Security update for Linux kernel

SUSE Security Update: Security update for Linux kernel


Announcement ID: SUSE-SU-2013:1749-1
Rating: important
References: #763463 #794824 #797526 #800875 #804950 #808079 #816099 #820848 #821259 #821465 #821948 #822433 #825291 #826102 #827246 #827416 #827966 #828714 #828894 #829682 #830985 #831029 #831143 #831380 #832292 #833097 #833151 #833321 #833588 #833635 #833820 #833858 #834204 #834600 #834905 #835094 #835189 #835684 #835930 #836218 #836347 #836801 #837372 #837596 #837741 #837803 #838346 #838448 #839407 #839973 #840830 #841050 #841094 #841402 #841498 #841656 #842057 #842063 #842604 #842820 #843429 #843445 #843642 #843645 #843732 #843753 #843950 #844513 #845352 #847319 #847721
Affected Products:
  • SUSE Linux Enterprise Server 11 SP3 for VMware
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise High Availability Extension 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP3
  • SLE 11 SERVER Unsupported Extras

  • An update that solves one vulnerability and has 70 fixes is now available. It includes one version update.

    Description:

     


    The SUSE Linux Enterprise 11 Service Pack 3 kernel was
    updated to version 3.0.101 and also includes various other
    bug and security fixes.

    The following features have been added:

    * Drivers: hv: Support handling multiple VMBUS versions
    (FATE#314665).
    * Drivers: hv: Save and export negotiated vmbus version
    (FATE#314665).
    * Drivers: hv: Move vmbus version definitions to
    hyperv.h (FATE#314665).

    The following security issue has been fixed:

    * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
    in net/sctp/sm_statefuns.c in the SCTP implementation in
    the Linux kernel did not properly handle associations
    during the processing of a duplicate COOKIE ECHO chunk,
    which allowed remote attackers to cause a denial of service
    (NULL pointer dereference and system crash) or possibly
    have unspecified other impact via crafted SCTP traffic.
    (bnc#826102)

    The following non-security bugs have been fixed:

    * mm, memcg: introduce own oom handler to iterate only
    over its own threads.
    * mm, memcg: move all oom handling to memcontrol.c.
    * mm, oom: avoid looping when chosen thread detaches
    its mm.
    * mm, oom: fold oom_kill_task() into oom_kill_process().
    * mm, oom: introduce helper function to process threads
    during scan.
    * mm, oom: reduce dependency on tasklist_lock (Reduce
    tasklist_lock hold times) (bnc#821259).
    * mm: do not walk all of system memory during show_mem
    (Reduce tasklist_lock hold times) (bnc#821259).
    * iommu/vt-d: add quirk for broken interrupt remapping
    on 55XX chipsets (bnc#844513).
    * x86/iommu/vt-d: Expand interrupt remapping quirk to
    cover x58 chipset (bnc#844513).
    * iommu/vt-d: Only warn about broken interrupt
    remapping (bnc#844513).
    * iommu: Remove stack trace from broken irq remapping
    warning (bnc#844513).
    * intel-iommu: Fix leaks in pagetable freeing
    (bnc#841402).
    * Revert aer_recover_queue() __GENKSYMS__ hack, add a
    fake symset with the previous value instead (bnc#847721).
    * i2c: ismt: initialize DMA buffer (bnc#843753).
    * powerpc/irq: Run softirqs off the top of the irq
    stack (bnc#847319).
    * quirks: add touchscreen that is dazzeled by remote
    wakeup (bnc#835930).
    * kernel: sclp console hangs (bnc#841498, LTC#95711).
    * tty/hvc_iucv: Disconnect IUCV connection when
    lowering DTR (bnc#839973,LTC#97595).
    * tty/hvc_console: Add DTR/RTS callback to handle HUPCL
    control (bnc#839973,LTC#97595).
    * softirq: reduce latencies (bnc#797526).
    * X.509: Remove certificate date checks (bnc#841656).
    * config/debug: Enable FSCACHE_DEBUG and
    CACHEFILES_DEBUG (bnc#837372).
    * splice: fix racy pipe->buffers uses (bnc#827246).
    * blktrace: fix race with open trace files and
    directory removal (bnc#832292).
    * rcu: Do not trigger false positive RCU stall
    detection (bnc#834204).
    * kernel: allow program interruption filtering in user
    space (bnc#837596, LTC#97332).
    * Audit: do not print error when LSMs disabled
    (bnc#842057).
    * SUNRPC: close a rare race in xs_tcp_setup_socket
    (bnc#794824).
    * Btrfs: fix negative qgroup tracking from owner
    accounting (bnc#821948).
    * cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields
    (bnc#804950).
    * NFS: make nfs_flush_incompatible more generous
    (bnc#816099).
    * xfs: growfs: use uncached buffers for new headers
    (bnc#842604).
    * NFS: do not try to use lock state when we hold a
    delegation (bnc#831029).
    * NFS: nfs_lookup_revalidate(): fix a leak (bnc#828894).
    * fs: do_add_mount()/umount -l races (bnc#836801).
    * xfs: avoid double-free in xfs_attr_node_addname.
    * xfs: Check the return value of xfs_buf_get()
    (bnc#842604).
    * iscsi: do not hang in endless loop if no targets
    present (bnc#841094).
    * scsi_dh_alua: Allow get_alua_data() to return NULL
    (bnc#839407).
    * cifs: revalidate directories instiantiated via FIND_
    in order to handle DFS referrals (bnc#831143).
    * cifs: do not instantiate new dentries in readdir for
    inodes that need to be revalidated immediately (bnc#831143).
    * cifs: rename cifs_readdir_lookup to cifs_prime_dcache
    and make it void return (bnc#831143).
    * cifs: get rid of blind d_drop() in readdir
    (bnc#831143).
    * cifs: cleanup cifs_filldir (bnc#831143).
    * cifs: on send failure, readjust server sequence
    number downward (bnc#827966).
    * cifs: adjust sequence number downward after signing
    NT_CANCEL request (bnc#827966).
    * cifs: on send failure, readjust server sequence
    number downward (bnc#827966).
    * cifs: adjust sequence number downward after signing
    NT_CANCEL request (bnc#827966).
    * reiserfs: fix race with flush_used_journal_lists and
    flush_journal_list (bnc#837803).
    * reiserfs: remove useless flush_old_journal_lists.
    * lib/radix-tree.c: make radix_tree_node_alloc() work
    correctly within interrupt (bnc#763463).
    * md: Throttle number of pending write requests in
    md/raid10 (bnc#833858).
    * dm: ignore merge_bvec for snapshots when safe
    (bnc#820848).
    * ata: Set proper SK when CK_COND is set (bnc#833588).
    * Btrfs: abort unlink trans in missed error case.
    * Btrfs: add all ioctl checks before user change for
    quota operations.
    * Btrfs: add a rb_tree to improve performance of ulist
    search.
    * Btrfs: add btrfs_fs_incompat helper.
    * Btrfs: add ioctl to wait for qgroup rescan completion.
    * Btrfs: add log message stubs.
    * Btrfs: add missing error checks to
    add_data_references.
    * Btrfs: add missing error code to BTRFS_IOC_INO_LOOKUP
    handler.
    * Btrfs: add missing error handling to read_tree_block.
    * Btrfs: add missing mounting options in
    btrfs_show_options().
    * Btrfs: add sanity checks regarding to parsing mount
    options.
    * Btrfs: add some missing iput()s in
    btrfs_orphan_cleanup.
    * Btrfs: add tree block level sanity check.
    * Btrfs: allocate new chunks if the space is not enough
    for global rsv.
    * Btrfs: allow file data clone within a file.
    * Btrfs: allow superblock mismatch from older mkfs.
    * Btrfs: annotate quota tree for lockdep.
    * Btrfs: automatic rescan after "quota enable" command
    (FATE#312751).
    * Btrfs: change how we queue blocks for backref
    checking.
    * Btrfs: check if leafs parent exists before pushing
    items around.
    * Btrfs: check if we can nocow if we do not have data
    space.
    * Btrfs: check return value of commit when recovering
    log.
    * Btrfs: clean snapshots one by one.
    * Btrfs: cleanup destroy_marked_extents.
    * Btrfs: cleanup fs roots if we fail to mount.
    * Btrfs: cleanup orphaned root orphan item.
    * Btrfs: cleanup reloc roots properly on error.
    * Btrfs: Cleanup some redundant codes in
    btrfs_lookup_csums_range().
    * Btrfs: clean up transaction abort messages.
    * Btrfs: cleanup unused arguments of btrfs_csum_data.
    * Btrfs: clear received_uuid field for new writable
    snapshots.
    * Btrfs: compare relevant parts of delayed tree refs.
    * Btrfs: cover more error codes in btrfs_decode_error.
    * Btrfs: creating the subvolume qgroup automatically
    when enabling quota.
    * Btrfs: deal with bad mappings in btrfs_map_block.
    * Btrfs: deal with errors in write_dev_supers.
    * Btrfs: deal with free space cache errors while
    replaying log.
    * Btrfs: deprecate subvolrootid mount option.
    * Btrfs: do away with non-whole_page extent I/O.
    * Btrfs: do delay iput in sync_fs.
    * Btrfs: do not clear our orphan item runtime flag on
    eexist.
    * Btrfs: do not continue if out of memory happens.
    * Btrfs: do not offset physical if we are compressed.
    * Btrfs: do not pin while under spin lock.
    * Btrfs: do not abort the current transaction if there
    is no enough space for inode cache.
    * Btrfs: do not allow a subvol to be deleted if it is
    the default subovl.
    * Btrfs: do not BUG_ON() in btrfs_num_copies.
    * Btrfs: do not bug_on when we fail when cleaning up
    transactions.
    * Btrfs: do not call readahead hook until we have read
    the entire eb.
    * Btrfs: do not delete fs_roots until after we cleanup
    the transaction.
    * Btrfs: dont do log_removal in insert_new_root.
    * Btrfs: do not force pages under writeback to finish
    when aborting.
    * Btrfs: do not ignore errors from
    btrfs_run_delayed_items.
    * Btrfs: do not invoke btrfs_invalidate_inodes() in the
    spin lock context.
    * Btrfs: do not miss inode ref items in
    BTRFS_IOC_INO_LOOKUP.
    * Btrfs: do not null pointer deref on abort.
    * Btrfs: do not panic if we are trying to drop too many
    refs.
    * Btrfs: do not steal the reserved space from the
    global reserve if their space type is different.
    * Btrfs: do not stop searching after encountering the
    wrong item.
    * Btrfs: do not try and free ebs twice in log replay.
    * Btrfs: do not use global block reservation for inode
    cache truncation.
    * Btrfs: do not wait on ordered extents if we have a
    trans open.
    * Btrfs: Drop inode if inode root is NULL.
    * Btrfs: enhance superblock checks.
    * Btrfs: exclude logged extents before replying when we
    are mixed.
    * Btrfs: explicitly use global_block_rsv for quota_tree.
