openSUSE Security Update: 3.0.80 kernel update
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:1187-1
Rating:             important
References:         #763968 #769685 #788590 #789359 #792584 #797175 
                    #800907 #802642 #804609 #804656 #805804 #805945 
                    #806238 #806980 #808358 #808647 #808827 #809122 
                    #809895 #809902 #809903 #810473 #810580 #810624 
                    #810722 #812281 #814719 #815356 #815444 #815745 
                    #816443 #816451 #816586 #817010 #817339 #818053 
                    #818327 #818371 #818514 #818516 #818798 #819295 
                    #819519 #819655 #820434 #821930 #822431 #822722 
                    
Cross-References:   CVE-2012-6548 CVE-2012-6549 CVE-2013-0160
                    CVE-2013-0268 CVE-2013-0311 CVE-2013-0914
                    CVE-2013-1772 CVE-2013-1792 CVE-2013-1796
                    CVE-2013-1797 CVE-2013-1798 CVE-2013-2634
                    CVE-2013-2635
Affected Products:
                    openSUSE 11.4
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 35 fixes
   is now available.

Description:

   The kernel was updated to Linux kernel 3.0.80, fixing
   various bugs and security issues.

   Following security issues were fixed: CVE-2013-0160:
   Timing side channel on attacks were possible on /dev/ptmx
   that could allow local attackers to predict keypresses like
   e.g. passwords. This has been fixed again by updating
   accessed/modified time on the pty devices in resolution of
   8 seconds, so that idle time detection can still work.

   CVE-2013-3222: The vcc_recvmsg function in
   net/atm/common.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3223: The ax25_recvmsg function in
   net/ax25/af_ax25.c in the Linux kernel did not initialize a
   certain data structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3224: The bt_sock_recvmsg function in
   net/bluetooth/af_bluetooth.c in the Linux kernel did not
   properly initialize a certain length variable, which
   allowed local users to obtain sensitive information from
   kernel stack memory via a crafted recvmsg or recvfrom
   system call.

   CVE-2013-3225: The rfcomm_sock_recvmsg function in
   net/bluetooth/rfcomm/sock.c in the Linux kernel did not
   initialize a certain length variable, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   CVE-2013-3227: The caif_seqpkt_recvmsg function in
   net/caif/caif_socket.c in the Linux kernel did not
   initialize a certain length variable, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   CVE-2013-3228: The irda_recvmsg_dgram function in
   net/irda/af_irda.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3229: The iucv_sock_recvmsg function in
   net/iucv/af_iucv.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3231: The llc_ui_recvmsg function in
   net/llc/af_llc.c in the Linux kernel did not initialize a
   certain length variable, which allowed local users to
   obtain sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3232: The nr_recvmsg function in
   net/netrom/af_netrom.c in the Linux kernel did not
   initialize a certain data structure, which allowed local
   users to obtain sensitive information from kernel stack
   memory via a crafted recvmsg or recvfrom system call.

   CVE-2013-3234: The rose_recvmsg function in
   net/rose/af_rose.c in the Linux kernel did not initialize a
   certain data structure, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3235: net/tipc/socket.c in the Linux kernel did
   not initialize a certain data structure and a certain
   length variable, which allowed local users to obtain
   sensitive information from kernel stack memory via a
   crafted recvmsg or recvfrom system call.

   CVE-2013-3076: The crypto API in the Linux kernel did
   not initialize certain length variables, which allowed
   local users to obtain sensitive information from kernel
   stack memory via a crafted recvmsg or recvfrom system call,
   related to the hash_recvmsg function in crypto/algif_hash.c
   and the skcipher_recvmsg function in
   crypto/algif_skcipher.c.

   CVE-2013-1979: The scm_set_cred function in
   include/net/scm.h in the Linux kernel used incorrect uid
   and gid values during credentials passing, which allowed
   local users to gain privileges via a crafted application.

   A kernel information leak via tkill/tgkill was fixed.


   Following bugs were fixed:
   - reiserfs: fix spurious multiple-fill in
   reiserfs_readdir_dentry (bnc#822722).

