SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1474-1
Rating:             important
References:         #745640 #760407 #765523 #773006 #773255 #773837 
                    #783475 #785901 #789010 #801427 #803320 #804482 
                    #805371 #806396 #806976 #807471 #807502 #808940 
                    #809122 #812526 #812974 #813604 #813733 #814336 
                    #815320 #816043 #817035 #817377 #818465 #819363 
                    #819523 #820172 #820434 #821052 #821235 #822066 
                    #822077 #822575 #822825 #823082 #823342 #823497 
                    #823517 #824159 #824295 #824915 #825048 #825142 
                    #825227 #825591 #825657 #825887 #826350 #826960 
                    #827372 #827376 #827378 #827749 #827750 #828119 
                    #828192 #828574 #828714 #829082 #829357 #829622 
                    #830901 #831055 #831058 #831410 #831949 
Cross-References:   CVE-2013-1059 CVE-2013-1774 CVE-2013-1819
                    CVE-2013-1929 CVE-2013-2148 CVE-2013-2164
                    CVE-2013-2232 CVE-2013-2234 CVE-2013-2237
                    CVE-2013-2851 CVE-2013-4162 CVE-2013-4163
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise High Availability Extension 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 59 fixes
   is now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 2 kernel has been
   updated to  version 3.0.93 and includes various bug and
   security fixes.

   The following security bugs have been fixed:

   *

   CVE-2013-2148: The fill_event_metadata function in
   fs/notify/fanotify/fanotify_user.c in the Linux kernel did
   not initialize a certain structure member, which allowed
   local users to obtain sensitive information from kernel
   memory via a read operation on the fanotify descriptor.

   *

   CVE-2013-2237: The key_notify_policy_flush function
   in net/key/af_key.c in the Linux kernel did not initialize
   a certain structure member, which allowed local users to
   obtain sensitive information from kernel heap memory by
   reading a broadcast message from the notify_policy
   interface of an IPSec key_socket.

   *

   CVE-2013-2232: The ip6_sk_dst_check function in
   net/ipv6/ip6_output.c in the Linux kernel allowed local
   users to cause a denial of service (system crash) by using
   an AF_INET6 socket for a connection to an IPv4 interface.

   *

   CVE-2013-2234: The (1) key_notify_sa_flush and (2)
   key_notify_policy_flush functions in net/key/af_key.c in
   the Linux kernel did not initialize certain structure
   members, which allowed local users to obtain sensitive
   information from kernel heap memory by reading a broadcast
   message from the notify interface of an IPSec key_socket.

   *

   CVE-2013-4162: The udp_v6_push_pending_frames
   function in net/ipv6/udp.c in the IPv6 implementation in
   the Linux kernel made an incorrect function call for
   pending data, which allowed local users to cause a denial
   of service (BUG and system crash) via a crafted application
   that uses the UDP_CORK option in a setsockopt system call.

   *

   CVE-2013-1059: net/ceph/auth_none.c in the Linux
   kernel allowed remote attackers to cause a denial of
   service (NULL pointer dereference and system crash) or
   possibly have unspecified other impact via an auth_reply
   message that triggers an attempted build_request operation.

   *

   CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
   in drivers/cdrom/cdrom.c in the Linux kernel allowed local
   users to obtain sensitive information from kernel memory
   via a read operation on a malfunctioning CD-ROM drive.

   *

   CVE-2013-2851: Format string vulnerability in the
   register_disk function in block/genhd.c in the Linux kernel
   allowed local users to gain privileges by leveraging root
   access and writing format string specifiers to
   /sys/module/md_mod/parameters/new_array in order to create
   a crafted /dev/md device name.

   *

   CVE-2013-4163: The ip6_append_data_mtu function in
   net/ipv6/ip6_output.c in the IPv6 implementation in the
   Linux kernel did not properly maintain information about
   whether the IPV6_MTU setsockopt option had been specified,
   which allowed local users to cause a denial of service (BUG
   and system crash) via a crafted application that uses the
   UDP_CORK option in a setsockopt system call.

   *

   CVE-2013-1929: Heap-based buffer overflow in the
   tg3_read_vpd function in
   drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
   allowed physically proximate attackers to cause a denial of
   service (system crash) or possibly execute arbitrary code
   via crafted firmware that specifies a long string in the
   Vital Product Data (VPD) data structure.

