Mailinglist Archive: opensuse-security-announce (27 mails)

< Previous Next >
[security-announce] SUSE-SU-2013:1744-1: important: Security update for Real Time Linux Kernel
SUSE Security Update: Security update for Real Time Linux Kernel

Announcement ID: SUSE-SU-2013:1744-1
Rating: important
References: #763463 #794824 #797526 #804950 #816099 #820848
#821259 #821465 #826102 #827246 #827416 #828714
#828894 #829682 #831029 #831143 #831380 #832292
#833321 #833588 #833635 #833820 #833858 #834204
#834600 #834905 #835094 #835684 #835930 #836218
#836347 #836801 #837372 #837803 #838346 #838448
#840830 #841094 #841402 #841498 #842063 #842604
Cross-References: CVE-2013-2206
Affected Products:
SUSE Linux Enterprise Real Time 11 SP2

An update that solves one vulnerability and has 42 fixes is
now available. It includes one version update.


The SUSE Linux Enterprise 11 Service Pack 2 kernel for
RealTime was updated to version 3.0.101 and also includes
various other bug and security fixes.

The following features have been added:

* Drivers: hv: Support handling multiple VMBUS versions
* Drivers: hv: Save and export negotiated vmbus version
* Drivers: hv: Move vmbus version definitions to
hyperv.h (FATE#314665).

The following security issue has been fixed:

* CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
in net/sctp/sm_statefuns.c in the SCTP implementation in
the Linux kernel did not properly handle associations
during the processing of a duplicate COOKIE ECHO chunk,
which allowed remote attackers to cause a denial of service
(NULL pointer dereference and system crash) or possibly
have unspecified other impact via crafted SCTP traffic.

The following non-security bugs have been fixed:

* mm: Do not walk all of system memory during show_mem
(Reduce tasklist_lock hold times (bnc#821259)).
* mm, memcg: introduce own oom handler to iterate only
over its own threads.
* mm, memcg: move all oom handling to memcontrol.c.
* mm, oom: avoid looping when chosen thread detaches
its mm.
* mm, oom: fold oom_kill_task() into oom_kill_process().
* mm, oom: introduce helper function to process threads
during scan.
* mm, oom: reduce dependency on tasklist_lock.
* kernel: sclp console hangs (bnc#841498, LTC#95711).
* splice: fix racy pipe->buffers uses (bnc#827246).
* blktrace: fix race with open trace files and
directory removal (bnc#832292).
* Set proper SK when CK_COND is set (bnc#833588).
* iommu/vt-d: add quirk for broken interrupt remapping
on 55XX chipsets (bnc#844513).
* x86/iommu/vt-d: Expand interrupt remapping quirk to
cover x58 chipset (bnc#844513).
* iommu/vt-d: Only warn about broken interrupt
remapping (bnc#844513).
* iommu: Remove stack trace from broken irq remapping
warning (bnc#844513).
* intel-iommu: Fix leaks in pagetable freeing
* softirq: reduce latencies (bnc#797526).
* softirq: Fix lockup related to stop_machine being
stuck in __do_softirq (bnc#797526).
* bounce: Bounce memory pool initialisation (bnc#836347)
* writeback: Do not sync data dirtied after sync start
* config//debug: Enable FSCACHE_DEBUG and
CACHEFILES_DEBUG (bnc#837372).
* Fixed Xen guest freezes (bnc#829682, bnc#842063).
* SUNRPC: close a rare race in xs_tcp_setup_socket
* NFS: make nfs_flush_incompatible more generous
* NFS: don't try to use lock state when we hold a
delegation (bnc#831029).
* nfs_lookup_revalidate(): fix a leak (bnc#828894).
* fs: do_add_mount()/umount -l races (bnc#836801).
* cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields
* cifs: Fix EREMOTE errors encountered on DFS links
* xfs: growfs: use uncached buffers for new headers
* xfs: avoid double-free in xfs_attr_node_addname.
* xfs: Check the return value of xfs_buf_get()
* iscsi: don't hang in endless loop if no targets
present (bnc#841094).
* reiserfs: fix race with flush_used_journal_lists and
flush_journal_list (bnc#837803).
* md: Throttle number of pending write requests in
md/raid10 (bnc#833858).
* dm: ignore merge_bvec for snapshots when safe
* rcu: Do not trigger false positive RCU stall
detection (bnc#834204).
* net/mlx4_en: Fix BlueFlame race (bnc#835684).
* net: remove skb_orphan_try() (bnc#834600).
* bonding: check bond->vlgrp in bond_vlan_rx_kill_vid()
* ipv6: don't call fib6_run_gc() until routing is ready
* ipv6: prevent fib6_run_gc() contention (bnc#797526).
* ipv6: update ip6_rt_last_gc every time GC is run
* netfilter: nf_conntrack: use RCU safe kfree for
conntrack extensions (bnc#827416 bko#60853
* netfilter: prevent race condition breaking net
reference counting (bnc#835094).
* sctp: deal with multiple COOKIE_ECHO chunks
* quirks: add touchscreen that is dazzeled by remote
wakeup (bnc#835930).
* bnx2x: Change to D3hot only on removal (bnc#838448).
* vmxnet3: prevent div-by-zero panic when ring resizing
uninitialized dev (bnc#833321).
* Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
* Drivers: hv: util: Correctly support ws2008R2 and
earlier (bnc#838346).
* Drivers: hv: util: Fix a bug in util version
negotiation code (bnc#838346).
* elousb: some systems cannot stomach work around
* bio-integrity: track owner of integrity payload
* lib/radix-tree.c: make radix_tree_node_alloc() work
correctly within interrupt (bnc#763463).
* series.conf: disable XHCI ring expansion patches
because on machines with large memory they cause a
starvation problem (bnc#833635)
* rpm/old-flavors, rpm/mkspec: Add version information
to obsolete flavors (bnc#821465).
* rpm/ Move the xenpae obsolete
to the old-flavors file.
* rpm/old-flavors: Convert the old-packages.conf file
to a flat list.
* rpm/old-packages.conf: Drop bogus obsoletes for "smp"
* rpm/ Make sure that all KMP
obsoletes are versioned (bnc#821465).
* rpm/ Remove unversioned
provides/obsoletes for packages that were only seen in
openSUSE releases up to 11.0. (bnc#821465).
* sched/workqueue: Only wake up idle workers if not
blocked on sleeping spin lock.
* genirq: Set irq thread to RT priority on creation.
* timers: prepare for full preemption improve.
* kernel/cpu: fix cpu down problem if kthread's cpu is
going down.
* kernel/hotplug: restore original cpu mask oncpu/down.
* drm/i915: drop trace_i915_gem_ring_dispatch on rt.
* rt,ntp: Move call to schedule_delayed_work() to
helper thread.
* hwlat-detector: Update hwlat_detector to add outer
loop detection.
* hwlat-detect/trace: Export trace_clock_local for
* hwlat-detector: Use trace_clock_local if available.
* hwlat-detector: Use thread instead of stop machine.
* genirq: do not invoke the affinity callback via a

Security Issues:

* CVE-2013-2206


Everyone using the Real Time Linux Kernel on x86_64 architecture should

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Real Time 11 SP2:

zypper in -t patch slertesp2-kernel-8546

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version:



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages