openSUSE-SU-2013:0261-1: moderate: kernel: update to 3.4.28

9 Feb 2013

      openSUSE Security Update: kernel: update to 3.4.28
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:0261-1
Rating:             moderate
References:         #569991 #770763 #771392 #773831 #774859 #776925 
                    #778630 #780624 #781327 #783615 #783965 #784192 
                    #792500 #793671 #799209 
Cross-References:   CVE-2012-3520
Affected Products:
                    openSUSE 12.2
______________________________________________________________________________

   An update that solves one vulnerability and has 14 fixes is
   now available.

Description:

   The Linux kernel was updated to 3.4.28 fixing various bugs
   and security issues.

   Following bugs were fixed:
   - sysctl: Fixed vm.dirty_ratio sysctl name for desktop
   flavors

   - bridge: Pull ip header into skb->data before looking into
   ip header (bnc#799209).
   - x86: Hyper-V: register clocksource only if its advertised
   (bnc#792500).

   -
   patches.fixes/thp-memcg-split-hugepage-for-memcg-oom-on-cow.
   patch: thp, memcg: split hugepage for memcg oom on cow
   (bnc#793671).

   - x86-64: fix hypercall page unwind info.
   - frontends: handle backend CLOSED without CLOSING.
   - xenbus: fix overflow check in xenbus_dev_write().
   - x86: don't corrupt %eip when returning from a signal
   handler.
   - Update Xen patches to 3.4.19.

   - rpm/kernel-binary.spec.in: Do not remove fillup from the
   buildsystem (bnc#781327)

   - rpm/config.sh: Set ARM project for IBS

   - Refresh patches.xen/xen-x86-EFI (fix build after update
   to 3.4.17).

   - ARM: Update config files: omap2plus: Set omapdrm as =y to
   allow for console=tty

   - rpm/config.sh: Add openSUSE:12.2:ARM:Update OBS project

   - ARM: Update config files: Disable HVC_DCC, refresh config
   files

   - fix mmc on vexpress (kernel-default on armv7hl) for 3.4.

   - rpm/kernel-binary.spec.in: Require coreutils in
   kernel-*-devel (bnc#783615)

   - ARM: Update config files: Fix default config

   - ARM: Update config files: Fix default config to work with
   vexpress

   - Btrfs: fix enospc problems when deleting a subvol

   - btrfs: enospc debugging messages

   - ALSA: hda - Fix silent headphone output from Toshiba P200
   (bnc#569991).
   - ALSA: hda - Add inv-dmic model to possible Realtek codecs
   (bnc#569991).
   - ALSA: hda - Add inverted mic quirks for Asus U41SV, Acer
   1810TZ and AOD260 (bnc#569991).
   - ALSA: hda - Add the inverted digital mic workaround to
   Realtek codecs (bnc#569991).
   - rpm/kernel-binary.spec.in: Use a macro instead of
   /etc/IGNORE-KABI-BADNESS
   - rpm/kernel-binary.spec.in: Also check for
   /etc/IGNORE-KABI-BADNESS file This allows to control the
   kabi checker from outside of the package.

   - memcg: oom: fix totalpages calculation for swappiness==0
   (bnc#783965).

   - ext4: completed_io locking cleanup.
   - ext4: endless truncate due to nonlocked dio readers.
   - ext4: ext4_inode_info diet.
   - ext4: fix ext4_flush_completed_IO wait semantics.
   - ext4: fix ext_remove_space for punch_hole case.
   - ext4: fix unwritten counter leakage.
   - ext4: give i_aiodio_unwritten a more appropriate name.
   - ext4: punch_hole should wait for DIO writers.
   - ext4: race-condition protection for
   ext4_convert_unwritten_extents_endio.
   - ext4: serialize dio nonlocked reads with defrag workers.
   - ext4: serialize fallocate with
   ext4_convert_unwritten_extents.
   - ext4: serialize unlocked dio reads with truncate.

   - x86/kbuild: archscripts depends on scripts_basic.

   - kbuild: Fix gcc -x syntax (bnc#773831).

   - Disable hyper-v patch to avoid kABI changes: Drivers: hv:
   Explicitly size elements of protocol structures

   - Hyper-V KVP IP injection (fate#31441)
   - drivers: net: Remove casts to same type.
   - drivers: hv: remove IRQF_SAMPLE_RANDOM which is now a
   no-op.
   - hyperv: Move wait completion msg code into
   rndis_filter_halt_device().
   - hyperv: Add comments for the extended buffer after RNDIS
   message.
   - Drivers: hv: Cleanup the guest ID computation.
   - Drivers: hv: vmbus: Use the standard format string to
   format GUIDs.
   - Drivers: hv: Add KVP definitions for IP address injection.
   - Drivers: hv: kvp: Cleanup error handling in KVP.
   - Drivers: hv: Explicitly size elements of protocol
   structures.
   - Drivers: hv: kvp: Support the new IP injection messages.
   - Tools: hv: Prepare to expand kvp_get_ip_address()
   functionality.
   - Tools: hv: Further refactor kvp_get_ip_address().
   - Tools: hv: Gather address family information.
   - Tools: hv: Gather subnet information.
   - Tools: hv: Represent the ipv6 mask using CIDR notation.
   - Tools: hv: Gather ipv[4,6] gateway information.
   - hv: fail the probing immediately when we are not in
   hyperv platform.
   - hv: vmbus_drv: detect hyperv through x86_hyper.
   - Tools: hv: Get rid of some unused variables.
   - Tools: hv: Correctly type string variables.
   - Tools: hv: Add an example script to retrieve DNS entries.
   - Tools: hv: Gather DNS information.
   - Drivers: hv: kvp: Copy the address family information.
   - Tools: hv: Add an example script to retrieve dhcp state.
   - Tools: hv: Gather DHCP information.
   - Tools: hv: Add an example script to configure an
   interface.
   - Tools: hv: Implement the KVP verb - KVP_OP_SET_IP_INFO.
   - Tools: hv: Rename the function kvp_get_ip_address().
   - Tools: hv: Implement the KVP verb - KVP_OP_GET_IP_INFO.
   - tools/hv: Fix file handle leak.
   - tools/hv: Fix exit() error code.
   - tools/hv: Check for read/write errors.
   - tools/hv: Parse /etc/os-release.
   - hyperv: Fix the max_xfer_size in RNDIS initialization.
   - hyperv: Fix the missing return value in
   rndis_filter_set_packet_filter().
   - hyperv: Fix page buffer handling in
   rndis_filter_send_request().
   - hyperv: Remove extra allocated space for recv_pkt_list
   elements.
   - hyperv: Report actual status in receive completion packet.
   - hyperv: Add buffer for extended info after the RNDIS
   response message.

   - rpm/kernel-binary.spec.in: enable Conflicts for apparmor,
   udev and lvm2 also for vanilla kernel

   - rpm/kernel-binary.spec.in: add Conflicht: hyper-v < 4 to
   make sure the daemon is in sync with the kernel
   (bnc#770763 , fate#314441)

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.2:

      zypper in -t patch openSUSE-2013-94

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 12.2 (i586 x86_64):

      kernel-default-3.4.28-2.20.1
      kernel-default-base-3.4.28-2.20.1
      kernel-default-base-debuginfo-3.4.28-2.20.1
      kernel-default-debuginfo-3.4.28-2.20.1
      kernel-default-debugsource-3.4.28-2.20.1
      kernel-default-devel-3.4.28-2.20.1
      kernel-default-devel-debuginfo-3.4.28-2.20.1
      kernel-syms-3.4.28-2.20.1

