Mailinglist Archive: opensuse-security-announce (27 mails)

< Previous Next >
[security-announce] SUSE-SU-2013:1749-1: important: Security update for Linux kernel
SUSE Security Update: Security update for Linux kernel

Announcement ID: SUSE-SU-2013:1749-1
Rating: important
References: #763463 #794824 #797526 #800875 #804950 #808079
#816099 #820848 #821259 #821465 #821948 #822433
#825291 #826102 #827246 #827416 #827966 #828714
#828894 #829682 #830985 #831029 #831143 #831380
#832292 #833097 #833151 #833321 #833588 #833635
#833820 #833858 #834204 #834600 #834905 #835094
#835189 #835684 #835930 #836218 #836347 #836801
#837372 #837596 #837741 #837803 #838346 #838448
#839407 #839973 #840830 #841050 #841094 #841402
#841498 #841656 #842057 #842063 #842604 #842820
#843429 #843445 #843642 #843645 #843732 #843753
#843950 #844513 #845352 #847319 #847721
Cross-References: CVE-2013-2206
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise High Availability Extension 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
SLE 11 SERVER Unsupported Extras

An update that solves one vulnerability and has 70 fixes is
now available. It includes one version update.


The SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to version 3.0.101 and also includes various other
bug and security fixes.

The following features have been added:

* Drivers: hv: Support handling multiple VMBUS versions
* Drivers: hv: Save and export negotiated vmbus version
* Drivers: hv: Move vmbus version definitions to
hyperv.h (FATE#314665).

The following security issue has been fixed:

* CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
in net/sctp/sm_statefuns.c in the SCTP implementation in
the Linux kernel did not properly handle associations
during the processing of a duplicate COOKIE ECHO chunk,
which allowed remote attackers to cause a denial of service
(NULL pointer dereference and system crash) or possibly
have unspecified other impact via crafted SCTP traffic.

The following non-security bugs have been fixed:

* mm, memcg: introduce own oom handler to iterate only
over its own threads.
* mm, memcg: move all oom handling to memcontrol.c.
* mm, oom: avoid looping when chosen thread detaches
its mm.
* mm, oom: fold oom_kill_task() into oom_kill_process().
* mm, oom: introduce helper function to process threads
during scan.
* mm, oom: reduce dependency on tasklist_lock (Reduce
tasklist_lock hold times) (bnc#821259).
* mm: do not walk all of system memory during show_mem
(Reduce tasklist_lock hold times) (bnc#821259).
* iommu/vt-d: add quirk for broken interrupt remapping
on 55XX chipsets (bnc#844513).
* x86/iommu/vt-d: Expand interrupt remapping quirk to
cover x58 chipset (bnc#844513).
* iommu/vt-d: Only warn about broken interrupt
remapping (bnc#844513).
* iommu: Remove stack trace from broken irq remapping
warning (bnc#844513).
* intel-iommu: Fix leaks in pagetable freeing
* Revert aer_recover_queue() __GENKSYMS__ hack, add a
fake symset with the previous value instead (bnc#847721).
* i2c: ismt: initialize DMA buffer (bnc#843753).
* powerpc/irq: Run softirqs off the top of the irq
stack (bnc#847319).
* quirks: add touchscreen that is dazzeled by remote
wakeup (bnc#835930).
* kernel: sclp console hangs (bnc#841498, LTC#95711).
* tty/hvc_iucv: Disconnect IUCV connection when
lowering DTR (bnc#839973,LTC#97595).
* tty/hvc_console: Add DTR/RTS callback to handle HUPCL
control (bnc#839973,LTC#97595).
* softirq: reduce latencies (bnc#797526).
* X.509: Remove certificate date checks (bnc#841656).
* config/debug: Enable FSCACHE_DEBUG and
CACHEFILES_DEBUG (bnc#837372).
* splice: fix racy pipe->buffers uses (bnc#827246).
* blktrace: fix race with open trace files and
directory removal (bnc#832292).
* rcu: Do not trigger false positive RCU stall
detection (bnc#834204).
* kernel: allow program interruption filtering in user
space (bnc#837596, LTC#97332).
* Audit: do not print error when LSMs disabled
* SUNRPC: close a rare race in xs_tcp_setup_socket
* Btrfs: fix negative qgroup tracking from owner
accounting (bnc#821948).
* cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields
* NFS: make nfs_flush_incompatible more generous
* xfs: growfs: use uncached buffers for new headers
* NFS: do not try to use lock state when we hold a
delegation (bnc#831029).
* NFS: nfs_lookup_revalidate(): fix a leak (bnc#828894).
* fs: do_add_mount()/umount -l races (bnc#836801).
* xfs: avoid double-free in xfs_attr_node_addname.
* xfs: Check the return value of xfs_buf_get()
* iscsi: do not hang in endless loop if no targets
present (bnc#841094).
* scsi_dh_alua: Allow get_alua_data() to return NULL
* cifs: revalidate directories instiantiated via FIND_
in order to handle DFS referrals (bnc#831143).
* cifs: do not instantiate new dentries in readdir for
inodes that need to be revalidated immediately (bnc#831143).
* cifs: rename cifs_readdir_lookup to cifs_prime_dcache
and make it void return (bnc#831143).
* cifs: get rid of blind d_drop() in readdir
* cifs: cleanup cifs_filldir (bnc#831143).
* cifs: on send failure, readjust server sequence
number downward (bnc#827966).
* cifs: adjust sequence number downward after signing
NT_CANCEL request (bnc#827966).
* cifs: on send failure, readjust server sequence
number downward (bnc#827966).
* cifs: adjust sequence number downward after signing
NT_CANCEL request (bnc#827966).
* reiserfs: fix race with flush_used_journal_lists and
flush_journal_list (bnc#837803).
* reiserfs: remove useless flush_old_journal_lists.
* lib/radix-tree.c: make radix_tree_node_alloc() work
correctly within interrupt (bnc#763463).
* md: Throttle number of pending write requests in
md/raid10 (bnc#833858).
* dm: ignore merge_bvec for snapshots when safe
* ata: Set proper SK when CK_COND is set (bnc#833588).
* Btrfs: abort unlink trans in missed error case.
* Btrfs: add all ioctl checks before user change for
quota operations.
* Btrfs: add a rb_tree to improve performance of ulist
* Btrfs: add btrfs_fs_incompat helper.
* Btrfs: add ioctl to wait for qgroup rescan completion.
* Btrfs: add log message stubs.
* Btrfs: add missing error checks to
* Btrfs: add missing error code to BTRFS_IOC_INO_LOOKUP
* Btrfs: add missing error handling to read_tree_block.
* Btrfs: add missing mounting options in
* Btrfs: add sanity checks regarding to parsing mount
* Btrfs: add some missing iput()s in
* Btrfs: add tree block level sanity check.
* Btrfs: allocate new chunks if the space is not enough
for global rsv.
* Btrfs: allow file data clone within a file.
* Btrfs: allow superblock mismatch from older mkfs.
* Btrfs: annotate quota tree for lockdep.
* Btrfs: automatic rescan after "quota enable" command
* Btrfs: change how we queue blocks for backref
* Btrfs: check if leafs parent exists before pushing
items around.
* Btrfs: check if we can nocow if we do not have data
* Btrfs: check return value of commit when recovering
* Btrfs: clean snapshots one by one.
* Btrfs: cleanup destroy_marked_extents.
* Btrfs: cleanup fs roots if we fail to mount.
* Btrfs: cleanup orphaned root orphan item.
* Btrfs: cleanup reloc roots properly on error.
* Btrfs: Cleanup some redundant codes in
* Btrfs: clean up transaction abort messages.
* Btrfs: cleanup unused arguments of btrfs_csum_data.
* Btrfs: clear received_uuid field for new writable
* Btrfs: compare relevant parts of delayed tree refs.
* Btrfs: cover more error codes in btrfs_decode_error.
* Btrfs: creating the subvolume qgroup automatically
when enabling quota.
* Btrfs: deal with bad mappings in btrfs_map_block.
* Btrfs: deal with errors in write_dev_supers.
* Btrfs: deal with free space cache errors while
replaying log.
* Btrfs: deprecate subvolrootid mount option.
* Btrfs: do away with non-whole_page extent I/O.
* Btrfs: do delay iput in sync_fs.
* Btrfs: do not clear our orphan item runtime flag on
* Btrfs: do not continue if out of memory happens.
* Btrfs: do not offset physical if we are compressed.
* Btrfs: do not pin while under spin lock.
* Btrfs: do not abort the current transaction if there
is no enough space for inode cache.
* Btrfs: do not allow a subvol to be deleted if it is
the default subovl.
* Btrfs: do not BUG_ON() in btrfs_num_copies.
* Btrfs: do not bug_on when we fail when cleaning up
* Btrfs: do not call readahead hook until we have read
the entire eb.
* Btrfs: do not delete fs_roots until after we cleanup
the transaction.
* Btrfs: dont do log_removal in insert_new_root.
* Btrfs: do not force pages under writeback to finish
when aborting.
* Btrfs: do not ignore errors from
* Btrfs: do not invoke btrfs_invalidate_inodes() in the
spin lock context.
* Btrfs: do not miss inode ref items in
* Btrfs: do not null pointer deref on abort.
* Btrfs: do not panic if we are trying to drop too many
* Btrfs: do not steal the reserved space from the
global reserve if their space type is different.
* Btrfs: do not stop searching after encountering the
wrong item.
* Btrfs: do not try and free ebs twice in log replay.
* Btrfs: do not use global block reservation for inode
cache truncation.
* Btrfs: do not wait on ordered extents if we have a
trans open.
* Btrfs: Drop inode if inode root is NULL.
* Btrfs: enhance superblock checks.
* Btrfs: exclude logged extents before replying when we
are mixed.
* Btrfs: explicitly use global_block_rsv for quota_tree.
* Btrfs: fall back to global reservation when removing
* Btrfs: fix a bug of snapshot-aware defrag to make it
work on partial extents.
* Btrfs: fix accessing a freed tree root.
* Btrfs: fix accessing the root pointer in tree mod log
* Btrfs: fix all callers of read_tree_block.
* Btrfs: fix a warning when disabling quota.
* Btrfs: fix a warning when updating qgroup limit.
* Btrfs: fix backref walking when we hit a compressed
* Btrfs: fix bad extent logging.
* Btrfs: fix broken nocow after balance.
* Btrfs: fix confusing edquot happening case.
* Btrfs: fix double free in the iterate_extent_inodes().
* Btrfs: fix error handling in btrfs_ioctl_send().
* Btrfs: fix error handling in make/read block group.
* Btrfs: fix estale with btrfs send.
* Btrfs: fix extent buffer leak after backref walking.
* Btrfs: fix extent logging with O_DIRECT into prealloc.
* Btrfs: fix file truncation if FALLOC_FL_KEEP_SIZE is
* Btrfs: fix get set label blocking against balance.
* Btrfs: fix infinite loop when we abort on mount.
* Btrfs: fix inode leak on kmalloc failure in
* Btrfs: fix lockdep warning.
* Btrfs: fix lock leak when resuming snapshot deletion.
* Btrfs: fix memory leak of orphan block rsv.
* Btrfs: fix missing check about ulist_add() in
* Btrfs: fix missing check before creating a qgroup
* Btrfs: fix missing check in the
* Btrfs: fix off-by-one in fiemap.
* Btrfs: fix oops when writing dirty qgroups to disk.
* Btrfs: fix possible infinite loop in slow caching.
* Btrfs: fix possible memory leak in replace_path().
* Btrfs: fix possible memory leak in the
* Btrfs: fix printing of non NULL terminated string.
* Btrfs: fix qgroup rescan resume on mount.
* Btrfs: fix reada debug code compilation.
* Btrfs: fix the error handling wrt orphan items.
* Btrfs: fix transaction throttling for delayed refs.
* Btrfs: fix tree mod log regression on root split
* Btrfs: fix unblocked autodefraggers when remount.
* Btrfs: fix unlock after free on rewinded tree blocks.
* Btrfs: fix unprotected root node of the subvolumes
inode rb-tree.
* Btrfs: fix use-after-free bug during umount.
* Btrfs: free csums when we are done scrubbing an
* Btrfs: handle errors returned from get_tree_block_key.
* Btrfs: handle errors when doing slow caching.
* Btrfs: hold the tree mod lock in
* Btrfs: ignore device open failures in
* Btrfs: improve the loop of scrub_stripe.
* Btrfs: improve the performance of the csums lookup.
* Btrfs: init relocate extent_io_tree with a mapping.
* Btrfs: introduce a mutex lock for btrfs quota
* Btrfs: kill some BUG_ONs() in the find_parent_nodes().
* Btrfs: log ram bytes properly.
* Btrfs: make __merge_refs() return type be void.
* Btrfs: make orphan cleanup less verbose.
* Btrfs: make static code static & remove dead code.
* Btrfs: make subvol creation/deletion killable in the
early stages.
* Btrfs: make sure roots are assigned before freeing
their nodes.
* Btrfs: make sure the backref walker catches all refs
to our extent.
* Btrfs: make the cleaner complete early when the fs is
going to be umounted.
* Btrfs: make the snap/subv deletion end more early
when the fs is R/O.
* Btrfs: merge save_error_info helpers into one.
* Btrfs: move the R/O check out of
* Btrfs: only do the tree_mod_log_free_eb if this is
our last ref.
* Btrfs: only exclude supers in the range of our block
* Btrfs: optimize key searches in btrfs_search_slot.
* Btrfs: optimize the error handle of use_block_rsv().
* Btrfs: pause the space balance when remounting to R/O.
* Btrfs: put our inode if orphan cleanup fails.
* Btrfs: re-add root to dead root list if we stop
dropping it.
* Btrfs: read entire device info under lock.
* Btrfs: release both paths before logging dir/changed
* Btrfs: Release uuid_mutex for shrink during device
* Btrfs: remove almost all of the BUG()s from
* Btrfs: remove BUG_ON() in
* Btrfs: remove ourselves from the cluster list under
* Btrfs: remove some BUG_ONs() when walking backref
* Btrfs: remove some unnecessary spin_lock usages.
* Btrfs: remove unnecessary ->s_umount in
* Btrfs: remove unused argument of fixup_low_keys().
* Btrfs: remove unused gfp mask parameter from
release_extent_buffer callchain.
* Btrfs: remove useless copy in quota_ctl.
* Btrfs: remove warn on in free space cache writeout.
* Btrfs: rescan for qgroups (FATE#312751).
* Btrfs: reset ret in record_one_backref.
* Btrfs: return ENOSPC when target space is full.
* Btrfs: return errno if possible when we fail to
allocate memory.
* Btrfs: return error code in
* Btrfs: return error when we specify wrong start to
* Btrfs: return free space in cow error path.
* Btrfs: separate sequence numbers for delayed ref
tracking and tree mod log.
* Btrfs: set UUID in root_item for created trees.
* Btrfs: share stop worker code.
* Btrfs: simplify unlink reservations.
* Btrfs: split btrfs_qgroup_account_ref into four
* Btrfs: stop all workers before cleaning up roots.
* Btrfs: stop using try_to_writeback_inodes_sb_nr to
flush delalloc.
* Btrfs: stop waiting on current trans if we aborted.
* Btrfs: unlock extent range on enospc in compressed
* Btrfs: update drop progress before stopping snapshot
* Btrfs: update fixups from 3.11
* Btrfs: update the global reserve if it is empty.
* Btrfs: use helper to cleanup tree roots.
* Btrfs: use REQ_META for all metadata IO.
* Btrfs: use tree_root to avoid edquot when disabling
* Btrfs: use u64 for subvolid when parsing mount
* Btrfs: use unsigned long type for extent state bits.
* Btrfs: various abort cleanups.
* Btrfs: wait ordered range before doing direct io.
* Btrfs: wake up delayed ref flushing waiters on abort.
* net/mlx4_en: Fix BlueFlame race (bnc#835684).
* ipv6: do not call fib6_run_gc() until routing is
ready (bnc#836218).
* ipv6: prevent fib6_run_gc() contention (bnc#797526).
* ipv6: update ip6_rt_last_gc every time GC is run
* netfilter: nf_conntrack: use RCU safe kfree for
conntrack extensions (bnc#827416 bko#60853).
* netfilter: prevent race condition breaking net
reference counting (bnc#835094).
* net: remove skb_orphan_try() (bnc#834600).
* bonding: check bond->vlgrp in bond_vlan_rx_kill_vid()
* sctp: deal with multiple COOKIE_ECHO chunks
* mlx4: allow IB_QP_CREATE_USE_GFP_NOFS in
mlx4_ib_create_qp() (bnc#822433).
* drm/i915: disable sound first on intel_disable_ddi
* drm/i915: HDMI/DP - ELD info refresh support for
Haswell (bnc#833151).
* drm/cirrus: This is a cirrus version of Egbert Eichs
patch for mgag200 (bnc#808079).
* drm/i915: Disable GGTT PTEs on GEN6+ suspend
* drm/i915/hsw: Disable L3 caching of atomic memory
operations (bnc#800875).
* ALSA: hda - Re-setup HDMI pin and audio infoframe on
stream switches (bnc#833151).
* vmxnet3: prevent div-by-zero panic when ring resizing
uninitialized dev (bnc#833321).
* mvsas: add support for 9480 device id (bnc#843950).
* r8169: fix argument in rtl_hw_init_8168g
* r8169: support RTL8168G (bnc#845352,bnc#842820).
* r8169: abstract out loop conditions
* r8169: mdio_ops signature change
* thp: reduce khugepaged freezing latency (khugepaged
blocking suspend-to-ram (bnc#825291)).
* bnx2x: Change to D3hot only on removal (bnc#838448).
* megaraid_sas: Disable controller reset for ppc
* scsi_dh_alua: simplify alua_check_sense()
* scsi_dh_alua: Fix missing close brace in
alua_check_sense (bnc#843642).
* scsi_dh_alua: retry command on "mode parameter
changed" sense code (bnc#843645).
* scsi_dh_alua: invalid state information for
"optimized" paths (bnc#843445).
* scsi_dh_alua: reattaching device handler fails with
"Error 15" (bnc#843429).
* Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
* Drivers: hv: util: Correctly support ws2008R2 and
earlier (bnc#838346).
* Drivers: hv: vmbus: Do not attempt to negoatiate a
new version prematurely.
* Drivers: hv: util: Correctly support ws2008R2 and
earlier (bnc#838346).
* Drivers: hv: vmbus: Terminate vmbus version
negotiation on timeout.
* Drivers: hv: vmbus: Fix a bug in the handling of
channel offers.
* Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
* Drivers: hv: balloon: Initialize the transaction ID
just before sending the packet.
* Drivers: hv: util: Fix a bug in util version
negotiation code (bnc#838346).
* be2net: Check for POST state in suspend-resume
sequence (bnc#835189).
* be2net: bug fix on returning an invalid nic
descriptor (bnc#835189).
* be2net: provision VF resources before enabling SR-IOV
* be2net: Fix firmware download for Lancer (bnc#835189).
* be2net: Fix to use version 2 of cq_create for
SkyHawk-R devices (bnc#835189).
* be2net: Use GET_FUNCTION_CONFIG V1 cmd (bnc#835189).
* be2net: Avoid flashing BE3 UFI on BE3-R chip
* be2net: Use TXQ_CREATE_V2 cmd (bnc#835189).
* writeback: Do not sync data dirtied after sync start
* elousb: some systems cannot stomach work around
* bounce: allow use of bounce pool via config option
(Bounce memory pool initialisation (bnc#836347)).
* block: initialize the bounce pool if high memory may
be added later (Bounce memory pool initialisation
* bio-integrity: track owner of integrity payload
* xhci: Fix spurious wakeups after S5 on Haswell
* s390/cio: handle unknown pgroup state
* s390/cio: export vpm via sysfs (bnc#837741,LTC#97048).
* s390/cio: skip broken paths (bnc#837741,LTC#97048).
* s390/cio: dont abort verification after missing irq
* cio: add message for timeouts on internal I/O
* series.conf: disable XHCI ring expansion patches
because on machines with large memory they cause a
starvation problem (bnc#833635).
* Update EC2 config files (STRICT_DEVMEM off,
* Fixed Xen guest freezes (bnc#829682, bnc#842063).
* tools: hv: Improve error logging in VSS daemon.
* tools: hv: Check return value of poll call.
* tools: hv: Check return value of setsockopt call.
* Tools: hv: fix send/recv buffer allocation.
* Tools: hv: check return value of daemon to fix
compiler warning.
* Tools: hv: in kvp_set_ip_info free mac_addr right
after usage.
* Tools: hv: check return value of system in
* Tools: hv: correct payload size in netlink_send.
* Tools: hv: use full nlmsghdr in netlink_send.
* rpm/old-flavors, rpm/mkspec: Add version information
to obsolete flavors (bnc#821465).
* rpm/ Move the xenpae obsolete
to the old-flavors file.
* rpm/old-flavors: Convert the old-packages.conf file
to a flat list.
* rpm/mkspec: Adjust.
* rpm/old-packages.conf: Delete.
* rpm/old-packages.conf: Drop bogus obsoletes for "smp"
* rpm/ Make sure that all KMP
obsoletes are versioned (bnc#821465).
* rpm/ Remove unversioned
provides/obsoletes for packages that were only seen in
openSUSE releases up to 11.0. (bnc#821465).

Security Issues:

* CVE-2013-2206


Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server 11 SP3 for VMware:

zypper in -t patch slessp3-kernel-8525 slessp3-kernel-8528

- SUSE Linux Enterprise Server 11 SP3:

zypper in -t patch slessp3-kernel-8522 slessp3-kernel-8523
slessp3-kernel-8524 slessp3-kernel-8525 slessp3-kernel-8528

- SUSE Linux Enterprise High Availability Extension 11 SP3:

zypper in -t patch slehasp3-kernel-8522 slehasp3-kernel-8523
slehasp3-kernel-8524 slehasp3-kernel-8525 slehasp3-kernel-8528

- SUSE Linux Enterprise Desktop 11 SP3:

zypper in -t patch sledsp3-kernel-8525 sledsp3-kernel-8528

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version:


- SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version:


- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New
Version: 3.0.101]:


- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:


- SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:


- SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:


- SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:


- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64
s390x x86_64):


- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):


- SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):


- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):


- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:


- SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:


- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):


- SLE 11 SERVER Unsupported Extras (i586 x86_64):


- SLE 11 SERVER Unsupported Extras (ppc64):


- SLE 11 SERVER Unsupported Extras (i586):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages