SUSE Security Update: Security update for Real Time Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1750-1
Rating:             important
References:         #754690 #763463 #794824 #797526 #800875 #804950 
                    #808079 #816099 #820848 #821259 #821465 #821948 
                    #822433 #822942 #825291 #826102 #827246 #827416 
                    #827966 #828714 #828894 #829682 #830985 #831029 
                    #831143 #831380 #832292 #833097 #833151 #833321 
                    #833588 #833635 #833820 #833858 #834204 #834600 
                    #834905 #835094 #835189 #835684 #835930 #836218 
                    #836347 #836801 #837372 #837596 #837741 #837803 
                    #838346 #838448 #839407 #839973 #840830 #841050 
                    #841094 #841402 #841498 #841656 #842057 #842063 
                    #842604 #842820 #843429 #843445 #843642 #843645 
                    #843732 #843753 #843950 #844513 #845352 #847319 
                    
Cross-References:   CVE-2013-2206
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 11 SP3
______________________________________________________________________________

   An update that solves one vulnerability and has 71 fixes is
   now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 3 RealTime
   Extension kernel was  updated to version 3.0.101 to fix
   various bugs and security issues.

   The following features have been added:

   * Drivers: hv: Support handling multiple VMBUS versions
   (FATE#314665).
   * Drivers: hv: Save and export negotiated vmbus version
   (FATE#314665).
   * Drivers: hv: Move vmbus version definitions to
   hyperv.h (FATE#314665).

   The following security issue has been fixed:

   * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
   in net/sctp/sm_statefuns.c in the SCTP implementation in
   the Linux kernel did not properly handle associations
   during the processing of a duplicate COOKIE ECHO chunk,
   which allowed remote attackers to cause a denial of service
   (NULL pointer dereference and system crash) or possibly
   have unspecified other impact via crafted SCTP traffic.
   (bnc#826102)

   The following non-security bugs have been fixed:

   * kernel: sclp console hangs (bnc#841498, LTC#95711).
   * kernel: allow program interruption filtering in user
   space (bnc#837596, LTC#97332).
   * Audit: do not print error when LSMs disabled
   (bnc#842057).
   * i2c: ismt: initialize DMA buffer (bnc#843753).
   * powerpc/irq: Run softirqs off the top of the irq
   stack (bnc#847319).
   * softirq: reduce latencies (bnc#797526).
   * softirq: Fix lockup related to stop_machine being
   stuck in __do_softirq (bnc#797526).
   * thp: reduce khugepaged freezing latency (khugepaged
   blocking suspend-to-ram (bnc#825291)).
   * X.509: Remove certificate date checks (bnc#841656).
   * splice: fix racy pipe->buffers uses (bnc#827246).
   * blktrace: fix race with open trace files and
   directory removal (bnc#832292).
   * writeback: Do not sync data dirtied after sync start
   (bnc#833820).
   * elousb: some systems cannot stomach work around
   (bnc#840830).
   * bounce: allow use of bounce pool via config option
   (Bounce memory pool initialisation (bnc#836347)).
   * block: initialize the bounce pool if high memory may
   be added later (Bounce memory pool initialization
   (bnc#836347)).
   * config/debug: Enable FSCACHE_DEBUG and
   CACHEFILES_DEBUG (bnc#837372).
   * xhci: Fix spurious wakeups after S5 on Haswell
   (bnc#833097).
   * cio: add message for timeouts on internal I/O
   (bnc#837741,LTC#97048).
   * elousb: some systems cannot stomach work around
   (bnc#830985).
   * s390/cio: handle unknown pgroup state
   (bnc#837741,LTC#97048).
   * s390/cio: export vpm via sysfs (bnc#837741,LTC#97048).
   * s390/cio: skip broken paths (bnc#837741,LTC#97048).
   * s390/cio: dont abort verification after missing irq
   (bnc#837741,LTC#97048).
   * bio-integrity: track owner of integrity payload
   (bnc#831380).
   * iommu/vt-d: add quirk for broken interrupt remapping
   on 55XX chipsets (bnc#844513).
   * x86/iommu/vt-d: Expand interrupt remapping quirk to
   cover x58 chipset (bnc#844513).
   * iommu/vt-d: Only warn about broken interrupt
   remapping (bnc#844513).
   * iommu: Remove stack trace from broken irq remapping
   warning (bnc#844513).
   * intel-iommu: Fix leaks in pagetable freeing
   (bnc#841402).
   * mm: Do not walk all of system memory during show_mem
   (Reduce tasklist_lock hold times (bnc#821259)).
   * mm, memcg: introduce own oom handler to iterate only
   over its own threads.
   * mm, memcg: move all oom handling to memcontrol.c.
   * mm, oom: avoid looping when chosen thread detaches
   its mm.
   * mm, oom: fold oom_kill_task() into oom_kill_process().
   * mm, oom: introduce helper function to process threads
   during scan.
   * mm, oom: reduce dependency on tasklist_lock. (Reduce
   tasklist_lock hold times (bnc#821259).
   * mm: vmscan: Do not continue scanning if reclaim was
   aborted for compaction (Limit reclaim in the preserve of IO
   (bnc#754690)).
   * mm: vmscan: take page buffers dirty and locked state
   into account (Limit reclaim in the preserve of IO
   (bnc#754690)).
   * mm: vmscan: treat pages marked for immediate reclaim
   as zone congestion (Limit reclaim in the preserve of IO
   (bnc#754690)).
   * mm: vmscan: move direct reclaim wait_iff_congested
   into shrink_list (Limit reclaim in the preserve of IO
   (bnc#754690)).
   * mm: vmscan: set zone flags before blocking (Limit
   reclaim in the preserve of IO (bnc#754690)).
   * mm: vmscan: stall page reclaim after a list of pages
   have been processed (Limit reclaim in the preserve of IO
   (bnc#754690)).
   * mm: vmscan: stall page reclaim and writeback pages
   based on dirty/writepage pages encountered (Limit reclaim
   in the reserve of IO (bnc#754690)).
   * mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP
   areas (bnc#822942).
   * Update EC2 config files (STRICT_DEVMEM off,
   bnc#843732).
   * Fixed Xen guest freezes (bnc#829682, bnc#842063).
   * rcu: Do not trigger false positive RCU stall
   detection (bnc#834204).
   * libata: Set proper SK when CK_COND is set
   (bnc#833588).
   * libata: Set proper Sense Key for Check Condition
   (bnc#833588).
   * lib/radix-tree.c: make radix_tree_node_alloc() work
   correctly within interrupt (bnc#763463).
   * md: Throttle number of pending write requests in
   md/raid10 (bnc#833858).
   * dm: ignore merge_bvec for snapshots when safe
   (bnc#820848).
   * fs: do_add_mount()/umount -l races (bnc#836801).
   * SUNRPC: close a rare race in xs_tcp_setup_socket
   (bnc#794824).
   * NFS: make nfs_flush_incompatible more generous
   (bnc#816099).
   * NFS: don't try to use lock state when we hold a
   delegation (bnc#831029).
   * NFS: nfs_lookup_revalidate(): fix a leak (bnc#828894).
   * cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields
   (bnc#804950).
   * xfs: growfs: use uncached buffers for new headers   (bnc#842604).
   * xfs: avoid double-free in xfs_attr_node_addname.
   * xfs: Check the return value of xfs_buf_get()
   (bnc#842604).
   * cifs: revalidate directories instiantiated via FIND_*
   in order to handle DFS referrals (bnc#831143).
   * cifs: don't instantiate new dentries in readdir for
   inodes that need to be revalidated immediately (bnc#831143).
   * cifs: rename cifs_readdir_lookup to cifs_prime_dcache
   and make it void return (bnc#831143).
   * cifs: get rid of blind d_drop() in readdir
   (bnc#831143).
   * cifs: cleanup cifs_filldir (bnc#831143).
   * cifs: on send failure, readjust server sequence
   number downward (bnc#827966).
   * cifs: adjust sequence number downward after signing
   NT_CANCEL request (bnc#827966).
   * cifs: on send failure, readjust server sequence
   number downward (bnc#827966).
   * cifs: adjust sequence number downward after signing
   NT_CANCEL request (bnc#827966).
   * reiserfs: fix race with flush_used_journal_lists and
   flush_journal_list (bnc#837803).
   * reiserfs: remove useless flush_old_journal_lists.
   * mvsas: add support for 9480 device id (bnc#843950).
   * drm/i915: Disable GGTT PTEs on GEN6+ suspend
   (bnc#800875).
   * drm/i915/hsw: Disable L3 caching of atomic memory
   operations (bnc#800875).
   * r8169: fix argument in rtl_hw_init_8168g
   (bnc#845352,bnc#842820).
   * r8169: support RTL8168G (bnc#845352,bnc#842820).
   * r8169: abstract out loop conditions
   (bnc#845352,bnc#842820).
   * r8169: mdio_ops signature change
   (bnc#845352,bnc#842820).
   * megaraid_sas: Disable controller reset for ppc
   (bnc#841050).
   * scsi_dh_alua: simplify alua_check_sense()
   (bnc#843642).
   * scsi_dh_alua: Fix missing close brace in
   alua_check_sense (bnc#843642).
   * scsi_dh_alua: retry command on 'mode parameter
   changed' sense code (bnc#843645).
   * scsi_dh_alua: invalid state information for
   'optimized' paths (bnc#843445).
   * scsi_dh_alua: reattaching device handler fails with
   'Error 15' (bnc#843429).
   * iscsi: don't hang in endless loop if no targets
   present (bnc#841094).
   * scsi_dh_alua: Allow get_alua_data() to return NULL
   (bnc#839407).
   * quirks: add touchscreen that is dazzeled by remote
   wakeup (bnc#835930).
   * bnx2x: Change to D3hot only on removal (bnc#838448).
   * tty/hvc_iucv: Disconnect IUCV connection when
   lowering DTR (bnc#839973,LTC#97595).
   * tty/hvc_console: Add DTR/RTS callback to handle HUPCL
   control (bnc#839973,LTC#97595).
   * series.conf: disable XHCI ring expansion patches
   because on machines with large memory they cause a
   starvation problem (bnc#833635)
   * Drivers: hv: util: Fix a bug in version negotiation