   *

   CVE-2013-1819: The _xfs_buf_find function in
   fs/xfs/xfs_buf.c in the Linux kernel did not validate block
   numbers, which allowed local users to cause a denial of
   service (NULL pointer dereference and system crash) or
   possibly have unspecified other impact by leveraging the
   ability to mount an XFS filesystem containing a metadata
   inode with an invalid extent map.

   *

   CVE-2013-1774: The chase_port function in
   drivers/usb/serial/io_ti.c in the Linux kernel allowed
   local users to cause a denial of service (NULL pointer
   dereference and system crash) via an attempted /dev/ttyUSB
   read or write operation on a disconnected Edgeport USB
   serial converter.

   Also the following bugs have been fixed:

   BTRFS:

   * btrfs: merge contigous regions when loading free
   space cache
   * btrfs: fix how we deal with the orphan block rsv
   * btrfs: fix wrong check during log recovery
   * btrfs: change how we indicate we are adding csums
   * btrfs: flush delayed inodes if we are short on space
   (bnc#801427).
   * btrfs: rework shrink_delalloc (bnc#801427).
   * btrfs: fix our overcommit math (bnc#801427).
   * btrfs: delay block group item insertion (bnc#801427).
   * btrfs: remove bytes argument from do_chunk_alloc
   (bnc#801427).
   * btrfs: run delayed refs first when out of space
   (bnc#801427).
   * btrfs: do not commit instead of overcommitting
   (bnc#801427).
   * btrfs: do not take inode delalloc mutex if we are a
   free space inode (bnc#801427).
   * btrfs: fix chunk allocation error handling
   (bnc#801427).
   * btrfs: remove extent mapping if we fail to add chunk
   (bnc#801427).
   * btrfs: do not overcommit if we do not have enough
   space for global rsv (bnc#801427).
   * btrfs: rework the overcommit logic to be based on the
   total size (bnc#801427).
   * btrfs: steal from global reserve if we are cleaning
   up orphans (bnc#801427).
   * btrfs: clear chunk_alloc flag on retryable failure
   (bnc#801427).
   * btrfs: use reserved space for creating a snapshot
   (bnc#801427).
   * btrfs: cleanup to make the function
   btrfs_delalloc_reserve_metadata more logic (bnc#801427).
   * btrfs: fix space leak when we fail to reserve
   metadata space (bnc#801427).
   * btrfs: fix space accounting for unlink and rename
   (bnc#801427).
   * btrfs: allocate new chunks if the space is not enough
   for global rsv (bnc#801427).
   * btrfs: various abort cleanups (bnc#812526 bnc#801427).
   * btrfs: simplify unlink reservations (bnc#801427).

   OTHER:

   * x86: Add workaround to NMI iret woes (bnc#831949).
   *

   x86: Do not schedule while still in NMI context
   (bnc#831949).

   *

   bnx2x: Avoid sending multiple statistics queries
   (bnc#814336).

   *

   bnx2x: protect different statistics flows
   (bnc#814336).

   *

   futex: Take hugepages into account when generating
   futex_key.

   *

   drivers/hv: util: Fix a bug in version negotiation
   code for util services (bnc#828714).

   *

   printk: Add NMI ringbuffer (bnc#831949).

   * printk: extract ringbuffer handling from vprintk
   (bnc#831949).
   * printk: NMI safe printk (bnc#831949).
   * printk: Make NMI ringbuffer size independent on
   log_buf_len (bnc#831949).
   * printk: Do not call console_unlock from nmi context
   (bnc#831949).
   *

   printk: Do not use printk_cpu from finish_printk
   (bnc#831949).

   *

   mlx4_en: Adding 40gb speed report for ethtool
   (bnc#831410).

   *

   reiserfs: Fixed double unlock in reiserfs_setattr
   failure path.

   * reiserfs: delay reiserfs lock until journal
   initialization (bnc#815320).
   * reiserfs: do not lock journal_init() (bnc#815320).
   * reiserfs: locking, handle nested locks properly
   (bnc#815320).
   * reiserfs: locking, push write lock out of xattr code
   (bnc#815320).
   *

   reiserfs: locking, release lock around quota
   operations (bnc#815320).

   *

   NFS: support "nosharetransport" option (bnc#807502,
   bnc#828192, FATE#315593).

   *

   dm mpath: add retain_attached_hw_handler feature
   (bnc#760407).

   *

   scsi_dh: add scsi_dh_attached_handler_name
   (bnc#760407).

   *

   bonding: disallow change of MAC if fail_over_mac
   enabled (bnc#827376).

   * bonding: propagate unicast lists down to slaves
   (bnc#773255 bnc#827372).
   * bonding: emit address change event also in
   bond_release (bnc#773255 bnc#827372).
   *

   bonding: emit event when bonding changes MAC
   (bnc#773255 bnc#827372).

   *

   SUNRPC: Ensure we release the socket write lock if
   the rpc_task exits early (bnc#830901).

   *

   ext4: force read-only unless rw=1 module option is
   used (fate#314864).

   *

   HID: fix unused rsize usage (bnc#783475).

   *

   HID: fix data access in implement() (bnc#783475).

   *

   xfs: fix deadlock in xfs_rtfree_extent with kernel
   v3.x (bnc#829622).

   *

   r8169: allow multicast packets on sub-8168f chipset
   (bnc#805371).

   * r8169: support new chips of RTL8111F (bnc#805371).
   * r8169: define the early size for 8111evl (bnc#805371).
   * r8169: fix the reset setting for 8111evl (bnc#805371).
   * r8169: add MODULE_FIRMWARE for the firmware of
   8111evl (bnc#805371).
   * r8169: fix sticky accepts packet bits in RxConfig
   (bnc#805371).
   * r8169: adjust the RxConfig settings (bnc#805371).
   * r8169: support RTL8111E-VL (bnc#805371).
   * r8169: add ERI functions (bnc#805371).
   * r8169: modify the flow of the hw reset (bnc#805371).
   * r8169: adjust some registers (bnc#805371).
   * r8169: check firmware content sooner (bnc#805371).
   * r8169: support new firmware format (bnc#805371).
   * r8169: explicit firmware format check (bnc#805371).
   *

   r8169: move the firmware down into the device private
   data (bnc#805371).

   *

   mm: link_mem_sections make sure nmi watchdog does not
   trigger while linking memory sections (bnc#820434).

   *

   kernel: lost IPIs on CPU hotplug (bnc#825048,
   LTC#94784).

   *

   iwlwifi: use correct supported firmware for 6035 and
   6000g2 (bnc#825887).

   *

   watchdog: Update watchdog_thresh atomically
   (bnc#829357).

   * watchdog: update watchdog_tresh properly (bnc#829357).
   * watchdog:
   watchdog-make-disable-enable-hotplug-and-preempt-save.patch
   (bnc#829357).
   *

   include/1/smp.h: define __smp_call_function_single
   for !CONFIG_SMP (bnc#829357).

   *

   lpfc: Return correct error code on bsg_timeout
   (bnc#816043).

   *

   dm-multipath: Drop table when retrying ioctl
   (bnc#808940).

   *

   scsi: Do not retry invalid function error
   (bnc#809122).

   *

   scsi: Always retry internal target error (bnc#745640,
   bnc#825227).

   *

   ibmvfc: Driver version 1.0.1 (bnc#825142).

   * ibmvfc: Fix for offlining devices during error
   recovery (bnc#825142).
   * ibmvfc: Properly set cancel flags when cancelling
   abort (bnc#825142).
   * ibmvfc: Send cancel when link is down (bnc#825142).
   * ibmvfc: Support FAST_IO_FAIL in EH handlers   (bnc#825142).
   *

   ibmvfc: Suppress ABTS if target gone (bnc#825142).

   *

   fs/dcache.c: add cond_resched() to
   shrink_dcache_parent() (bnc#829082).

   *

   kmsg_dump: do not run on non-error paths by default
   (bnc#820172).

   *

   mm: honor min_free_kbytes set by user (bnc#826960).

   *

   hyperv: Fix a kernel warning from
   netvsc_linkstatus_callback() (bnc#828574).

   *

   RT: Fix up hardening patch to not gripe when avg >
   available, which lockless access makes possible and happens
   in -rt kernels running a cpubound ltp realtime testcase.
   Just keep the output sane in that case.

   *

   md/raid10: Fix two bug affecting RAID10 reshape (-).

   *

   Allow NFSv4 to run execute-only files (bnc#765523).

   *

   fs/ocfs2/namei.c: remove unecessary ERROR when
   removing non-empty directory (bnc#819363).

   *

   block: Reserve only one queue tag for sync IO if only
   3 tags are available (bnc#806396).

   *

   drm/i915: Add wait_for in init_ring_common
   (bnc#813604).

   *

   drm/i915: Mark the ringbuffers as being in the GTT
   domain (bnc#813604).

   *

   ext4: avoid hang when mounting non-journal
   filesystems with orphan list (bnc#817377).

   *

   autofs4 - fix get_next_positive_subdir() (bnc#819523).

   *

   ocfs2: Add bits_wanted while calculating credits in
   ocfs2_calc_extend_credits (bnc#822077).

   *

   re-enable io tracing (bnc#785901).

   *

   SUNRPC: Prevent an rpc_task wakeup race (bnc#825591).

   *

   tg3: Prevent system hang during repeated EEH errors   (bnc#822066).

   *

   backends: Check for insane amounts of requests on the
   ring.

   *

   Update Xen patches to 3.0.82.

   *

   netiucv: Hold rtnl between name allocation and device
   registration (bnc#824159).

   *

   drm/edid: Do not print messages regarding stereo or
   csync by default (bnc #821235).

   *

   net/sunrpc: xpt_auth_cache should be ignored when
   expired (bnc#803320).

   * sunrpc/cache: ensure items removed from cache do not
   have pending upcalls (bnc#803320).
   * sunrpc/cache: remove races with queuing an upcall
   (bnc#803320).
   *

   sunrpc/cache: use cache_fresh_unlocked consistently
   and correctly (bnc#803320).

   *

   md/raid10 "enough" fixes (bnc#773837).

   *

   Update config files: disable IP_PNP (bnc#822825)

   *

   Disable efi pstore by default (bnc#804482 bnc#820172).

   *

   md: Fix problem with GET_BITMAP_FILE returning wrong
   status (bnc#812974 bnc#823497).

   *

   USB: xHCI: override bogus bulk wMaxPacketSize values
   (bnc#823082).

   *

   ALSA: hda - Fix system panic when DMA > 40 bits for
   Nvidia audio controllers (bnc#818465).

   *

   USB: UHCI: fix for suspend of virtual HP controller
   (bnc#817035).

   *

   mm: mmu_notifier: re-fix freed page still mapped in
   secondary MMU (bnc#821052).

   Security Issue references:

   * CVE-2013-1059
   
   * CVE-2013-1774
   
   * CVE-2013-1819
   
   * CVE-2013-1929
   
   * CVE-2013-2148
   
   * CVE-2013-2164
   
   * CVE-2013-2232
   
   * CVE-2013-2234
   
   * CVE-2013-2237
   
   * CVE-2013-2851
   
   * CVE-2013-4162
   
   * CVE-2013-4163
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-kernel-8265 slessp2-kernel-8273

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-kernel-8263 slessp2-kernel-8265 slessp2-kernel-8266 slessp2-kernel-8268 slessp2-kernel-8273

   - SUSE Linux Enterprise High Availability Extension 11 SP2:

      zypper in -t patch sleshasp2-kernel-8263 sleshasp2-kernel-8265 sleshasp2-kernel-8266 sleshasp2-kernel-8268 sleshasp2-kernel-8273

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-kernel-8265 sledsp2-kernel-8273

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.93]:

      kernel-default-3.0.93-0.5.1
      kernel-default-base-3.0.93-0.5.1
      kernel-default-devel-3.0.93-0.5.1
      kernel-source-3.0.93-0.5.1
      kernel-syms-3.0.93-0.5.1
      kernel-trace-3.0.93-0.5.1
      kernel-trace-base-3.0.93-0.5.1
      kernel-trace-devel-3.0.93-0.5.1
      kernel-xen-devel-3.0.93-0.5.1
      xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.93]:

      kernel-pae-3.0.93-0.5.1
      kernel-pae-base-3.0.93-0.5.1
      kernel-pae-devel-3.0.93-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.93]:

      kernel-default-3.0.93-0.5.1
      kernel-default-base-3.0.93-0.5.1
      kernel-default-devel-3.0.93-0.5.1
      kernel-source-3.0.93-0.5.1
      kernel-syms-3.0.93-0.5.1
      kernel-trace-3.0.93-0.5.1
      kernel-trace-base-3.0.93-0.5.1
      kernel-trace-devel-3.0.93-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.93]:

      kernel-ec2-3.0.93-0.5.1
      kernel-ec2-base-3.0.93-0.5.1
      kernel-ec2-devel-3.0.93-0.5.1
      kernel-xen-3.0.93-0.5.1
      kernel-xen-base-3.0.93-0.5.1
      kernel-xen-devel-3.0.93-0.5.1
      xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39
      xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39

   - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.93]:

      kernel-default-man-3.0.93-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.93]:

      kernel-ppc64-3.0.93-0.5.1
      kernel-ppc64-base-3.0.93-0.5.1
      kernel-ppc64-devel-3.0.93-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.93]:

      kernel-pae-3.0.93-0.5.1
      kernel-pae-base-3.0.93-0.5.1
      kernel-pae-devel-3.0.93-0.5.1
      xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_3.0.93_0.5-2.18.61
      cluster-network-kmp-trace-1.4_3.0.93_0.5-2.18.61
      gfs2-kmp-default-2_3.0.93_0.5-0.7.91
      gfs2-kmp-trace-2_3.0.93_0.5-0.7.91
      ocfs2-kmp-default-1.6_3.0.93_0.5-0.11.60
      ocfs2-kmp-trace-1.6_3.0.93_0.5-0.11.60

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.93_0.5-2.18.61
      gfs2-kmp-xen-2_3.0.93_0.5-0.7.91
      ocfs2-kmp-xen-1.6_3.0.93_0.5-0.11.60

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):

      cluster-network-kmp-ppc64-1.4_3.0.93_0.5-2.18.61
      gfs2-kmp-ppc64-2_3.0.93_0.5-0.7.91
      ocfs2-kmp-ppc64-1.6_3.0.93_0.5-0.11.60

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):

      cluster-network-kmp-pae-1.4_3.0.93_0.5-2.18.61
      gfs2-kmp-pae-2_3.0.93_0.5-0.7.91
      ocfs2-kmp-pae-1.6_3.0.93_0.5-0.11.60

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.93]:

      kernel-default-3.0.93-0.5.1
      kernel-default-base-3.0.93-0.5.1
      kernel-default-devel-3.0.93-0.5.1
      kernel-default-extra-3.0.93-0.5.1
      kernel-source-3.0.93-0.5.1
      kernel-syms-3.0.93-0.5.1
      kernel-trace-3.0.93-0.5.1
      kernel-trace-base-3.0.93-0.5.1
      kernel-trace-devel-3.0.93-0.5.1
      kernel-trace-extra-3.0.93-0.5.1
      kernel-xen-3.0.93-0.5.1
      kernel-xen-base-3.0.93-0.5.1
      kernel-xen-devel-3.0.93-0.5.1
      kernel-xen-extra-3.0.93-0.5.1
      xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39
      xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39

   - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.93]:

      kernel-pae-3.0.93-0.5.1
      kernel-pae-base-3.0.93-0.5.1
      kernel-pae-devel-3.0.93-0.5.1
      kernel-pae-extra-3.0.93-0.5.1
      xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      ext4-writeable-kmp-default-0_3.0.93_0.5-0.14.72
      ext4-writeable-kmp-trace-0_3.0.93_0.5-0.14.72
      kernel-default-extra-3.0.93-0.5.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      ext4-writeable-kmp-xen-0_3.0.93_0.5-0.14.72
      kernel-xen-extra-3.0.93-0.5.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      ext4-writeable-kmp-ppc64-0_3.0.93_0.5-0.14.72
      kernel-ppc64-extra-3.0.93-0.5.1

   - SLE 11 SERVER Unsupported Extras (i586):

      ext4-writeable-kmp-pae-0_3.0.93_0.5-0.14.72
      kernel-pae-extra-3.0.93-0.5.1


References:

   https://www.suse.com/security/cve/CVE-2013-1059.html
   https://www.suse.com/security/cve/CVE-2013-1774.html
   https://www.suse.com/security/cve/CVE-2013-1819.html
   https://www.suse.com/security/cve/CVE-2013-1929.html
   https://www.suse.com/security/cve/CVE-2013-2148.html
   https://www.suse.com/security/cve/CVE-2013-2164.html
   https://www.suse.com/security/cve/CVE-2013-2232.html
   https://www.suse.com/security/cve/CVE-2013-2234.html
   https://www.suse.com/security/cve/CVE-2013-2237.html
   https://www.suse.com/security/cve/CVE-2013-2851.html
   https://www.suse.com/security/cve/CVE-2013-4162.html
   https://www.suse.com/security/cve/CVE-2013-4163.html
   https://bugzilla.novell.com/745640
   https://bugzilla.novell.com/760407
   https://bugzilla.novell.com/765523
   https://bugzilla.novell.com/773006
   https://bugzilla.novell.com/773255
   https://bugzilla.novell.com/773837
   https://bugzilla.novell.com/783475
   https://bugzilla.novell.com/785901
   https://bugzilla.novell.com/789010
   https://bugzilla.novell.com/801427
   https://bugzilla.novell.com/803320
   https://bugzilla.novell.com/804482
   https://bugzilla.novell.com/805371
   https://bugzilla.novell.com/806396
   https://bugzilla.novell.com/806976
   https://bugzilla.novell.com/807471
   https://bugzilla.novell.com/807502
   https://bugzilla.novell.com/808940
   https://bugzilla.novell.com/809122
   https://bugzilla.novell.com/812526
   https://bugzilla.novell.com/812974
   https://bugzilla.novell.com/813604
   https://bugzilla.novell.com/813733
   https://bugzilla.novell.com/814336
   https://bugzilla.novell.com/815320
   https://bugzilla.novell.com/816043
   https://bugzilla.novell.com/817035
   https://bugzilla.novell.com/817377
   https://bugzilla.novell.com/818465
   https://bugzilla.novell.com/819363
   https://bugzilla.novell.com/819523
   https://bugzilla.novell.com/820172
   https://bugzilla.novell.com/820434
   https://bugzilla.novell.com/821052
   https://bugzilla.novell.com/821235
   https://bugzilla.novell.com/822066
   https://bugzilla.novell.com/822077
   https://bugzilla.novell.com/822575
   https://bugzilla.novell.com/822825
   https://bugzilla.novell.com/823082
   https://bugzilla.novell.com/823342
   https://bugzilla.novell.com/823497
   https://bugzilla.novell.com/823517
   https://bugzilla.novell.com/824159
   https://bugzilla.novell.com/824295
   https://bugzilla.novell.com/824915
   https://bugzilla.novell.com/825048
   https://bugzilla.novell.com/825142
   https://bugzilla.novell.com/825227
   https://bugzilla.novell.com/825591
   https://bugzilla.novell.com/825657
   https://bugzilla.novell.com/825887
   https://bugzilla.novell.com/826350
   https://bugzilla.novell.com/826960
   https://bugzilla.novell.com/827372
   https://bugzilla.novell.com/827376
   https://bugzilla.novell.com/827378
   https://bugzilla.novell.com/827749
   https://bugzilla.novell.com/827750
   https://bugzilla.novell.com/828119
   https://bugzilla.novell.com/828192
   https://bugzilla.novell.com/828574
   https://bugzilla.novell.com/828714
   https://bugzilla.novell.com/829082
   https://bugzilla.novell.com/829357
   https://bugzilla.novell.com/829622
   https://bugzilla.novell.com/830901
   https://bugzilla.novell.com/831055
   https://bugzilla.novell.com/831058
   https://bugzilla.novell.com/831410
   https://bugzilla.novell.com/831949
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2013:1474-1: important: Linux kernel

September 21, 2013
An update that solves 12 vulnerabilities and has 59 fixes An update that solves 12 vulnerabilities and has 59 fixes An update that solves 12 vulnerabilities and has 59 fixes is now...

Summary

The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to version 3.0.93 and includes various bug and security fixes. The following security bugs have been fixed: * CVE-2013-2148: The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. * CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. * CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash)...

Read the Full Advisory

References

#745640 #760407 #765523 #773006 #773255 #773837

#783475 #785901 #789010 #801427 #803320 #804482

#805371 #806396 #806976 #807471 #807502 #808940

#809122 #812526 #812974 #813604 #813733 #814336

#815320 #816043 #817035 #817377 #818465 #819363

#819523 #820172 #820434 #821052 #821235 #822066

#822077 #822575 #822825 #823082 #823342 #823497

#823517 #824159 #824295 #824915 #825048 #825142

#825227 #825591 #825657 #825887 #826350 #826960

#827372 #827376 #827378 #827749 #827750 #828119

#828192 #828574 #828714 #829082 #829357 #829622

#830901 #831055 #831058 #831410 #831949

Cross- CVE-2013-1059 CVE-2013-1774 CVE-2013-1819

CVE-2013-1929 CVE-2013-2148 CVE-2013-2164

CVE-2013-2232 CVE-2013-2234 CVE-2013-2237

CVE-2013...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2013:1474-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved