SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1748-1 Rating: important References: #763463 #794824 #797526 #804950 #816099 #820848 #821259 #821465 #826102 #827246 #827416 #828714 #828894 #829682 #831029 #831143 #831380 #832292 #833321 #833588 #833635 #833820 #833858 #834204 #834600 #834905 #835094 #835684 #835930 #836218 #836347 #836801 #837372 #837803 #838346 #838448 #840830 #841094 #841402 #841498 #842063 #842604 #844513 Cross-References: CVE-2013-2206 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves one vulnerability and has 42 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to version 3.0.101 and also includes various other bug and security fixes. The following features have been added: * Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). * Drivers: hv: Save and export negotiated vmbus version (FATE#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed: * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) The following non-security bugs have been fixed: * kernel: sclp console hangs (bnc#841498, LTC#95711). * intel-iommu: Fix leaks in pagetable freeing (bnc#841402). * iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513). * x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). * iommu/vt-d: Only warn about broken interrupt remapping (bnc#844513). * iommu: Remove stack trace from broken irq remapping warning (bnc#844513). * softirq: reduce latencies (bnc#797526). * Fix lockup related to stop_machine being stuck in __do_softirq (bnc#797526). * splice: fix racy pipe->buffers uses (bnc#827246). * blktrace: fix race with open trace files and directory removal (bnc#832292). * mm: Do not walk all of system memory during show_mem (Reduce tasklist_lock hold times (bnc#821259)). * mm: Bounce memory pool initialisation (bnc#836347). * mm, memcg: introduce own oom handler to iterate only over its own threads. * mm, memcg: move all oom handling to memcontrol.c. * mm, oom: avoid looping when chosen thread detaches its mm. * mm, oom: fold oom_kill_task() into oom_kill_process(). * mm, oom: introduce helper function to process threads during scan. * mm, oom: reduce dependency on tasklist_lock. * ipv6: do not call fib6_run_gc() until routing is ready (bnc#836218). * ipv6: prevent fib6_run_gc() contention (bnc#797526). * ipv6: update ip6_rt_last_gc every time GC is run (bnc#797526). * net/mlx4_en: Fix BlueFlame race (bnc#835684). * netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853). * netfilter: prevent race condition breaking net reference counting (bnc#835094). * net: remove skb_orphan_try() (bnc#834600). * bonding: check bond->vlgrp in bond_vlan_rx_kill_vid() (bnc#834905). * sctp: deal with multiple COOKIE_ECHO chunks (bnc#826102). * SUNRPC: close a rare race in xs_tcp_setup_socket (bnc#794824). * NFS: make nfs_flush_incompatible more generous (bnc#816099). * NFS: do not try to use lock state when we hold a delegation (bnc#831029). * nfs_lookup_revalidate(): fix a leak (bnc#828894). * xfs: growfs: use uncached buffers for new headers (bnc#842604). * xfs: Check the return value of xfs_buf_get() (bnc#842604). * xfs: avoid double-free in xfs_attr_node_addname. * do_add_mount()/umount -l races (bnc#836801). * cifs: Fix TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950). * cifs: Fix EREMOTE errors encountered on DFS links (bnc#831143). * reiserfs: fix race with flush_used_journal_lists and flush_journal_list (bnc#837803). * reiserfs: remove useless flush_old_journal_lists. * fs: writeback: Do not sync data dirtied after sync start (bnc#833820). * rcu: Do not trigger false positive RCU stall detection (bnc#834204). * lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463). * bnx2x: Change to D3hot only on removal (bnc#838448). * vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). * Drivers: hv: Support handling multiple VMBUS versions (fate#314665). * Drivers: hv: Save and export negotiated vmbus version (fate#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (fate#314665). * Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346). * Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). * iscsi: do not hang in endless loop if no targets present (bnc#841094). * ata: Set proper SK when CK_COND is set (bnc#833588). * md: Throttle number of pending write requests in md/raid10 (bnc#833858). * dm: ignore merge_bvec for snapshots when safe (bnc#820848). * elousb: some systems cannot stomach work around (bnc#840830). * bio-integrity: track owner of integrity payload (bnc#831380). * quirks: add touchscreen that is dazzeled by remote wakeup (bnc#835930). * Fixed Xen guest freezes (bnc#829682, bnc#842063). * config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG (bnc#837372). * series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem (bnc#833635). * rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors (bnc#821465). * rpm/kernel-binary.spec.in: Move the xenpae obsolete to the old-flavors file. * rpm/old-flavors: Convert the old-packages.conf file to a flat list. * rpm/old-packages.conf: Drop bogus obsoletes for "smp" (bnc#821465). * rpm/kernel-binary.spec.in: Make sure that all KMP obsoletes are versioned (bnc#821465). * rpm/kernel-binary.spec.in: Remove unversioned provides/obsoletes for packages that were only seen in openSUSE releases up to 11.0. (bnc#821465). Security Issue references: * CVE-2013-2206 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206

Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-8516 slessp2-kernel-8518 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-8509 slessp2-kernel-8514 slessp2-kernel-8515 slessp2-kernel-8516 slessp2-kernel-8518 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-8509 sleshasp2-kernel-8514 sleshasp2-kernel-8515 sleshasp2-kernel-8516 sleshasp2-kernel-8518 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-8516 sledsp2-kernel-8518 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.5.1 kernel-default-base-3.0.101-0.5.1 kernel-default-devel-3.0.101-0.5.1 kernel-source-3.0.101-0.5.1 kernel-syms-3.0.101-0.5.1 kernel-trace-3.0.101-0.5.1 kernel-trace-base-3.0.101-0.5.1 kernel-trace-devel-3.0.101-0.5.1 kernel-xen-devel-3.0.101-0.5.1 xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.5.1 kernel-pae-base-3.0.101-0.5.1 kernel-pae-devel-3.0.101-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.5.1 kernel-default-base-3.0.101-0.5.1 kernel-default-devel-3.0.101-0.5.1 kernel-source-3.0.101-0.5.1 kernel-syms-3.0.101-0.5.1 kernel-trace-3.0.101-0.5.1 kernel-trace-base-3.0.101-0.5.1 kernel-trace-devel-3.0.101-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.5.1 kernel-ec2-base-3.0.101-0.5.1 kernel-ec2-devel-3.0.101-0.5.1 kernel-xen-3.0.101-0.5.1 kernel-xen-base-3.0.101-0.5.1 kernel-xen-devel-3.0.101-0.5.1 xen-kmp-default-4.1.6_02_3.0.101_0.5-0.5.5 xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.5.1 kernel-ppc64-base-3.0.101-0.5.1 kernel-ppc64-devel-3.0.101-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.5.1 kernel-pae-base-3.0.101-0.5.1 kernel-pae-devel-3.0.101-0.5.1 xen-kmp-pae-4.1.6_02_3.0.101_0.5-0.5.5 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.5-2.18.69 cluster-network-kmp-trace-1.4_3.0.101_0.5-2.18.69 gfs2-kmp-default-2_3.0.101_0.5-0.7.98 gfs2-kmp-trace-2_3.0.101_0.5-0.7.98 ocfs2-kmp-default-1.6_3.0.101_0.5-0.11.68 ocfs2-kmp-trace-1.6_3.0.101_0.5-0.11.68 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.5-2.18.69 gfs2-kmp-xen-2_3.0.101_0.5-0.7.98 ocfs2-kmp-xen-1.6_3.0.101_0.5-0.11.68 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.5-2.18.69 gfs2-kmp-ppc64-2_3.0.101_0.5-0.7.98 ocfs2-kmp-ppc64-1.6_3.0.101_0.5-0.11.68 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.5-2.18.69 gfs2-kmp-pae-2_3.0.101_0.5-0.7.98 ocfs2-kmp-pae-1.6_3.0.101_0.5-0.11.68 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.5.1 kernel-default-base-3.0.101-0.5.1 kernel-default-devel-3.0.101-0.5.1 kernel-default-extra-3.0.101-0.5.1 kernel-source-3.0.101-0.5.1 kernel-syms-3.0.101-0.5.1 kernel-trace-3.0.101-0.5.1 kernel-trace-base-3.0.101-0.5.1 kernel-trace-devel-3.0.101-0.5.1 kernel-trace-extra-3.0.101-0.5.1 kernel-xen-3.0.101-0.5.1 kernel-xen-base-3.0.101-0.5.1 kernel-xen-devel-3.0.101-0.5.1 kernel-xen-extra-3.0.101-0.5.1 xen-kmp-default-4.1.6_02_3.0.101_0.5-0.5.5 xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.5.1 kernel-pae-base-3.0.101-0.5.1 kernel-pae-devel-3.0.101-0.5.1 kernel-pae-extra-3.0.101-0.5.1 xen-kmp-pae-4.1.6_02_3.0.101_0.5-0.5.5 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.101_0.5-0.14.79 ext4-writeable-kmp-trace-0_3.0.101_0.5-0.14.79 kernel-default-extra-3.0.101-0.5.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.101_0.5-0.14.79 kernel-xen-extra-3.0.101-0.5.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.101_0.5-0.14.79 kernel-ppc64-extra-3.0.101-0.5.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.101_0.5-0.14.79 kernel-pae-extra-3.0.101-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-2206.html https://bugzilla.novell.com/763463 https://bugzilla.novell.com/794824 https://bugzilla.novell.com/797526 https://bugzilla.novell.com/804950 https://bugzilla.novell.com/816099 https://bugzilla.novell.com/820848 https://bugzilla.novell.com/821259 https://bugzilla.novell.com/821465 https://bugzilla.novell.com/826102 https://bugzilla.novell.com/827246 https://bugzilla.novell.com/827416 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/828894 https://bugzilla.novell.com/829682 https://bugzilla.novell.com/831029 https://bugzilla.novell.com/831143 https://bugzilla.novell.com/831380 https://bugzilla.novell.com/832292 https://bugzilla.novell.com/833321 https://bugzilla.novell.com/833588 https://bugzilla.novell.com/833635 https://bugzilla.novell.com/833820 https://bugzilla.novell.com/833858 https://bugzilla.novell.com/834204 https://bugzilla.novell.com/834600 https://bugzilla.novell.com/834905 https://bugzilla.novell.com/835094 https://bugzilla.novell.com/835684 https://bugzilla.novell.com/835930 https://bugzilla.novell.com/836218 https://bugzilla.novell.com/836347 https://bugzilla.novell.com/836801 https://bugzilla.novell.com/837372 https://bugzilla.novell.com/837803 https://bugzilla.novell.com/838346 https://bugzilla.novell.com/838448 https://bugzilla.novell.com/840830 https://bugzilla.novell.com/841094 https://bugzilla.novell.com/841402 https://bugzilla.novell.com/841498 https://bugzilla.novell.com/842063 https://bugzilla.novell.com/842604 https://bugzilla.novell.com/844513 http://download.novell.com/patch/finder/?keywords=014f991484d20757de9526cb24... http://download.novell.com/patch/finder/?keywords=241c1cd269f2d6c946750be922... http://download.novell.com/patch/finder/?keywords=29adfe67e725d67c311a0d762c... http://download.novell.com/patch/finder/?keywords=2f6d9dd2345e27452c0f4f8406... http://download.novell.com/patch/finder/?keywords=43bef7672074508c7f5cb7f86c... http://download.novell.com/patch/finder/?keywords=4b0266473a79db08cd217a9013... http://download.novell.com/patch/finder/?keywords=6143e2e6aa3e373197bc1dfda8... http://download.novell.com/patch/finder/?keywords=6f18fc180df1025daa721c72d0... http://download.novell.com/patch/finder/?keywords=e004410f0af237e1cc306eea34... http://download.novell.com/patch/finder/?keywords=e10aac7447253ec336025bc035... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org