   - openSUSE 12.2 (i686 x86_64):

      kernel-debug-3.4.28-2.20.1
      kernel-debug-base-3.4.28-2.20.1
      kernel-debug-base-debuginfo-3.4.28-2.20.1
      kernel-debug-debuginfo-3.4.28-2.20.1
      kernel-debug-debugsource-3.4.28-2.20.1
      kernel-debug-devel-3.4.28-2.20.1
      kernel-debug-devel-debuginfo-3.4.28-2.20.1
      kernel-desktop-3.4.28-2.20.1
      kernel-desktop-base-3.4.28-2.20.1
      kernel-desktop-base-debuginfo-3.4.28-2.20.1
      kernel-desktop-debuginfo-3.4.28-2.20.1
      kernel-desktop-debugsource-3.4.28-2.20.1
      kernel-desktop-devel-3.4.28-2.20.1
      kernel-desktop-devel-debuginfo-3.4.28-2.20.1
      kernel-ec2-3.4.28-2.20.1
      kernel-ec2-base-3.4.28-2.20.1
      kernel-ec2-base-debuginfo-3.4.28-2.20.1
      kernel-ec2-debuginfo-3.4.28-2.20.1
      kernel-ec2-debugsource-3.4.28-2.20.1
      kernel-ec2-devel-3.4.28-2.20.1
      kernel-ec2-devel-debuginfo-3.4.28-2.20.1
      kernel-ec2-extra-3.4.28-2.20.1
      kernel-ec2-extra-debuginfo-3.4.28-2.20.1
      kernel-trace-3.4.28-2.20.1
      kernel-trace-base-3.4.28-2.20.1
      kernel-trace-base-debuginfo-3.4.28-2.20.1
      kernel-trace-debuginfo-3.4.28-2.20.1
      kernel-trace-debugsource-3.4.28-2.20.1
      kernel-trace-devel-3.4.28-2.20.1
      kernel-trace-devel-debuginfo-3.4.28-2.20.1
      kernel-vanilla-3.4.28-2.20.1
      kernel-vanilla-debuginfo-3.4.28-2.20.1
      kernel-vanilla-debugsource-3.4.28-2.20.1
      kernel-vanilla-devel-3.4.28-2.20.1
      kernel-vanilla-devel-debuginfo-3.4.28-2.20.1
      kernel-xen-3.4.28-2.20.1
      kernel-xen-base-3.4.28-2.20.1
      kernel-xen-base-debuginfo-3.4.28-2.20.1
      kernel-xen-debuginfo-3.4.28-2.20.1
      kernel-xen-debugsource-3.4.28-2.20.1
      kernel-xen-devel-3.4.28-2.20.1
      kernel-xen-devel-debuginfo-3.4.28-2.20.1

   - openSUSE 12.2 (noarch):

      kernel-devel-3.4.28-2.20.1
      kernel-docs-3.4.28-2.20.2
      kernel-source-3.4.28-2.20.1
      kernel-source-vanilla-3.4.28-2.20.1

   - openSUSE 12.2 (i686):

      kernel-pae-3.4.28-2.20.1
      kernel-pae-base-3.4.28-2.20.1
      kernel-pae-base-debuginfo-3.4.28-2.20.1
      kernel-pae-debuginfo-3.4.28-2.20.1
      kernel-pae-debugsource-3.4.28-2.20.1
      kernel-pae-devel-3.4.28-2.20.1
      kernel-pae-devel-debuginfo-3.4.28-2.20.1

References:

   http://support.novell.com/security/cve/CVE-2012-3520.html
   https://bugzilla.novell.com/569991
   https://bugzilla.novell.com/770763
   https://bugzilla.novell.com/771392
   https://bugzilla.novell.com/773831
   https://bugzilla.novell.com/774859
   https://bugzilla.novell.com/776925
   https://bugzilla.novell.com/778630
   https://bugzilla.novell.com/780624
   https://bugzilla.novell.com/781327
   https://bugzilla.novell.com/783615
   https://bugzilla.novell.com/783965
   https://bugzilla.novell.com/784192
   https://bugzilla.novell.com/792500
   https://bugzilla.novell.com/793671
   https://bugzilla.novell.com/799209

openSUSE-SU-2013:0261-1: moderate: kernel: update to 3.4.28

opensuse-security＠opensuse.org