   code for util services (bnc#828714).
   * Drivers: hv: util: Correctly support ws2008R2 and
   earlier (bnc#838346).
   * Drivers: hv: vmbus: Do not attempt to negoatiate a
   new version prematurely.
   * Drivers: hv: util: Correctly support ws2008R2 and
   earlier (bnc#838346).
   * Drivers: hv: vmbus: Terminate vmbus version
   negotiation on timeout.
   * Drivers: hv: util: Fix a bug in version negotiation
   code for util services (bnc#828714).
   * Drivers: hv: balloon: Initialize the transaction ID
   just before sending the packet.
   * Drivers: hv: remove HV_DRV_VERSION.
   * Drivers: hv: vmbus: Fix a bug in the handling of
   channel offers.
   * Drivers: hv: util: Fix a bug in util version
   negotiation code (bnc#838346).
   * mlx4: allow IB_QP_CREATE_USE_GFP_NOFS in
   mlx4_ib_create_qp() (bnc#822433).
   * drm/i915: disable sound first on intel_disable_ddi
   (bnc#833151).
   * ALSA: hda - Re-setup HDMI pin and audio infoframe on
   stream switches (bnc#833151).
   * drm/i915: HDMI/DP - ELD info refresh support for
   Haswell (bnc#833151).
   * drm/cirrus: This is a cirrus version of Egbert Eich's
   patch for mgag200 (bnc#808079).
   * vmxnet3: prevent div-by-zero panic when ring resizing
   uninitialized dev (bnc#833321).
   * net/mlx4_en: Fix BlueFlame race (bnc#835684).
   * be2net: Check for POST state in suspend-resume
   sequence (bnc#835189).
   * be2net: bug fix on returning an invalid nic
   descriptor (bnc#835189).
   * be2net: provision VF resources before enabling SR-IOV
   (bnc#835189).
   * be2net: Fix firmware download for Lancer (bnc#835189).
   * be2net: Fix to use version 2 of cq_create for
   SkyHawk-R devices (bnc#835189).
   * be2net: Use GET_FUNCTION_CONFIG V1 cmd (bnc#835189).
   * be2net: Avoid flashing BE3 UFI on BE3-R chip
   (bnc#835189).
   * be2net: Use TXQ_CREATE_V2 cmd (bnc#835189).
   * ipv6: don't call fib6_run_gc() until routing is ready
   (bnc#836218).
   * ipv6: prevent fib6_run_gc() contention (bnc#797526).
   * ipv6: update ip6_rt_last_gc every time GC is run
   (bnc#797526).
   * netfilter: nf_conntrack: use RCU safe kfree for
   conntrack extensions (bnc#827416 bko#60853
   bugzilla.netfilter.org:714).
   * netfilter: prevent race condition breaking net
   reference counting (bnc#835094).
   * sctp: deal with multiple COOKIE_ECHO chunks
   (bnc#826102).
   * net: remove skb_orphan_try() (bnc#834600).
   * bonding: check bond->vlgrp in bond_vlan_rx_kill_vid()
   (bnc#834905).
   * tools: hv: Improve error logging in VSS daemon.
   * tools: hv: Check return value of poll call.
   * tools: hv: Check return value of setsockopt call.
   * Tools: hv: fix send/recv buffer allocation.
   * Tools: hv: check return value of daemon to fix
   compiler warning.
   * Tools: hv: in kvp_set_ip_info free mac_addr right
   after usage.
   * Tools: hv: check return value of system in
   hv_kvp_daemon.
   * Tools: hv: correct payload size in netlink_send.
   * Tools: hv: use full nlmsghdr in netlink_send.
   * rpm/old-flavors, rpm/mkspec: Add version information
   to obsolete flavors (bnc#821465).
   * rpm/kernel-binary.spec.in: Move the xenpae obsolete
   to the old-flavors file.
   * rpm/old-flavors: Convert the old-packages.conf file
   to a flat list.
   * rpm/old-packages.conf: Drop bogus obsoletes for "smp"
   (bnc#821465).
   * rpm/kernel-binary.spec.in: Make sure that all KMP
   obsoletes are versioned (bnc#821465).
   * rpm/kernel-binary.spec.in: Remove unversioned
   provides/obsoletes for packages that were only seen in
   openSUSE releases up to 11.0. (bnc#821465).
   * sched/workqueue: Only wake up idle workers if not
   blocked on sleeping spin lock.
   * genirq: Set irq thread to RT priority on creation.
   * timers: prepare for full preemption improve.
   * kernel/cpu: fix cpu down problem if kthread's cpu is
   going down.
   * kernel/hotplug: restore original cpu mask oncpu/down.
   * drm/i915: drop trace_i915_gem_ring_dispatch on rt.
   * rt,ntp: Move call to schedule_delayed_work() to
   helper thread.
   * hwlat-detector: Update hwlat_detector to add outer
   loop detection.
   * hwlat-detect/trace: Export trace_clock_local for
   hwlat-detector.
   * hwlat-detector: Use trace_clock_local if available.
   * hwlat-detector: Use thread instead of stop machine.
   * genirq: do not invoke the affinity callback via a
   workqueue.
   * Btrfs: fix negative qgroup tracking from owner
   accounting (bnc#821948).
   * Btrfs: add missing error checks to
   add_data_references.
   * Btrfs: change how we queue blocks for backref
   checking.
   * Btrfs: add missing error handling to read_tree_block.
   * Btrfs: handle errors when doing slow caching.
   * Btrfs: fix inode leak on kmalloc failure in
   tree-log.c.
   * Btrfs: don't ignore errors from
   btrfs_run_delayed_items.
   * Btrfs: fix oops when writing dirty qgroups to disk.
   * Btrfs: do not clear our orphan item runtime flag on
   eexist.
   * Btrfs: remove ourselves from the cluster list under
   lock.
   * Btrfs: remove unnecessary ->s_umount in
   cleaner_kthread().
   * Btrfs: make the cleaner complete early when the fs is
   going to be umounted.
   * Btrfs: move the R/O check out of
   btrfs_clean_one_deleted_snapshot().
   * Btrfs: make the snap/subv deletion end more early
   when the fs is R/O.
   * Btrfs: optimize key searches in btrfs_search_slot.
   * Btrfs: fix printing of non NULL terminated string.
   * Btrfs: fix memory leak of orphan block rsv.
   * Btrfs: don't miss inode ref items in
   BTRFS_IOC_INO_LOOKUP.
   * Btrfs: add missing error code to BTRFS_IOC_INO_LOOKUP
   handler.
   * Btrfs: fix the error handling wrt orphan items.
   * Btrfs: don't allow a subvol to be deleted if it is
   the default subovl.
   * Btrfs: return ENOSPC when target space is full.
   * Btrfs: don't bug_on when we fail when cleaning up
   transactions.
   * Btrfs: add missing mounting options in
   btrfs_show_options().
   * Btrfs: use u64 for subvolid when parsing mount
   options.
   * Btrfs: add sanity checks regarding to parsing mount
   options.
   * Btrfs: cleanup reloc roots properly on error.
   * Btrfs: reset ret in record_one_backref.
   * Btrfs: fix get set label blocking against balance.
   * Btrfs: fall back to global reservation when removing
   subvolumes.
   * Btrfs: Release uuid_mutex for shrink during device
   delete.
   * Btrfs: update fixups from 3.11   * Btrfs: add ioctl to wait for qgroup rescan completion.
   * Btrfs: remove useless copy in quota_ctl.
   * Btrfs: do delay iput in sync_fs.
   * Btrfs: fix estale with btrfs send.
   * Btrfs: return error code in
   btrfs_check_trunc_cache_free_space().
   * Btrfs: dont do log_removal in insert_new_root.
   * Btrfs: check if leaf's parent exists before pushing
   items around.
   * Btrfs: allow file data clone within a file.
   * Btrfs: simplify unlink reservations.
   * Btrfs: fix qgroup rescan resume on mount.
   * Btrfs: do not pin while under spin lock.
   * Btrfs: add some missing iput()'s in
   btrfs_orphan_cleanup.
   * Btrfs: put our inode if orphan cleanup fails.
   * Btrfs: exclude logged extents before replying when we
   are mixed.
   * Btrfs: fix broken nocow after balance.
   * Btrfs: wake up delayed ref flushing waiters on abort.
   * Btrfs: stop waiting on current trans if we aborted.
   * Btrfs: fix transaction throttling for delayed refs.
   * Btrfs: free csums when we're done scrubbing an extent.
   * Btrfs: unlock extent range on enospc in compressed
   submit.
   * Btrfs: stop using try_to_writeback_inodes_sb_nr to
   flush delalloc.
   * Btrfs: check if we can nocow if we don't have data
   space.
   * Btrfs: cleanup orphaned root orphan item.
   * Btrfs: hold the tree mod lock in
   __tree_mod_log_rewind.
   * Btrfs: only do the tree_mod_log_free_eb if this is
   our last ref.
   * Btrfs: wait ordered range before doing direct io.
   * Btrfs: update drop progress before stopping snapshot
   dropping.
   * Btrfs: fix lock leak when resuming snapshot deletion.
   * Btrfs: re-add root to dead root list if we stop
   dropping it.
   * Btrfs: fix file truncation if FALLOC_FL_KEEP_SIZE is
   specified.
   * Btrfs: fix a bug of snapshot-aware defrag to make it
   work on partial extents.
   * Btrfs: fix extent buffer leak after backref walking.
   * Btrfs: do not offset physical if we're compressed.
   * Btrfs: fix backref walking when we hit a compressed
   extent.
   * Btrfs: make sure the backref walker catches all refs
   to our extent.
   * Btrfs: release both paths before logging dir/changed
   extents.
   * Btrfs: add btrfs_fs_incompat helper.
   * Btrfs: merge save_error_info helpers into one.
   * Btrfs: clean up transaction abort messages.
   * Btrfs: cleanup unused arguments of btrfs_csum_data.
   * Btrfs: use helper to cleanup tree roots.
   * Btrfs: share stop worker code.
   * Btrfs: Cleanup some redundant codes in
   btrfs_lookup_csums_range().
   * Btrfs: clean snapshots one by one.
   * Btrfs: deprecate subvolrootid mount option.
   * Btrfs: make orphan cleanup less verbose.
   * Btrfs: cover more error codes in btrfs_decode_error.
   * Btrfs: make subvol creation/deletion killable in the
   early stages.
   * Btrfs: fix a warning when disabling quota.
   * Btrfs: fix infinite loop when we abort on mount.
   * Btrfs: compare relevant parts of delayed tree refs.
   * Btrfs: kill some BUG_ONs() in the find_parent_nodes().
   * Btrfs: fix double free in the iterate_extent_inodes().
   * Btrfs: fix error handling in make/read block group.
   * Btrfs: don't wait on ordered extents if we have a
   trans open.
   * Btrfs: log ram bytes properly.
   * Btrfs: fix bad extent logging.
   * Btrfs: improve the performance of the csums lookup.
   * Btrfs: ignore device open failures in
   __btrfs_open_devices.
   * Btrfs: abort unlink trans in missed error case.
   * Btrfs: creating the subvolume qgroup automatically
   when enabling quota.
   * Btrfs: introduce a mutex lock for btrfs quota
   operations.
   * Btrfs: remove some unnecessary spin_lock usages.
   * Btrfs: fix missing check before creating a qgroup
   relation.
   * Btrfs: fix missing check in the
   btrfs_qgroup_inherit().
   * Btrfs: fix a warning when updating qgroup limit.
   * Btrfs: use tree_root to avoid edquot when disabling
   quota.
   * Btrfs: remove some BUG_ONs() when walking backref
   tree.
   * Btrfs: make __merge_refs() return type be void.
   * Btrfs: add a rb_tree to improve performance of ulist
   search.
   * Btrfs: fix unblocked autodefraggers when remount.
   * Btrfs: fix tree mod log regression on root split
   operations.
   * Btrfs: fix accessing the root pointer in tree mod log
   functions.
   * Btrfs: fix unlock after free on rewinded tree blocks.
   * Btrfs: do not continue if out of memory happens.
   * Btrfs: fix confusing edquot happening case.
   * Btrfs: remove unused argument of fixup_low_keys().
   * Btrfs: fix reada debug code compilation.
   * Btrfs: return error when we specify wrong start to
   defrag.
   * Btrfs: don't force pages under writeback to finish
   when aborting.
   * Btrfs: clear received_uuid field for new writable
   snapshots.
   * Btrfs: fix missing check about ulist_add() in
   qgroup.c.
   * Btrfs: add all ioctl checks before user change for
   quota operations.
   * Btrfs: fix lockdep warning.
   * Btrfs: fix possible infinite loop in slow caching.
   * Btrfs: use REQ_META for all metadata IO.
   * Btrfs: deal with bad mappings in btrfs_map_block.
   * Btrfs: don't call readahead hook until we have read
   the entire eb.
   * Btrfs: don't BUG_ON() in btrfs_num_copies.
   * Btrfs: don't try and free ebs twice in log replay.
   * Btrfs: add tree block level sanity check.
   * Btrfs: only exclude supers in the range of our block
   group.
   * Btrfs: fix all callers of read_tree_block.
   * Btrfs: fix extent logging with O_DIRECT into prealloc.
   * Btrfs: cleanup fs roots if we fail to mount.
   * Btrfs: don't panic if we're trying to drop too many
   refs.
   * Btrfs: check return value of commit when recovering
   log.
   * Btrfs: cleanup destroy_marked_extents.
   * Btrfs: various abort cleanups.
   * Btrfs: fix error handling in btrfs_ioctl_send().
   * Btrfs: set UUID in root_item for created trees.
   * Btrfs: return free space in cow error path.
   * Btrfs: separate sequence numbers for delayed ref
   tracking and tree mod log.
   * Btrfs: allocate new chunks if the space is not enough
   for global rsv.
   * Btrfs: split btrfs_qgroup_account_ref into four
   functions (FATE#312751).
   * Btrfs: rescan for qgroups (FATE#312751).
   * Btrfs: automatic rescan after "quota enable" command
   (FATE#312751).
   * Btrfs: deal with free space cache errors while
   replaying log.
   * Btrfs: remove almost all of the BUG()'s from
   tree-log.c.
   * Btrfs: deal with errors in write_dev_supers.
   * Btrfs: make static code static & remove dead code.
   * Btrfs: handle errors returned from get_tree_block_key.
   * Btrfs: remove unused gfp mask parameter from
   release_extent_buffer callchain.
   * Btrfs: read entire device info under lock.
   * Btrfs: improve the loop of scrub_stripe.
   * Btrfs: use unsigned long type for extent state bits.
   * Btrfs: enhance superblock checks.
   * Btrfs: allow superblock mismatch from older mkfs.
   * Btrfs: annotate quota tree for lockdep.
   * Btrfs: fix off-by-one in fiemap.
   * Btrfs: don't stop searching after encountering the
   wrong item.
   * Btrfs: don't null pointer deref on abort.
   * Btrfs: remove warn on in free space cache writeout.
   * Btrfs: fix possible memory leak in the
   find_parent_nodes().
   * Btrfs: fix possible memory leak in replace_path().
   * Btrfs: don't abort the current transaction if there
   is no enough space for inode cache.
   * Btrfs: don't use global block reservation for inode
   cache truncation.
   * Btrfs: optimize the error handle of use_block_rsv().
   * Btrfs: don't steal the reserved space from the global
   reserve if their space type is different.
   * Btrfs: update the global reserve if it is empty.
   * Btrfs: return errno if possible when we fail to
   allocate memory.
   * Btrfs: fix accessing a freed tree root.
   * Btrfs: fix unprotected root node of the subvolume's
   inode rb-tree.
   * Btrfs: pause the space balance when remounting to R/O.
   * Btrfs: remove BUG_ON() in
   btrfs_read_fs_tree_no_radix().
   * Btrfs: don't invoke btrfs_invalidate_inodes() in the
   spin lock context.
   * Btrfs: do away with non-whole_page extent I/O.
   * Btrfs: explicitly use global_block_rsv for quota_tree.
   * Btrfs: make sure roots are assigned before freeing
   their nodes.
   * Btrfs: don't delete fs_roots until after we cleanup
   the transaction.
   * Btrfs: Drop inode if inode root is NULL.
   * Btrfs: init relocate extent_io_tree with a mapping.
   * Btrfs: fix use-after-free bug during umount.
   * Btrfs: stop all workers before cleaning up roots.
   * Btrfs: add log message stubs.

   Security Issues:

   * CVE-2013-2206
   

Indications:

   Everyone using the Real Time Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 11 SP3:

      zypper in -t patch slertesp3-kernel-8544

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]:

      cluster-network-kmp-rt-1.4_3.0.101_rt130_0.8-2.27.24
      cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.8-2.27.24
      drbd-kmp-rt-8.4.4_3.0.101_rt130_0.8-0.18.8
      drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.8-0.18.8
      iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.8-0.38.9
      iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.8-0.38.9
      kernel-rt-3.0.101.rt130-0.8.3
      kernel-rt-base-3.0.101.rt130-0.8.3
      kernel-rt-devel-3.0.101.rt130-0.8.3
      kernel-rt_trace-3.0.101.rt130-0.8.3
      kernel-rt_trace-base-3.0.101.rt130-0.8.3
      kernel-rt_trace-devel-3.0.101.rt130-0.8.3
      kernel-source-rt-3.0.101.rt130-0.8.1
      kernel-syms-rt-3.0.101.rt130-0.8.1
      lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.8-0.11.11
      lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.8-0.11.11
      ocfs2-kmp-rt-1.6_3.0.101_rt130_0.8-0.20.24
      ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.8-0.20.24
      ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.8-0.13.15
      ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.8-0.13.15


References:

   https://www.suse.com/security/cve/CVE-2013-2206.html
   https://bugzilla.novell.com/754690
   https://bugzilla.novell.com/763463
   https://bugzilla.novell.com/794824
   https://bugzilla.novell.com/797526
   https://bugzilla.novell.com/800875
   https://bugzilla.novell.com/804950
   https://bugzilla.novell.com/808079
   https://bugzilla.novell.com/816099
   https://bugzilla.novell.com/820848
   https://bugzilla.novell.com/821259
   https://bugzilla.novell.com/821465
   https://bugzilla.novell.com/821948
   https://bugzilla.novell.com/822433
   https://bugzilla.novell.com/822942
   https://bugzilla.novell.com/825291
   https://bugzilla.novell.com/826102
   https://bugzilla.novell.com/827246
   https://bugzilla.novell.com/827416
   https://bugzilla.novell.com/827966
   https://bugzilla.novell.com/828714
   https://bugzilla.novell.com/828894
   https://bugzilla.novell.com/829682
   https://bugzilla.novell.com/830985
   https://bugzilla.novell.com/831029
   https://bugzilla.novell.com/831143
   https://bugzilla.novell.com/831380
   https://bugzilla.novell.com/832292
   https://bugzilla.novell.com/833097
   https://bugzilla.novell.com/833151
   https://bugzilla.novell.com/833321
   https://bugzilla.novell.com/833588
   https://bugzilla.novell.com/833635
   https://bugzilla.novell.com/833820
   https://bugzilla.novell.com/833858
   https://bugzilla.novell.com/834204
   https://bugzilla.novell.com/834600
   https://bugzilla.novell.com/834905
   https://bugzilla.novell.com/835094
   https://bugzilla.novell.com/835189
   https://bugzilla.novell.com/835684
   https://bugzilla.novell.com/835930
   https://bugzilla.novell.com/836218
   https://bugzilla.novell.com/836347
   https://bugzilla.novell.com/836801
   https://bugzilla.novell.com/837372
   https://bugzilla.novell.com/837596
   https://bugzilla.novell.com/837741
   https://bugzilla.novell.com/837803
   https://bugzilla.novell.com/838346
   https://bugzilla.novell.com/838448
   https://bugzilla.novell.com/839407
   https://bugzilla.novell.com/839973
   https://bugzilla.novell.com/840830
   https://bugzilla.novell.com/841050
   https://bugzilla.novell.com/841094
   https://bugzilla.novell.com/841402
   https://bugzilla.novell.com/841498
   https://bugzilla.novell.com/841656
   https://bugzilla.novell.com/842057
   https://bugzilla.novell.com/842063
   https://bugzilla.novell.com/842604
   https://bugzilla.novell.com/842820
   https://bugzilla.novell.com/843429
   https://bugzilla.novell.com/843445
   https://bugzilla.novell.com/843642
   https://bugzilla.novell.com/843645
   https://bugzilla.novell.com/843732
   https://bugzilla.novell.com/843753
   https://bugzilla.novell.com/843950
   https://bugzilla.novell.com/844513
   https://bugzilla.novell.com/845352
   https://bugzilla.novell.com/847319
   https://login.microfocus.com/nidp/idff/sso

SuSE: 2013:1750-1: important: Real Time Linux Kernel

November 22, 2013
An update that solves one vulnerability and has 71 fixes is An update that solves one vulnerability and has 71 fixes is An update that solves one vulnerability and has 71 fixes is ...

Summary

The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was updated to version 3.0.101 to fix various bugs and security issues. The following features have been added: * Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). * Drivers: hv: Save and export negotiated vmbus version (FATE#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed: * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) The following non-security bugs have been fixed: * kernel: sclp console han...

Read the Full Advisory

References

#754690 #763463 #794824 #797526 #800875 #804950

#808079 #816099 #820848 #821259 #821465 #821948

#822433 #822942 #825291 #826102 #827246 #827416

#827966 #828714 #828894 #829682 #830985 #831029

#831143 #831380 #832292 #833097 #833151 #833321

#833588 #833635 #833820 #833858 #834204 #834600

#834905 #835094 #835189 #835684 #835930 #836218

#836347 #836801 #837372 #837596 #837741 #837803

#838346 #838448 #839407 #839973 #840830 #841050

#841094 #841402 #841498 #841656 #842057 #842063

#842604 #842820 #843429 #843445 #843642 #843645

#843732 #843753 #843950 #844513 #845352 #847319

Cross- CVE-2013-2206

Affected Products:

SUSE Linux Enterprise Real Time Extension 11 SP3

https://www.suse.com/security/cve/CVE-2013-2206.html

https:...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2013:1750-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved