[security-announce] SUSE-SU-2013:1182-1: important: kernel update for SLE11 SP3

SUSE Security Update: kernel update for SLE11 SP3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1182-1 Rating: important References: #763968 #773837 #785901 #797090 #797727 #801427 #803320 #804482 #804609 #805804 #806976 #808015 #808136 #808837 #808855 #809130 #809895 #809975 #810722 #812281 #812332 #812526 #812974 #813604 #813922 #815356 #816451 #817035 #817377 #818047 #818371 #818465 #819018 #819195 #819523 #819610 #819655 #820172 #820434 #821052 #821070 #821235 #821799 #821859 #821930 #822066 #822077 #822080 #822164 #822340 #822431 #822722 #822825 #823082 #823223 #823342 #823386 #823597 #823795 #824159 #825037 #825591 #825657 #825696 #826186 Cross-References: CVE-2013-0160 CVE-2013-1774 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 50 fixes is now available. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.82 and to fix various bugs and security issues. Following security issues were fixed: CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. A kernel information leak via tkill/tgkill was fixed. Following non security bugs were fixed: S/390: - af_iucv: Missing man page (bnc#825037, LTC#94825). - iucv: fix kernel panic at reboot (bnc#825037, LTC#93803). - kernel: lost IPIs on CPU hotplug (bnc#825037, LTC#94784). - dasd: Add missing descriptions for dasd timeout messages (bnc#825037, LTC#94762). - dasd: Fix hanging device after resume with internal error 13 (bnc#825037, LTC#94554). - cio: Suppress 2nd path verification during resume (bnc#825037, LTC#94554). - vmcp: Missing man page (bnc#825037, LTC#94453). - kernel: 3215 console crash (bnc#825037, LTC#94302). - netiucv: Hold rtnl between name allocation and device registration (bnc#824159). - s390/ftrace: fix mcount adjustment (bnc#809895). HyperV: - Drivers: hv: Fix a bug in get_vp_index(). - hyperv: Fix a compiler warning in netvsc_send(). - Tools: hv: Fix a checkpatch warning. - tools: hv: skip iso9660 mounts in hv_vss_daemon. - tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon. - tools: hv: use getmntent in hv_vss_daemon. - Tools: hv: Fix a checkpatch warning. - tools: hv: fix checks for origin of netlink message in hv_vss_daemon. - Tools: hv: fix warnings in hv_vss_daemon. - x86, hyperv: Handle Xen emulation of Hyper-V more gracefully. - hyperv: Fix a kernel warning from netvsc_linkstatus_callback(). - Drivers: hv: balloon: make local functions static. - tools: hv: daemon should check type of received Netlink msg. - tools: hv: daemon setsockopt should use options macros. - tools: hv: daemon should subscribe only to CN_KVP_IDX group. - driver: hv: remove cast for kmalloc return value. - hyperv: use 3.4 as LIC version string (bnc#822431). BTRFS: - btrfs: flush delayed inodes if we are short on space (bnc#801427). - btrfs: rework shrink_delalloc (bnc#801427). - btrfs: fix our overcommit math (bnc#801427). - btrfs: delay block group item insertion (bnc#801427). - btrfs: remove bytes argument from do_chunk_alloc (bnc#801427). - btrfs: run delayed refs first when out of space (bnc#801427). - btrfs: do not commit instead of overcommitting (bnc#801427). - btrfs: do not take inode delalloc mutex if we are a free space inode (bnc#801427). - btrfs: fix chunk allocation error handling (bnc#801427). - btrfs: remove extent mapping if we fail to add chunk (bnc#801427). - btrfs: do not overcommit if we do not have enough space for global rsv (bnc#801427). - btrfs: rework the overcommit logic to be based on the total size (bnc#801427). - btrfs: steal from global reserve if we are cleaning up orphans (bnc#801427). - btrfs: clear chunk_alloc flag on retryable failure (bnc#801427). - btrfs: use reserved space for creating a snapshot (bnc#801427). - btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic (bnc#801427). - btrfs: fix space leak when we fail to reserve metadata space (bnc#801427). - btrfs: fix space accounting for unlink and rename (bnc#801427). - btrfs: allocate new chunks if the space is not enough for global rsv (bnc#801427). - btrfs: various abort cleanups (bnc#812526 bnc#801427). - btrfs: simplify unlink reservations (bnc#801427). XFS: - xfs: Move allocation stack switch up to xfs_bmapi (bnc#815356). - xfs: introduce XFS_BMAPI_STACK_SWITCH (bnc#815356). - xfs: zero allocation_args on the kernel stack (bnc#815356). - xfs: fix debug_object WARN at xfs_alloc_vextent() (bnc#815356). - xfs: do not defer metadata allocation to the workqueue (bnc#815356). - xfs: introduce an allocation workqueue (bnc#815356). - xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). - xfs: Serialize file-extending direct IO (bnc#818371). - xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). - xfs: fix buffer lookup race on allocation failure (bnc#763968). ALSA: - Fix VT1708 jack detection on SLEPOS machines (bnc#813922). - ALSA: hda - Avoid choose same converter for unused pins (bnc#826186). - ALSA: hda - Cache the MUX selection for generic HDMI (bnc#826186). - ALSA: hda - Haswell converter power state D0 verify (bnc#826186). - ALSA: hda - Do not take unresponsive D3 transition too serious (bnc#823597). - ALSA: hda - Introduce bit flags to snd_hda_codec_read/write() (bnc#823597). - ALSA: hda - Check CORB overflow (bnc#823597). - ALSA: hda - Check validity of CORB/RIRB WP reads (bnc#823597). - ALSA: hda - Fix system panic when DMA > 40 bits for Nvidia audio controllers (bnc#818465). - ALSA: hda - Add hint for suppressing lower cap for IDT codecs (bnc#812332). - ALSA: hda - Enable mic-mute LED on more HP laptops (bnc#821859). Direct Rendering Manager (DRM): - drm/i915: Add wait_for in init_ring_common (bnc#813604). - drm/i915: Mark the ringbuffers as being in the GTT domain (bnc#813604). - drm/edid: Do not print messages regarding stereo or csync by default (bnc #821235). - drm/i915: force full modeset if the connector is in DPMS OFF mode (bnc #809975). - drm/i915/sdvo: Use &intel_sdvo->ddc instead of intel_sdvo->i2c for DDC (bnc #808855). - drm/mm: fix dump table BUG. (bnc#808837) - drm/i915: Clear the stolen fb before enabling (bnc#808015). XEN: - xen/netback: Update references (bnc#823342). - xen: Check for insane amounts of requests on the ring. - Update Xen patches to 3.0.82. - netback: do not disconnect frontend when seeing oversize packet. - netfront: reduce gso_max_size to account for max TCP header. - netfront: fix kABI after "reduce gso_max_size to account for max TCP header". Other: - x86, efi: retry ExitBootServices() on failure (bnc#823386). - x86/efi: Fix dummy variable buffer allocation (bnc#822080). - ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377). - mm: compaction: Scan PFN caching KABI workaround (Fix KABI breakage (bnc#825657)). - autofs4 - fix get_next_positive_subdir() (bnc#819523). - ocfs2: Add bits_wanted while calculating credits in ocfs2_calc_extend_credits (bnc#822077). - writeback: Avoid needless scanning of b_dirty list (bnc#819018). - writeback: Do not sort b_io list only because of block device inode (bnc#819018). - re-enable io tracing (bnc#785901). - pciehp: Corrected the old mismatching DMI strings. - SUNRPC: Prevent an rpc_task wakeup race (bnc#825591). - tg3: Prevent system hang during repeated EEH errors (bnc#822066). - scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). - Do not switch camera on HP EB 8780 (bnc#797090). - Do not switch webcam for HP EB 8580w (bnc#797090). - mm: fixup compilation error due to an asm write through a const pointer. (bnc#823795) - do not switch cam port on HP EliteBook 840 (bnc#822164). - net/sunrpc: xpt_auth_cache should be ignored when expired (bnc#803320). - sunrpc/cache: ensure items removed from cache do not have pending upcalls (bnc#803320). - sunrpc/cache: remove races with queuing an upcall (bnc#803320). - sunrpc/cache: use cache_fresh_unlocked consistently and correctly (bnc#803320). - KVM: x86: emulate movdqa (bnc#821070). - KVM: x86: emulator: add support for vector alignment (bnc#821070). - KVM: x86: emulator: expand decode flags to 64 bits (bnc#821070). - xhci - correct comp_mode_recovery_timer on return from hibernate (bnc#808136). - md/raid10 enough fixes (bnc#773837). - lib/Makefile: Fix oid_registry build dependency (bnc#823223). - Update config files: disable IP_PNP (bnc#822825) - Fix kABI breakage for addition of snd_hda_bus.no_response_fallback (bnc#823597). - Disable efi pstore by default (bnc#804482 bnc#820172). - md: Fix problem with GET_BITMAP_FILE returning wrong status (bnc#812974). - bnx2x: Fix bridged GSO for 57710/57711 chips (bnc#819610). - USB: xHCI: override bogus bulk wMaxPacketSize values (bnc#823082). - BTUSB: Add MediaTek bluetooth MT76x0E support (bnc#797727 bnc#822340). - qlge: Update version to 1.00.00.32 (bnc#819195). - qlge: Fix ethtool autoneg advertising (bnc#819195). - qlge: Fix receive path to drop error frames (bnc#819195). - qlge: remove NETIF_F_TSO6 flag (bnc#819195). - remove init of dev->perm_addr in drivers (bnc#819195). - drivers/net: fix up function prototypes after __dev* removals (bnc#819195). - qlge: remove __dev* attributes (bnc#819195). - drivers: ethernet: qlogic: qlge_dbg.c: Fixed a coding style issue (bnc#819195). - cxgb4: Force uninitialized state if FW_ON_ADAPTER is < FW_VERSION and we are the MASTER_PF (bnc#809130). - USB: UHCI: fix for suspend of virtual HP controller (bnc#817035). - timer_list: Convert timer list to be a proper seq_file (bnc#818047). - timer_list: Split timer_list_show_tickdevices (bnc#818047). - sched: Fix /proc/sched_debug failure on very very large systems (bnc#818047). - sched: Fix /proc/sched_stat failure on very very large systems (bnc#818047). - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - libfc: do not exch_done() on invalid sequence ptr (bnc#810722). - netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). - HWPOISON: fix misjudgement of page_action() for errors on mlocked pages (Memory failure RAS (bnc#821799)). - HWPOISON: check dirty flag to match against clean page (Memory failure RAS (bnc#821799)). - HWPOISON: change order of error_states elements (Memory failure RAS (bnc#821799)). - mm: hwpoison: fix action_result() to print out dirty/clean (Memory failure RAS (bnc#821799)). - mm: mmu_notifier: re-fix freed page still mapped in secondary MMU (bnc#821052). - Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). - Do not switch BT on HP ProBook 4340 (bnc#812281). - mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). - mm: compaction: Restart compaction from near where it left off - mm: compaction: cache if a pageblock was scanned and no pages were isolated - mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity - mm: compaction: Scan PFN caching KABI workaround - mm: page_allocator: Remove first_pass guard - mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SLE 11 SERVER Unsupported Extras (ppc64 s390x x86_64): kernel-default-extra-3.0.82-0.7.9 - SLE 11 SERVER Unsupported Extras (x86_64): kernel-xen-extra-3.0.82-0.7.9 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.82-0.7.9 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/773837 https://bugzilla.novell.com/785901 https://bugzilla.novell.com/797090 https://bugzilla.novell.com/797727 https://bugzilla.novell.com/801427 https://bugzilla.novell.com/803320 https://bugzilla.novell.com/804482 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/808015 https://bugzilla.novell.com/808136 https://bugzilla.novell.com/808837 https://bugzilla.novell.com/808855 https://bugzilla.novell.com/809130 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/809975 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/812332 https://bugzilla.novell.com/812526 https://bugzilla.novell.com/812974 https://bugzilla.novell.com/813604 https://bugzilla.novell.com/813922 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/817035 https://bugzilla.novell.com/817377 https://bugzilla.novell.com/818047 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818465 https://bugzilla.novell.com/819018 https://bugzilla.novell.com/819195 https://bugzilla.novell.com/819523 https://bugzilla.novell.com/819610 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/820172 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821052 https://bugzilla.novell.com/821070 https://bugzilla.novell.com/821235 https://bugzilla.novell.com/821799 https://bugzilla.novell.com/821859 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822066 https://bugzilla.novell.com/822077 https://bugzilla.novell.com/822080 https://bugzilla.novell.com/822164 https://bugzilla.novell.com/822340 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 https://bugzilla.novell.com/822825 https://bugzilla.novell.com/823082 https://bugzilla.novell.com/823223 https://bugzilla.novell.com/823342 https://bugzilla.novell.com/823386 https://bugzilla.novell.com/823597 https://bugzilla.novell.com/823795 https://bugzilla.novell.com/824159 https://bugzilla.novell.com/825037 https://bugzilla.novell.com/825591 https://bugzilla.novell.com/825657 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/826186 http://download.novell.com/patch/finder/?keywords=9deafe882b5e3b5f0df9f5075f... http://download.novell.com/patch/finder/?keywords=bdd1cc737ed1a109b28b077184... http://download.novell.com/patch/finder/?keywords=ddd472e1f756fe2a224c4a247c... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org