   - libfc: do not exch_done() on invalid sequence ptr
   (bnc#810722).

   - netfilter: ip6t_LOG: fix logging of packet mark
   (bnc#821930).

   - hyperv: use 3.4 as LIC version string (bnc#822431).

   - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
   (bnc#819655).

   - xen/netback: do not disconnect frontend when seeing
   oversize packet.
   - xen/netfront: reduce gso_max_size to account for max
   TCP header.
   - xen/netfront: fix kABI after "reduce gso_max_size to
   account for max TCP header".

   - xfs: Fix kABI due to change in xfs_buf (bnc#815356).

   - xfs: fix race while discarding buffers [V4]
   (bnc#815356 (comment 36)).

   - xfs: Serialize file-extending direct IO (bnc#818371).

   - xhci: Do not switch webcams in some HP ProBooks to
   XHCI (bnc#805804).
   - bluetooth: Do not switch BT on HP ProBook 4340
   (bnc#812281).

   - s390/ftrace: fix mcount adjustment (bnc#809895).

   - mm: memory_dev_init make sure nmi watchdog does not
   trigger while registering memory sections (bnc#804609,
   bnc#820434).

   - patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid
   pathological backwards allocation (bnc#805945).

   - mm: compaction: Restart compaction from near where it
   left off
   - mm: compaction: cache if a pageblock was scanned and
   no pages were isolated
   - mm: compaction: clear PG_migrate_skip based on
   compaction and reclaim activity
   - mm: compaction: Scan PFN caching KABI workaround
   - mm: page_allocator: Remove first_pass guard
   - mm: vmscan: do not stall on writeback during memory
   compaction Cache compaction restart points for faster
   compaction cycles (bnc#816451)

   - qlge: fix dma map leak when the last chunk is not
   allocated (bnc#819519).

   - SUNRPC: Get rid of the redundant xprt->shutdown bit
   field (bnc#800907).
   - SUNRPC: Ensure that we grab the XPRT_LOCK before
   calling xprt_alloc_slot (bnc#800907).
   - SUNRPC: Fix a UDP transport regression (bnc#800907).
   - SUNRPC: Allow caller of rpc_sleep_on() to select
   priority levels (bnc#800907).
   - SUNRPC: Replace xprt->resend and xprt->sending with a
   priority queue (bnc#800907).
   - SUNRPC: Fix potential races in xprt_lock_write_next()
   (bnc#800907).

   - md: cannot re-add disks after recovery (bnc#808647).

   - fs/xattr.c:getxattr(): improve handling of allocation
   failures (bnc#818053).
   - fs/xattr.c:listxattr(): fall back to vmalloc() if
   kmalloc() failed (bnc#818053).
   - fs/xattr.c:setxattr(): improve handling of allocation
   failures (bnc#818053).
   - fs/xattr.c: suppress page allocation failure warnings
   from sys_listxattr() (bnc#818053).

   - virtio-blk: Call revalidate_disk() upon online disk
   resize (bnc#817339).

   - usb-storage: CY7C68300A chips do not support Cypress
   ATACB (bnc#819295).

   - patches.kernel.org/patch-3.0.60-61: Update references
   (add bnc#810580).

   - usb: Using correct way to clear usb3.0 devices remote
   wakeup feature (bnc#818516).

   - xhci: Fix TD size for isochronous URBs (bnc#818514).

   - ALSA: hda - fixup D3 pin and right channel mute on
   Haswell HDMI audio (bnc#818798).
   - ALSA: hda - Apply pin-enablement workaround to all
   Haswell HDMI codecs (bnc#818798).

   - xfs: fallback to vmalloc for large buffers in
   xfs_attrmulti_attr_get (bnc#818053).
   - xfs: fallback to vmalloc for large buffers in
   xfs_attrlist_by_handle (bnc#818053).
   - xfs: xfs: fallback to vmalloc for large buffers in
   xfs_compat_attrlist_by_handle (bnc#818053).

   - xHCI: store rings type.
   - xhci: Fix hang on back-to-back Set TR Deq Ptr commands.
   - xHCI: check enqueue pointer advance into dequeue seg.
   - xHCI: store rings last segment and segment numbers.
   - xHCI: Allocate 2 segments for transfer ring.
   - xHCI: count free TRBs on transfer ring.
   - xHCI: factor out segments allocation and free function.
   - xHCI: update sg tablesize.
   - xHCI: set cycle state when allocate rings.
   - xhci: Reserve one command for USB3 LPM disable.
   - xHCI: dynamic ring expansion.
   - xhci: Do not warn on empty ring for suspended devices.

   - md/raid1: Do not release reference to device while
   handling read error (bnc#809122, bnc#814719).

   - rpm/mkspec: Stop generating the get_release_number.sh
   file.

   - rpm/kernel-spec-macros: Properly handle KOTD release
   numbers with .g suffix.

   - rpm/kernel-spec-macros: Drop the %release_num macro We
   no longer put the -rcX tag into the release string.

   - rpm/kernel-*.spec.in, rpm/mkspec: Do not force the
   "" string in specfiles.

   - mm/mmap: check for RLIMIT_AS before unmapping
   (bnc#818327).

   - mm: Fix add_page_wait_queue() to work for PG_Locked
   bit waiters (bnc#792584).

   - mm: Fix add_page_wait_queue() to work for PG_Locked
   bit waiters (bnc#792584).

   - bonding: only use primary address for ARP (bnc#815444).
   - bonding: remove entries for master_ip and vlan_ip and
   query devices instead (bnc#815444).


   - mm: speedup in __early_pfn_to_nid (bnc#810624).

   - TTY: fix atime/mtime regression (bnc#815745).

   - sd_dif: problem with verify of type 1 protection
   information (PI) (bnc#817010).

   - sched: harden rq rt usage accounting (bnc#769685,
   bnc#788590).

   - rcu: Avoid spurious RCU CPU stall warnings
   (bnc#816586).
   - rcu: Dump local stack if cannot dump all CPUs stacks
   (bnc#816586).
   - rcu: Fix detection of abruptly-ending stall
   (bnc#816586).
   - rcu: Suppress NMI backtraces when stall ends before
   dump (bnc#816586).

   - Update Xen patches to 3.0.74.

   - btrfs: do not re-enter when allocating a chunk.
   - btrfs: save us a read_lock.
   - btrfs: Check CAP_DAC_READ_SEARCH for
   BTRFS_IOC_INO_PATHS.
   - btrfs: remove unused fs_info from btrfs_decode_error().
   - btrfs: handle null fs_info in btrfs_panic().
   - btrfs: fix varargs in __btrfs_std_error.
   - btrfs: fix the race between bio and btrfs_stop_workers.
   - btrfs: fix NULL pointer after aborting a transaction.
   - btrfs: fix infinite loop when we abort on mount.

   - xfs: Do not allocate new buffers on every call to
   _xfs_buf_find (bnc#763968).
   - xfs: fix buffer lookup race on allocation failure
   (bnc#763968).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch 2013-109

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64):

      kernel-debug-3.0.80-52.1
      kernel-debug-base-3.0.80-52.1
      kernel-debug-base-debuginfo-3.0.80-52.1
      kernel-debug-debuginfo-3.0.80-52.1
      kernel-debug-debugsource-3.0.80-52.1
      kernel-debug-devel-3.0.80-52.1
      kernel-debug-devel-debuginfo-3.0.80-52.1
      kernel-debug-hmac-3.0.80-52.1
      kernel-default-3.0.80-52.1
      kernel-default-base-3.0.80-52.1
      kernel-default-base-debuginfo-3.0.80-52.1
      kernel-default-debuginfo-3.0.80-52.1
      kernel-default-debugsource-3.0.80-52.1
      kernel-default-devel-3.0.80-52.1
      kernel-default-devel-debuginfo-3.0.80-52.1
      kernel-default-hmac-3.0.80-52.1
      kernel-desktop-3.0.80-52.1
      kernel-desktop-base-3.0.80-52.1
      kernel-desktop-base-debuginfo-3.0.80-52.1
      kernel-desktop-debuginfo-3.0.80-52.1
      kernel-desktop-debugsource-3.0.80-52.1
      kernel-desktop-devel-3.0.80-52.1
      kernel-desktop-devel-debuginfo-3.0.80-52.1
      kernel-desktop-hmac-3.0.80-52.1
      kernel-ec2-3.0.80-52.1
      kernel-ec2-base-3.0.80-52.1
      kernel-ec2-base-debuginfo-3.0.80-52.1
      kernel-ec2-debuginfo-3.0.80-52.1
      kernel-ec2-debugsource-3.0.80-52.1
      kernel-ec2-devel-3.0.80-52.1
      kernel-ec2-devel-debuginfo-3.0.80-52.1
      kernel-ec2-extra-3.0.80-52.1
      kernel-ec2-extra-debuginfo-3.0.80-52.1
      kernel-ec2-hmac-3.0.80-52.1
      kernel-source-3.0.80-52.1
      kernel-source-vanilla-3.0.80-52.1
      kernel-syms-3.0.80-52.1
      kernel-trace-3.0.80-52.1
      kernel-trace-base-3.0.80-52.1
      kernel-trace-base-debuginfo-3.0.80-52.1
      kernel-trace-debuginfo-3.0.80-52.1
      kernel-trace-debugsource-3.0.80-52.1
      kernel-trace-devel-3.0.80-52.1
      kernel-trace-devel-debuginfo-3.0.80-52.1
      kernel-trace-hmac-3.0.80-52.1
      kernel-vanilla-3.0.80-52.1
      kernel-vanilla-base-3.0.80-52.1
      kernel-vanilla-base-debuginfo-3.0.80-52.1
      kernel-vanilla-debuginfo-3.0.80-52.1
      kernel-vanilla-debugsource-3.0.80-52.1
      kernel-vanilla-devel-3.0.80-52.1
      kernel-vanilla-devel-debuginfo-3.0.80-52.1
      kernel-vanilla-hmac-3.0.80-52.1
      kernel-xen-3.0.80-52.1
      kernel-xen-base-3.0.80-52.1
      kernel-xen-base-debuginfo-3.0.80-52.1
      kernel-xen-debuginfo-3.0.80-52.1
      kernel-xen-debugsource-3.0.80-52.1
      kernel-xen-devel-3.0.80-52.1
      kernel-xen-devel-debuginfo-3.0.80-52.1
      kernel-xen-hmac-3.0.80-52.1
      preload-1.2-6.35.1
      preload-debuginfo-1.2-6.35.1
      preload-debugsource-1.2-6.35.1
      preload-kmp-default-1.2_3.0.80_52-6.35.1
      preload-kmp-default-debuginfo-1.2_3.0.80_52-6.35.1
      preload-kmp-desktop-1.2_3.0.80_52-6.35.1
      preload-kmp-desktop-debuginfo-1.2_3.0.80_52-6.35.1

   - openSUSE 11.4 (noarch):

      kernel-docs-3.0.80-52.2

   - openSUSE 11.4 (i586):

      kernel-pae-3.0.80-52.1
      kernel-pae-base-3.0.80-52.1
      kernel-pae-base-debuginfo-3.0.80-52.1
      kernel-pae-debuginfo-3.0.80-52.1
      kernel-pae-debugsource-3.0.80-52.1
      kernel-pae-devel-3.0.80-52.1
      kernel-pae-devel-debuginfo-3.0.80-52.1
      kernel-pae-hmac-3.0.80-52.1
      kernel-vmi-3.0.80-52.1
      kernel-vmi-base-3.0.80-52.1
      kernel-vmi-base-debuginfo-3.0.80-52.1
      kernel-vmi-debuginfo-3.0.80-52.1
      kernel-vmi-debugsource-3.0.80-52.1
      kernel-vmi-devel-3.0.80-52.1
      kernel-vmi-devel-debuginfo-3.0.80-52.1
      kernel-vmi-hmac-3.0.80-52.1


References:

   https://www.suse.com/security/cve/CVE-2012-6548.html
   https://www.suse.com/security/cve/CVE-2012-6549.html
   https://www.suse.com/security/cve/CVE-2013-0160.html
   https://www.suse.com/security/cve/CVE-2013-0268.html
   https://www.suse.com/security/cve/CVE-2013-0311.html
   https://www.suse.com/security/cve/CVE-2013-0914.html
   https://www.suse.com/security/cve/CVE-2013-1772.html
   https://www.suse.com/security/cve/CVE-2013-1792.html
   https://www.suse.com/security/cve/CVE-2013-1796.html
   https://www.suse.com/security/cve/CVE-2013-1797.html
   https://www.suse.com/security/cve/CVE-2013-1798.html
   https://www.suse.com/security/cve/CVE-2013-2634.html
   https://www.suse.com/security/cve/CVE-2013-2635.html
   https://bugzilla.novell.com/763968
   https://bugzilla.novell.com/769685
   https://bugzilla.novell.com/788590
   https://bugzilla.novell.com/789359
   https://bugzilla.novell.com/792584
   https://bugzilla.novell.com/797175
   https://bugzilla.novell.com/800907
   https://bugzilla.novell.com/802642
   https://bugzilla.novell.com/804609
   https://bugzilla.novell.com/804656
   https://bugzilla.novell.com/805804
   https://bugzilla.novell.com/805945
   https://bugzilla.novell.com/806238
   https://bugzilla.novell.com/806980
   https://bugzilla.novell.com/808358
   https://bugzilla.novell.com/808647
   https://bugzilla.novell.com/808827
   https://bugzilla.novell.com/809122
   https://bugzilla.novell.com/809895
   https://bugzilla.novell.com/809902
   https://bugzilla.novell.com/809903
   https://bugzilla.novell.com/810473
   https://bugzilla.novell.com/810580
   https://bugzilla.novell.com/810624
   https://bugzilla.novell.com/810722
   https://bugzilla.novell.com/812281
   https://bugzilla.novell.com/814719
   https://bugzilla.novell.com/815356
   https://bugzilla.novell.com/815444
   https://bugzilla.novell.com/815745
   https://bugzilla.novell.com/816443
   https://bugzilla.novell.com/816451
   https://bugzilla.novell.com/816586
   https://bugzilla.novell.com/817010
   https://bugzilla.novell.com/817339
   https://bugzilla.novell.com/818053
   https://bugzilla.novell.com/818327
   https://bugzilla.novell.com/818371
   https://bugzilla.novell.com/818514
   https://bugzilla.novell.com/818516
   https://bugzilla.novell.com/818798
   https://bugzilla.novell.com/819295
   https://bugzilla.novell.com/819519
   https://bugzilla.novell.com/819655
   https://bugzilla.novell.com/820434
   https://bugzilla.novell.com/821930
   https://bugzilla.novell.com/822431
   https://bugzilla.novell.com/822722

openSUSE: 2013:1187-1: important: 3.0.80 kernel update

July 12, 2013
An update that solves 13 vulnerabilities and has 35 fixes An update that solves 13 vulnerabilities and has 35 fixes An update that solves 13 vulnerabilities and has 35 fixes is now...

Description

The kernel was updated to Linux kernel 3.0.80, fixing various bugs and security issues. Following security issues were fixed: CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. A kernel information leak via tkill/tgkill was fixed. Following bugs were fixed: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - libfc: do not exch_done() on invalid sequence ptr (bnc#810722). - netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). - hyperv: use 3.4 as LIC version string (bnc#822431). - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). - xen/netback: do not disconnect frontend when seeing oversize packet. - xen/netfront: reduce gso_max_size to account for max TCP header. - xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - xfs: Fix kABI due to change in xfs_buf (bnc#815356). - xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). - xfs: Serialize file-extending direct IO (bnc#818371). - xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). - bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). - s390/ftrace: fix mcount adjustment (bnc#809895). - mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). - patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). - mm: compaction: Restart compaction from near where it left off - mm: compaction: cache if a pageblock was scanned and no pages were isolated - mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity - mm: compaction: Scan PFN caching KABI workaround - mm: page_allocator: Remove first_pass guard - mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). - SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). - SUNRPC: Fix a UDP transport regression (bnc#800907). - SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). - SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). - SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). - md: cannot re-add disks after recovery (bnc#808647). - fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). - fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). - virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). - usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). - patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). - usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). - xhci: Fix TD size for isochronous URBs (bnc#818514). - ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). - ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). - xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). - xHCI: store rings type. - xhci: Fix hang on back-to-back Set TR Deq Ptr commands. - xHCI: check enqueue pointer advance into dequeue seg. - xHCI: store rings last segment and segment numbers. - xHCI: Allocate 2 segments for transfer ring. - xHCI: count free TRBs on transfer ring. - xHCI: factor out segments allocation and free function. - xHCI: update sg tablesize. - xHCI: set cycle state when allocate rings. - xhci: Reserve one command for USB3 LPM disable. - xHCI: dynamic ring expansion. - xhci: Do not warn on empty ring for suspended devices. - md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). - rpm/mkspec: Stop generating the get_release_number.sh file. - rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. - rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. - rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "" string in specfiles. - mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). - bonding: only use primary address for ARP (bnc#815444). - bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). - mm: speedup in __early_pfn_to_nid (bnc#810624). - TTY: fix atime/mtime regression (bnc#815745). - sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). - sched: harden rq rt usage accounting (bnc#769685, bnc#788590). - rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). - rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). - rcu: Fix detection of abruptly-ending stall (bnc#816586). - rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). - Update Xen patches to 3.0.74. - btrfs: do not re-enter when allocating a chunk. - btrfs: save us a read_lock. - btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. - btrfs: remove unused fs_info from btrfs_decode_error(). - btrfs: handle null fs_info in btrfs_panic(). - btrfs: fix varargs in __btrfs_std_error. - btrfs: fix the race between bio and btrfs_stop_workers. - btrfs: fix NULL pointer after aborting a transaction. - btrfs: fix infinite loop when we abort on mount. - xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). - xfs: fix buffer lookup race on allocation failure (bnc#763968).

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-109 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 11.4 (i586 x86_64): kernel-debug-3.0.80-52.1 kernel-debug-base-3.0.80-52.1 kernel-debug-base-debuginfo-3.0.80-52.1 kernel-debug-debuginfo-3.0.80-52.1 kernel-debug-debugsource-3.0.80-52.1 kernel-debug-devel-3.0.80-52.1 kernel-debug-devel-debuginfo-3.0.80-52.1 kernel-debug-hmac-3.0.80-52.1 kernel-default-3.0.80-52.1 kernel-default-base-3.0.80-52.1 kernel-default-base-debuginfo-3.0.80-52.1 kernel-default-debuginfo-3.0.80-52.1 kernel-default-debugsource-3.0.80-52.1 kernel-default-devel-3.0.80-52.1 kernel-default-devel-debuginfo-3.0.80-52.1 kernel-default-hmac-3.0.80-52.1 kernel-desktop-3.0.80-52.1 kernel-desktop-base-3.0.80-52.1 kernel-desktop-base-debuginfo-3.0.80-52.1 kernel-desktop-debuginfo-3.0.80-52.1 kernel-desktop-debugsource-3.0.80-52.1 kernel-desktop-devel-3.0.80-52.1 kernel-desktop-devel-debuginfo-3.0.80-52.1 kernel-desktop-hmac-3.0.80-52.1 kernel-ec2-3.0.80-52.1 kernel-ec2-base-3.0.80-52.1 kernel-ec2-base-debuginfo-3.0.80-52.1 kernel-ec2-debuginfo-3.0.80-52.1 kernel-ec2-debugsource-3.0.80-52.1 kernel-ec2-devel-3.0.80-52.1 kernel-ec2-devel-debuginfo-3.0.80-52.1 kernel-ec2-extra-3.0.80-52.1 kernel-ec2-extra-debuginfo-3.0.80-52.1 kernel-ec2-hmac-3.0.80-52.1 kernel-source-3.0.80-52.1 kernel-source-vanilla-3.0.80-52.1 kernel-syms-3.0.80-52.1 kernel-trace-3.0.80-52.1 kernel-trace-base-3.0.80-52.1 kernel-trace-base-debuginfo-3.0.80-52.1 kernel-trace-debuginfo-3.0.80-52.1 kernel-trace-debugsource-3.0.80-52.1 kernel-trace-devel-3.0.80-52.1 kernel-trace-devel-debuginfo-3.0.80-52.1 kernel-trace-hmac-3.0.80-52.1 kernel-vanilla-3.0.80-52.1 kernel-vanilla-base-3.0.80-52.1 kernel-vanilla-base-debuginfo-3.0.80-52.1 kernel-vanilla-debuginfo-3.0.80-52.1 kernel-vanilla-debugsource-3.0.80-52.1 kernel-vanilla-devel-3.0.80-52.1 kernel-vanilla-devel-debuginfo-3.0.80-52.1 kernel-vanilla-hmac-3.0.80-52.1 kernel-xen-3.0.80-52.1 kernel-xen-base-3.0.80-52.1 kernel-xen-base-debuginfo-3.0.80-52.1 kernel-xen-debuginfo-3.0.80-52.1 kernel-xen-debugsource-3.0.80-52.1 kernel-xen-devel-3.0.80-52.1 kernel-xen-devel-debuginfo-3.0.80-52.1 kernel-xen-hmac-3.0.80-52.1 preload-1.2-6.35.1 preload-debuginfo-1.2-6.35.1 preload-debugsource-1.2-6.35.1 preload-kmp-default-1.2_3.0.80_52-6.35.1 preload-kmp-default-debuginfo-1.2_3.0.80_52-6.35.1 preload-kmp-desktop-1.2_3.0.80_52-6.35.1 preload-kmp-desktop-debuginfo-1.2_3.0.80_52-6.35.1 - openSUSE 11.4 (noarch): kernel-docs-3.0.80-52.2 - openSUSE 11.4 (i586): kernel-pae-3.0.80-52.1 kernel-pae-base-3.0.80-52.1 kernel-pae-base-debuginfo-3.0.80-52.1 kernel-pae-debuginfo-3.0.80-52.1 kernel-pae-debugsource-3.0.80-52.1 kernel-pae-devel-3.0.80-52.1 kernel-pae-devel-debuginfo-3.0.80-52.1 kernel-pae-hmac-3.0.80-52.1 kernel-vmi-3.0.80-52.1 kernel-vmi-base-3.0.80-52.1 kernel-vmi-base-debuginfo-3.0.80-52.1 kernel-vmi-debuginfo-3.0.80-52.1 kernel-vmi-debugsource-3.0.80-52.1 kernel-vmi-devel-3.0.80-52.1 kernel-vmi-devel-debuginfo-3.0.80-52.1 kernel-vmi-hmac-3.0.80-52.1


References

https://www.suse.com/security/cve/CVE-2012-6548.html https://www.suse.com/security/cve/CVE-2012-6549.html https://www.suse.com/security/cve/CVE-2013-0160.html https://www.suse.com/security/cve/CVE-2013-0268.html https://www.suse.com/security/cve/CVE-2013-0311.html https://www.suse.com/security/cve/CVE-2013-0914.html https://www.suse.com/security/cve/CVE-2013-1772.html https://www.suse.com/security/cve/CVE-2013-1792.html https://www.suse.com/security/cve/CVE-2013-1796.html https://www.suse.com/security/cve/CVE-2013-1797.html https://www.suse.com/security/cve/CVE-2013-1798.html https://www.suse.com/security/cve/CVE-2013-2634.html https://www.suse.com/security/cve/CVE-2013-2635.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802642 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/804656 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806238 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808358 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/808827 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/809902 https://bugzilla.novell.com/809903 https://bugzilla.novell.com/810473 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722


Severity
Announcement ID: openSUSE-SU-2013:1187-1
Rating: important
Affected Products: openSUSE 11.4

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved