.101-0.35.1
kernel-ec2-base-3.0.101-0.35.1
kernel-ec2-devel-3.0.101-0.35.1
kernel-xen-3.0.101-0.35.1
kernel-xen-base-3.0.101-0.35.1
kernel-xen-devel-3.0.101-0.35.1
xen-kmp-default-4.2.4_02_3.0.101_0.35-0.7.45
- SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:
kernel-default-man-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:
kernel-ppc64-3.0.101-0.35.1
kernel-ppc64-base-3.0.101-0.35.1
kernel-ppc64-devel-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:
kernel-pae-3.0.101-0.35.1
kernel-pae-base-3.0.101-0.35.1
kernel-pae-devel-3.0.101-0.35.1
xen-kmp-pae-4.2.4_02_3.0.101_0.35-0.7.45
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):
cluster-network-kmp-default-1.4_3.0.101_0.35-2.27.78
cluster-network-kmp-trace-1.4_3.0.101_0.35-2.27.78
gfs2-kmp-default-2_3.0.101_0.35-0.16.84
gfs2-kmp-trace-2_3.0.101_0.35-0.16.84
ocfs2-kmp-default-1.6_3.0.101_0.35-0.20.78
ocfs2-kmp-trace-1.6_3.0.101_0.35-0.20.78
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):
cluster-network-kmp-xen-1.4_3.0.101_0.35-2.27.78
gfs2-kmp-xen-2_3.0.101_0.35-0.16.84
ocfs2-kmp-xen-1.6_3.0.101_0.35-0.20.78
- SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):
cluster-network-kmp-ppc64-1.4_3.0.101_0.35-2.27.78
gfs2-kmp-ppc64-2_3.0.101_0.35-0.16.84
ocfs2-kmp-ppc64-1.6_3.0.101_0.35-0.20.78
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):
cluster-network-kmp-pae-1.4_3.0.101_0.35-2.27.78
gfs2-kmp-pae-2_3.0.101_0.35-0.16.84
ocfs2-kmp-pae-1.6_3.0.101_0.35-0.20.78
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:
kernel-default-3.0.101-0.35.1
kernel-default-base-3.0.101-0.35.1
kernel-default-devel-3.0.101-0.35.1
kernel-default-extra-3.0.101-0.35.1
kernel-source-3.0.101-0.35.1
kernel-syms-3.0.101-0.35.1
kernel-trace-devel-3.0.101-0.35.1
kernel-xen-3.0.101-0.35.1
kernel-xen-base-3.0.101-0.35.1
kernel-xen-devel-3.0.101-0.35.1
kernel-xen-extra-3.0.101-0.35.1
xen-kmp-default-4.2.4_02_3.0.101_0.35-0.7.45
- SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:
kernel-pae-3.0.101-0.35.1
kernel-pae-base-3.0.101-0.35.1
kernel-pae-devel-3.0.101-0.35.1
kernel-pae-extra-3.0.101-0.35.1
xen-kmp-pae-4.2.4_02_3.0.101_0.35-0.7.45
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-0.35.1
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
kernel-xen-extra-3.0.101-0.35.1
- SLE 11 SERVER Unsupported Extras (ppc64):
kernel-ppc64-extra-3.0.101-0.35.1
- SLE 11 SERVER Unsupported Extras (i586):
kernel-pae-extra-3.0.101-0.35.1
References:
http://support.novell.com/security/cve/CVE-2012-2372.html
http://support.novell.com/security/cve/CVE-2013-2929.html
http://support.novell.com/security/cve/CVE-2013-4299.html
http://support.novell.com/security/cve/CVE-2013-4579.html
http://support.novell.com/security/cve/CVE-2013-6382.html
http://support.novell.com/security/cve/CVE-2013-7339.html
http://support.novell.com/security/cve/CVE-2014-0055.html
http://support.novell.com/security/cve/CVE-2014-0077.html
http://support.novell.com/security/cve/CVE-2014-0101.html
http://support.novell.com/security/cve/CVE-2014-0131.html
http://support.novell.com/security/cve/CVE-2014-0155.html
http://support.novell.com/security/cve/CVE-2014-1444.html
http://support.novell.com/security/cve/CVE-2014-1445.html
http://support.novell.com/security/cve/CVE-2014-1446.html
http://support.novell.com/security/cve/CVE-2014-1874.html
http://support.novell.com/security/cve/CVE-2014-2309.html
http://support.novell.com/security/cve/CVE-2014-2523.html
http://support.novell.com/security/cve/CVE-2014-2678.html
http://support.novell.com/security/cve/CVE-2014-2851.html
http://support.novell.com/security/cve/CVE-2014-3122.html
http://support.novell.com/security/cve/CVE-2014-3144.html
http://support.novell.com/security/cve/CVE-2014-3145.html
http://support.novell.com/security/cve/CVE-2014-3917.html
http://support.novell.com/security/cve/CVE-2014-4652.html
http://support.novell.com/security/cve/CVE-2014-4653.html
http://support.novell.com/security/cve/CVE-2014-4654.html
http://support.novell.com/security/cve/CVE-2014-4655.html
http://support.novell.com/security/cve/CVE-2014-4656.html
http://support.novell.com/security/cve/CVE-2014-4699.html
https://bugzilla.novell.com/767610
https://bugzilla.novell.com/786450
https://bugzilla.novell.com/792271
https://bugzilla.novell.com/821619
https://bugzilla.novell.com/832710
https://bugzilla.novell.com/837563
https://bugzilla.novell.com/840524
https://bugzilla.novell.com/846404
https://bugzilla.novell.com/846690
https://bugzilla.novell.com/847652
https://bugzilla.novell.com/850915
https://bugzilla.novell.com/851426
https://bugzilla.novell.com/851603
https://bugzilla.novell.com/852553
https://bugzilla.novell.com/855126
https://bugzilla.novell.com/857926
https://bugzilla.novell.com/858869
https://bugzilla.novell.com/858870
https://bugzilla.novell.com/858872
https://bugzilla.novell.com/859840
https://bugzilla.novell.com/861636
https://bugzilla.novell.com/861980
https://bugzilla.novell.com/862429
https://bugzilla.novell.com/862934
https://bugzilla.novell.com/863300
https://bugzilla.novell.com/863335
https://bugzilla.novell.com/863410
https://bugzilla.novell.com/863873
https://bugzilla.novell.com/864404
https://bugzilla.novell.com/864464
https://bugzilla.novell.com/865310
https://bugzilla.novell.com/865330
https://bugzilla.novell.com/865882
https://bugzilla.novell.com/866081
https://bugzilla.novell.com/866102
https://bugzilla.novell.com/866615
https://bugzilla.novell.com/866800
https://bugzilla.novell.com/866864
https://bugzilla.novell.com/867362
https://bugzilla.novell.com/867517
https://bugzilla.novell.com/867531
https://bugzilla.novell.com/867723
https://bugzilla.novell.com/867953
https://bugzilla.novell.com/868488
https://bugzilla.novell.com/868528
https://bugzilla.novell.com/868653
https://bugzilla.novell.com/868748
https://bugzilla.novell.com/869033
https://bugzilla.novell.com/869414
https://bugzilla.novell.com/869563
https://bugzilla.novell.com/869934
https://bugzilla.novell.com/870173
https://bugzilla.novell.com/870335
https://bugzilla.novell.com/870450
https://bugzilla.novell.com/870496
https://bugzilla.novell.com/870498
https://bugzilla.novell.com/870576
https://bugzilla.novell.com/870591
https://bugzilla.novell.com/870618
https://bugzilla.novell.com/870877
https://bugzilla.novell.com/870958
https://bugzilla.novell.com/871561
https://bugzilla.novell.com/871634
https://bugzilla.novell.com/871676
https://bugzilla.novell.com/871728
https://bugzilla.novell.com/871854
https://bugzilla.novell.com/871861
https://bugzilla.novell.com/871899
https://bugzilla.novell.com/872188
https://bugzilla.novell.com/872540
https://bugzilla.novell.com/872634
https://bugzilla.novell.com/873061
https://bugzilla.novell.com/873374
https://bugzilla.novell.com/873463
https://bugzilla.novell.com/874108
https://bugzilla.novell.com/874145
https://bugzilla.novell.com/874440
https://bugzilla.novell.com/874577
https://bugzilla.novell.com/875386
https://bugzilla.novell.com/876102
https://bugzilla.novell.com/876114
https://bugzilla.novell.com/876176
https://bugzilla.novell.com/876463
https://bugzilla.novell.com/877013
https://bugzilla.novell.com/877257
https://bugzilla.novell.com/877497
https://bugzilla.novell.com/877775
https://bugzilla.novell.com/878115
https://bugzilla.novell.com/878123
https://bugzilla.novell.com/878274
https://bugzilla.novell.com/878407
https://bugzilla.novell.com/878509
https://bugzilla.novell.com/879921
https://bugzilla.novell.com/879957
https://bugzilla.novell.com/880007
https://bugzilla.novell.com/880357
https://bugzilla.novell.com/880437
https://bugzilla.novell.com/880484
https://bugzilla.novell.com/881571
https://bugzilla.novell.com/881761
https://bugzilla.novell.com/881939
https://bugzilla.novell.com/882324
https://bugzilla.novell.com/883380
https://bugzilla.novell.com/883795
https://bugzilla.novell.com/885725
http://download.suse.com/patch/finder/?keywords=0d90047cc045e1a3930a1deab87…
http://download.suse.com/patch/finder/?keywords=13c414107953b996e47ad9beead…
http://download.suse.com/patch/finder/?keywords=1b23cbf839dfbac64393f47b254…
http://download.suse.com/patch/finder/?keywords=1e1024c9ceb6dfbd02087a8e7fc…
http://download.suse.com/patch/finder/?keywords=1eb98ba9ebb1cc2e805aa760347…
http://download.suse.com/patch/finder/?keywords=25116cdba8b0bd66ec544a70ecf…
http://download.suse.com/patch/finder/?keywords=ac3c1f41b2fef1c20481c11cba3…
http://download.suse.com/patch/finder/?keywords=c05c80da5f8738980eb4c3cf7b7…
http://download.suse.com/patch/finder/?keywords=fcdaebb0744ca50e161239dbb66…
http://download.suse.com/patch/finder/?keywords=ff40c298b0b146e85c2548cf997…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2014:0911-1: important: Security update for Linux kernel
by opensuse-security@opensuse.org 17 Jul '14
by opensuse-security@opensuse.org 17 Jul '14
17 Jul '14
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0911-1
Rating: important
References: #767610 #786450 #792271 #821619 #832710 #837563
#840524 #846404 #846690 #847652 #850915 #851426
#851603 #852553 #855126 #857926 #858869 #858870
#858872 #859840 #861636 #861980 #862429 #862934
#863300 #863335 #863410 #863873 #864404 #864464
#865310 #865330 #865882 #866081 #866102 #866615
#866800 #866864 #867362 #867517 #867531 #867723
#867953 #868488 #868528 #868653 #868748 #869033
#869414 #869563 #869934 #870173 #870335 #870450
#870496 #870498 #870576 #870591 #870618 #870877
#870958 #871561 #871634 #871676 #871728 #871854
#871861 #871899 #872188 #872540 #872634 #873061
#873374 #873463 #874108 #874145 #874440 #874577
#875386 #876102 #876114 #876176 #876463 #877013
#877257 #877497 #877775 #878115 #878123 #878274
#878407 #878509 #879921 #879957 #880007 #880357
#880437 #880484 #881571 #881761 #881939 #882324
#883380 #883795 #885725
Cross-References: CVE-2012-2372 CVE-2013-2929 CVE-2013-4299
CVE-2013-4579 CVE-2013-6382 CVE-2013-7339
CVE-2014-0055 CVE-2014-0077 CVE-2014-0101
CVE-2014-0131 CVE-2014-0155 CVE-2014-1444
CVE-2014-1445 CVE-2014-1446 CVE-2014-1874
CVE-2014-2309 CVE-2014-2523 CVE-2014-2678
CVE-2014-2851 CVE-2014-3122 CVE-2014-3144
CVE-2014-3145 CVE-2014-3917 CVE-2014-4652
CVE-2014-4653 CVE-2014-4654 CVE-2014-4655
CVE-2014-4656 CVE-2014-4699
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise High Availability Extension 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves 29 vulnerabilities and has 76 fixes
is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix
various bugs and security issues.
The following security bugs have been fixed:
*
CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the
Reliable Datagram Sockets (RDS) protocol implementation in the Linux
kernel 3.7.4 and earlier allows local users to cause a denial of service
(BUG_ON and kernel panic) by establishing an RDS connection with the
source IP address equal to the IPoIB interfaces own IP address, as
demonstrated by rds-ping. (bnc#767610)
*
CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use
the get_dumpable function, which allows local users to bypass intended
ptrace restrictions or obtain sensitive information from IA64 scratch
registers via a crafted application, related to kernel/ptrace.c and
arch/ia64/include/asm/processor.h. (bnc#847652)
*
CVE-2013-4299: Interpretation conflict in
drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows
remote authenticated users to obtain sensitive information or modify data
via a crafted mapping to a snapshot block device. (bnc#846404)
*
CVE-2013-4579: The ath9k_htc_set_bssid_mask function in
drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through
3.12 uses a BSSID masking approach to determine the set of MAC addresses
on which a Wi-Fi device is listening, which allows remote attackers to
discover the original MAC address after spoofing by sending a series of
packets to MAC addresses with certain bit manipulations. (bnc#851426)
*
CVE-2013-6382: Multiple buffer underflows in the XFS implementation
in the Linux kernel through 3.12.1 allow local users to cause a denial of
service (memory corruption) or possibly have unspecified
other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call
with a crafted length value, related to the xfs_attrlist_by_handle
function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
function in fs/xfs/xfs_ioctl32.c. (bnc#852553)
*
CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in
the Linux kernel before 3.12.8 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via a bind system call for an RDS socket on a
system that lacks RDS transports. (bnc#869563)
*
CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in
the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2
on Red Hat Enterprise Linux (RHEL) 6 does not properly handle
vhost_get_vq_desc errors, which allows guest OS users to cause a denial of
service (host OS crash) via unspecified vectors. (bnc#870173)
*
CVE-2014-0077: drivers/vhost/net.c in the Linux kernel before
3.13.10, when mergeable buffers are disabled, does not properly validate
packet lengths, which allows guest OS users to cause a denial of service
(memory corruption and host OS crash) or possibly gain privileges on the
host OS via crafted packets, related to the handle_rx and get_rx_bufs
functions. (bnc#870576)
*
CVE-2014-0101: The sctp_sf_do_5_1D_ce function in
net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not
validate certain auth_enable and auth_capable fields before making an
sctp_sf_authenticate call, which allows remote attackers to cause a denial
of service (NULL pointer dereference and system crash) via an SCTP
handshake with a modified INIT chunk and a crafted AUTH chunk before a
COOKIE_ECHO chunk. (bnc#866102)
*
CVE-2014-0131: Use-after-free vulnerability in the skb_segment
function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows
attackers to obtain sensitive information from kernel memory by leveraging
the absence of a certain orphaning operation. (bnc#867723)
*
CVE-2014-0155: The ioapic_deliver function in virt/kvm/ioapic.c in
the Linux kernel through 3.14.1 does not properly validate the
kvm_irq_delivery_to_apic return value, which allows guest OS users to
cause a denial of service (host OS crash) via a crafted entry in the
redirection table of an I/O APIC. NOTE: the affected code was moved to the
ioapic_service function before the vulnerability was announced.
(bnc#872540)
*
CVE-2014-1444: The fst_get_iface function in
drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not
properly initialize a certain data structure, which allows local users to
obtain sensitive information from kernel memory by leveraging the
CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)
*
CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c
in the Linux kernel before 3.11.7 does not properly initialize a certain
data structure, which allows local users to obtain sensitive information
from kernel memory via an ioctl call. (bnc#858870)
*
CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c
in the Linux kernel before 3.12.8 does not initialize a certain structure
member, which allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability for an
SIOCYAMGCFG ioctl call. (bnc#858872)
*
CVE-2014-1874: The security_context_to_sid_core function in
security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows
local users to cause a denial of service (system crash) by leveraging the
CAP_MAC_ADMIN capability to set a zero-length security context.
(bnc#863335)
*
CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the
Linux kernel through 3.13.6 does not properly count the addition of
routes, which allows remote attackers to cause a denial of service (memory
consumption) via a flood of ICMPv6 Router Advertisement packets.
(bnc#867531)
*
CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux
kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows
remote attackers to cause a denial of service (system crash)
or possibly execute arbitrary code via a DCCP packet that triggers a
call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
(bnc#868653)
*
CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in
the Linux kernel through 3.14 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via a bind system call for an RDS socket on a
system that lacks RDS transports. (bnc#871561)
*
CVE-2014-2851: Integer overflow in the ping_init_sock function in
net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to
cause a denial of service (use-after-free and system crash) or possibly
gain privileges via a crafted application that leverages an improperly
managed reference counter. (bnc#873374)
*
CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the
Linux kernel before 3.14.3 does not properly consider which pages must be
locked, which allows local users to cause a denial of service (system
crash) by triggering a memory-usage pattern that requires removal of
page-table mappings. (bnc#876102)
*
CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2)
BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter
function in net/core/filter.c in the Linux kernel through 3.14.3 do not
check whether a certain length value is sufficiently large, which allows
local users to cause a denial of service (integer underflow and system
crash) via crafted BPF instructions. NOTE: the affected code was moved to
the __skb_get_nlattr and __skb_get_nlattr_nest functions before the
vulnerability was announced. (bnc#877257)
*
CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in
the sk_run_filter function in net/core/filter.c in the Linux kernel
through 3.14.3 uses the reverse order in a certain subtraction, which
allows local users to cause a denial of service (over-read and system
crash) via crafted BPF instructions. NOTE: the affected code was moved to
the __skb_get_nlattr_nest function before the vulnerability was announced.
(bnc#877257)
*
CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5,
when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows
local users to obtain potentially sensitive single-bit values from kernel
memory or cause a denial of service (OOPS) via a large value of a syscall
number. (bnc#880484)
*
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel
through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled
and the sep CPU feature flag is set, allows local users to cause a denial
of service (OOPS and system crash) via an invalid syscall number, as
demonstrated by number
*
(bnc#883724)
*
CVE-2014-4652: Race condition in the tlv handler functionality in
the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA
control implementation in the Linux kernel before 3.15.2 allows local
users to obtain sensitive information from kernel memory by leveraging
/dev/snd/controlCX access. (bnc#883795)
*
CVE-2014-4653: sound/core/control.c in the ALSA control
implementation in the Linux kernel before 3.15.2 does not ensure
possession of a read/write lock, which allows local users to cause a
denial of service (use-after-free) and obtain sensitive information from
kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795)
*
CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c
in the ALSA control implementation in the Linux kernel before 3.15.2 does
not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which
allows local users to remove kernel controls and cause a denial of service
(use-after-free and system crash) by leveraging /dev/snd/controlCX access
for an ioctl call. (bnc#883795)
*
CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c
in the ALSA control implementation in the Linux kernel before 3.15.2 does
not properly maintain the user_ctl_count value, which allows local users
to cause a denial of service (integer overflow and limit bypass) by
leveraging /dev/snd/controlCX access for a large number of
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795)
*
CVE-2014-4656: Multiple integer overflows in sound/core/control.c in
the ALSA control implementation in the Linux kernel before 3.15.2 allow
local users to cause a denial of service by leveraging /dev/snd/controlCX
access, related to (1) index values in the snd_ctl_add function and (2)
numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795)
*
CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors
does not properly restrict use of a non-canonical value for the saved RIP
address in the case of a system call that does not use IRET, which allows
local users to leverage a race condition and gain privileges, or cause a
denial of service (double fault), via a crafted application that makes
ptrace and fork system calls. (bnc#885725)
Also the following non-security bugs have been fixed:
* kernel: avoid page table walk on user space access (bnc#878407,
LTC#110316).
* spinlock: fix system hang with spin_retry <= 0 (bnc#874145,
LTC#110189).
* x86/UV: Set n_lshift based on GAM_GR_CONFIG MMR for UV3 (bnc#876176).
* x86: Enable multiple CPUs in crash kernel (bnc#846690).
* x86/mce: Fix CMCI preemption bugs (bnc#786450).
* x86, CMCI: Add proper detection of end of CMCI storms (bnc#786450).
* futex: revert back to the explicit waiter counting code (bnc#851603).
* futex: avoid race between requeue and wake (bnc#851603).
* intel-iommu: fix off-by-one in pagetable freeing (bnc#874577).
* ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)
(bnc#874108).
*
drivers/rtc/interface.c: fix infinite loop in initializing the alarm
(bnc#871676).
*
drm/ast: Fix double lock at PM resume (bnc#883380).
* drm/ast: add widescreen + rb modes from X.org driver (v2)
(bnc#883380).
* drm/ast: deal with bo reserve fail in dirty update path (bnc#883380).
* drm/ast: do not attempt to acquire a reservation while in an
interrupt handler (bnc#883380).
* drm/ast: fix the ast open key function (bnc#883380).
* drm/ast: fix value check in cbr_scan2 (bnc#883380).
* drm/ast: inline reservations (bnc#883380).
* drm/ast: invalidate page tables when pinning a BO (bnc#883380).
* drm/ast: rename the mindwm/moutdwm and deinline them (bnc#883380).
* drm/ast: resync the dram post code with upstream (bnc#883380).
* drm: ast: use drm_can_sleep (bnc#883380).
* drm/ast: use drm_modeset_lock_all (bnc#883380).
* drm/: Unified handling of unimplemented fb->create_handle
(bnc#883380).
* drm/mgag200,ast,cirrus: fix regression with drm_can_sleep conversion
(bnc#883380).
* drm/mgag200: Consolidate depth/bpp handling (bnc#882324).
* drm/ast: Initialized data needed to map fbdev memory (bnc#880007).
* drm/ast: add AST 2400 support (bnc#880007).
* drm/ast: Initialized data needed to map fbdev memory (bnc#880007).
* drm/mgag200: on cards with < 2MB VRAM default to 16-bit (bnc#882324).
* drm/mgag200: fix typo causing bw limits to be ignored on some chips
(bnc#882324).
* drm/ttm: do not oops if no invalidate_caches() (bnc#869414).
*
drm/i915: Break encoder->crtc link separately in
intel_sanitize_crtc() (bnc#855126).
*
dlm: keep listening connection alive with sctp mode (bnc#881939)
*
series.conf: Clarify comment about Xen kabi adjustments
(bnc#876114#c25)
*
btrfs: fix a crash when running balance and defrag concurrently.
* btrfs: unset DCACHE_DISCONNECTED when mounting default subvol
(bnc#866615).
* btrfs: free delayed node outside of root->inode_lock (bnc#866864).
* btrfs: return EPERM when deleting a default subvolume (bnc#869934).
*
btrfs: do not loop on large offsets in readdir (bnc#863300)
*
sched: Consider pi boosting in setscheduler.
* sched: Queue RT tasks to head when prio drops.
* sched: Adjust sched_reset_on_fork when nothing else changes.
* sched: Fix clock_gettime(CLOCK__CPUTIME_ID) monotonicity
(bnc#880357).
* sched: Do not allow scheduler time to go backwards (bnc#880357).
* sched: Make scale_rt_power() deal with backward clocks (bnc#865310).
* sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri
check (bnc#871861).
*
sched: update_rq_clock() must skip ONE update (bnc#869033,
bnc#868528).
*
tcp: allow to disable cwnd moderation in TCP_CA_Loss state
(bnc#879921).
* tcp: clear xmit timers in tcp_v4_syn_recv_sock() (bnc#862429).
* net: add missing bh_unlock_sock() calls (bnc#862429).
* bonding: fix vlan_features computing (bnc#872634).
* vlan: more careful checksum features handling (bnc#872634).
* xfrm: fix race between netns cleanup and state expire notification
(bnc#879957).
* xfrm: check peer pointer for null before calling inet_putpeer()
(bnc#877775).
*
ipv6: do not overwrite inetpeer metrics prematurely (bnc#867362).
*
pagecachelimit: reduce lru_lock contention for heavy parallel kabi
fixup: (bnc#878509, bnc#864464).
*
pagecachelimit: reduce lru_lock contention for heavy parallel
reclaim (bnc#878509, bnc#864464).
*
TTY: serial, cleanup include file (bnc#881571).
* TTY: serial, fix includes in some drivers (bnc#881571).
*
serial_core: Fix race in uart_handle_dcd_change (bnc#881571).
*
powerpc/perf: Power8 PMU support (bnc#832710).
* powerpc/perf: Add support for SIER (bnc#832710).
* powerpc/perf: Add regs_no_sipr() (bnc#832710).
* powerpc/perf: Add an accessor for regs->result (bnc#832710).
* powerpc/perf: Convert mmcra_sipr/sihv() to regs_sipr/sihv()
(bnc#832710).
*
powerpc/perf: Add an explict flag indicating presence of SLOT field
(bnc#832710).
*
swiotlb: do not assume PA 0 is invalid (bnc#865882).
*
lockref: implement lockless reference count updates using cmpxchg()
(FATE#317271).
*
af_iucv: wrong mapping of sent and confirmed skbs (bnc#878407,
LTC#110452).
* af_iucv: recvmsg problem for SOCK_STREAM sockets (bnc#878407,
LTC#110452).
*
af_iucv: fix recvmsg by replacing skb_pull() function (bnc#878407,
LTC#110452).
*
qla2xxx: Poll during initialization for ISP25xx and ISP83xx
(bnc#837563).
*
qla2xxx: Fix request queue null dereference (bnc#859840).
*
lpfc 8.3.41: Fixed SLI3 failing FCP write on check-condition
no-sense with residual zero (bnc#850915).
*
reiserfs: call truncate_setsize under tailpack mutex (bnc#878115).
*
reiserfs: drop vmtruncate (bnc#878115).
*
ipvs: handle IPv6 fragments with one-packet scheduling (bnc#861980).
*
kabi: hide modifications of struct sk_buff done by bnc#861980 fix
(bnc#861980).
*
loop: remove the incorrect write_begin/write_end shortcut
(bnc#878123).
*
watchdog: hpwdt patch to display informative string (bnc#862934).
* watchdog: hpwdt: Patch to ignore auxilary iLO devices (bnc#862934).
* watchdog: hpwdt: Add check for UEFI bits (bnc#862934).
*
watchdog: hpwdt.c: Increase version string (bnc#862934).
*
hpilo: Correct panic when an AUX iLO is detected (bnc#837563).
*
locking/mutexes: Introduce cancelable MCS lock for adaptive spinning
(FATE#317271).
*
locking/mutexes: Modify the way optimistic spinners are queued
(FATE#317271).
* locking/mutexes: Return false if task need_resched() in
mutex_can_spin_on_owner() (FATE#317271).
* mutex: Enable the queuing of mutex spinners with MCS lock
(FATE#317271). config: disabled on all flavors
*
mutex: Queue mutex spinners with MCS lock to reduce cacheline
contention (FATE#317271).
*
memcg: deprecate memory.force_empty knob (bnc#878274).
*
kabi: protect struct net from bnc#877013 changes (bnc#877013).
* netfilter: nfnetlink_queue: add net namespace support for
nfnetlink_queue (bnc#877013).
* netfilter: make /proc/net/netfilter pernet (bnc#877013).
* netfilter: xt_hashlimit: fix proc entry leak in netns destroy path
(bnc#871634).
* netfilter: xt_hashlimit: fix namespace destroy path (bnc#871634).
* netfilter: nf_queue: reject NF_STOLEN verdicts from userspace
(bnc#870877).
* netfilter: avoid double free in nf_reinject (bnc#870877).
* netfilter: ctnetlink: fix race between delete and timeout expiration
(bnc#863410).
*
netfilter: reuse skb->nfct_reasm for ipvs conn reference
(bnc#861980).
*
mm: per-thread vma caching (FATE#317271). config: enable
CONFIG_VMA_CACHE for x86_64/bigsmp
* mm, hugetlb: improve page-fault scalability (FATE#317271).
* mm: vmscan: Do not throttle based on pfmemalloc reserves if node has
no ZONE_NORMAL (bnc#870496).
* mm: fix off-by-one bug in print_nodes_state() (bnc#792271).
*
hugetlb: ensure hugepage access is denied if hugepages are not
supported (PowerKVM crash when mounting hugetlbfs without hugepage support
(bnc#870498)).
*
SELinux: Increase ebitmap_node size for 64-bit configuration
(FATE#317271).
*
SELinux: Reduce overhead of mls_level_isvalid() function call
(FATE#317271).
*
mutex: Fix debug_mutexes (FATE#317271).
* mutex: Fix debug checks (FATE#317271).
*
locking/mutexes: Unlock the mutex without the wait_lock
(FATE#317271).
*
epoll: do not take the nested ep->mtx on EPOLL_CTL_DEL (FATE#317271).
* epoll: do not take global "epmutex" for simple topologies
(FATE#317271).
*
epoll: optimize EPOLL_CTL_DEL using rcu (FATE#317271).
*
vfs: Fix missing unlock of vfsmount_lock in unlazy_walk (bnc#880437).
* dcache: kABI fixes for lockref dentries (FATE#317271).
* vfs: make sure we do not have a stale root path if unlazy_walk()
fails (FATE#317271).
* vfs: fix dentry RCU to refcounting possibly sleeping dput()
(FATE#317271).
* vfs: use lockref "dead" flag to mark unrecoverably dead dentries
(FATE#317271).
* vfs: reimplement d_rcu_to_refcount() using lockref_get_or_lock()
(FATE#317271).
* vfs: Remove second variable named error in __dentry_path
(FATE#317271).
* make prepend_name() work correctly when called with negative *buflen
(FATE#317271).
* prepend_path() needs to reinitialize dentry/vfsmount on restarts
(FATE#317271).
* dcache: get/release read lock in read_seqbegin_or_lock() & friend
(FATE#317271).
* seqlock: Add a new locking reader type (FATE#317271).
* dcache: Translating dentry into pathname without taking rename_lock
(FATE#317271).
* vfs: make the dentry cache use the lockref infrastructure
(FATE#317271).
* vfs: Remove dentry->d_lock locking from
shrink_dcache_for_umount_subtree() (FATE#317271).
* vfs: use lockref_get_not_zero() for optimistic lockless
dget_parent() (FATE#317271).
* vfs: constify dentry parameter in d_count() (FATE#317271).
* helper for reading ->d_count (FATE#317271).
* lockref: use arch_mutex_cpu_relax() in CMPXCHG_LOOP() (FATE#317271).
* lockref: allow relaxed cmpxchg64 variant for lockless updates
(FATE#317271).
* lockref: use cmpxchg64 explicitly for lockless updates (FATE#317271).
* lockref: add ability to mark lockrefs "dead" (FATE#317271).
* lockref: fix docbook argument names (FATE#317271).
* lockref: Relax in cmpxchg loop (FATE#317271).
* lockref: implement lockless reference count updates using cmpxchg()
(FATE#317271).
* lockref: uninline lockref helper functions (FATE#317271).
* lockref: add lockref_get_or_lock() helper (FATE#317271).
*
Add new lockref infrastructure reference implementation
(FATE#317271).
*
vfs: make lremovexattr retry once on ESTALE error (bnc#876463).
* vfs: make removexattr retry once on ESTALE (bnc#876463).
* vfs: make llistxattr retry once on ESTALE error (bnc#876463).
* vfs: make listxattr retry once on ESTALE error (bnc#876463).
* vfs: make lgetxattr retry once on ESTALE (bnc#876463).
* vfs: make getxattr retry once on an ESTALE error (bnc#876463).
* vfs: allow lsetxattr() to retry once on ESTALE errors (bnc#876463).
* vfs: allow setxattr to retry once on ESTALE errors (bnc#876463).
* vfs: allow utimensat() calls to retry once on an ESTALE error
(bnc#876463).
* vfs: fix user_statfs to retry once on ESTALE errors (bnc#876463).
* vfs: make fchownat retry once on ESTALE errors (bnc#876463).
* vfs: make fchmodat retry once on ESTALE errors (bnc#876463).
* vfs: have chroot retry once on ESTALE error (bnc#876463).
* vfs: have chdir retry lookup and call once on ESTALE error
(bnc#876463).
* vfs: have faccessat retry once on an ESTALE error (bnc#876463).
* vfs: have do_sys_truncate retry once on an ESTALE error (bnc#876463).
* vfs: fix renameat to retry on ESTALE errors (bnc#876463).
* vfs: make do_unlinkat retry once on ESTALE errors (bnc#876463).
* vfs: make do_rmdir retry once on ESTALE errors (bnc#876463).
* vfs: fix linkat to retry once on ESTALE errors (bnc#876463).
* vfs: fix symlinkat to retry on ESTALE errors (bnc#876463).
* vfs: fix mkdirat to retry once on an ESTALE error (bnc#876463).
* vfs: fix mknodat to retry on ESTALE errors (bnc#876463).
* vfs: add a flags argument to user_path_parent (bnc#876463).
* vfs: fix readlinkat to retry on ESTALE (bnc#876463).
* vfs: make fstatat retry on ESTALE errors from getattr call
(bnc#876463).
*
vfs: add a retry_estale helper function to handle retries on ESTALE
(bnc#876463).
*
crypto: s390 - fix aes,des ctr mode concurrency finding (bnc#874145,
LTC#110078).
* s390/cio: fix unlocked access of global bitmap (bnc#874145,
LTC#109378).
* s390/css: stop stsch loop after cc 3 (bnc#874145, LTC#109378).
* s390/pci: add kmsg man page (bnc#874145, LTC#109224).
* s390/pci/dma: use correct segment boundary size (bnc#866081,
LTC#104566).
* cio: Fix missing subchannels after CHPID configure on (bnc#866081,
LTC#104808).
* cio: Fix process hangs during subchannel scan (bnc#866081,
LTC#104805).
*
cio: fix unusable device (bnc#866081, LTC#104168).
*
qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873).
*
Fix race between starved list and device removal (bnc#861636).
*
namei.h: include errno.h (bnc#876463).
*
ALSA: hda - Implement bind mixer ctls for Conexant (bnc#872188).
* ALSA: hda - Fix invalid Auto-Mute Mode enum from cxt codecs
(bnc#872188).
* ALSA: hda - Fix conflicting Capture Source on cxt codecs
(bnc#872188).
*
ALSA: usb-audio: Fix NULL dereference while quick replugging
(bnc#870335).
*
powerpc: Bring all threads online prior to migration/hibernation
(bnc#870591).
* powerpc/pseries: Update dynamic cache nodes for suspend/resume
operation (bnc#873463).
* powerpc/pseries: Device tree should only be updated once after
suspend/migrate (bnc#873463).
* powerpc/pseries: Expose in kernel device tree update to drmgr
(bnc#873463).
*
powerpc: Add second POWER8 PVR entry (bnc#874440).
*
libata/ahci: accommodate tag ordered controllers (bnc#871728)
*
md: try to remove cause of a spinning md thread (bnc#875386).
*
md: fix up plugging (again) (bnc#866800).
*
NFSv4: Fix a reboot recovery race when opening a file (bnc#864404).
* NFSv4: Ensure delegation recall and byte range lock removal do not
conflict (bnc#864404).
* NFSv4: Fix up the return values of nfs4_open_delegation_recall
(bnc#864404).
* NFSv4.1: Do not lose locks when a server reboots during delegation
return (bnc#864404).
* NFSv4.1: Prevent deadlocks between state recovery and file locking
(bnc#864404).
* NFSv4: Allow the state manager to mark an open_owner as being
recovered (bnc#864404).
* NFS: nfs_inode_return_delegation() should always flush dirty data
(bnc#864404).
* NFSv4: nfs_client_return_marked_delegations cannot flush data
(bnc#864404).
* NFS: avoid excessive GETATTR request when attributes expired but
cached directory is valid (bnc#857926).
* seqlock: add "raw_seqcount_begin()" function (bnc#864404).
* Allow nfsdv4 to work when fips=1 (bnc#868488).
* NFSv4: Add ACCESS operation to OPEN compound (bnc#870958).
* NFSv4: Fix unnecessary delegation returns in nfs4_do_open
(bnc#870958).
* NFSv4: The NFSv4.0 client must send RENEW calls if it holds a
delegation (bnc#863873).
* NFSv4: nfs4_proc_renew should be declared static (bnc#863873).
* NFSv4: do not put ACCESS in OPEN compound if O_EXCL (bnc#870958).
* NFS: revalidate on open if dcache is negative (bnc#876463).
* NFSD add module parameter to disable delegations (bnc#876463).
*
Do not lose sockets when nfsd shutdown races with connection timeout
(bnc#871854).
*
timer: Prevent overflow in apply_slack (bnc#873061).
*
mei: me: do not load the driver if the FW does not support MEI
interface (bnc#821619).
*
ipmi: Reset the KCS timeout when starting error recovery
(bnc#870618).
* ipmi: Fix a race restarting the timer (bnc#870618).
*
ipmi: increase KCS timeouts (bnc#870618).
*
bnx2x: Fix kernel crash and data miscompare after EEH recovery
(bnc#881761).
*
bnx2x: Adapter not recovery from EEH error injection (bnc#881761).
*
kabi: hide modifications of struct inet_peer done by bnc#867953 fix
(bnc#867953).
*
inetpeer: prevent unlinking from unused list twice (bnc#867953).
*
Ignore selected taints for tracepoint modules (bnc#870450,
FATE#317134).
* Use "E" instead of "X" for unsigned module taint flag
(bnc#870450,FATE#317134).
*
Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE
(bnc#870450,FATE#317134).
*
xhci: extend quirk for Renesas cards (bnc#877497).
* scsi: return target failure on EMC inactive snapshot (bnc#840524).
* virtio_balloon: do not softlockup on huge balloon changes
(bnc#871899).
* ch: add refcounting (bnc#867517).
* storvsc: NULL pointer dereference fix (bnc#865330).
* Unlock the rename_lock in dentry_path() in the case when path is too
long (bnc#868748).
Security Issue references:
* CVE-2012-2372
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372>
* CVE-2013-2929
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929>
* CVE-2013-4299
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299>
* CVE-2013-4579
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4579>
* CVE-2013-6382
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382>
* CVE-2013-7339
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339>
* CVE-2014-0055
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0055>
* CVE-2014-0077
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0077>
* CVE-2014-0101
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101>
* CVE-2014-0131
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131>
* CVE-2014-0155
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0155>
* CVE-2014-1444
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444>
* CVE-2014-1445
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445>
* CVE-2014-1446
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446>
* CVE-2014-1874
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874>
* CVE-2014-2309
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309>
* CVE-2014-2523
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523>
* CVE-2014-2678
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678>
* CVE-2014-2851
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851>
* CVE-2014-3122
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122>
* CVE-2014-3144
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144>
* CVE-2014-3145
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145>
* CVE-2014-3917
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917>
* CVE-2014-4508
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508>
* CVE-2014-4652
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652>
* CVE-2014-4653
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653>
* CVE-2014-4654
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654>
* CVE-2014-4655
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655>
* CVE-2014-4656
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656>
* CVE-2014-4699
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699>
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-kernel-9488 slessp3-kernel-9493
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-kernel-9488 slessp3-kernel-9489 slessp3-kernel-9490 slessp3-kernel-9491 slessp3-kernel-9493
- SUSE Linux Enterprise High Availability Extension 11 SP3:
zypper in -t patch slehasp3-kernel-9488 slehasp3-kernel-9489 slehasp3-kernel-9490 slehasp3-kernel-9491 slehasp3-kernel-9493
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-kernel-9488 sledsp3-kernel-9493
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]:
kernel-default-3.0.101-0.35.1
kernel-default-base-3.0.101-0.35.1
kernel-default-devel-3.0.101-0.35.1
kernel-source-3.0.101-0.35.1
kernel-syms-3.0.101-0.35.1
kernel-trace-3.0.101-0.35.1
kernel-trace-base-3.0.101-0.35.1
kernel-trace-devel-3.0.101-0.35.1
kernel-xen-devel-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]:
kernel-pae-3.0.101-0.35.1
kernel-pae-base-3.0.101-0.35.1
kernel-pae-devel-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:
kernel-default-3.0.101-0.35.1
kernel-default-base-3.0.101-0.35.1
kernel-default-devel-3.0.101-0.35.1
kernel-source-3.0.101-0.35.1
kernel-syms-3.0.101-0.35.1
kernel-trace-3.0.101-0.35.1
kernel-trace-base-3.0.101-0.35.1
kernel-trace-devel-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:
kernel-ec2-3.0.101-0.35.1
kernel-ec2-base-3.0.101-0.35.1
kernel-ec2-devel-3.0.101-0.35.1
kernel-xen-3.0.101-0.35.1
kernel-xen-base-3.0.101-0.35.1
kernel-xen-devel-3.0.101-0.35.1
xen-kmp-default-4.2.4_02_3.0.101_0.35-0.7.45
- SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:
kernel-default-man-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:
kernel-ppc64-3.0.101-0.35.1
kernel-ppc64-base-3.0.101-0.35.1
kernel-ppc64-devel-3.0.101-0.35.1
- SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:
kernel-pae-3.0.101-0.35.1
kernel-pae-base-3.0.101-0.35.1
kernel-pae-devel-3.0.101-0.35.1
xen-kmp-pae-4.2.4_02_3.0.101_0.35-0.7.45
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):
cluster-network-kmp-default-1.4_3.0.101_0.35-2.27.78
cluster-network-kmp-trace-1.4_3.0.101_0.35-2.27.78
gfs2-kmp-default-2_3.0.101_0.35-0.16.84
gfs2-kmp-trace-2_3.0.101_0.35-0.16.84
ocfs2-kmp-default-1.6_3.0.101_0.35-0.20.78
ocfs2-kmp-trace-1.6_3.0.101_0.35-0.20.78
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):
cluster-network-kmp-xen-1.4_3.0.101_0.35-2.27.78
gfs2-kmp-xen-2_3.0.101_0.35-0.16.84
ocfs2-kmp-xen-1.6_3.0.101_0.35-0.20.78
- SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):
cluster-network-kmp-ppc64-1.4_3.0.101_0.35-2.27.78
gfs2-kmp-ppc64-2_3.0.101_0.35-0.16.84
ocfs2-kmp-ppc64-1.6_3.0.101_0.35-0.20.78
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):
cluster-network-kmp-pae-1.4_3.0.101_0.35-2.27.78
gfs2-kmp-pae-2_3.0.101_0.35-0.16.84
ocfs2-kmp-pae-1.6_3.0.101_0.35-0.20.78
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:
kernel-default-3.0.101-0.35.1
kernel-default-base-3.0.101-0.35.1
kernel-default-devel-3.0.101-0.35.1
kernel-default-extra-3.0.101-0.35.1
kernel-source-3.0.101-0.35.1
kernel-syms-3.0.101-0.35.1
kernel-trace-devel-3.0.101-0.35.1
kernel-xen-3.0.101-0.35.1
kernel-xen-base-3.0.101-0.35.1
kernel-xen-devel-3.0.101-0.35.1
kernel-xen-extra-3.0.101-0.35.1
xen-kmp-default-4.2.4_02_3.0.101_0.35-0.7.45
- SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:
kernel-pae-3.0.101-0.35.1
kernel-pae-base-3.0.101-0.35.1
kernel-pae-devel-3.0.101-0.35.1
kernel-pae-extra-3.0.101-0.35.1
xen-kmp-pae-4.2.4_02_3.0.101_0.35-0.7.45
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-0.35.1
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
kernel-xen-extra-3.0.101-0.35.1
- SLE 11 SERVER Unsupported Extras (ppc64):
kernel-ppc64-extra-3.0.101-0.35.1
- SLE 11 SERVER Unsupported Extras (i586):
kernel-pae-extra-3.0.101-0.35.1
References:
http://support.novell.com/security/cve/CVE-2012-2372.html
http://support.novell.com/security/cve/CVE-2013-2929.html
http://support.novell.com/security/cve/CVE-2013-4299.html
http://support.novell.com/security/cve/CVE-2013-4579.html
http://support.novell.com/security/cve/CVE-2013-6382.html
http://support.novell.com/security/cve/CVE-2013-7339.html
http://support.novell.com/security/cve/CVE-2014-0055.html
http://support.novell.com/security/cve/CVE-2014-0077.html
http://support.novell.com/security/cve/CVE-2014-0101.html
http://support.novell.com/security/cve/CVE-2014-0131.html
http://support.novell.com/security/cve/CVE-2014-0155.html
http://support.novell.com/security/cve/CVE-2014-1444.html
http://support.novell.com/security/cve/CVE-2014-1445.html
http://support.novell.com/security/cve/CVE-2014-1446.html
http://support.novell.com/security/cve/CVE-2014-1874.html
http://support.novell.com/security/cve/CVE-2014-2309.html
http://support.novell.com/security/cve/CVE-2014-2523.html
http://support.novell.com/security/cve/CVE-2014-2678.html
http://support.novell.com/security/cve/CVE-2014-2851.html
http://support.novell.com/security/cve/CVE-2014-3122.html
http://support.novell.com/security/cve/CVE-2014-3144.html
http://support.novell.com/security/cve/CVE-2014-3145.html
http://support.novell.com/security/cve/CVE-2014-3917.html
http://support.novell.com/security/cve/CVE-2014-4652.html
http://support.novell.com/security/cve/CVE-2014-4653.html
http://support.novell.com/security/cve/CVE-2014-4654.html
http://support.novell.com/security/cve/CVE-2014-4655.html
http://support.novell.com/security/cve/CVE-2014-4656.html
http://support.novell.com/security/cve/CVE-2014-4699.html
https://bugzilla.novell.com/767610
https://bugzilla.novell.com/786450
https://bugzilla.novell.com/792271
https://bugzilla.novell.com/821619
https://bugzilla.novell.com/832710
https://bugzilla.novell.com/837563
https://bugzilla.novell.com/840524
https://bugzilla.novell.com/846404
https://bugzilla.novell.com/846690
https://bugzilla.novell.com/847652
https://bugzilla.novell.com/850915
https://bugzilla.novell.com/851426
https://bugzilla.novell.com/851603
https://bugzilla.novell.com/852553
https://bugzilla.novell.com/855126
https://bugzilla.novell.com/857926
https://bugzilla.novell.com/858869
https://bugzilla.novell.com/858870
https://bugzilla.novell.com/858872
https://bugzilla.novell.com/859840
https://bugzilla.novell.com/861636
https://bugzilla.novell.com/861980
https://bugzilla.novell.com/862429
https://bugzilla.novell.com/862934
https://bugzilla.novell.com/863300
https://bugzilla.novell.com/863335
https://bugzilla.novell.com/863410
https://bugzilla.novell.com/863873
https://bugzilla.novell.com/864404
https://bugzilla.novell.com/864464
https://bugzilla.novell.com/865310
https://bugzilla.novell.com/865330
https://bugzilla.novell.com/865882
https://bugzilla.novell.com/866081
https://bugzilla.novell.com/866102
https://bugzilla.novell.com/866615
https://bugzilla.novell.com/866800
https://bugzilla.novell.com/866864
https://bugzilla.novell.com/867362
https://bugzilla.novell.com/867517
https://bugzilla.novell.com/867531
https://bugzilla.novell.com/867723
https://bugzilla.novell.com/867953
https://bugzilla.novell.com/868488
https://bugzilla.novell.com/868528
https://bugzilla.novell.com/868653
https://bugzilla.novell.com/868748
https://bugzilla.novell.com/869033
https://bugzilla.novell.com/869414
https://bugzilla.novell.com/869563
https://bugzilla.novell.com/869934
https://bugzilla.novell.com/870173
https://bugzilla.novell.com/870335
https://bugzilla.novell.com/870450
https://bugzilla.novell.com/870496
https://bugzilla.novell.com/870498
https://bugzilla.novell.com/870576
https://bugzilla.novell.com/870591
https://bugzilla.novell.com/870618
https://bugzilla.novell.com/870877
https://bugzilla.novell.com/870958
https://bugzilla.novell.com/871561
https://bugzilla.novell.com/871634
https://bugzilla.novell.com/871676
https://bugzilla.novell.com/871728
https://bugzilla.novell.com/871854
https://bugzilla.novell.com/871861
https://bugzilla.novell.com/871899
https://bugzilla.novell.com/872188
https://bugzilla.novell.com/872540
https://bugzilla.novell.com/872634
https://bugzilla.novell.com/873061
https://bugzilla.novell.com/873374
https://bugzilla.novell.com/873463
https://bugzilla.novell.com/874108
https://bugzilla.novell.com/874145
https://bugzilla.novell.com/874440
https://bugzilla.novell.com/874577
https://bugzilla.novell.com/875386
https://bugzilla.novell.com/876102
https://bugzilla.novell.com/876114
https://bugzilla.novell.com/876176
https://bugzilla.novell.com/876463
https://bugzilla.novell.com/877013
https://bugzilla.novell.com/877257
https://bugzilla.novell.com/877497
https://bugzilla.novell.com/877775
https://bugzilla.novell.com/878115
https://bugzilla.novell.com/878123
https://bugzilla.novell.com/878274
https://bugzilla.novell.com/878407
https://bugzilla.novell.com/878509
https://bugzilla.novell.com/879921
https://bugzilla.novell.com/879957
https://bugzilla.novell.com/880007
https://bugzilla.novell.com/880357
https://bugzilla.novell.com/880437
https://bugzilla.novell.com/880484
https://bugzilla.novell.com/881571
https://bugzilla.novell.com/881761
https://bugzilla.novell.com/881939
https://bugzilla.novell.com/882324
https://bugzilla.novell.com/883380
https://bugzilla.novell.com/883795
https://bugzilla.novell.com/885725
http://download.suse.com/patch/finder/?keywords=0d90047cc045e1a3930a1deab87…
http://download.suse.com/patch/finder/?keywords=13c414107953b996e47ad9beead…
http://download.suse.com/patch/finder/?keywords=1b23cbf839dfbac64393f47b254…
http://download.suse.com/patch/finder/?keywords=1e1024c9ceb6dfbd02087a8e7fc…
http://download.suse.com/patch/finder/?keywords=1eb98ba9ebb1cc2e805aa760347…
http://download.suse.com/patch/finder/?keywords=25116cdba8b0bd66ec544a70ecf…
http://download.suse.com/patch/finder/?keywords=ac3c1f41b2fef1c20481c11cba3…
http://download.suse.com/patch/finder/?keywords=c05c80da5f8738980eb4c3cf7b7…
http://download.suse.com/patch/finder/?keywords=fcdaebb0744ca50e161239dbb66…
http://download.suse.com/patch/finder/?keywords=ff40c298b0b146e85c2548cf997…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0