    * Btrfs: fall back to global reservation when removing
    subvolumes.
    * Btrfs: fix a bug of snapshot-aware defrag to make it
    work on partial extents.
    * Btrfs: fix accessing a freed tree root.
    * Btrfs: fix accessing the root pointer in tree mod log
    functions.
    * Btrfs: fix all callers of read_tree_block.
    * Btrfs: fix a warning when disabling quota.
    * Btrfs: fix a warning when updating qgroup limit.
    * Btrfs: fix backref walking when we hit a compressed
    extent.
    * Btrfs: fix bad extent logging.
    * Btrfs: fix broken nocow after balance.
    * Btrfs: fix confusing edquot happening case.
    * Btrfs: fix double free in the iterate_extent_inodes().
    * Btrfs: fix error handling in btrfs_ioctl_send().
    * Btrfs: fix error handling in make/read block group.
    * Btrfs: fix estale with btrfs send.
    * Btrfs: fix extent buffer leak after backref walking.
    * Btrfs: fix extent logging with O_DIRECT into prealloc.
    * Btrfs: fix file truncation if FALLOC_FL_KEEP_SIZE is
    specified.
    * Btrfs: fix get set label blocking against balance.
    * Btrfs: fix infinite loop when we abort on mount.
    * Btrfs: fix inode leak on kmalloc failure in
    tree-log.c.
    * Btrfs: fix lockdep warning.
    * Btrfs: fix lock leak when resuming snapshot deletion.
    * Btrfs: fix memory leak of orphan block rsv.
    * Btrfs: fix missing check about ulist_add() in
    qgroup.c.
    * Btrfs: fix missing check before creating a qgroup
    relation.
    * Btrfs: fix missing check in the
    btrfs_qgroup_inherit().
    * Btrfs: fix off-by-one in fiemap.
    * Btrfs: fix oops when writing dirty qgroups to disk.
    * Btrfs: fix possible infinite loop in slow caching.
    * Btrfs: fix possible memory leak in replace_path().
    * Btrfs: fix possible memory leak in the
    find_parent_nodes().
    * Btrfs: fix printing of non NULL terminated string.
    * Btrfs: fix qgroup rescan resume on mount.
    * Btrfs: fix reada debug code compilation.
    * Btrfs: fix the error handling wrt orphan items.
    * Btrfs: fix transaction throttling for delayed refs.
    * Btrfs: fix tree mod log regression on root split
    operations.
    * Btrfs: fix unblocked autodefraggers when remount.
    * Btrfs: fix unlock after free on rewinded tree blocks.
    * Btrfs: fix unprotected root node of the subvolumes
    inode rb-tree.
    * Btrfs: fix use-after-free bug during umount.
    * Btrfs: free csums when we are done scrubbing an
    extent.
    * Btrfs: handle errors returned from get_tree_block_key.
    * Btrfs: handle errors when doing slow caching.
    * Btrfs: hold the tree mod lock in
    __tree_mod_log_rewind.
    * Btrfs: ignore device open failures in
    __btrfs_open_devices.
    * Btrfs: improve the loop of scrub_stripe.
    * Btrfs: improve the performance of the csums lookup.
    * Btrfs: init relocate extent_io_tree with a mapping.
    * Btrfs: introduce a mutex lock for btrfs quota
    operations.
    * Btrfs: kill some BUG_ONs() in the find_parent_nodes().
    * Btrfs: log ram bytes properly.
    * Btrfs: make __merge_refs() return type be void.
    * Btrfs: make orphan cleanup less verbose.
    * Btrfs: make static code static & remove dead code.
    * Btrfs: make subvol creation/deletion killable in the
    early stages.
    * Btrfs: make sure roots are assigned before freeing
    their nodes.
    * Btrfs: make sure the backref walker catches all refs
    to our extent.
    * Btrfs: make the cleaner complete early when the fs is
    going to be umounted.
    * Btrfs: make the snap/subv deletion end more early
    when the fs is R/O.
    * Btrfs: merge save_error_info helpers into one.
    * Btrfs: move the R/O check out of
    btrfs_clean_one_deleted_snapshot().
    * Btrfs: only do the tree_mod_log_free_eb if this is
    our last ref.
    * Btrfs: only exclude supers in the range of our block
    group.
    * Btrfs: optimize key searches in btrfs_search_slot.
    * Btrfs: optimize the error handle of use_block_rsv().
    * Btrfs: pause the space balance when remounting to R/O.
    * Btrfs: put our inode if orphan cleanup fails.
    * Btrfs: re-add root to dead root list if we stop
    dropping it.
    * Btrfs: read entire device info under lock.
    * Btrfs: release both paths before logging dir/changed
    extents.
    * Btrfs: Release uuid_mutex for shrink during device
    delete.
    * Btrfs: remove almost all of the BUG()s from
    tree-log.c.
    * Btrfs: remove BUG_ON() in
    btrfs_read_fs_tree_no_radix().
    * Btrfs: remove ourselves from the cluster list under
    lock.
    * Btrfs: remove some BUG_ONs() when walking backref
    tree.
    * Btrfs: remove some unnecessary spin_lock usages.
    * Btrfs: remove unnecessary ->s_umount in
    cleaner_kthread().
    * Btrfs: remove unused argument of fixup_low_keys().
    * Btrfs: remove unused gfp mask parameter from
    release_extent_buffer callchain.
    * Btrfs: remove useless copy in quota_ctl.
    * Btrfs: remove warn on in free space cache writeout.
    * Btrfs: rescan for qgroups (FATE#312751).
    * Btrfs: reset ret in record_one_backref.
    * Btrfs: return ENOSPC when target space is full.
    * Btrfs: return errno if possible when we fail to
    allocate memory.
    * Btrfs: return error code in
    btrfs_check_trunc_cache_free_space().
    * Btrfs: return error when we specify wrong start to
    defrag.
    * Btrfs: return free space in cow error path.
    * Btrfs: separate sequence numbers for delayed ref
    tracking and tree mod log.
    * Btrfs: set UUID in root_item for created trees.
    * Btrfs: share stop worker code.
    * Btrfs: simplify unlink reservations.
    * Btrfs: split btrfs_qgroup_account_ref into four
    functions.
    * Btrfs: stop all workers before cleaning up roots.
    * Btrfs: stop using try_to_writeback_inodes_sb_nr to
    flush delalloc.
    * Btrfs: stop waiting on current trans if we aborted.
    * Btrfs: unlock extent range on enospc in compressed
    submit.
    * Btrfs: update drop progress before stopping snapshot
    dropping.
    * Btrfs: update fixups from 3.11
    * Btrfs: update the global reserve if it is empty.
    * Btrfs: use helper to cleanup tree roots.
    * Btrfs: use REQ_META for all metadata IO.
    * Btrfs: use tree_root to avoid edquot when disabling
    quota.
    * Btrfs: use u64 for subvolid when parsing mount
    options.
    * Btrfs: use unsigned long type for extent state bits.
    * Btrfs: various abort cleanups.
    * Btrfs: wait ordered range before doing direct io.
    * Btrfs: wake up delayed ref flushing waiters on abort.
    * net/mlx4_en: Fix BlueFlame race (bnc#835684).
    * ipv6: do not call fib6_run_gc() until routing is
    ready (bnc#836218).
    * ipv6: prevent fib6_run_gc() contention (bnc#797526).
    * ipv6: update ip6_rt_last_gc every time GC is run
    (bnc#797526).
    * netfilter: nf_conntrack: use RCU safe kfree for
    conntrack extensions (bnc#827416 bko#60853).
    * netfilter: prevent race condition breaking net
    reference counting (bnc#835094).
    * net: remove skb_orphan_try() (bnc#834600).
    * bonding: check bond->vlgrp in bond_vlan_rx_kill_vid()
    (bnc#834905).
    * sctp: deal with multiple COOKIE_ECHO chunks
    (bnc#826102).
    * mlx4: allow IB_QP_CREATE_USE_GFP_NOFS in
    mlx4_ib_create_qp() (bnc#822433).
    * drm/i915: disable sound first on intel_disable_ddi
    (bnc#833151).
    * drm/i915: HDMI/DP - ELD info refresh support for
    Haswell (bnc#833151).
    * drm/cirrus: This is a cirrus version of Egbert Eichs
    patch for mgag200 (bnc#808079).
    * drm/i915: Disable GGTT PTEs on GEN6+ suspend
    (bnc#800875).
    * drm/i915/hsw: Disable L3 caching of atomic memory
    operations (bnc#800875).
    * ALSA: hda - Re-setup HDMI pin and audio infoframe on
    stream switches (bnc#833151).
    * vmxnet3: prevent div-by-zero panic when ring resizing
    uninitialized dev (bnc#833321).
    * mvsas: add support for 9480 device id (bnc#843950).
    * r8169: fix argument in rtl_hw_init_8168g
    (bnc#845352,bnc#842820).
    * r8169: support RTL8168G (bnc#845352,bnc#842820).
    * r8169: abstract out loop conditions
    (bnc#845352,bnc#842820).
    * r8169: mdio_ops signature change
    (bnc#845352,bnc#842820).
    * thp: reduce khugepaged freezing latency (khugepaged
    blocking suspend-to-ram (bnc#825291)).
    * bnx2x: Change to D3hot only on removal (bnc#838448).
    * megaraid_sas: Disable controller reset for ppc
    (bnc#841050).
    * scsi_dh_alua: simplify alua_check_sense()
    (bnc#843642).
    * scsi_dh_alua: Fix missing close brace in
    alua_check_sense (bnc#843642).
    * scsi_dh_alua: retry command on "mode parameter
    changed" sense code (bnc#843645).
    * scsi_dh_alua: invalid state information for
    "optimized" paths (bnc#843445).
    * scsi_dh_alua: reattaching device handler fails with
    "Error 15" (bnc#843429).
    * Drivers: hv: util: Fix a bug in version negotiation
    code for util services (bnc#828714).
    * Drivers: hv: util: Correctly support ws2008R2 and
    earlier (bnc#838346).
    * Drivers: hv: vmbus: Do not attempt to negoatiate a
    new version prematurely.
    * Drivers: hv: util: Correctly support ws2008R2 and
    earlier (bnc#838346).
    * Drivers: hv: vmbus: Terminate vmbus version
    negotiation on timeout.
    * Drivers: hv: vmbus: Fix a bug in the handling of
    channel offers.
    * Drivers: hv: util: Fix a bug in version negotiation
    code for util services (bnc#828714).
    * Drivers: hv: balloon: Initialize the transaction ID
    just before sending the packet.
    * Drivers: hv: util: Fix a bug in util version
    negotiation code (bnc#838346).
    * be2net: Check for POST state in suspend-resume
    sequence (bnc#835189).
    * be2net: bug fix on returning an invalid nic
    descriptor (bnc#835189).
    * be2net: provision VF resources before enabling SR-IOV
    (bnc#835189).
    * be2net: Fix firmware download for Lancer (bnc#835189).
    * be2net: Fix to use version 2 of cq_create for
    SkyHawk-R devices (bnc#835189).
    * be2net: Use GET_FUNCTION_CONFIG V1 cmd (bnc#835189).
    * be2net: Avoid flashing BE3 UFI on BE3-R chip
    (bnc#835189).
    * be2net: Use TXQ_CREATE_V2 cmd (bnc#835189).
    * writeback: Do not sync data dirtied after sync start
    (bnc#833820).
    * elousb: some systems cannot stomach work around
    (bnc#840830,bnc#830985).
    * bounce: allow use of bounce pool via config option
    (Bounce memory pool initialisation (bnc#836347)).
    * block: initialize the bounce pool if high memory may
    be added later (Bounce memory pool initialisation
    (bnc#836347)).
    * bio-integrity: track owner of integrity payload
    (bnc#831380).
    * xhci: Fix spurious wakeups after S5 on Haswell
    (bnc#833097).
    * s390/cio: handle unknown pgroup state
    (bnc#837741,LTC#97048).
    * s390/cio: export vpm via sysfs (bnc#837741,LTC#97048).
    * s390/cio: skip broken paths (bnc#837741,LTC#97048).
    * s390/cio: dont abort verification after missing irq
    (bnc#837741,LTC#97048).
    * cio: add message for timeouts on internal I/O
    (bnc#837741,LTC#97048).
    * series.conf: disable XHCI ring expansion patches
    because on machines with large memory they cause a
    starvation problem (bnc#833635).
    * Update EC2 config files (STRICT_DEVMEM off,
    bnc#843732).
    * Fixed Xen guest freezes (bnc#829682, bnc#842063).
    * tools: hv: Improve error logging in VSS daemon.
    * tools: hv: Check return value of poll call.
    * tools: hv: Check return value of setsockopt call.
    * Tools: hv: fix send/recv buffer allocation.
    * Tools: hv: check return value of daemon to fix
    compiler warning.
    * Tools: hv: in kvp_set_ip_info free mac_addr right
    after usage.
    * Tools: hv: check return value of system in
    hv_kvp_daemon.
    * Tools: hv: correct payload size in netlink_send.
    * Tools: hv: use full nlmsghdr in netlink_send.
    * rpm/old-flavors, rpm/mkspec: Add version information
    to obsolete flavors (bnc#821465).
    * rpm/kernel-binary.spec.in: Move the xenpae obsolete
    to the old-flavors file.
    * rpm/old-flavors: Convert the old-packages.conf file
    to a flat list.
    * rpm/mkspec: Adjust.
    * rpm/old-packages.conf: Delete.
    * rpm/old-packages.conf: Drop bogus obsoletes for "smp"
    (bnc#821465).
    * rpm/kernel-binary.spec.in: Make sure that all KMP
    obsoletes are versioned (bnc#821465).
    * rpm/kernel-binary.spec.in: Remove unversioned
    provides/obsoletes for packages that were only seen in
    openSUSE releases up to 11.0. (bnc#821465).

    Security Issues:

    * CVE-2013-2206
    >

     

    Indications:

    Everyone using the Linux Kernel on x86_64 architecture should update.

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP3 for VMware:
      zypper in -t patch slessp3-kernel-8525 slessp3-kernel-8528
    • SUSE Linux Enterprise Server 11 SP3:
      zypper in -t patch slessp3-kernel-8522 slessp3-kernel-8523 slessp3-kernel-8524 slessp3-kernel-8525 slessp3-kernel-8528
    • SUSE Linux Enterprise High Availability Extension 11 SP3:
      zypper in -t patch slehasp3-kernel-8522 slehasp3-kernel-8523 slehasp3-kernel-8524 slehasp3-kernel-8525 slehasp3-kernel-8528
    • SUSE Linux Enterprise Desktop 11 SP3:
      zypper in -t patch sledsp3-kernel-8525 sledsp3-kernel-8528

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]:
    • kernel-default-3.0.101-0.8.1
    • kernel-default-base-3.0.101-0.8.1
    • kernel-default-devel-3.0.101-0.8.1
    • kernel-source-3.0.101-0.8.1
    • kernel-syms-3.0.101-0.8.1
    • kernel-trace-3.0.101-0.8.1
    • kernel-trace-base-3.0.101-0.8.1
    • kernel-trace-devel-3.0.101-0.8.1
    • kernel-xen-devel-3.0.101-0.8.1
    • SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]:
    • kernel-pae-3.0.101-0.8.1
    • kernel-pae-base-3.0.101-0.8.1
    • kernel-pae-devel-3.0.101-0.8.1
    • SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:
    • kernel-default-3.0.101-0.8.1
    • kernel-default-base-3.0.101-0.8.1
    • kernel-default-devel-3.0.101-0.8.1
    • kernel-source-3.0.101-0.8.1
    • kernel-syms-3.0.101-0.8.1
    • kernel-trace-3.0.101-0.8.1
    • kernel-trace-base-3.0.101-0.8.1
    • kernel-trace-devel-3.0.101-0.8.1
    • SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:
    • kernel-ec2-3.0.101-0.8.1
    • kernel-ec2-base-3.0.101-0.8.1
    • kernel-ec2-devel-3.0.101-0.8.1
    • kernel-xen-3.0.101-0.8.1
    • kernel-xen-base-3.0.101-0.8.1
    • kernel-xen-devel-3.0.101-0.8.1
    • xen-kmp-default-4.2.3_02_3.0.101_0.8-0.7.9
    • SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:
    • kernel-default-man-3.0.101-0.8.1
    • SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:
    • kernel-ppc64-3.0.101-0.8.1
    • kernel-ppc64-base-3.0.101-0.8.1
    • kernel-ppc64-devel-3.0.101-0.8.1
    • SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:
    • kernel-pae-3.0.101-0.8.1
    • kernel-pae-base-3.0.101-0.8.1
    • kernel-pae-devel-3.0.101-0.8.1
    • xen-kmp-pae-4.2.3_02_3.0.101_0.8-0.7.9
    • SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):
    • cluster-network-kmp-default-1.4_3.0.101_0.8-2.27.22
    • cluster-network-kmp-trace-1.4_3.0.101_0.8-2.27.22
    • gfs2-kmp-default-2_3.0.101_0.8-0.16.28
    • gfs2-kmp-trace-2_3.0.101_0.8-0.16.28
    • ocfs2-kmp-default-1.6_3.0.101_0.8-0.20.22
    • ocfs2-kmp-trace-1.6_3.0.101_0.8-0.20.22
    • SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):
    • cluster-network-kmp-xen-1.4_3.0.101_0.8-2.27.22
    • gfs2-kmp-xen-2_3.0.101_0.8-0.16.28
    • ocfs2-kmp-xen-1.6_3.0.101_0.8-0.20.22
    • SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):
    • cluster-network-kmp-ppc64-1.4_3.0.101_0.8-2.27.22
    • gfs2-kmp-ppc64-2_3.0.101_0.8-0.16.28
    • ocfs2-kmp-ppc64-1.6_3.0.101_0.8-0.20.22
    • SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):
    • cluster-network-kmp-pae-1.4_3.0.101_0.8-2.27.22
    • gfs2-kmp-pae-2_3.0.101_0.8-0.16.28
    • ocfs2-kmp-pae-1.6_3.0.101_0.8-0.20.22
    • SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:
    • kernel-default-3.0.101-0.8.1
    • kernel-default-base-3.0.101-0.8.1
    • kernel-default-devel-3.0.101-0.8.1
    • kernel-default-extra-3.0.101-0.8.1
    • kernel-source-3.0.101-0.8.1
    • kernel-syms-3.0.101-0.8.1
    • kernel-trace-devel-3.0.101-0.8.1
    • kernel-xen-3.0.101-0.8.1
    • kernel-xen-base-3.0.101-0.8.1
    • kernel-xen-devel-3.0.101-0.8.1
    • kernel-xen-extra-3.0.101-0.8.1
    • xen-kmp-default-4.2.3_02_3.0.101_0.8-0.7.9
    • SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:
    • kernel-pae-3.0.101-0.8.1
    • kernel-pae-base-3.0.101-0.8.1
    • kernel-pae-devel-3.0.101-0.8.1
    • kernel-pae-extra-3.0.101-0.8.1
    • xen-kmp-pae-4.2.3_02_3.0.101_0.8-0.7.9
    • SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
    • kernel-default-extra-3.0.101-0.8.1
    • SLE 11 SERVER Unsupported Extras (i586 x86_64):
    • kernel-xen-extra-3.0.101-0.8.1
    • SLE 11 SERVER Unsupported Extras (ppc64):
    • kernel-ppc64-extra-3.0.101-0.8.1
    • SLE 11 SERVER Unsupported Extras (i586):
    • kernel-pae-extra-3.0.101-0.8.1

    References:

    • http://support.novell.com/security/cve/CVE-2013-2206.html
    • https://bugzilla.novell.com/763463
    • https://bugzilla.novell.com/794824
    • https://bugzilla.novell.com/797526
    • https://bugzilla.novell.com/800875
    • https://bugzilla.novell.com/804950
    • https://bugzilla.novell.com/808079
    • https://bugzilla.novell.com/816099
    • https://bugzilla.novell.com/820848
    • https://bugzilla.novell.com/821259
    • https://bugzilla.novell.com/821465
    • https://bugzilla.novell.com/821948
    • https://bugzilla.novell.com/822433
    • https://bugzilla.novell.com/825291
    • https://bugzilla.novell.com/826102
    • https://bugzilla.novell.com/827246
    • https://bugzilla.novell.com/827416
    • https://bugzilla.novell.com/827966
    • https://bugzilla.novell.com/828714
    • https://bugzilla.novell.com/828894
    • https://bugzilla.novell.com/829682
    • https://bugzilla.novell.com/830985
    • https://bugzilla.novell.com/831029
    • https://bugzilla.novell.com/831143
    • https://bugzilla.novell.com/831380
    • https://bugzilla.novell.com/832292
    • https://bugzilla.novell.com/833097
    • https://bugzilla.novell.com/833151
    • https://bugzilla.novell.com/833321
    • https://bugzilla.novell.com/833588
    • https://bugzilla.novell.com/833635
    • https://bugzilla.novell.com/833820
    • https://bugzilla.novell.com/833858
    • https://bugzilla.novell.com/834204
    • https://bugzilla.novell.com/834600
    • https://bugzilla.novell.com/834905
    • https://bugzilla.novell.com/835094
    • https://bugzilla.novell.com/835189
    • https://bugzilla.novell.com/835684
    • https://bugzilla.novell.com/835930
    • https://bugzilla.novell.com/836218
    • https://bugzilla.novell.com/836347
    • https://bugzilla.novell.com/836801
    • https://bugzilla.novell.com/837372
    • https://bugzilla.novell.com/837596
    • https://bugzilla.novell.com/837741
    • https://bugzilla.novell.com/837803
    • https://bugzilla.novell.com/838346
    • https://bugzilla.novell.com/838448
    • https://bugzilla.novell.com/839407
    • https://bugzilla.novell.com/839973
    • https://bugzilla.novell.com/840830
    • https://bugzilla.novell.com/841050
    • https://bugzilla.novell.com/841094
    • https://bugzilla.novell.com/841402
    • https://bugzilla.novell.com/841498
    • https://bugzilla.novell.com/841656
    • https://bugzilla.novell.com/842057
    • https://bugzilla.novell.com/842063
    • https://bugzilla.novell.com/842604
    • https://bugzilla.novell.com/842820
    • https://bugzilla.novell.com/843429
    • https://bugzilla.novell.com/843445
    • https://bugzilla.novell.com/843642
    • https://bugzilla.novell.com/843645
    • https://bugzilla.novell.com/843732
    • https://bugzilla.novell.com/843753
    • https://bugzilla.novell.com/843950
    • https://bugzilla.novell.com/844513
    • https://bugzilla.novell.com/845352
    • https://bugzilla.novell.com/847319
    • https://bugzilla.novell.com/847721
    • http://download.suse.com/patch/finder/?keywords=0c0af0004bc0563109dff923684e2fba
    • http://download.suse.com/patch/finder/?keywords=2c018cfd8b6b78121b6365c6978e23c1
    • http://download.suse.com/patch/finder/?keywords=32e0346fa1aa6438c937e4826a2aaebd
    • http://download.suse.com/patch/finder/?keywords=46a7d61b0cb602556c7b2bc0266dff49
    • http://download.suse.com/patch/finder/?keywords=4b52e68f96bee7b4037dbfbd81e56b8c
    • http://download.suse.com/patch/finder/?keywords=5137aa2b6ba9426dc8a9fd45649a3b56
    • http://download.suse.com/patch/finder/?keywords=5302038940615a465c7370e9492edbfa
    • http://download.suse.com/patch/finder/?keywords=6b1ca8c711701ab3f6565187ddcc1da2
    • http://download.suse.com/patch/finder/?keywords=a14631178ead7c39a27329f7ea401672
    • http://download.suse.com/patch/finder/?keywords=daca8d4524a4dbd82fa3052185b205e5