Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisoryimportantsystem stabilitySUSE Linux 12-SP5: 2021:3992-1 Important: RT Kernel Security Fixes
An update that solves four vulnerabilities, contains one feature and has 15 fixes is now available. . SUSE Security Update: Security update for the Linux RT Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3992-1 Rating: important References: #1114648 #1141655 #1169514 #1190317 #1190523 #1191790 #1191876 #1191961 #1192045 #1192048 #1192273 #1192718 #1192750 #1192753 #1192781 #1192802 #1192866 #1192906 #1192987 SLE-22573 Cross-References: CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has 15 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Real Time kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. Thiscould lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) The following non-security bugs were fixed: - arm64/sve: Use correct size when reinitialising SVE state (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf: Move owner type, jited info into array auxiliary data (bsc#1141655). - bpf: Use kvmalloc for map values in syscall (stable-5.14.16). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1190317). - cifs: for compound requests, use open handle if possible (bsc#1190317). - cifs: release lock earlier in dequeue_mid error case (bsc#1190317). - config: disable unprivileged BPF by default (jsc#SLE-22913) - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fixtop-of-high-memory value for Broadwell/Haswell (bsc#1114648). - elfcore: fix building with clang (bsc#1169514). - fuse: fix page stealing (bsc#1192718). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - i2c: synquacer: fix deferred probing (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mpt3sas: fix spectre issues (bsc#1192802). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - prctl: allow to setup brk for et_dyn executables (git-fixes). - printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix error handling of scsi_host_alloc()(git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - smb3: add additional null check in SMB2_ioctl (bsc#1190317). - smb3: add additional null check in SMB2_open (bsc#1190317). - smb3: add additional null check in SMB2_tcon (bsc#1190317). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876 bsc#1192866). - swiotlb-xen: avoid double free (git-fixes). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - tracing: use %ps format string to print symbols (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). - xen: Fix implicit type conversion (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-3992=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.70.2 cluster-md-kmp-rt-debuginfo-4.12.14-10.70.2 dlm-kmp-rt-4.12.14-10.70.2 dlm-kmp-rt-debuginfo-4.12.14-10.70.2 gfs2-kmp-rt-4.12.14-10.70.2 gfs2-kmp-rt-debuginfo-4.12.14-10.70.2 kernel-rt-4.12.14-10.70.2 kernel-rt-base-4.12.14-10.70.2 kernel-rt-base-debuginfo-4.12.14-10.70.2 kernel-rt-debuginfo-4.12.14-10.70.2 kernel-rt-debugsource-4.12.14-10.70.2 kernel-rt-devel-4.12.14-10.70.2 kernel-rt-devel-debuginfo-4.12.14-10.70.2 kernel-rt_debug-4.12.14-10.70.2 kernel-rt_debug-debuginfo-4.12.14-10.70.2 kernel-rt_debug-debugsource-4.12.14-10.70.2 kernel-rt_debug-devel-4.12.14-10.70.2 kernel-rt_debug-devel-debuginfo-4.12.14-10.70.2 kernel-syms-rt-4.12.14-10.70.2 ocfs2-kmp-rt-4.12.14-10.70.2 ocfs2-kmp-rt-debuginfo-4.12.14-10.70.2 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.70.2 kernel-source-rt-4.12.14-10.70.2 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34981.html https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1141655 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1190317 https://bugzilla.suse.com/1190523 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191876 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192048 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1192718 https://bugzilla.suse.com/1192750 https://bugzilla.suse.com/1192753 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 https://bugzilla.suse.com/1192866 https://bugzilla.suse.com/1192906 https://bugzilla.suse.com/1192987 . Key enhancements for SUSE Linux RT Kernel tackle security vulnerabilities and bolster system reliability through a series of updates and patches.. SUSE Linux RT Kernel, Linux updates, system security fixes, real time kernel, security updates. . Severity: Important. LinuxSecurity.com Team
Dec 10, 2021
•Important
SuSE
100
security advisorydenial of servicekernel updateSUSE Linux 11 SP3 Advisory: 2014:1695-2 Critical Kernel Update
An update that solves 24 vulnerabilities and has 28 fixes An update that solves 24 vulnerabilities and has 28 fixes An update that solves 24 vulnerabilities and has 28 fixes is now available. It includes one version update. is now available. It includes one version update.. SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1695-2 Rating: important References: #755743 #779488 #800255 #835839 #851603 #853040 #857643 #860441 #868049 #873228 #876633 #883724 #883948 #885077 #887418 #888607 #891211 #891368 #891790 #892782 #893758 #894058 #894895 #895387 #895468 #896382 #896390 #896391 #896392 #896415 #897502 #897694 #897708 #898295 #898375 #898554 #899192 #899574 #899843 #901638 #902346 #902349 #903331 #903653 #904013 #904358 #904700 #905100 #905522 #907818 #909077 #910251 Cross-References: CVE-2012-4398 CVE-2013-2889 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-7263 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-7826 CVE-2014-7841 CVE-2014-8133 CVE-2014-8709 CVE-2014-8884 CVE-2014-9090 CVE-2014-9322 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 28 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following securitybugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (bnc#835839). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#853040, bnc#857643). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as usedin Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype (bnc#883948). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed INIT ping-of-death (bnc#905100). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-8884: A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed: * Build the KOTD against the SP3 Update project * HID: fix kabi breakage. * NFS:Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. * NFS: fix inverted test for delegation in nfs4_reclaim_open_state (bnc#903331). * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331). * NFSv4: nfs4_open_done first must check that GETATTR decoded a file type (bnc#899574). * PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898295). * PCI: pciehp: Enable link state change notifications (bnc#898295). * PCI: pciehp: Handle push button event asynchronously (bnc#898295). * PCI: pciehp: Make check_link_active() non-static (bnc#898295). * PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898295). * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295). * PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898295). * PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * be2net: Fix invocation of be_close() after be_clear() (bnc#895468). * block: Fix bogus partition statistics reports (bnc#885077 bnc#891211). * block: Fix computation of merged request priority. * btrfs: Fix wrong device size when we are resizing the device. * btrfs: Return right extent when fiemap gives unaligned offset and len. * btrfs: abtract out range locking in clone ioctl(). * btrfs: always choose work from prio_head first. * btrfs: balance delayed inode updates. * btrfs: cache extent states in defrag code path. * btrfs: check file extent type before anything else (bnc#897694). * btrfs: clone, do not create invalid hole extent map. * btrfs: correctly determine if blocks are shared in btrfs_compare_trees. * btrfs: do not bug_on if we try to cow a free space cache inode. * btrfs: ensure btrfs_prev_leaf does not miss 1 item. * btrfs: ensure readerssee new data after a clone operation. * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. * btrfs: filter invalid arg for btrfs resize. * btrfs: fix EINVAL checks in btrfs_clone. * btrfs: fix EIO on reading file after ioctl clone works on it. * btrfs: fix a crash of clone with inline extents split. * btrfs: fix crash of compressed writes (bnc#898375). * btrfs: fix crash when starting transaction. * btrfs: fix deadlock with nested trans handles. * btrfs: fix hang on error (such as ENOSPC) when writing extent pages. * btrfs: fix leaf corruption after __btrfs_drop_extents. * btrfs: fix race between balance recovery and root deletion. * btrfs: fix wrong extent mapping for DirectIO. * btrfs: handle a missing extent for the first file extent. * btrfs: limit delalloc pages outside of find_delalloc_range (bnc#898375). * btrfs: read lock extent buffer while walking backrefs. * btrfs: remove unused wait queue in struct extent_buffer. * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. * btrfs: replace error code from btrfs_drop_extents. * btrfs: unlock extent and pages on error in cow_file_range. * btrfs: unlock inodes in correct order in clone ioctl. * btrfs_ioctl_clone: Move clone code into its own function. * cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#903653). * drm/i915: Flush the PTEs after updating them before suspend (bnc#901638). * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638). * ext3: return 32/64-bit dir name hash according to usage type (bnc#898554). * ext4: return 32/64-bit dir name hash according to usage type (bnc#898554). * fix: use after free of xfs workqueues (bnc#894895). * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash (bnc#898554). * futex: Ensureget_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). * futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). * ipv6: add support of peer address (bnc#896415). * ipv6: fix a refcnt leak with peer addr (bnc#896415). * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502). * mm: change __remove_pages() to call release_mem_region_adjustable() (bnc#891790). * netxen: Fix link event handling (bnc#873228). * netxen: fix link notification order (bnc#873228). * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554). * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554). * ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page (bnc#899843). * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). * powerpc: Add support for the optimised lockref implementation (bsc#893758). * powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). * remove filesize checks for sync I/O journal commit (bnc#800255). * resource: add __adjust_resource() for internal use (bnc#891790). * resource: add release_mem_region_adjustable() (bnc#891790). * revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * rpm/mkspec: Generate specfiles according to Factory requirements. * rpm/mkspec: Generate a per-architecture per-package _constraints file * sched: Fix unreleased llc_shared_mask bit during CPU hotplug (bnc#891368). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904358). * usbback: Do not access request fields in shared ring more than once. * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607). * vfs,proc: guarantee unique inodes in /proc (bnc#868049). * x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable() (bnc#887418). * x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). * x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). * xfs: Do not free EFIs before the EFDs are committed (bsc#755743). * xfs: Do not reference the EFI after it is freed (bsc#755743). * xfs: fix cil push sequence after log recovery (bsc#755743). * zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). * zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). Security Issues: * CVE-2012-4398 * CVE-2013-2889 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2899 * CVE-2013-7263 * CVE-2014-3181 * CVE-2014-3184 * CVE-2014-3185 * CVE-2014-3186 * CVE-2014-3601 * CVE-2014-3610 * CVE-2014-3646 * CVE-2014-3647 * CVE-2014-4508 * CVE-2014-4608 * CVE-2014-7826 * CVE-2014-7841 * CVE-2014-8709 * CVE-2014-8884 * CVE-2014-3673 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions andNotes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-10107 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.32-2.27.121 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.32-2.27.121 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.32-0.22.87 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.32-0.22.87 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.32-0.38.106 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.32-0.38.106 kernel-rt-3.0.101.rt130-0.32.1 kernel-rt-base-3.0.101.rt130-0.32.1 kernel-rt-devel-3.0.101.rt130-0.32.1 kernel-rt_trace-3.0.101.rt130-0.32.1 kernel-rt_trace-base-3.0.101.rt130-0.32.1 kernel-rt_trace-devel-3.0.101.rt130-0.32.1 kernel-source-rt-3.0.101.rt130-0.32.1 kernel-syms-rt-3.0.101.rt130-0.32.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.32-0.11.96 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.32-0.11.96 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.32-0.20.121 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.32-0.20.121 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.32-0.13.112 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.32-0.13.112 References: https://www.suse.com/security/cve/CVE-2012-4398.html https://www.suse.com/security/cve/CVE-2013-2889.html https://www.suse.com/security/cve/CVE-2013-2893.html https://www.suse.com/security/cve/CVE-2013-2897.html https://www.suse.com/security/cve/CVE-2013-2899.html https://www.suse.com/security/cve/CVE-2013-7263.html https://www.suse.com/security/cve/CVE-2014-3181.html https://www.suse.com/security/cve/CVE-2014-3184.html https://www.suse.com/security/cve/CVE-2014-3185.html https://www.suse.com/security/cve/CVE-2014-3186.html https://www.suse.com/security/cve/CVE-2014-3601.html https://www.suse.com/security/cve/CVE-2014-3610.html https://www.suse.com/security/cve/CVE-2014-3646.html https://www.suse.com/security/cve/CVE-2014-3647.html https://www.suse.com/security/cve/CVE-2014-3673.html https://www.suse.com/security/cve/CVE-2014-4508.html https://www.suse.com/security/cve/CVE-2014-4608.html https://www.suse.com/security/cve/CVE-2014-7826.html https://www.suse.com/security/cve/CVE-2014-7841.html https://www.suse.com/security/cve/CVE-2014-8133.html https://www.suse.com/security/cve/CVE-2014-8709.html https://www.suse.com/security/cve/CVE-2014-8884.html https://www.suse.com/security/cve/CVE-2014-9090.html https://www.suse.com/security/cve/CVE-2014-9322.html https://bugzilla.suse.com/show_bug.cgi?id=755743 https://bugzilla.suse.com/show_bug.cgi?id=779488 https://bugzilla.suse.com/show_bug.cgi?id=800255 https://bugzilla.suse.com/show_bug.cgi?id=835839 https://bugzilla.suse.com/show_bug.cgi?id=851603 https://bugzilla.suse.com/show_bug.cgi?id=853040 https://bugzilla.suse.com/show_bug.cgi?id=857643 https://bugzilla.suse.com/show_bug.cgi?id=860441 https://bugzilla.suse.com/show_bug.cgi?id=868049 https://bugzilla.suse.com/show_bug.cgi?id=873228 https://bugzilla.suse.com/show_bug.cgi?id=876633 https://bugzilla.suse.com/show_bug.cgi?id=883724 https://bugzilla.suse.com/show_bug.cgi?id=883948 https://bugzilla.suse.com/show_bug.cgi?id=885077 https://bugzilla.suse.com/show_bug.cgi?id=887418 https://bugzilla.suse.com/show_bug.cgi?id=888607 https://bugzilla.suse.com/show_bug.cgi?id=891211 https://bugzilla.suse.com/show_bug.cgi?id=891368 https://bugzilla.suse.com/show_bug.cgi?id=891790 https://bugzilla.suse.com/show_bug.cgi?id=892782 https://bugzilla.suse.com/show_bug.cgi?id=893758 https://bugzilla.suse.com/show_bug.cgi?id=894058 https://bugzilla.suse.com/show_bug.cgi?id=894895 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895468 https://bugzilla.suse.com/show_bug.cgi?id=896382 https://bugzilla.suse.com/show_bug.cgi?id=896390 https://bugzilla.suse.com/show_bug.cgi?id=896391 https://bugzilla.suse.com/show_bug.cgi?id=896392 https://bugzilla.suse.com/show_bug.cgi?id=896415 https://bugzilla.suse.com/show_bug.cgi?id=897502 https://bugzilla.suse.com/show_bug.cgi?id=897694 https://bugzilla.suse.com/show_bug.cgi?id=897708 https://bugzilla.suse.com/show_bug.cgi?id=898295 https://bugzilla.suse.com/show_bug.cgi?id=898375 https://bugzilla.suse.com/show_bug.cgi?id=898554 https://bugzilla.suse.com/show_bug.cgi?id=899192 https://bugzilla.suse.com/show_bug.cgi?id=899574 https://bugzilla.suse.com/show_bug.cgi?id=899843 https://bugzilla.suse.com/show_bug.cgi?id=901638 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902349 https://bugzilla.suse.com/show_bug.cgi?id=903331 https://bugzilla.suse.com/show_bug.cgi?id=903653 https://bugzilla.suse.com/show_bug.cgi?id=904013 https://bugzilla.suse.com/show_bug.cgi?id=904358 https://bugzilla.suse.com/show_bug.cgi?id=904700 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=905522 https://bugzilla.suse.com/show_bug.cgi?id=907818 https://bugzilla.suse.com/show_bug.cgi?id=909077 https://bugzilla.suse.com/show_bug.cgi?id=910251 https://scc.suse.com:443/patches/ . SUSE's latest Security Update addresses 22 vulnerabilities within the Linux kernel framework, mitigating severe exploit risks and system instability concerns.. Linux Kernel Update,SUSE Security Advisory,Critical System Patch,Denial Of Service,Kernel Security Fix. . Severity: Critical. LinuxSecurity.com Team
Jan 14, 2015
•Critical
SuSE
100
security advisorydenial of servicekernel updateSUSE 11: 2014:0909-1 Important: Kernel Denial Of Service Issues
An update that solves 30 vulnerabilities and has 76 fixes An update that solves 30 vulnerabilities and has 76 fixes An update that solves 30 vulnerabilities and has 76 fixes is now available. It includes one version update. is now available. It includes one version update.. SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0909-1 Rating: important References: #767610 #786450 #792271 #821619 #832710 #837563 #840524 #846404 #846690 #847652 #850915 #851426 #851603 #852553 #855126 #857926 #858869 #858870 #858872 #859840 #861636 #861980 #862429 #862934 #863300 #863335 #863410 #863873 #864404 #864464 #865310 #865330 #865882 #866081 #866102 #866615 #866800 #866864 #867362 #867517 #867531 #867723 #867953 #868488 #868528 #868653 #868748 #869033 #869414 #869563 #869934 #870173 #870335 #870450 #870496 #870498 #870576 #870591 #870618 #870877 #870958 #871561 #871634 #871676 #871728 #871854 #871861 #871899 #872188 #872540 #872634 #873061 #873374 #873463 #874108 #874145 #874440 #874577 #875386 #876102 #876114 #876176 #876463 #877013 #877257 #877497 #877775 #878115 #878123 #878274 #878407 #878509 #879921 #879957 #880007 #880357 #880437 #880484 #881571 #881761 #881939 #882324 #883380 #883724 #883795 #885725 Cross-References: CVE-2012-2372 CVE-2013-2929 CVE-2013-4299 CVE-2013-4579 CVE-2013-6382 CVE-2013-7339 CVE-2014-0055 CVE-2014-0077 CVE-2014-0101 CVE-2014-0131 CVE-2014-0155 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2309 CVE-2014-2523 CVE-2014-2678 CVE-2014-2851 CVE-2014-3122 CVE-2014-3144 CVE-2014-3145 CVE-2014-3917 CVE-2014-4508 CVE-2014-4652 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-4699 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves 30 vulnerabilities and has 76 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 Real Time Extension kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610) * CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652) * CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (bnc#846404) * CVE-2013-4579: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach todetermine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (bnc#851426) * CVE-2013-6382: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553) * CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#869563) * CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (bnc#870173) * CVE-2014-0077: drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (bnc#870576) * CVE-2014-0101: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. (bnc#866102) * CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (bnc#867723) * CVE-2014-0155: The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (bnc#872540) * CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) * CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) * CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) * CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (bnc#863335) * CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. (bnc#867531) * CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (bnc#868653) * CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#871561) * CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (bnc#873374) * CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows localusers to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (bnc#876102) * CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257) * CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257) * CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484) * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number * (bnc#883724) * CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.cin the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795) * CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795) * CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795) * CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET,which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725) Also the following non-security bugs have been fixed: * kernel: avoid page table walk on user space access (bnc#878407, LTC#110316). * spinlock: fix system hang with spin_retry create_handle (bnc#883380). * drm/mgag200,ast,cirrus: fix regression with drm_can_sleep conversion (bnc#883380). * drm/mgag200: Consolidate depth/bpp handling (bnc#882324). * drm/ast: Initialized data needed to map fbdev memory (bnc#880007). * drm/ast: add AST 2400 support (bnc#880007). * drm/ast: Initialized data needed to map fbdev memory (bnc#880007). * drm/mgag200: on cards with < 2MB VRAM default to 16-bit (bnc#882324). * drm/mgag200: fix typo causing bw limits to be ignored on some chips (bnc#882324). * drm/ttm: do not oops if no invalidate_caches() (bnc#869414). * drm/i915: Break encoder-> crtc link separately in intel_sanitize_crtc() (bnc#855126). * dlm: keep listening connection alive with sctp mode (bnc#881939) * series.conf: Clarify comment about Xen kabi adjustments (bnc#876114#c25) * btrfs: fix a crash when running balance and defrag concurrently. * btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). * btrfs: free delayed node outside of root-> inode_lock (bnc#866864). * btrfs: return EPERM when deleting a default subvolume (bnc#869934). * btrfs: do not loop on large offsets in readdir (bnc#863300) * sched: Consider pi boosting in setscheduler. * sched: Queue RT tasks to head when prio drops. * sched: Adjust sched_reset_on_fork when nothing else changes. * sched: Fix clock_gettime(CLOCK__CPUTIME_ID) monotonicity (bnc#880357). * sched: Do not allow scheduler time to go backwards (bnc#880357). * sched: Make scale_rt_power() deal with backward clocks (bnc#865310). * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check (bnc#871861). * sched: update_rq_clock() must skip ONE update (bnc#869033, bnc#868528). * tcp: allow to disable cwnd moderation in TCP_CA_Loss state (bnc#879921). * tcp: clear xmit timers in tcp_v4_syn_recv_sock() (bnc#862429). * net: add missing bh_unlock_sock() calls (bnc#862429). * bonding: fix vlan_features computing (bnc#872634). * vlan: more careful checksum features handling (bnc#872634). * xfrm: fix race between netns cleanup and state expire notification (bnc#879957). * xfrm: check peer pointer for null before calling inet_putpeer() (bnc#877775). * ipv6: do not overwrite inetpeer metrics prematurely (bnc#867362). * pagecachelimit: reduce lru_lock contention for heavy parallel kabi fixup: (bnc#878509, bnc#864464). * pagecachelimit: reduce lru_lock contention for heavy parallel reclaim (bnc#878509, bnc#864464). * TTY: serial, cleanup include file (bnc#881571). * TTY: serial, fix includes in some drivers (bnc#881571). * serial_core: Fix race in uart_handle_dcd_change (bnc#881571). * powerpc/perf: Power8 PMU support (bnc#832710). * powerpc/perf: Add support for SIER (bnc#832710). * powerpc/perf: Add regs_no_sipr() (bnc#832710). * powerpc/perf: Add an accessor for regs-> result (bnc#832710). * powerpc/perf: Convert mmcra_sipr/sihv() to regs_sipr/sihv() (bnc#832710). * powerpc/perf: Add an explict flag indicating presence of SLOT field (bnc#832710). * swiotlb: do not assume PA 0 is invalid (bnc#865882). * lockref: implement lockless reference countupdates using cmpxchg() (FATE#317271). * af_iucv: wrong mapping of sent and confirmed skbs (bnc#878407, LTC#110452). * af_iucv: recvmsg problem for SOCK_STREAM sockets (bnc#878407, LTC#110452). * af_iucv: fix recvmsg by replacing skb_pull() function (bnc#878407, LTC#110452). * qla2xxx: Poll during initialization for ISP25xx and ISP83xx (bnc#837563). * qla2xxx: Fix request queue null dereference (bnc#859840). * lpfc 8.3.41: Fixed SLI3 failing FCP write on check-condition no-sense with residual zero (bnc#850915). * reiserfs: call truncate_setsize under tailpack mutex (bnc#878115). * reiserfs: drop vmtruncate (bnc#878115). * ipvs: handle IPv6 fragments with one-packet scheduling (bnc#861980). * kabi: hide modifications of struct sk_buff done by bnc#861980 fix (bnc#861980). * loop: remove the incorrect write_begin/write_end shortcut (bnc#878123). * watchdog: hpwdt patch to display informative string (bnc#862934). * watchdog: hpwdt: Patch to ignore auxilary iLO devices (bnc#862934). * watchdog: hpwdt: Add check for UEFI bits (bnc#862934). * watchdog: hpwdt.c: Increase version string (bnc#862934). * hpilo: Correct panic when an AUX iLO is detected (bnc#837563). * locking/mutexes: Introduce cancelable MCS lock for adaptive spinning (FATE#317271). * locking/mutexes: Modify the way optimistic spinners are queued (FATE#317271). * locking/mutexes: Return false if task need_resched() in mutex_can_spin_on_owner() (FATE#317271). * mutex: Enable the queuing of mutex spinners with MCS lock (FATE#317271). config: disabled on all flavors * mutex: Queue mutex spinners with MCS lock to reduce cacheline contention (FATE#317271). * memcg:deprecate memory.force_empty knob (bnc#878274). * kabi: protect struct net from bnc#877013 changes (bnc#877013). * netfilter: nfnetlink_queue: add net namespace support for nfnetlink_queue (bnc#877013). * netfilter: make /proc/net/netfilter pernet (bnc#877013). * netfilter: xt_hashlimit: fix proc entry leak in netns destroy path (bnc#871634). * netfilter: xt_hashlimit: fix namespace destroy path (bnc#871634). * netfilter: nf_queue: reject NF_STOLEN verdicts from userspace (bnc#870877). * netfilter: avoid double free in nf_reinject (bnc#870877). * netfilter: ctnetlink: fix race between delete and timeout expiration (bnc#863410). * netfilter: reuse skb-> nfct_reasm for ipvs conn reference (bnc#861980). * mm: per-thread vma caching (FATE#317271). config: enable CONFIG_VMA_CACHE for x86_64/bigsmp * mm, hugetlb: improve page-fault scalability (FATE#317271). * mm: vmscan: Do not throttle based on pfmemalloc reserves if node has no ZONE_NORMAL (bnc#870496). * mm: fix off-by-one bug in print_nodes_state() (bnc#792271). * hugetlb: ensure hugepage access is denied if hugepages are not supported (PowerKVM crash when mounting hugetlbfs without hugepage support (bnc#870498)). * SELinux: Increase ebitmap_node size for 64-bit configuration (FATE#317271). * SELinux: Reduce overhead of mls_level_isvalid() function call (FATE#317271). * mutex: Fix debug_mutexes (FATE#317271). * mutex: Fix debug checks (FATE#317271). * locking/mutexes: Unlock the mutex without the wait_lock (FATE#317271). * epoll: do not take the nested ep-> mtx on EPOLL_CTL_DEL (FATE#317271). * epoll: do not take global "epmutex" for simple topologies (FATE#317271). * epoll: optimize EPOLL_CTL_DEL using rcu (FATE#317271). * vfs: Fix missing unlock of vfsmount_lock in unlazy_walk (bnc#880437). * dcache: kABI fixes for lockref dentries (FATE#317271). * vfs: make sure we do not have a stale root path if unlazy_walk() fails (FATE#317271). * vfs: fix dentry RCU to refcounting possibly sleeping dput() (FATE#317271). * vfs: use lockref "dead" flag to mark unrecoverably dead dentries (FATE#317271). * vfs: reimplement d_rcu_to_refcount() using lockref_get_or_lock() (FATE#317271). * vfs: Remove second variable named error in __dentry_path (FATE#317271). * make prepend_name() work correctly when called with negative *buflen (FATE#317271). * prepend_path() needs to reinitialize dentry/vfsmount on restarts (FATE#317271). * dcache: get/release read lock in read_seqbegin_or_lock() & friend (FATE#317271). * seqlock: Add a new locking reader type (FATE#317271). * dcache: Translating dentry into pathname without taking rename_lock (FATE#317271). * vfs: make the dentry cache use the lockref infrastructure (FATE#317271). * vfs: Remove dentry-> d_lock locking from shrink_dcache_for_umount_subtree() (FATE#317271). * vfs: use lockref_get_not_zero() for optimistic lockless dget_parent() (FATE#317271). * vfs: constify dentry parameter in d_count() (FATE#317271). * helper for reading -> d_count (FATE#317271). * lockref: use arch_mutex_cpu_relax() in CMPXCHG_LOOP() (FATE#317271). * lockref: allow relaxed cmpxchg64 variant for lockless updates (FATE#317271). * lockref: use cmpxchg64 explicitly for lockless updates (FATE#317271). * lockref: add ability to mark lockrefs "dead" (FATE#317271). * lockref: fix docbook argument names (FATE#317271). * lockref: Relax in cmpxchg loop (FATE#317271). * lockref: implement lockless reference count updates using cmpxchg() (FATE#317271). * lockref: uninline lockref helper functions (FATE#317271). * lockref: add lockref_get_or_lock() helper (FATE#317271). * Add new lockref infrastructure reference implementation (FATE#317271). * vfs: make lremovexattr retry once on ESTALE error (bnc#876463). * vfs: make removexattr retry once on ESTALE (bnc#876463). * vfs: make llistxattr retry once on ESTALE error (bnc#876463). * vfs: make listxattr retry once on ESTALE error (bnc#876463). * vfs: make lgetxattr retry once on ESTALE (bnc#876463). * vfs: make getxattr retry once on an ESTALE error (bnc#876463). * vfs: allow lsetxattr() to retry once on ESTALE errors (bnc#876463). * vfs: allow setxattr to retry once on ESTALE errors (bnc#876463). * vfs: allow utimensat() calls to retry once on an ESTALE error (bnc#876463). * vfs: fix user_statfs to retry once on ESTALE errors (bnc#876463). * vfs: make fchownat retry once on ESTALE errors (bnc#876463). * vfs: make fchmodat retry once on ESTALE errors (bnc#876463). * vfs: have chroot retry once on ESTALE error (bnc#876463). * vfs: have chdir retry lookup and call once on ESTALE error (bnc#876463). * vfs: have faccessat retry once on an ESTALE error (bnc#876463). * vfs: have do_sys_truncate retry once on an ESTALE error (bnc#876463). * vfs: fix renameat to retry on ESTALE errors (bnc#876463). * vfs: make do_unlinkat retry once on ESTALE errors (bnc#876463). * vfs: make do_rmdir retry once on ESTALE errors (bnc#876463). * vfs: fix linkat to retry once on ESTALE errors (bnc#876463). * vfs: fix symlinkat to retry on ESTALE errors (bnc#876463). * vfs: fix mkdirat to retry once on an ESTALE error (bnc#876463). * vfs: fix mknodat to retry on ESTALE errors (bnc#876463). * vfs: add a flags argument to user_path_parent (bnc#876463). * vfs: fix readlinkat to retry on ESTALE(bnc#876463). * vfs: make fstatat retry on ESTALE errors from getattr call (bnc#876463). * vfs: add a retry_estale helper function to handle retries on ESTALE (bnc#876463). * crypto: s390 - fix aes,des ctr mode concurrency finding (bnc#874145, LTC#110078). * s390/cio: fix unlocked access of global bitmap (bnc#874145, LTC#109378). * s390/css: stop stsch loop after cc 3 (bnc#874145, LTC#109378). * s390/pci: add kmsg man page (bnc#874145, LTC#109224). * s390/pci/dma: use correct segment boundary size (bnc#866081, LTC#104566). * cio: Fix missing subchannels after CHPID configure on (bnc#866081, LTC#104808). * cio: Fix process hangs during subchannel scan (bnc#866081, LTC#104805). * cio: fix unusable device (bnc#866081, LTC#104168). * qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873). * Fix race between starved list and device removal (bnc#861636). * namei.h: include errno.h (bnc#876463). * ALSA: hda - Implement bind mixer ctls for Conexant (bnc#872188). * ALSA: hda - Fix invalid Auto-Mute Mode enum from cxt codecs (bnc#872188). * ALSA: hda - Fix conflicting Capture Source on cxt codecs (bnc#872188). * ALSA: usb-audio: Fix NULL dereference while quick replugging (bnc#870335). * powerpc: Bring all threads online prior to migration/hibernation (bnc#870591). * powerpc/pseries: Update dynamic cache nodes for suspend/resume operation (bnc#873463). * powerpc/pseries: Device tree should only be updated once after suspend/migrate (bnc#873463). * powerpc/pseries: Expose in kernel device tree update to drmgr (bnc#873463). * powerpc: Add second POWER8 PVR entry (bnc#874440). * libata/ahci: accommodate tag ordered controllers (bnc#871728) * md: try to remove cause of a spinning md thread (bnc#875386). * md: fix up plugging (again) (bnc#866800). * NFSv4: Fix a reboot recovery race when opening a file (bnc#864404). * NFSv4: Ensure delegation recall and byte range lock removal do not conflict (bnc#864404). * NFSv4: Fix up the return values of nfs4_open_delegation_recall (bnc#864404). * NFSv4.1: Do not lose locks when a server reboots during delegation return (bnc#864404). * NFSv4.1: Prevent deadlocks between state recovery and file locking (bnc#864404). * NFSv4: Allow the state manager to mark an open_owner as being recovered (bnc#864404). * NFS: nfs_inode_return_delegation() should always flush dirty data (bnc#864404). * NFSv4: nfs_client_return_marked_delegations cannot flush data (bnc#864404). * NFS: avoid excessive GETATTR request when attributes expired but cached directory is valid (bnc#857926). * seqlock: add "raw_seqcount_begin()" function (bnc#864404). * Allow nfsdv4 to work when fips=1 (bnc#868488). * NFSv4: Add ACCESS operation to OPEN compound (bnc#870958). * NFSv4: Fix unnecessary delegation returns in nfs4_do_open (bnc#870958). * NFSv4: The NFSv4.0 client must send RENEW calls if it holds a delegation (bnc#863873). * NFSv4: nfs4_proc_renew should be declared static (bnc#863873). * NFSv4: do not put ACCESS in OPEN compound if O_EXCL (bnc#870958). * NFS: revalidate on open if dcache is negative (bnc#876463). * NFSD add module parameter to disable delegations (bnc#876463). * Do not lose sockets when nfsd shutdown races with connection timeout (bnc#871854). * timer: Prevent overflow in apply_slack (bnc#873061). * mei: me: do not load the driver if the FW does not support MEI interface (bnc#821619). * ipmi:Reset the KCS timeout when starting error recovery (bnc#870618). * ipmi: Fix a race restarting the timer (bnc#870618). * ipmi: increase KCS timeouts (bnc#870618). * bnx2x: Fix kernel crash and data miscompare after EEH recovery (bnc#881761). * bnx2x: Adapter not recovery from EEH error injection (bnc#881761). * kabi: hide modifications of struct inet_peer done by bnc#867953 fix (bnc#867953). * inetpeer: prevent unlinking from unused list twice (bnc#867953). * Ignore selected taints for tracepoint modules (bnc#870450, FATE#317134). * Use "E" instead of "X" for unsigned module taint flag (bnc#870450,FATE#317134). * Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE (bnc#870450,FATE#317134). * xhci: extend quirk for Renesas cards (bnc#877497). * scsi: return target failure on EMC inactive snapshot (bnc#840524). * virtio_balloon: do not softlockup on huge balloon changes (bnc#871899). * ch: add refcounting (bnc#867517). * storvsc: NULL pointer dereference fix (bnc#865330). * Unlock the rename_lock in dentry_path() in the case when path is too long (bnc#868748). Security Issue references: * CVE-2012-2372 * CVE-2013-2929 * CVE-2013-4299 * CVE-2013-4579 * CVE-2013-6382 * CVE-2013-7339 * CVE-2014-0055 * CVE-2014-0077 * CVE-2014-0101 * CVE-2014-0131 * CVE-2014-0155 * CVE-2014-1444 * CVE-2014-1445 * CVE-2014-1446 * CVE-2014-1874 * CVE-2014-2309 * CVE-2014-2523 * CVE-2014-2678 * CVE-2014-2851 * CVE-2014-3122 *CVE-2014-3144 * CVE-2014-3145 * CVE-2014-3917 * CVE-2014-4508 * CVE-2014-4652 * CVE-2014-4653 * CVE-2014-4654 * CVE-2014-4655 * CVE-2014-4656 * CVE-2014-4699 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-9504 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.24-2.27.79 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.24-2.27.79 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.24-0.22.45 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.24-0.22.45 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.24-0.38.64 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.24-0.38.64 kernel-rt-3.0.101.rt130-0.24.1 kernel-rt-base-3.0.101.rt130-0.24.1 kernel-rt-devel-3.0.101.rt130-0.24.1 kernel-rt_trace-3.0.101.rt130-0.24.1 kernel-rt_trace-base-3.0.101.rt130-0.24.1 kernel-rt_trace-devel-3.0.101.rt130-0.24.1 kernel-source-rt-3.0.101.rt130-0.24.1 kernel-syms-rt-3.0.101.rt130-0.24.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.24-0.11.57 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.24-0.11.57 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.24-0.20.79 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.24-0.20.79 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.24-0.13.70 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.24-0.13.70 References: https://www.suse.com/security/cve/CVE-2012-2372.html https://www.suse.com/security/cve/CVE-2013-2929.html https://www.suse.com/security/cve/CVE-2013-4299.html https://www.suse.com/security/cve/CVE-2013-4579.html https://www.suse.com/security/cve/CVE-2013-6382.html https://www.suse.com/security/cve/CVE-2013-7339.html https://www.suse.com/security/cve/CVE-2014-0055.html https://www.suse.com/security/cve/CVE-2014-0077.html https://www.suse.com/security/cve/CVE-2014-0101.html https://www.suse.com/security/cve/CVE-2014-0131.html https://www.suse.com/security/cve/CVE-2014-0155.html https://www.suse.com/security/cve/CVE-2014-1444.html https://www.suse.com/security/cve/CVE-2014-1445.html https://www.suse.com/security/cve/CVE-2014-1446.html https://www.suse.com/security/cve/CVE-2014-1874.html https://www.suse.com/security/cve/CVE-2014-2309.html https://www.suse.com/security/cve/CVE-2014-2523.html https://www.suse.com/security/cve/CVE-2014-2678.html https://www.suse.com/security/cve/CVE-2014-2851.html https://www.suse.com/security/cve/CVE-2014-3122.html https://www.suse.com/security/cve/CVE-2014-3144.html https://www.suse.com/security/cve/CVE-2014-3145.html https://www.suse.com/security/cve/CVE-2014-3917.html https://www.suse.com/security/cve/CVE-2014-4508.html https://www.suse.com/security/cve/CVE-2014-4652.html https://www.suse.com/security/cve/CVE-2014-4653.html https://www.suse.com/security/cve/CVE-2014-4654.html https://www.suse.com/security/cve/CVE-2014-4655.html https://www.suse.com/security/cve/CVE-2014-4656.html https://www.suse.com/security/cve/CVE-2014-4699.html https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://scc.suse.com:443/patches/ . Important patch for SUSE Linux kernel resolving various vulnerabilities and improving overall system reliability.. SUSE Linux Kernel Security Update, Denial of Service Vulnerabilities, Linux Security Issues. . Severity: Important. LinuxSecurity.com Team
Jul 17, 2014
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!