Security update for Real Time Linux Kernel
SUSE Security Update: Security update for Real Time Linux Kernel
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to version 3.0.93 and to fix various bugs and
security issues.
The following features have been added:
* NFS: Now supports a "nosharetransport" option
(bnc#807502, bnc#828192, FATE#315593).
* ALSA: virtuoso: Xonar DSX support was added
(FATE#316016).
The following security issues have been fixed:
*
CVE-2013-2148: The fill_event_metadata function in
fs/notify/fanotify/fanotify_user.c in the Linux kernel did
not initialize a certain structure member, which allowed
local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.
*
CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel did not initialize
a certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy
interface of an IPSec key_socket.
*
CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.
*
CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel did not initialize certain structure
members, which allowed local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
CVE-2013-4162: The udp_v6_push_pending_frames function in
net/ipv6/udp.c in the IPv6 implementation in the Linux
kernel made an incorrect function call for pending data,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1059: net/ceph/auth_none.c in the Linux
kernel allowed remote attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via an auth_reply
message that triggers an attempted build_request operation.
*
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory
via a read operation on a malfunctioning CD-ROM drive.
*
CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
allowed local users to gain privileges by leveraging root
access and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create
a crafted /dev/md device name.
*
CVE-2013-4163: The ip6_append_data_mtu function in
net/ipv6/ip6_output.c in the IPv6 implementation in the
Linux kernel did not properly maintain information about
whether the IPV6_MTU setsockopt option had been specified,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1929: Heap-based buffer overflow in the
tg3_read_vpd function in
drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
allowed physically proximate attackers to cause a denial of
service (system crash) or possibly execute arbitrary code
via crafted firmware that specifies a long string in the
Vital Product Data (VPD) data structure.
*
CVE-2013-1819: The _xfs_buf_find function in
fs/xfs/xfs_buf.c in the Linux kernel did not validate block
numbers, which allowed local users to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by leveraging the
ability to mount an XFS filesystem containing a metadata
inode with an invalid extent map.
Also the following non-security bugs have been fixed:
* ACPI / APEI: Force fatal AER severity when component
has been reset (bnc#828886 bnc#824568).
* PCI/AER: Move AER severity defines to aer.h
(bnc#828886 bnc#824568).
* PCI/AER: Set dev->__aer_firmware_first only for
matching devices (bnc#828886 bnc#824568).
* PCI/AER: Factor out HEST device type matching
(bnc#828886 bnc#824568).
* PCI/AER: Do not parse HEST table for non-PCIe devices
(bnc#828886 bnc#824568).
*
PCI/AER: Reset link for devices below Root Port or
Downstream Port (bnc#828886 bnc#824568).
*
zfcp: fix lock imbalance by reworking request queue
locking (bnc#835175, LTC#96825).
*
qeth: Fix crash on initial MTU size change
(bnc#835175, LTC#96809).
*
qeth: change default standard blkt settings for OSA
Express (bnc#835175, LTC#96808).
*
x86: Add workaround to NMI iret woes (bnc#831949).
*
x86: Do not schedule while still in NMI context
(bnc#831949).
*
drm/i915: no longer call drm_helper_resume_force_mode
(bnc#831424,bnc#800875).
*
bnx2x: protect different statistics flows
(bnc#814336).
* bnx2x: Avoid sending multiple statistics queries
(bnc#814336).
*
bnx2x: protect different statistics flows
(bnc#814336).
*
ALSA: hda - Fix unbalanced runtime pm refount
(bnc#834742).
*
xhci: directly calling _PS3 on suspend (bnc#833148).
*
futex: Take hugepages into account when generating
futex_key.
*
e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
* e1000e: helper functions for accessing EMI registers
(bnc#834647).
* e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
*
e1000e: helper functions for accessing EMI registers
(bnc#834647).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
printk: Add NMI ringbuffer (bnc#831949).
* printk: extract ringbuffer handling from vprintk
(bnc#831949).
* printk: NMI safe printk (bnc#831949).
* printk: Make NMI ringbuffer size independent on
log_buf_len (bnc#831949).
* printk: Do not call console_unlock from nmi context
(bnc#831949).
*
printk: Do not use printk_cpu from finish_printk
(bnc#831949).
*
zfcp: fix schedule-inside-lock in scsi_device list
loops (bnc#833073, LTC#94937).
*
uvc: increase number of buffers (bnc#822164,
bnc#805804).
*
drm/i915: Adding more reserved PCI IDs for Haswell
(bnc#834116).
*
Refresh patches.xen/xen-netback-generalize
(bnc#827378).
*
Update Xen patches to 3.0.87.
*
mlx4_en: Adding 40gb speed report for ethtool
(bnc#831410).
*
drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
* drm/i915: Fix write-read race with multiple rings
(bnc#831422).
* drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
*
drm/i915: Fix write-read race with multiple rings
(bnc#831422).
*
xhci: Add xhci_disable_ports boot option (bnc#822164).
*
xhci: set device to D3Cold on shutdown (bnc#833097).
*
reiserfs: Fixed double unlock in reiserfs_setattr
failure path.
* reiserfs: locking, release lock around quota
operations (bnc#815320).
* reiserfs: locking, push write lock out of xattr code
(bnc#815320).
* reiserfs: locking, handle nested locks properly
(bnc#815320).
* reiserfs: do not lock journal_init() (bnc#815320).
*
reiserfs: delay reiserfs lock until journal
initialization (bnc#815320).
*
NFS: support "nosharetransport" option (bnc#807502,
bnc#828192, FATE#315593).
*
HID: hyperv: convert alloc+memcpy to memdup.
* Drivers: hv: vmbus: Implement multi-channel support
(fate#316098).
* Drivers: hv: Add the GUID fot synthetic fibre channel
device (fate#316098).
* tools: hv: Check return value of setsockopt call.
* tools: hv: Check return value of poll call.
* tools: hv: Check retrun value of strchr call.
* tools: hv: Fix file descriptor leaks.
* tools: hv: Improve error logging in KVP daemon.
* drivers: hv: switch to use mb() instead of smp_mb().
* drivers: hv: check interrupt mask before read_index.
* drivers: hv: allocate synic structures before
hv_synic_init().
* storvsc: Increase the value of scsi timeout for
storvsc devices (fate#316098).
* storvsc: Update the storage protocol to win8 level
(fate#316098).
* storvsc: Implement multi-channel support
(fate#316098).
* storvsc: Support FC devices (fate#316098).
* storvsc: Increase the value of
STORVSC_MAX_IO_REQUESTS (fate#316098).
* hyperv: Fix the NETIF_F_SG flag setting in netvsc.
* Drivers: hv: vmbus: incorrect device name is printed
when child device is unregistered.
*
Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
(bnc#828714).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
dm mpath: add retain_attached_hw_handler feature
(bnc#760407).
*
scsi_dh: add scsi_dh_attached_handler_name
(bnc#760407).
*
af_key: fix info leaks in notify messages (bnc#827749
CVE-2013-2234).
*
af_key: initialize satype in
key_notify_policy_flush() (bnc#828119 CVE-2013-2237).
*
ipv6: call udp_push_pending_frames when uncorking a
socket with (bnc#831058, CVE-2013-4162).
*
tg3: fix length overflow in VPD firmware parsing
(bnc#813733 CVE-2013-1929).
*
xfs: fix _xfs_buf_find oops on blocks beyond the
filesystem end (CVE-2013-1819 bnc#807471).
*
ipv6: ip6_sk_dst_check() must not assume ipv6 dst
(bnc#827750, CVE-2013-2232).
*
dasd: fix hanging devices after path events
(bnc#831623, LTC#96336).
*
kernel: z90crypt module load crash (bnc#831623,
LTC#96214).
*
ata: Fix DVD not dectected at some platform with
Wellsburg PCH (bnc#822225).
*
drm/i915: edp: add standard modes (bnc#832318).
*
Do not switch camera on yet more HP machines
(bnc#822164).
*
Do not switch camera on HP EB 820 G1 (bnc#822164).
*
xhci: Avoid NULL pointer deref when host dies
(bnc#827271).
*
bonding: disallow change of MAC if fail_over_mac
enabled (bnc#827376).
* bonding: propagate unicast lists down to slaves
(bnc#773255 bnc#827372).
* net/bonding: emit address change event also in
bond_release (bnc#773255 bnc#827372).
*
bonding: emit event when bonding changes MAC
(bnc#773255 bnc#827372).
*
usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
controllers with xhci 1.0 (bnc#797909).
*
xhci: fix null pointer dereference on
ring_doorbell_for_active_rings (bnc#827271).
*
updated reference for security issue fixed inside
(CVE-2013-3301 bnc#815256)
*
qla2xxx: Clear the MBX_INTR_WAIT flag when the
mailbox time-out happens (bnc#830478).
*
drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
* drm/i915: fix up gt init sequence fallout
(bnc#801341).
* drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
*
drm/i915: fix up gt init sequence fallout
(bnc#801341).
*
timer_list: Correct the iterator for timer_list
(bnc#818047).
*
firmware: do not spew errors in normal boot
(bnc#831438, fate#314574).
*
ALSA: virtuoso: Xonar DSX support (FATE#316016).
*
SUNRPC: Ensure we release the socket write lock if
the rpc_task exits early (bnc#830901).
*
ext4: Re-add config option Building ext4 as the
ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that
read-write module should be enabled. This update just
defaults allow_rw to true if it is set.
*
e1000: fix vlan processing regression (bnc#830766).
*
ext4: force read-only unless rw=1 module option is
used (fate#314864).
*
dm mpath: fix ioctl deadlock when no paths
(bnc#808940).
*
HID: fix unused rsize usage (bnc#783475).
*
add reference for b43 format string flaw (bnc#822579
CVE-2013-2852)
*
HID: fix data access in implement() (bnc#783475).
*
xfs: fix deadlock in xfs_rtfree_extent with kernel
v3.x (bnc#829622).
*
kernel: sclp console hangs (bnc#830346, LTC#95711).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
Delete
patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi
rst-occurrence. It was removed from series.conf in
063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was
not deleted.
*
Drivers: hv: balloon: Do not post pressure status if
interrupted (bnc#829539).
*
Drivers: hv: balloon: Fix a bug in the hot-add code
(bnc#829539).
*
drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
* drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
* drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
*
drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
* r8169: move the firmware down into the device private
data (bnc#805371).
* r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
*
r8169: move the firmware down into the device private
data (bnc#805371).
*
patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:
mm: link_mem_sections make sure nmi watchdog does not
trigger while linking memory sections (bnc#820434).
*
drm/i915: fix long-standing SNB regression in power
consumption after resume v2 (bnc#801341).
*
RTC: Add an alarm disable quirk (bnc#805740).
*
drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
* drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
* drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
*
drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
*
drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
* drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
* drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
*
drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
*
patches.arch/s390-66-02-smp-ipi.patch: kernel: lost
IPIs on CPU hotplug (bnc#825048, LTC#94784).
*
patches.fixes/iwlwifi-use-correct-supported-firmware-for-603
5-and-.patch: iwlwifi: use correct supported firmware for
6035 and 6000g2 (bnc#825887).
*
patches.fixes/watchdog-update-watchdog_thresh-atomically.pat
ch: watchdog: Update watchdog_thresh atomically
(bnc#829357).
*
patches.fixes/watchdog-update-watchdog_tresh-properly.patch:
watchdog: update watchdog_tresh properly (bnc#829357).
*
patches.fixes/watchdog-make-disable-enable-hotplug-and-preem
pt-save.patch:
watchdog-make-disable-enable-hotplug-and-preempt-save.patch
(bnc#829357).
*
kabi/severities: Ignore changes in drivers/hv
*
patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou
t.patch: lpfc: Return correct error code on bsg_timeout
(bnc#816043).
*
patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:
dm-multipath: Drop table when retrying ioctl (bnc#808940).
*
scsi: Do not retry invalid function error
(bnc#809122).
*
patches.suse/scsi-do-not-retry-invalid-function-error.patch:
scsi: Do not retry invalid function error (bnc#809122).
*
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.suse/scsi-always-retry-internal-target-error.patch:
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.drivers/drm-edid-Don-t-print-messages-regarding-ster
eo-or-csync-by-default.patch: Refresh: add upstream commit
ID.
*
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
Refresh. (bnc#824915).
*
Refresh
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch
(bnc#824915).
*
Update kabi files.
*
ACPI:remove panic in case hardware has changed after
S4 (bnc#829001).
*
ibmvfc: Driver version 1.0.1 (bnc#825142).
* ibmvfc: Fix for offlining devices during error
recovery (bnc#825142).
* ibmvfc: Properly set cancel flags when cancelling
abort (bnc#825142).
* ibmvfc: Send cancel when link is down (bnc#825142).
* ibmvfc: Support FAST_IO_FAIL in EH handlers
(bnc#825142).
*
ibmvfc: Suppress ABTS if target gone (bnc#825142).
*
fs/dcache.c: add cond_resched() to
shrink_dcache_parent() (bnc#829082).
*
drivers/cdrom/cdrom.c: use kzalloc() for failing
hardware (bnc#824295, CVE-2013-2164).
*
kmsg_dump: do not run on non-error paths by default
(bnc#820172).
*
supported.conf: mark tcm_qla2xxx as supported
*
mm: honor min_free_kbytes set by user (bnc#826960).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
hyperv: Fix a kernel warning from
netvsc_linkstatus_callback() (bnc#828574).
*
RT: Fix up hardening patch to not gripe when avg >
available, which lockless access makes possible and happens
in -rt kernels running a cpubound ltp realtime testcase.
Just keep the output sane in that case.
*
kabi/severities: Add exception for
aer_recover_queue() There should not be any user besides
ghes.ko.
*
Fix rpm changelog
*
PCI / PM: restore the original behavior of
pci_set_power_state() (bnc#827930).
*
fanotify: info leak in copy_event_to_user()
(CVE-2013-2148 bnc#823517).
*
usb: xhci: check usb2 port capabilities before adding
hw link PM support (bnc#828265).
*
aerdrv: Move cper_print_aer() call out of interrupt
context (bnc#822052, bnc#824568).
*
PCI/AER: pci_get_domain_bus_and_slot() call missing
required pci_dev_put() (bnc#822052, bnc#824568).
*
patches.fixes/block-do-not-pass-disk-names-as-format-strings
.patch: block: do not pass disk names as format strings
(bnc#822575 CVE-2013-2851).
*
powerpc: POWER8 cputable entries (bnc#824256).
*
libceph: Fix NULL pointer dereference in auth client
code. (CVE-2013-1059, bnc#826350)
*
md/raid10: Fix two bug affecting RAID10 reshape.
*
Allow NFSv4 to run execute-only files (bnc#765523).
*
fs/ocfs2/namei.c: remove unecessary ERROR when
removing non-empty directory (bnc#819363).
*
block: Reserve only one queue tag for sync IO if only
3 tags are available (bnc#806396).
*
btrfs: merge contigous regions when loading free
space cache
*
btrfs: fix how we deal with the orphan block rsv.
* btrfs: fix wrong check during log recovery.
* btrfs: change how we indicate we are adding csums.
Security Issue references:
* CVE-2013-1059
>
* CVE-2013-1819
>
* CVE-2013-1929
>
* CVE-2013-2148
>
* CVE-2013-2164
>
* CVE-2013-2232
>
* CVE-2013-2234
>
* CVE-2013-2237
>
* CVE-2013-2851
>
* CVE-2013-2852
>
* CVE-2013-3301
>
* CVE-2013-4162
>
* CVE-2013-4163
>
An update that solves 16 vulnerabilities and has 164 fixes is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to version 3.0.93 and to fix various bugs and
security issues.
The following features have been added:
* NFS: Now supports a "nosharetransport" option
(bnc#807502, bnc#828192, FATE#315593).
* ALSA: virtuoso: Xonar DSX support was added
(FATE#316016).
The following security issues have been fixed:
*
CVE-2013-2148: The fill_event_metadata function in
fs/notify/fanotify/fanotify_user.c in the Linux kernel did
not initialize a certain structure member, which allowed
local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.
*
CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel did not initialize
a certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy
interface of an IPSec key_socket.
*
CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.
*
CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel did not initialize certain structure
members, which allowed local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
CVE-2013-4162: The udp_v6_push_pending_frames function in
net/ipv6/udp.c in the IPv6 implementation in the Linux
kernel made an incorrect function call for pending data,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1059: net/ceph/auth_none.c in the Linux
kernel allowed remote attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via an auth_reply
message that triggers an attempted build_request operation.
*
CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory
via a read operation on a malfunctioning CD-ROM drive.
*
CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
allowed local users to gain privileges by leveraging root
access and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create
a crafted /dev/md device name.
*
CVE-2013-4163: The ip6_append_data_mtu function in
net/ipv6/ip6_output.c in the IPv6 implementation in the
Linux kernel did not properly maintain information about
whether the IPV6_MTU setsockopt option had been specified,
which allowed local users to cause a denial of service (BUG
and system crash) via a crafted application that uses the
UDP_CORK option in a setsockopt system call.
*
CVE-2013-1929: Heap-based buffer overflow in the
tg3_read_vpd function in
drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
allowed physically proximate attackers to cause a denial of
service (system crash) or possibly execute arbitrary code
via crafted firmware that specifies a long string in the
Vital Product Data (VPD) data structure.
*
CVE-2013-1819: The _xfs_buf_find function in
fs/xfs/xfs_buf.c in the Linux kernel did not validate block
numbers, which allowed local users to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by leveraging the
ability to mount an XFS filesystem containing a metadata
inode with an invalid extent map.
Also the following non-security bugs have been fixed:
* ACPI / APEI: Force fatal AER severity when component
has been reset (bnc#828886 bnc#824568).
* PCI/AER: Move AER severity defines to aer.h
(bnc#828886 bnc#824568).
* PCI/AER: Set dev->__aer_firmware_first only for
matching devices (bnc#828886 bnc#824568).
* PCI/AER: Factor out HEST device type matching
(bnc#828886 bnc#824568).
* PCI/AER: Do not parse HEST table for non-PCIe devices
(bnc#828886 bnc#824568).
*
PCI/AER: Reset link for devices below Root Port or
Downstream Port (bnc#828886 bnc#824568).
*
zfcp: fix lock imbalance by reworking request queue
locking (bnc#835175, LTC#96825).
*
qeth: Fix crash on initial MTU size change
(bnc#835175, LTC#96809).
*
qeth: change default standard blkt settings for OSA
Express (bnc#835175, LTC#96808).
*
x86: Add workaround to NMI iret woes (bnc#831949).
*
x86: Do not schedule while still in NMI context
(bnc#831949).
*
drm/i915: no longer call drm_helper_resume_force_mode
(bnc#831424,bnc#800875).
*
bnx2x: protect different statistics flows
(bnc#814336).
* bnx2x: Avoid sending multiple statistics queries
(bnc#814336).
*
bnx2x: protect different statistics flows
(bnc#814336).
*
ALSA: hda - Fix unbalanced runtime pm refount
(bnc#834742).
*
xhci: directly calling _PS3 on suspend (bnc#833148).
*
futex: Take hugepages into account when generating
futex_key.
*
e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
* e1000e: helper functions for accessing EMI registers
(bnc#834647).
* e1000e: workaround DMA unit hang on I218 (bnc#834647).
* e1000e: unexpected "Reset adapter" message when cable
pulled (bnc#834647).
* e1000e: 82577: workaround for link drop issue
(bnc#834647).
*
e1000e: helper functions for accessing EMI registers
(bnc#834647).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
printk: Add NMI ringbuffer (bnc#831949).
* printk: extract ringbuffer handling from vprintk
(bnc#831949).
* printk: NMI safe printk (bnc#831949).
* printk: Make NMI ringbuffer size independent on
log_buf_len (bnc#831949).
* printk: Do not call console_unlock from nmi context
(bnc#831949).
*
printk: Do not use printk_cpu from finish_printk
(bnc#831949).
*
zfcp: fix schedule-inside-lock in scsi_device list
loops (bnc#833073, LTC#94937).
*
uvc: increase number of buffers (bnc#822164,
bnc#805804).
*
drm/i915: Adding more reserved PCI IDs for Haswell
(bnc#834116).
*
Refresh patches.xen/xen-netback-generalize
(bnc#827378).
*
Update Xen patches to 3.0.87.
*
mlx4_en: Adding 40gb speed report for ethtool
(bnc#831410).
*
drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
* drm/i915: Fix write-read race with multiple rings
(bnc#831422).
* drm/i915: Retry DP aux_ch communications with a
different clock after failure (bnc#831422).
* drm/i915: split aux_clock_divider logic in a
separated function for reuse (bnc#831422).
* drm/i915: dp: increase probe retries (bnc#831422).
* drm/i915: Only clear write-domains after a successful
wait-seqno (bnc#831422).
*
drm/i915: Fix write-read race with multiple rings
(bnc#831422).
*
xhci: Add xhci_disable_ports boot option (bnc#822164).
*
xhci: set device to D3Cold on shutdown (bnc#833097).
*
reiserfs: Fixed double unlock in reiserfs_setattr
failure path.
* reiserfs: locking, release lock around quota
operations (bnc#815320).
* reiserfs: locking, push write lock out of xattr code
(bnc#815320).
* reiserfs: locking, handle nested locks properly
(bnc#815320).
* reiserfs: do not lock journal_init() (bnc#815320).
*
reiserfs: delay reiserfs lock until journal
initialization (bnc#815320).
*
NFS: support "nosharetransport" option (bnc#807502,
bnc#828192, FATE#315593).
*
HID: hyperv: convert alloc+memcpy to memdup.
* Drivers: hv: vmbus: Implement multi-channel support
(fate#316098).
* Drivers: hv: Add the GUID fot synthetic fibre channel
device (fate#316098).
* tools: hv: Check return value of setsockopt call.
* tools: hv: Check return value of poll call.
* tools: hv: Check retrun value of strchr call.
* tools: hv: Fix file descriptor leaks.
* tools: hv: Improve error logging in KVP daemon.
* drivers: hv: switch to use mb() instead of smp_mb().
* drivers: hv: check interrupt mask before read_index.
* drivers: hv: allocate synic structures before
hv_synic_init().
* storvsc: Increase the value of scsi timeout for
storvsc devices (fate#316098).
* storvsc: Update the storage protocol to win8 level
(fate#316098).
* storvsc: Implement multi-channel support
(fate#316098).
* storvsc: Support FC devices (fate#316098).
* storvsc: Increase the value of
STORVSC_MAX_IO_REQUESTS (fate#316098).
* hyperv: Fix the NETIF_F_SG flag setting in netvsc.
* Drivers: hv: vmbus: incorrect device name is printed
when child device is unregistered.
*
Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration
(bnc#828714).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
ipv6: ip6_append_data_mtu did not care about pmtudisc
and frag_size (bnc#831055, CVE-2013-4163).
*
dm mpath: add retain_attached_hw_handler feature
(bnc#760407).
*
scsi_dh: add scsi_dh_attached_handler_name
(bnc#760407).
*
af_key: fix info leaks in notify messages (bnc#827749
CVE-2013-2234).
*
af_key: initialize satype in
key_notify_policy_flush() (bnc#828119 CVE-2013-2237).
*
ipv6: call udp_push_pending_frames when uncorking a
socket with (bnc#831058, CVE-2013-4162).
*
tg3: fix length overflow in VPD firmware parsing
(bnc#813733 CVE-2013-1929).
*
xfs: fix _xfs_buf_find oops on blocks beyond the
filesystem end (CVE-2013-1819 bnc#807471).
*
ipv6: ip6_sk_dst_check() must not assume ipv6 dst
(bnc#827750, CVE-2013-2232).
*
dasd: fix hanging devices after path events
(bnc#831623, LTC#96336).
*
kernel: z90crypt module load crash (bnc#831623,
LTC#96214).
*
ata: Fix DVD not dectected at some platform with
Wellsburg PCH (bnc#822225).
*
drm/i915: edp: add standard modes (bnc#832318).
*
Do not switch camera on yet more HP machines
(bnc#822164).
*
Do not switch camera on HP EB 820 G1 (bnc#822164).
*
xhci: Avoid NULL pointer deref when host dies
(bnc#827271).
*
bonding: disallow change of MAC if fail_over_mac
enabled (bnc#827376).
* bonding: propagate unicast lists down to slaves
(bnc#773255 bnc#827372).
* net/bonding: emit address change event also in
bond_release (bnc#773255 bnc#827372).
*
bonding: emit event when bonding changes MAC
(bnc#773255 bnc#827372).
*
usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
controllers with xhci 1.0 (bnc#797909).
*
xhci: fix null pointer dereference on
ring_doorbell_for_active_rings (bnc#827271).
*
updated reference for security issue fixed inside
(CVE-2013-3301 bnc#815256)
*
qla2xxx: Clear the MBX_INTR_WAIT flag when the
mailbox time-out happens (bnc#830478).
*
drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
* drm/i915: fix up gt init sequence fallout
(bnc#801341).
* drm/i915: initialize gt_lock early with other spin
locks (bnc#801341).
*
drm/i915: fix up gt init sequence fallout
(bnc#801341).
*
timer_list: Correct the iterator for timer_list
(bnc#818047).
*
firmware: do not spew errors in normal boot
(bnc#831438, fate#314574).
*
ALSA: virtuoso: Xonar DSX support (FATE#316016).
*
SUNRPC: Ensure we release the socket write lock if
the rpc_task exits early (bnc#830901).
*
ext4: Re-add config option Building ext4 as the
ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that
read-write module should be enabled. This update just
defaults allow_rw to true if it is set.
*
e1000: fix vlan processing regression (bnc#830766).
*
ext4: force read-only unless rw=1 module option is
used (fate#314864).
*
dm mpath: fix ioctl deadlock when no paths
(bnc#808940).
*
HID: fix unused rsize usage (bnc#783475).
*
add reference for b43 format string flaw (bnc#822579
CVE-2013-2852)
*
HID: fix data access in implement() (bnc#783475).
*
xfs: fix deadlock in xfs_rtfree_extent with kernel
v3.x (bnc#829622).
*
kernel: sclp console hangs (bnc#830346, LTC#95711).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
Delete
patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi
rst-occurrence. It was removed from series.conf in
063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was
not deleted.
*
Drivers: hv: balloon: Do not post pressure status if
interrupted (bnc#829539).
*
Drivers: hv: balloon: Fix a bug in the hot-add code
(bnc#829539).
*
drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
* drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
* drm/i915: Fix incoherence with fence updates on
Sandybridge+ (bnc#809463).
*
drm/i915: merge {i965, sandybridge}_write_fence_reg()
(bnc#809463).
*
Refresh
patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
*
r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
* r8169: move the firmware down into the device private
data (bnc#805371).
* r8169: allow multicast packets on sub-8168f chipset
(bnc#805371).
* r8169: support new chips of RTL8111F (bnc#805371).
* r8169: define the early size for 8111evl (bnc#805371).
* r8169: fix the reset setting for 8111evl (bnc#805371).
* r8169: add MODULE_FIRMWARE for the firmware of
8111evl (bnc#805371).
* r8169: fix sticky accepts packet bits in RxConfig
(bnc#805371).
* r8169: adjust the RxConfig settings (bnc#805371).
* r8169: support RTL8111E-VL (bnc#805371).
* r8169: add ERI functions (bnc#805371).
* r8169: modify the flow of the hw reset (bnc#805371).
* r8169: adjust some registers (bnc#805371).
* r8169: check firmware content sooner (bnc#805371).
* r8169: support new firmware format (bnc#805371).
* r8169: explicit firmware format check (bnc#805371).
*
r8169: move the firmware down into the device private
data (bnc#805371).
*
patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:
mm: link_mem_sections make sure nmi watchdog does not
trigger while linking memory sections (bnc#820434).
*
drm/i915: fix long-standing SNB regression in power
consumption after resume v2 (bnc#801341).
*
RTC: Add an alarm disable quirk (bnc#805740).
*
drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
* drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
* drm/i915: Fix bogus hotplug warnings at resume
(bnc#828087).
* drm/i915: Serialize all register access
(bnc#809463,bnc#812274,bnc#822878,bnc#828914).
*
drm/i915: Resurrect ring kicking for semaphores,
selectively (bnc#828087).
*
drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
* drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
* drm/i915: use lower aux clock divider on non-ULT HSW
(bnc#800875).
* drm/i915: preserve the PBC bits of TRANS_CHICKEN2
(bnc#828087).
* drm/i915: set CPT FDI RX polarity bits based on VBT
(bnc#828087).
*
drm/i915: hsw: fix link training for eDP on port-A
(bnc#800875).
*
patches.arch/s390-66-02-smp-ipi.patch: kernel: lost
IPIs on CPU hotplug (bnc#825048, LTC#94784).
*
patches.fixes/iwlwifi-use-correct-supported-firmware-for-603
5-and-.patch: iwlwifi: use correct supported firmware for
6035 and 6000g2 (bnc#825887).
*
patches.fixes/watchdog-update-watchdog_thresh-atomically.pat
ch: watchdog: Update watchdog_thresh atomically
(bnc#829357).
*
patches.fixes/watchdog-update-watchdog_tresh-properly.patch:
watchdog: update watchdog_tresh properly (bnc#829357).
*
patches.fixes/watchdog-make-disable-enable-hotplug-and-preem
pt-save.patch:
watchdog-make-disable-enable-hotplug-and-preempt-save.patch
(bnc#829357).
*
kabi/severities: Ignore changes in drivers/hv
*
patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou
t.patch: lpfc: Return correct error code on bsg_timeout
(bnc#816043).
*
patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:
dm-multipath: Drop table when retrying ioctl (bnc#808940).
*
scsi: Do not retry invalid function error
(bnc#809122).
*
patches.suse/scsi-do-not-retry-invalid-function-error.patch:
scsi: Do not retry invalid function error (bnc#809122).
*
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.suse/scsi-always-retry-internal-target-error.patch:
scsi: Always retry internal target error (bnc#745640,
bnc#825227).
*
patches.drivers/drm-edid-Don-t-print-messages-regarding-ster
eo-or-csync-by-default.patch: Refresh: add upstream commit
ID.
*
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
Refresh. (bnc#824915).
*
Refresh
patches.suse/acpiphp-match-to-Bochs-dmi-data.patch
(bnc#824915).
*
Update kabi files.
*
ACPI:remove panic in case hardware has changed after
S4 (bnc#829001).
*
ibmvfc: Driver version 1.0.1 (bnc#825142).
* ibmvfc: Fix for offlining devices during error
recovery (bnc#825142).
* ibmvfc: Properly set cancel flags when cancelling
abort (bnc#825142).
* ibmvfc: Send cancel when link is down (bnc#825142).
* ibmvfc: Support FAST_IO_FAIL in EH handlers
(bnc#825142).
*
ibmvfc: Suppress ABTS if target gone (bnc#825142).
*
fs/dcache.c: add cond_resched() to
shrink_dcache_parent() (bnc#829082).
*
drivers/cdrom/cdrom.c: use kzalloc() for failing
hardware (bnc#824295, CVE-2013-2164).
*
kmsg_dump: do not run on non-error paths by default
(bnc#820172).
*
supported.conf: mark tcm_qla2xxx as supported
*
mm: honor min_free_kbytes set by user (bnc#826960).
*
Drivers: hv: util: Fix a bug in version negotiation
code for util services (bnc#828714).
*
hyperv: Fix a kernel warning from
netvsc_linkstatus_callback() (bnc#828574).
*
RT: Fix up hardening patch to not gripe when avg >
available, which lockless access makes possible and happens
in -rt kernels running a cpubound ltp realtime testcase.
Just keep the output sane in that case.
*
kabi/severities: Add exception for
aer_recover_queue() There should not be any user besides
ghes.ko.
*
Fix rpm changelog
*
PCI / PM: restore the original behavior of
pci_set_power_state() (bnc#827930).
*
fanotify: info leak in copy_event_to_user()
(CVE-2013-2148 bnc#823517).
*
usb: xhci: check usb2 port capabilities before adding
hw link PM support (bnc#828265).
*
aerdrv: Move cper_print_aer() call out of interrupt
context (bnc#822052, bnc#824568).
*
PCI/AER: pci_get_domain_bus_and_slot() call missing
required pci_dev_put() (bnc#822052, bnc#824568).
*
patches.fixes/block-do-not-pass-disk-names-as-format-strings
.patch: block: do not pass disk names as format strings
(bnc#822575 CVE-2013-2851).
*
powerpc: POWER8 cputable entries (bnc#824256).
*
libceph: Fix NULL pointer dereference in auth client
code. (CVE-2013-1059, bnc#826350)
*
md/raid10: Fix two bug affecting RAID10 reshape.
*
Allow NFSv4 to run execute-only files (bnc#765523).
*
fs/ocfs2/namei.c: remove unecessary ERROR when
removing non-empty directory (bnc#819363).
*
block: Reserve only one queue tag for sync IO if only
3 tags are available (bnc#806396).
*
btrfs: merge contigous regions when loading free
space cache
*
btrfs: fix how we deal with the orphan block rsv.
* btrfs: fix wrong check during log recovery.
* btrfs: change how we indicate we are adding csums.
Security Issue references:
* CVE-2013-1059
* CVE-2013-1819
* CVE-2013-1929
* CVE-2013-2148
* CVE-2013-2164
* CVE-2013-2232
* CVE-2013-2234
* CVE-2013-2237
* CVE-2013-2851
* CVE-2013-2852
* CVE-2013-3301
* CVE-2013-4162
* CVE-2013-4163
Indications:
Everyone using the Real Time Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 11 SP3:
zypper in -t patch slertesp3-kernel-8410
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.93.rt117]:
- cluster-network-kmp-rt-1.4_3.0.93_rt117_0.9-2.27.16
- cluster-network-kmp-rt_trace-1.4_3.0.93_rt117_0.9-2.27.16
- drbd-kmp-rt-8.4.3_3.0.93_rt117_0.9-0.19.7
- drbd-kmp-rt_trace-8.4.3_3.0.93_rt117_0.9-0.19.7
- iscsitarget-kmp-rt-1.4.20_3.0.93_rt117_0.9-0.38.1
- iscsitarget-kmp-rt_trace-1.4.20_3.0.93_rt117_0.9-0.38.1
- kernel-rt-3.0.93.rt117-0.9.1
- kernel-rt-base-3.0.93.rt117-0.9.1
- kernel-rt-devel-3.0.93.rt117-0.9.1
- kernel-rt_trace-3.0.93.rt117-0.9.1
- kernel-rt_trace-base-3.0.93.rt117-0.9.1
- kernel-rt_trace-devel-3.0.93.rt117-0.9.1
- kernel-source-rt-3.0.93.rt117-0.9.1
- kernel-syms-rt-3.0.93.rt117-0.9.1
- lttng-modules-kmp-rt-2.1.1_3.0.93_rt117_0.9-0.11.6
- lttng-modules-kmp-rt_trace-2.1.1_3.0.93_rt117_0.9-0.11.6
- ocfs2-kmp-rt-1.6_3.0.93_rt117_0.9-0.20.16
- ocfs2-kmp-rt_trace-1.6_3.0.93_rt117_0.9-0.20.16
- ofed-kmp-rt-1.5.4.1_3.0.93_rt117_0.9-0.13.7
- ofed-kmp-rt_trace-1.5.4.1_3.0.93_rt117_0.9-0.13.7
References:
- http://support.novell.com/security/cve/CVE-2013-1059.html
- http://support.novell.com/security/cve/CVE-2013-1774.html
- http://support.novell.com/security/cve/CVE-2013-1819.html
- http://support.novell.com/security/cve/CVE-2013-1929.html
- http://support.novell.com/security/cve/CVE-2013-2094.html
- http://support.novell.com/security/cve/CVE-2013-2148.html
- http://support.novell.com/security/cve/CVE-2013-2164.html
- http://support.novell.com/security/cve/CVE-2013-2232.html
- http://support.novell.com/security/cve/CVE-2013-2234.html
- http://support.novell.com/security/cve/CVE-2013-2237.html
- http://support.novell.com/security/cve/CVE-2013-2850.html
- http://support.novell.com/security/cve/CVE-2013-2851.html
- http://support.novell.com/security/cve/CVE-2013-2852.html
- http://support.novell.com/security/cve/CVE-2013-3301.html
- http://support.novell.com/security/cve/CVE-2013-4162.html
- http://support.novell.com/security/cve/CVE-2013-4163.html
- https://bugzilla.novell.com/708296
- https://bugzilla.novell.com/745640
- https://bugzilla.novell.com/754690
- https://bugzilla.novell.com/760407
- https://bugzilla.novell.com/763968
- https://bugzilla.novell.com/765523
- https://bugzilla.novell.com/773006
- https://bugzilla.novell.com/773255
- https://bugzilla.novell.com/773837
- https://bugzilla.novell.com/783475
- https://bugzilla.novell.com/785901
- https://bugzilla.novell.com/789010
- https://bugzilla.novell.com/792991
- https://bugzilla.novell.com/797090
- https://bugzilla.novell.com/797727
- https://bugzilla.novell.com/797909
- https://bugzilla.novell.com/800875
- https://bugzilla.novell.com/800907
- https://bugzilla.novell.com/801341
- https://bugzilla.novell.com/801427
- https://bugzilla.novell.com/803320
- https://bugzilla.novell.com/804482
- https://bugzilla.novell.com/804609
- https://bugzilla.novell.com/805371
- https://bugzilla.novell.com/805740
- https://bugzilla.novell.com/805804
- https://bugzilla.novell.com/805945
- https://bugzilla.novell.com/806396
- https://bugzilla.novell.com/806976
- https://bugzilla.novell.com/807471
- https://bugzilla.novell.com/807502
- https://bugzilla.novell.com/808015
- https://bugzilla.novell.com/808136
- https://bugzilla.novell.com/808647
- https://bugzilla.novell.com/808837
- https://bugzilla.novell.com/808855
- https://bugzilla.novell.com/808940
- https://bugzilla.novell.com/809122
- https://bugzilla.novell.com/809130
- https://bugzilla.novell.com/809220
- https://bugzilla.novell.com/809463
- https://bugzilla.novell.com/809617
- https://bugzilla.novell.com/809895
- https://bugzilla.novell.com/809975
- https://bugzilla.novell.com/810098
- https://bugzilla.novell.com/810210
- https://bugzilla.novell.com/810722
- https://bugzilla.novell.com/812274
- https://bugzilla.novell.com/812281
- https://bugzilla.novell.com/812332
- https://bugzilla.novell.com/812526
- https://bugzilla.novell.com/812974
- https://bugzilla.novell.com/813604
- https://bugzilla.novell.com/813733
- https://bugzilla.novell.com/813922
- https://bugzilla.novell.com/814336
- https://bugzilla.novell.com/815256
- https://bugzilla.novell.com/815320
- https://bugzilla.novell.com/815356
- https://bugzilla.novell.com/816043
- https://bugzilla.novell.com/816065
- https://bugzilla.novell.com/816403
- https://bugzilla.novell.com/816451
- https://bugzilla.novell.com/816892
- https://bugzilla.novell.com/816925
- https://bugzilla.novell.com/816971
- https://bugzilla.novell.com/817035
- https://bugzilla.novell.com/817339
- https://bugzilla.novell.com/817377
- https://bugzilla.novell.com/818047
- https://bugzilla.novell.com/818053
- https://bugzilla.novell.com/818064
- https://bugzilla.novell.com/818154
- https://bugzilla.novell.com/818371
- https://bugzilla.novell.com/818465
- https://bugzilla.novell.com/818497
- https://bugzilla.novell.com/819018
- https://bugzilla.novell.com/819195
- https://bugzilla.novell.com/819295
- https://bugzilla.novell.com/819363
- https://bugzilla.novell.com/819519
- https://bugzilla.novell.com/819523
- https://bugzilla.novell.com/819610
- https://bugzilla.novell.com/819655
- https://bugzilla.novell.com/819789
- https://bugzilla.novell.com/819979
- https://bugzilla.novell.com/820172
- https://bugzilla.novell.com/820183
- https://bugzilla.novell.com/820434
- https://bugzilla.novell.com/820569
- https://bugzilla.novell.com/820738
- https://bugzilla.novell.com/820948
- https://bugzilla.novell.com/820982
- https://bugzilla.novell.com/821052
- https://bugzilla.novell.com/821070
- https://bugzilla.novell.com/821235
- https://bugzilla.novell.com/821560
- https://bugzilla.novell.com/821799
- https://bugzilla.novell.com/821802
- https://bugzilla.novell.com/821859
- https://bugzilla.novell.com/821930
- https://bugzilla.novell.com/821980
- https://bugzilla.novell.com/822052
- https://bugzilla.novell.com/822066
- https://bugzilla.novell.com/822077
- https://bugzilla.novell.com/822080
- https://bugzilla.novell.com/822164
- https://bugzilla.novell.com/822225
- https://bugzilla.novell.com/822340
- https://bugzilla.novell.com/822431
- https://bugzilla.novell.com/822575
- https://bugzilla.novell.com/822579
- https://bugzilla.novell.com/822722
- https://bugzilla.novell.com/822825
- https://bugzilla.novell.com/822878
- https://bugzilla.novell.com/823082
- https://bugzilla.novell.com/823191
- https://bugzilla.novell.com/823223
- https://bugzilla.novell.com/823342
- https://bugzilla.novell.com/823386
- https://bugzilla.novell.com/823517
- https://bugzilla.novell.com/823597
- https://bugzilla.novell.com/823795
- https://bugzilla.novell.com/824159
- https://bugzilla.novell.com/824256
- https://bugzilla.novell.com/824295
- https://bugzilla.novell.com/824568
- https://bugzilla.novell.com/824915
- https://bugzilla.novell.com/825037
- https://bugzilla.novell.com/825048
- https://bugzilla.novell.com/825142
- https://bugzilla.novell.com/825227
- https://bugzilla.novell.com/825591
- https://bugzilla.novell.com/825657
- https://bugzilla.novell.com/825696
- https://bugzilla.novell.com/825887
- https://bugzilla.novell.com/826186
- https://bugzilla.novell.com/826350
- https://bugzilla.novell.com/826960
- https://bugzilla.novell.com/827271
- https://bugzilla.novell.com/827372
- https://bugzilla.novell.com/827376
- https://bugzilla.novell.com/827378
- https://bugzilla.novell.com/827749
- https://bugzilla.novell.com/827750
- https://bugzilla.novell.com/827930
- https://bugzilla.novell.com/828087
- https://bugzilla.novell.com/828119
- https://bugzilla.novell.com/828192
- https://bugzilla.novell.com/828265
- https://bugzilla.novell.com/828574
- https://bugzilla.novell.com/828714
- https://bugzilla.novell.com/828886
- https://bugzilla.novell.com/828914
- https://bugzilla.novell.com/829001
- https://bugzilla.novell.com/829082
- https://bugzilla.novell.com/829357
- https://bugzilla.novell.com/829539
- https://bugzilla.novell.com/829622
- https://bugzilla.novell.com/830346
- https://bugzilla.novell.com/830478
- https://bugzilla.novell.com/830766
- https://bugzilla.novell.com/830822
- https://bugzilla.novell.com/830901
- https://bugzilla.novell.com/831055
- https://bugzilla.novell.com/831058
- https://bugzilla.novell.com/831410
- https://bugzilla.novell.com/831422
- https://bugzilla.novell.com/831424
- https://bugzilla.novell.com/831438
- https://bugzilla.novell.com/831623
- https://bugzilla.novell.com/831949
- https://bugzilla.novell.com/832318
- https://bugzilla.novell.com/833073
- https://bugzilla.novell.com/833097
- https://bugzilla.novell.com/833148
- https://bugzilla.novell.com/834116
- https://bugzilla.novell.com/834647
- https://bugzilla.novell.com/834742
- https://bugzilla.novell.com/835175
- http://download.suse.com/patch/finder/?keywords=48c5687a9cfba9c5cbed976a2680b095