SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1748-1
Rating:             important
References:         #763463 #794824 #797526 #804950 #816099 #820848 
                    #821259 #821465 #826102 #827246 #827416 #828714 
                    #828894 #829682 #831029 #831143 #831380 #832292 
                    #833321 #833588 #833635 #833820 #833858 #834204 
                    #834600 #834905 #835094 #835684 #835930 #836218 
                    #836347 #836801 #837372 #837803 #838346 #838448 
                    #840830 #841094 #841402 #841498 #842063 #842604 
                    #844513 
Cross-References:   CVE-2013-2206
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise High Availability Extension 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves one vulnerability and has 42 fixes is
   now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 2 kernel was
   updated to version  3.0.101 and also includes various other
   bug and security fixes.

   The following features have been added:

   * Drivers: hv: Support handling multiple VMBUS versions
   (FATE#314665).
   * Drivers: hv: Save and export negotiated vmbus version
   (FATE#314665).
   * Drivers: hv: Move vmbus version definitions to
   hyperv.h (FATE#314665).

   The following security issue has been fixed:

   * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
   in net/sctp/sm_statefuns.c in the SCTP implementation in
   the Linux kernel did not properly handle associations
   during the processing of a duplicate COOKIE ECHO chunk,
   which allowed remote attackers to cause a denial of service
   (NULL pointer dereference and system crash) or possibly
   have unspecified other impact via crafted SCTP traffic.
   (bnc#826102)

   The following non-security bugs have been fixed:

   * kernel: sclp console hangs (bnc#841498, LTC#95711).
   * intel-iommu: Fix leaks in pagetable freeing
   (bnc#841402).
   * iommu/vt-d: add quirk for broken interrupt remapping
   on 55XX chipsets (bnc#844513).
   * x86/iommu/vt-d: Expand interrupt remapping quirk to
   cover x58 chipset (bnc#844513).
   * iommu/vt-d: Only warn about broken interrupt
   remapping (bnc#844513).
   * iommu: Remove stack trace from broken irq remapping
   warning (bnc#844513).
   * softirq: reduce latencies (bnc#797526).
   * Fix lockup related to stop_machine being stuck in
   __do_softirq (bnc#797526).
   * splice: fix racy pipe->buffers uses (bnc#827246).
   * blktrace: fix race with open trace files and
   directory removal (bnc#832292).
   * mm: Do not walk all of system memory during show_mem
   (Reduce tasklist_lock hold times (bnc#821259)).
   * mm: Bounce memory pool initialisation (bnc#836347).
   * mm, memcg: introduce own oom handler to iterate only
   over its own threads.
   * mm, memcg: move all oom handling to memcontrol.c.
   * mm, oom: avoid looping when chosen thread detaches
   its mm.
   * mm, oom: fold oom_kill_task() into oom_kill_process().
   * mm, oom: introduce helper function to process threads
   during scan.
   * mm, oom: reduce dependency on tasklist_lock.
   * ipv6: do not call fib6_run_gc() until routing is
   ready (bnc#836218).
   * ipv6: prevent fib6_run_gc() contention (bnc#797526).
   * ipv6: update ip6_rt_last_gc every time GC is run
   (bnc#797526).
   * net/mlx4_en: Fix BlueFlame race (bnc#835684).
   * netfilter: nf_conntrack: use RCU safe kfree for
   conntrack extensions (bnc#827416 bko#60853).
   * netfilter: prevent race condition breaking net
   reference counting (bnc#835094).
   * net: remove skb_orphan_try() (bnc#834600).
   * bonding: check bond->vlgrp in bond_vlan_rx_kill_vid()
   (bnc#834905).
   * sctp: deal with multiple COOKIE_ECHO chunks
   (bnc#826102).
   * SUNRPC: close a rare race in xs_tcp_setup_socket
   (bnc#794824).
   * NFS: make nfs_flush_incompatible more generous
   (bnc#816099).
   * NFS: do not try to use lock state when we hold a
   delegation (bnc#831029).
   * nfs_lookup_revalidate(): fix a leak (bnc#828894).
   * xfs: growfs: use uncached buffers for new headers   (bnc#842604).
   * xfs: Check the return value of xfs_buf_get()
   (bnc#842604).
   * xfs: avoid double-free in xfs_attr_node_addname.
   * do_add_mount()/umount -l races (bnc#836801).
   * cifs: Fix TRANS2_QUERY_FILE_INFO ByteCount fields
   (bnc#804950).
   * cifs: Fix EREMOTE errors encountered on DFS links
   (bnc#831143).
   * reiserfs: fix race with flush_used_journal_lists and
   flush_journal_list (bnc#837803).
   * reiserfs: remove useless flush_old_journal_lists.
   * fs: writeback: Do not sync data dirtied after sync
   start (bnc#833820).
   * rcu: Do not trigger false positive RCU stall
   detection (bnc#834204).
   * lib/radix-tree.c: make radix_tree_node_alloc() work
   correctly within interrupt (bnc#763463).
   * bnx2x: Change to D3hot only on removal (bnc#838448).
   * vmxnet3: prevent div-by-zero panic when ring resizing
   uninitialized dev (bnc#833321).
   * Drivers: hv: Support handling multiple VMBUS versions
   (fate#314665).
   * Drivers: hv: Save and export negotiated vmbus version
   (fate#314665).
   * Drivers: hv: Move vmbus version definitions to
   hyperv.h (fate#314665).
   * Drivers: hv: util: Fix a bug in version negotiation
   code for util services (bnc#828714).
   * Drivers: hv: util: Correctly support ws2008R2 and
   earlier (bnc#838346).
   * Drivers: hv: util: Fix a bug in util version
   negotiation code (bnc#838346).
   * iscsi: do not hang in endless loop if no targets
   present (bnc#841094).
   * ata: Set proper SK when CK_COND is set (bnc#833588).
   * md: Throttle number of pending write requests in
   md/raid10 (bnc#833858).
   * dm: ignore merge_bvec for snapshots when safe
   (bnc#820848).
   * elousb: some systems cannot stomach work around
   (bnc#840830).
   * bio-integrity: track owner of integrity payload
   (bnc#831380).
   * quirks: add touchscreen that is dazzeled by remote
   wakeup (bnc#835930).
   * Fixed Xen guest freezes (bnc#829682, bnc#842063).
   * config/debug: Enable FSCACHE_DEBUG and
   CACHEFILES_DEBUG (bnc#837372).
   * series.conf: disable XHCI ring expansion patches
   because on machines with large memory they cause a
   starvation problem (bnc#833635).
   * rpm/old-flavors, rpm/mkspec: Add version information
   to obsolete flavors (bnc#821465).
   * rpm/kernel-binary.spec.in: Move the xenpae obsolete
   to the old-flavors file.
   * rpm/old-flavors: Convert the old-packages.conf file
   to a flat list.
   * rpm/old-packages.conf: Drop bogus obsoletes for "smp"
   (bnc#821465).
   * rpm/kernel-binary.spec.in: Make sure that all KMP
   obsoletes are versioned (bnc#821465).
   * rpm/kernel-binary.spec.in: Remove unversioned
   provides/obsoletes for packages that were only seen in
   openSUSE releases up to 11.0. (bnc#821465).

   Security Issue references:

   * CVE-2013-2206
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-kernel-8516 slessp2-kernel-8518

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-kernel-8509 slessp2-kernel-8514 slessp2-kernel-8515 slessp2-kernel-8516 slessp2-kernel-8518

   - SUSE Linux Enterprise High Availability Extension 11 SP2:

      zypper in -t patch sleshasp2-kernel-8509 sleshasp2-kernel-8514 sleshasp2-kernel-8515 sleshasp2-kernel-8516 sleshasp2-kernel-8518

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-kernel-8516 sledsp2-kernel-8518

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.5.1
      kernel-default-base-3.0.101-0.5.1
      kernel-default-devel-3.0.101-0.5.1
      kernel-source-3.0.101-0.5.1
      kernel-syms-3.0.101-0.5.1
      kernel-trace-3.0.101-0.5.1
      kernel-trace-base-3.0.101-0.5.1
      kernel-trace-devel-3.0.101-0.5.1
      kernel-xen-devel-3.0.101-0.5.1
      xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.5.1
      kernel-pae-base-3.0.101-0.5.1
      kernel-pae-devel-3.0.101-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.5.1
      kernel-default-base-3.0.101-0.5.1
      kernel-default-devel-3.0.101-0.5.1
      kernel-source-3.0.101-0.5.1
      kernel-syms-3.0.101-0.5.1
      kernel-trace-3.0.101-0.5.1
      kernel-trace-base-3.0.101-0.5.1
      kernel-trace-devel-3.0.101-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.101]:

      kernel-ec2-3.0.101-0.5.1
      kernel-ec2-base-3.0.101-0.5.1
      kernel-ec2-devel-3.0.101-0.5.1
      kernel-xen-3.0.101-0.5.1
      kernel-xen-base-3.0.101-0.5.1
      kernel-xen-devel-3.0.101-0.5.1
      xen-kmp-default-4.1.6_02_3.0.101_0.5-0.5.5
      xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5

   - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.101]:

      kernel-default-man-3.0.101-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.101]:

      kernel-ppc64-3.0.101-0.5.1
      kernel-ppc64-base-3.0.101-0.5.1
      kernel-ppc64-devel-3.0.101-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.5.1
      kernel-pae-base-3.0.101-0.5.1
      kernel-pae-devel-3.0.101-0.5.1
      xen-kmp-pae-4.1.6_02_3.0.101_0.5-0.5.5

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_3.0.101_0.5-2.18.69
      cluster-network-kmp-trace-1.4_3.0.101_0.5-2.18.69
      gfs2-kmp-default-2_3.0.101_0.5-0.7.98
      gfs2-kmp-trace-2_3.0.101_0.5-0.7.98
      ocfs2-kmp-default-1.6_3.0.101_0.5-0.11.68
      ocfs2-kmp-trace-1.6_3.0.101_0.5-0.11.68

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.101_0.5-2.18.69
      gfs2-kmp-xen-2_3.0.101_0.5-0.7.98
      ocfs2-kmp-xen-1.6_3.0.101_0.5-0.11.68

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):

      cluster-network-kmp-ppc64-1.4_3.0.101_0.5-2.18.69
      gfs2-kmp-ppc64-2_3.0.101_0.5-0.7.98
      ocfs2-kmp-ppc64-1.6_3.0.101_0.5-0.11.68

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):

      cluster-network-kmp-pae-1.4_3.0.101_0.5-2.18.69
      gfs2-kmp-pae-2_3.0.101_0.5-0.7.98
      ocfs2-kmp-pae-1.6_3.0.101_0.5-0.11.68

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.5.1
      kernel-default-base-3.0.101-0.5.1
      kernel-default-devel-3.0.101-0.5.1
      kernel-default-extra-3.0.101-0.5.1
      kernel-source-3.0.101-0.5.1
      kernel-syms-3.0.101-0.5.1
      kernel-trace-3.0.101-0.5.1
      kernel-trace-base-3.0.101-0.5.1
      kernel-trace-devel-3.0.101-0.5.1
      kernel-trace-extra-3.0.101-0.5.1
      kernel-xen-3.0.101-0.5.1
      kernel-xen-base-3.0.101-0.5.1
      kernel-xen-devel-3.0.101-0.5.1
      kernel-xen-extra-3.0.101-0.5.1
      xen-kmp-default-4.1.6_02_3.0.101_0.5-0.5.5
      xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5

   - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.5.1
      kernel-pae-base-3.0.101-0.5.1
      kernel-pae-devel-3.0.101-0.5.1
      kernel-pae-extra-3.0.101-0.5.1
      xen-kmp-pae-4.1.6_02_3.0.101_0.5-0.5.5

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      ext4-writeable-kmp-default-0_3.0.101_0.5-0.14.79
      ext4-writeable-kmp-trace-0_3.0.101_0.5-0.14.79
      kernel-default-extra-3.0.101-0.5.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      ext4-writeable-kmp-xen-0_3.0.101_0.5-0.14.79
      kernel-xen-extra-3.0.101-0.5.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      ext4-writeable-kmp-ppc64-0_3.0.101_0.5-0.14.79
      kernel-ppc64-extra-3.0.101-0.5.1

   - SLE 11 SERVER Unsupported Extras (i586):

      ext4-writeable-kmp-pae-0_3.0.101_0.5-0.14.79
      kernel-pae-extra-3.0.101-0.5.1


References:

   https://www.suse.com/security/cve/CVE-2013-2206.html
   https://bugzilla.novell.com/763463
   https://bugzilla.novell.com/794824
   https://bugzilla.novell.com/797526
   https://bugzilla.novell.com/804950
   https://bugzilla.novell.com/816099
   https://bugzilla.novell.com/820848
   https://bugzilla.novell.com/821259
   https://bugzilla.novell.com/821465
   https://bugzilla.novell.com/826102
   https://bugzilla.novell.com/827246
   https://bugzilla.novell.com/827416
   https://bugzilla.novell.com/828714
   https://bugzilla.novell.com/828894
   https://bugzilla.novell.com/829682
   https://bugzilla.novell.com/831029
   https://bugzilla.novell.com/831143
   https://bugzilla.novell.com/831380
   https://bugzilla.novell.com/832292
   https://bugzilla.novell.com/833321
   https://bugzilla.novell.com/833588
   https://bugzilla.novell.com/833635
   https://bugzilla.novell.com/833820
   https://bugzilla.novell.com/833858
   https://bugzilla.novell.com/834204
   https://bugzilla.novell.com/834600
   https://bugzilla.novell.com/834905
   https://bugzilla.novell.com/835094
   https://bugzilla.novell.com/835684
   https://bugzilla.novell.com/835930
   https://bugzilla.novell.com/836218
   https://bugzilla.novell.com/836347
   https://bugzilla.novell.com/836801
   https://bugzilla.novell.com/837372
   https://bugzilla.novell.com/837803
   https://bugzilla.novell.com/838346
   https://bugzilla.novell.com/838448
   https://bugzilla.novell.com/840830
   https://bugzilla.novell.com/841094
   https://bugzilla.novell.com/841402
   https://bugzilla.novell.com/841498
   https://bugzilla.novell.com/842063
   https://bugzilla.novell.com/842604
   https://bugzilla.novell.com/844513
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2013:1748-1: important: Linux Kernel

November 22, 2013
An update that solves one vulnerability and has 42 fixes is An update that solves one vulnerability and has 42 fixes is An update that solves one vulnerability and has 42 fixes is ...

Summary

The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to version 3.0.101 and also includes various other bug and security fixes. The following features have been added: * Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). * Drivers: hv: Save and export negotiated vmbus version (FATE#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed: * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) The following non-security bugs have been fixed: * kernel: sclp console hangs (...

Read the Full Advisory

References

#763463 #794824 #797526 #804950 #816099 #820848

#821259 #821465 #826102 #827246 #827416 #828714

#828894 #829682 #831029 #831143 #831380 #832292

#833321 #833588 #833635 #833820 #833858 #834204

#834600 #834905 #835094 #835684 #835930 #836218

#836347 #836801 #837372 #837803 #838346 #838448

#840830 #841094 #841402 #841498 #842063 #842604

#844513

Cross- CVE-2013-2206

Affected Products:

SUSE Linux Enterprise Server 11 SP2 for VMware

SUSE Linux Enterprise Server 11 SP2

SUSE Linux Enterprise High Availability Extension 11 SP2

SUSE Linux Enterprise Desktop 11 SP2

SLE 11 SERVER Unsupported Extras

https://www.suse.com/security/cve/CVE-2013-2206.html

https://bugzilla.novell.com/763463

https://bugzilla.novell.com/794824

https://bugzilla.novell.com...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2013:1748-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved