Security update for Linux kernel

SUSE Security Update: Security update for Linux kernel
Announcement ID: SUSE-SU-2013:1832-1
Rating: moderate
References: #537165 #609220 #615418 #649868 #656153 #681180 #681181 #681185 #683101 #693513 #699354 #699355 #699709 #700879 #701550 #702014 #702037 #703153 #703156 #706375 #707288 #709213 #709369 #713430 #717421 #718028 #721267 #721351 #721830 #722400 #724692 #725878 #726064 #726600 #727597 #730118 #730749 #731673 #731770 #732613 #733407 #734056 #735612 #740131 #742881 #745760 #747576 #749168 #752556 #760902 #762825 #765102 #765320 #770980 #773831 #776888 #786013 #789831 #795075 #797175 #802642 #804154 #808827 #809889 #809891 #809892 #809893 #809894 #809898 #809899 #809900 #809901 #809903 #811354 #811752 #813735 #815745 #816668 #823260 #823267 #824295 #826102 #826551 #827749 #827750 #828119 #836856 #850241
Affected Products:
  • SUSE Linux Enterprise Server 10 SP3 LTSS

  • An update that solves 58 vulnerabilities and has 30 fixes is now available.

    Description:


    The SUSE Linux Enterprise Server 10 SP3 LTSS kernel
    received a roll up update to fix lots of moderate security
    issues and several bugs.

    The Following security issues have been fixed:

    *

    CVE-2012-4530: The load_script function in
    fs/binfmt_script.c in the Linux kernel did not properly
    handle recursion, which allowed local users to obtain
    sensitive information from kernel stack memory via a
    crafted application.

    *

    CVE-2011-2494: kernel/taskstats.c in the Linux kernel
    allowed local users to obtain sensitive I/O statistics by
    sending taskstats commands to a netlink socket, as
    demonstrated by discovering the length of another users
    password.

    *

    CVE-2013-2234: The (1) key_notify_sa_flush and (2)
    key_notify_policy_flush functions in net/key/af_key.c in
    the Linux kernel did not initialize certain structure
    members, which allowed local users to obtain sensitive
    information from kernel heap memory by reading a broadcast
    message from the notify interface of an IPSec key_socket.

    *

    CVE-2013-2237: The key_notify_policy_flush function
    in net/key/af_key.c in the Linux kernel did not initialize
    a certain structure member, which allowed local users to
    obtain sensitive information from kernel heap memory by
    reading a broadcast message from the notify_policy
    interface of an IPSec key_socket.

    *

    CVE-2013-2147: The HP Smart Array controller
    disk-array driver and Compaq SMART2 controller disk-array
    driver in the Linux kernel did not initialize certain data
    structures, which allowed local users to obtain sensitive
    information from kernel memory via (1) a crafted
    IDAGETPCIINFO command for a /dev/ida device, related to the
    ida_locked_ioctl function in drivers/block/cpqarray.c or
    (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss
    device, related to the cciss_ioctl32_passthru function in
    drivers/block/cciss.c.

    *

    CVE-2013-2141: The do_tkill function in
    kernel/signal.c in the Linux kernel did not initialize a
    certain data structure, which allowed local users to obtain
    sensitive information from kernel memory via a crafted
    application that makes a (1) tkill or (2) tgkill system
    call.

    *

    CVE-2013-0160: The Linux kernel allowed local users
    to obtain sensitive information about keystroke timing by
    using the inotify API on the /dev/ptmx device.

    *

    CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux
    kernel did not initialize certain structures, which allowed
    local users to obtain sensitive information from kernel
    memory by leveraging the CAP_NET_ADMIN capability.

    *

    CVE-2013-3222: The vcc_recvmsg function in
    net/atm/common.c in the Linux kernel did not initialize a
    certain length variable, which allowed local users to
    obtain sensitive information from kernel stack memory via a
    crafted recvmsg or recvfrom system call.

    *

    CVE-2013-3223: The ax25_recvmsg function in
    net/ax25/af_ax25.c in the Linux kernel did not initialize a
    certain data structure, which allowed local users to obtain
    sensitive information from kernel stack memory via a
    crafted recvmsg or recvfrom system call.

    *

    CVE-2013-3224: The bt_sock_recvmsg function in
    net/bluetooth/af_bluetooth.c in the Linux kernel did not
    properly initialize a certain length variable, which
    allowed local users to obtain sensitive information from
    kernel stack memory via a crafted recvmsg or recvfrom
    system call.

    *

    CVE-2013-3228: The irda_recvmsg_dgram function in
    net/irda/af_irda.c in the Linux kernel did not initialize a
    certain length variable, which allowed local users to
    obtain sensitive information from kernel stack memory via a
    crafted recvmsg or recvfrom system call.

    *

    CVE-2013-3229: The iucv_sock_recvmsg function in
    net/iucv/af_iucv.c in the Linux kernel did not initialize a
    certain length variable, which allowed local users to
    obtain sensitive information from kernel stack memory via a
    crafted recvmsg or recvfrom system call.

    *

    CVE-2013-3231: The llc_ui_recvmsg function in
    net/llc/af_llc.c in the Linux kernel did not initialize a
    certain length variable, which allowed local users to
    obtain sensitive information from kernel stack memory via a
    crafted recvmsg or recvfrom system call.

    *

    CVE-2013-3232: The nr_recvmsg function in
    net/netrom/af_netrom.c in the Linux kernel did not
    initialize a certain data structure, which allowed local
    users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call.

    *

    CVE-2013-3234: The rose_recvmsg function in
    net/rose/af_rose.c in the Linux kernel did not initialize a
    certain data structure, which allowed local users to obtain
    sensitive information from kernel stack memory via a
    crafted recvmsg or recvfrom system call.

    *

    CVE-2013-3235: net/tipc/socket.c in the Linux kernel
    did not initialize a certain data structure and a certain
    length variable, which allowed local users to obtain
    sensitive information from kernel stack memory via a
    crafted recvmsg or recvfrom system call.

    *

    CVE-2013-1827: net/dccp/ccid.h in the Linux kernel
    allowed local users to gain privileges or cause a denial of
    service (NULL pointer dereference and system crash) by
    leveraging the CAP_NET_ADMIN capability for a certain (1)
    sender or (2) receiver getsockopt call.

    *

    CVE-2012-6549: The isofs_export_encode_fh function in
    fs/isofs/export.c in the Linux kernel did not initialize a
    certain structure member, which allowed local users to
    obtain sensitive information from kernel heap memory via a
    crafted application.

    *

    CVE-2012-6547: The __tun_chr_ioctl function in
    drivers/net/tun.c in the Linux kernel did not initialize a
    certain structure, which allowed local users to obtain
    sensitive information from kernel stack memory via a
    crafted application.

    *

    CVE-2012-6546: The ATM implementation in the Linux
    kernel did not initialize certain structures, which allowed
    local users to obtain sensitive information from kernel
    stack memory via a crafted application.

    *

    CVE-2012-6544: The Bluetooth protocol stack in the
    Linux kernel did not properly initialize certain
    structures, which allowed local users to obtain sensitive
    information from kernel stack memory via a crafted
    application that targets the (1) L2CAP or (2) HCI
    implementation.

    *

    CVE-2012-6545: The Bluetooth RFCOMM implementation in
    the Linux kernel did not properly initialize certain
    structures, which allowed local users to obtain sensitive
    information from kernel memory via a crafted application.

    *

    CVE-2012-6542: The llc_ui_getname function in
    net/llc/af_llc.c in the Linux kernel had an incorrect
    return value in certain circumstances, which allowed local
    users to obtain sensitive information from kernel stack
    memory via a crafted application that leverages an
    uninitialized pointer argument.

    *

    CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
    net/dccp/ccids/ccid3.c in the Linux kernel did not
    initialize a certain structure, which allowed local users
    to obtain sensitive information from kernel stack memory
    via a crafted application.

    *

    CVE-2012-6540: The do_ip_vs_get_ctl function in
    net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not
    initialize a certain structure for IP_VS_SO_GET_TIMEOUT
    commands, which allowed local users to obtain sensitive
    information from kernel stack memory via a crafted
    application.

    *

    CVE-2013-0914: The flush_signal_handlers function in
    kernel/signal.c in the Linux kernel preserved the value of
    the sa_restorer field across an exec operation, which made
    it easier for local users to bypass the ASLR protection
    mechanism via a crafted application containing a sigaction
    system call.

    *

    CVE-2011-2492: The bluetooth subsystem in the Linux
    kernel did not properly initialize certain data structures,
    which allowed local users to obtain potentially sensitive
    information from kernel memory via a crafted getsockopt
    system call, related to (1) the l2cap_sock_getsockopt_old
    function in net/bluetooth/l2cap_sock.c and (2) the
    rfcomm_sock_getsockopt_old function in
    net/bluetooth/rfcomm/sock.c.

    *

    CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
    in net/sctp/sm_statefuns.c in the SCTP implementation in
    the Linux kernel did not properly handle associations
    during the processing of a duplicate COOKIE ECHO chunk,
    which allowed remote attackers to cause a denial of service
    (NULL pointer dereference and system crash) or possibly
    have unspecified other impact via crafted SCTP traffic.

    *

    CVE-2012-6539: The dev_ifconf function in
    net/socket.c in the Linux kernel did not initialize a
    certain structure, which allowed local users to obtain
    sensitive information from kernel stack memory via a
    crafted application.

    *

    CVE-2013-2232: The ip6_sk_dst_check function in
    net/ipv6/ip6_output.c in the Linux kernel allowed local
    users to cause a denial of service (system crash) by using
    an AF_INET6 socket for a connection to an IPv4 interface.

    *

    CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
    in drivers/cdrom/cdrom.c in the Linux kernel allowed local
    users to obtain sensitive information from kernel memory
    via a read operation on a malfunctioning CD-ROM drive.

    *

    CVE-2012-4444: The ip6_frag_queue function in
    net/ipv6/reassembly.c in the Linux kernel allowed remote
    attackers to bypass intended network restrictions via
    overlapping IPv6 fragments.

    *

    CVE-2013-1928: The do_video_set_spu_palette function
    in fs/compat_ioctl.c in the Linux kernel on unspecified
    architectures lacked a certain error check, which might
    have allowed local users to obtain sensitive information
    from kernel stack memory via a crafted
    VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.

    *

    CVE-2013-0871: Race condition in the ptrace
    functionality in the Linux kernel allowed local users to
    gain privileges via a PTRACE_SETREGS ptrace system call in
    a crafted application, as demonstrated by ptrace_death.

    *

    CVE-2013-0268: The msr_open function in
    arch/x86/kernel/msr.c in the Linux kernel allowed local
    users to bypass intended capability restrictions by
    executing a crafted application as root, as demonstrated by
    msr32.c.

    *

    CVE-2012-3510: Use-after-free vulnerability in the
    xacct_add_tsk function in kernel/tsacct.c in the Linux
    kernel allowed local users to obtain potentially sensitive
    information from kernel memory or cause a denial of service
    (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
    command.

    *

    CVE-2011-4110: The user_update function in
    security/keys/user_defined.c in the Linux kernel allowed
    local users to cause a denial of service (NULL pointer
    dereference and kernel oops) via vectors related to a
    user-defined key and "updating a negative key into a fully
    instantiated key."

    *

    CVE-2012-2136: The sock_alloc_send_pskb function in
    net/core/sock.c in the Linux kernel did not properly
    validate a certain length value, which allowed local users
    to cause a denial of service (heap-based buffer overflow
    and system crash) or possibly gain privileges by leveraging
    access to a TUN/TAP device.

    *

    CVE-2009-4020: Stack-based buffer overflow in the hfs
    subsystem in the Linux kernel allowed remote attackers to
    have an unspecified impact via a crafted Hierarchical File
    System (HFS) filesystem, related to the hfs_readdir
    function in fs/hfs/dir.c.

    *

    CVE-2011-2928: The befs_follow_link function in
    fs/befs/linuxvfs.c in the Linux kernel did not validate the
    length attribute of long symlinks, which allowed local
    users to cause a denial of service (incorrect pointer
    dereference and OOPS) by accessing a long symlink on a
    malformed Be filesystem.

    *

    CVE-2011-4077: Buffer overflow in the xfs_readlink
    function in fs/xfs/xfs_vnodeops.c in XFS in the Linux
    kernel, when CONFIG_XFS_DEBUG is disabled, allowed local
    users to cause a denial of service (memory corruption and
    crash) and possibly execute arbitrary code via an XFS image
    containing a symbolic link with a long pathname.

    *

    CVE-2011-4324: The encode_share_access function in
    fs/nfs/nfs4xdr.c in the Linux kernel allowed local users to
    cause a denial of service (BUG and system crash) by using
    the mknod system call with a pathname on an NFSv4
    filesystem.

    *

    CVE-2011-4330: Stack-based buffer overflow in the
    hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel
    allowed local users to cause a denial of service (crash)
    and possibly execute arbitrary code via an HFS image with a
    crafted len field.

    *

    CVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the
    IPv6 implementation in the Linux kernel did not place the
    expected 0 character at the end of string data in the
    values of certain structure members, which allowed local
    users to obtain potentially sensitive information from
    kernel memory by leveraging the CAP_NET_ADMIN capability to
    issue a crafted request, and then reading the argument to
    the resulting modprobe process.

    *

    CVE-2011-2525: The qdisc_notify function in
    net/sched/sch_api.c in the Linux kernel did not prevent
    tc_fill_qdisc function calls referencing builtin (aka
    CQ_F_BUILTIN) Qdisc structures, which allowed local users
    to cause a denial of service (NULL pointer dereference and
    OOPS) or possibly have unspecified other impact via a
    crafted call.

    *

    CVE-2011-2699: The IPv6 implementation in the Linux
    kernel did not generate Fragment Identification values
    separately for each destination, which made it easier for
    remote attackers to cause a denial of service (disrupted
    networking) by predicting these values and sending crafted
    packets.

    *

    CVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the
    IPv4 implementation in the Linux kernel did not place the
    expected 0 character at the end of string data in the
    values of certain structure members, which allowed local
    users to obtain potentially sensitive information from
    kernel memory by leveraging the CAP_NET_ADMIN capability to
    issue a crafted request, and then reading the argument to
    the resulting modprobe process.

    *

    CVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the
    IPv4 implementation in the Linux kernel did not place the
    expected 0 character at the end of string data in the
    values of certain structure members, which allowed local
    users to obtain potentially sensitive information from
    kernel memory by leveraging the CAP_NET_ADMIN capability to
    issue a crafted request, and then reading the argument to
    the resulting modprobe process.

    *

    CVE-2011-3209: The div_long_long_rem implementation
    in include/asm-x86/div64.h in the Linux kernel on the x86
    platform allowed local users to cause a denial of service
    (Divide Error Fault and panic) via a clock_gettime system
    call.

    *

    CVE-2011-2213: The inet_diag_bc_audit function in
    net/ipv4/inet_diag.c in the Linux kernel did not properly
    audit INET_DIAG bytecode, which allowed local users to
    cause a denial of service (kernel infinite loop) via
    crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
    message, as demonstrated by an INET_DIAG_BC_JMP instruction
    with a zero yes value, a different vulnerability than
    CVE-2010-3880.

    *

    CVE-2011-2534: Buffer overflow in the
    clusterip_proc_write function in
    net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel
    might have allowed local users to cause a denial of service
    or have unspecified other impact via a crafted write
    operation, related to string data that lacks a terminating
    0 character.

    *

    CVE-2011-2699: The IPv6 implementation in the Linux
    kernel did not generate Fragment Identification values
    separately for each destination, which made it easier for
    remote attackers to cause a denial of service (disrupted
    networking) by predicting these values and sending crafted
    packets.

    *

    CVE-2011-2203: The hfs_find_init function in the
    Linux kernel allowed local users to cause a denial of
    service (NULL pointer dereference and Oops) by mounting an
    HFS file system with a malformed MDB extent record.

    *

    CVE-2009-4067: A USB string descriptor overflow in
    the auerwald USB driver was fixed, which could be used by
    physically proximate attackers to cause a kernel crash.

    *

    CVE-2011-3363: The setup_cifs_sb function in
    fs/cifs/connect.c in the Linux kernel did not properly
    handle DFS referrals, which allowed remote CIFS servers to
    cause a denial of service (system crash) by placing a
    referral at the root of a share.

    *

    CVE-2011-2484: The add_del_listener function in
    kernel/taskstats.c in the Linux kernel did not prevent
    multiple registrations of exit handlers, which allowed
    local users to cause a denial of service (memory and CPU
    consumption), and bypass the OOM Killer, via a crafted
    application.

    *

    CVE-2011-4132: The cleanup_journal_tail function in
    the Journaling Block Device (JBD) functionality in the
    Linux kernel allowed local users to cause a denial of
    service (assertion error and kernel oops) via an ext3 or
    ext4 image with an "invalid log first block value."

    *

    CVE-2010-4249: The wait_for_unix_gc function in
    net/unix/garbage.c in the Linux kernel before
    2.6.37-rc3-next-20101125 does not properly select times for
    garbage collection of inflight sockets, which allows local
    users to cause a denial of service (system hang) via
    crafted use of the socketpair and sendmsg system calls for
    SOCK_SEQPACKET sockets.

    The following bugs have been fixed:

    *

    patches.fixes/allow-executables-larger-than-2GB.patch: Allow
    executables larger than 2GB (bnc#836856).

    *

    cio: prevent kernel panic after unexpected I/O
    interrupt (bnc#649868,LTC#67975).

    * cio: Add timeouts for internal IO
    (bnc#701550,LTC#72691).
    *

    kernel: first time swap use results in heavy swapping
    (bnc#701550,LTC#73132).

    *

    qla2xxx: Do not be so verbose on underrun detected

    *

    patches.arch/i386-run-tsc-calibration-5-times.patch:
    Fix the patch, the logic was wrong (bnc#537165, bnc#826551).

    *

    xfs: Do not reclaim new inodes in xfs_sync_inodes()
    (bnc#770980 bnc#811752).

    *

    kbuild: Fix gcc -x syntax (bnc#773831).

    *

    e1000e: stop cleaning when we reach
    tx_ring->next_to_use (bnc#762825).

    *

    Fix race condition about network device name
    allocation (bnc#747576).

    *

    kdump: bootmem map over crash reserved region
    (bnc#749168, bnc#722400, bnc#742881).

    *

    tcp: fix race condition leading to premature
    termination of sockets in FIN_WAIT2 state and connection
    being reset (bnc#745760)

    *

    tcp: drop SYN+FIN messages (bnc#765102).

    *

    net/linkwatch: Handle jiffies wrap-around
    (bnc#740131).

    *

    patches.fixes/vm-dirty-bytes: Provide
    /proc/sys/vm/dirty_{background_,}bytes for tuning
    (bnc#727597).

    *

    ipmi: Fix deadlock in start_next_msg() (bnc#730749).

    *

    cpu-hotplug: release workqueue_mutex properly on CPU
    hot-remove (bnc#733407).

    *

    libiscsi: handle init task failures (bnc#721351).

    *

    NFS/sunrpc: do not use a credential with extra groups
    (bnc#725878).

    *

    x86_64: fix reboot hang when "reboot=b" is passed to
    the kernel (bnc#721267).

    *

    nf_nat: do not add NAT extension for confirmed
    conntracks (bnc#709213).

    *

    xfs: fix memory reclaim recursion deadlock on locked
    inode buffer (bnc#699355 bnc#699354 bnc#721830).

    *

    ipmi: do not grab locks in run-to-completion mode
    (bnc#717421).

    *

    cciss: do not attempt to read from a write-only
    register (bnc#683101).

    *

    qla2xxx: Disable MSI-X initialization (bnc#693513).

    *

    Allow balance_dirty_pages to help other filesystems
    (bnc#709369).

    * nfs: fix congestion control (bnc#709369).
    * NFS: Separate metadata and page cache revalidation
    mechanisms (bnc#709369).
    *

    knfsd: nfsd4: fix laundromat shutdown race
    (bnc#752556).

    *

    x87: Do not synchronize TSCs across cores if they
    already should be synchronized by HW (bnc#615418
    bnc#609220).

    *

    reiserfs: Fix int overflow while calculating free
    space (bnc#795075).

    *

    af_unix: limit recursion level (bnc#656153).

    *

    bcm43xx: netlink deadlock fix (bnc#850241).

    *

    jbd: Issue cache flush after checkpointing
    (bnc#731770).

    *

    cfq: Fix infinite loop in cfq_preempt_queue()
    (bnc#724692).

    Security Issue references:

    * CVE-2009-4020
    >
    * CVE-2009-4067
    >
    * CVE-2010-4249
    >
    * CVE-2011-1170
    >
    * CVE-2011-1171
    >
    * CVE-2011-1172
    >
    * CVE-2011-2203
    >
    * CVE-2011-2213
    >
    * CVE-2011-2484
    >
    * CVE-2011-2492
    >
    * CVE-2011-2494
    >
    * CVE-2011-2525
    >
    * CVE-2011-2534
    >
    * CVE-2011-2699
    >
    * CVE-2011-2928
    >
    * CVE-2011-3209
    >
    * CVE-2011-3363
    >
    * CVE-2011-4077
    >
    * CVE-2011-4110
    >
    * CVE-2011-4324
    >
    * CVE-2011-4330
    >
    * CVE-2012-2136
    >
    * CVE-2012-3510
    >
    * CVE-2012-4444
    >
    * CVE-2012-4530
    >
    * CVE-2012-6537
    >
    * CVE-2012-6539
    >
    * CVE-2012-6540
    >
    * CVE-2012-6541
    >
    * CVE-2012-6542
    >
    * CVE-2012-6544
    >
    * CVE-2012-6545
    >
    * CVE-2012-6546
    >
    * CVE-2012-6547
    >
    * CVE-2012-6549
    >
    * CVE-2013-0160
    >
    * CVE-2013-0268
    >
    * CVE-2013-0871
    >
    * CVE-2013-0914
    >
    * CVE-2013-1827
    >
    * CVE-2013-2141
    >
    * CVE-2013-2147
    >
    * CVE-2013-2164
    >
    * CVE-2013-2206
    >
    * CVE-2013-2232
    >
    * CVE-2013-2234
    >
    * CVE-2013-2237
    >
    * CVE-2013-3222
    >
    * CVE-2013-3223
    >
    * CVE-2013-3224
    >
    * CVE-2013-3228
    >
    * CVE-2013-3229
    >
    * CVE-2013-3231
    >
    * CVE-2013-3232
    >
    * CVE-2013-3234
    >
    * CVE-2013-3235
    >
    * CVE-2011-4132
    >
    * CVE-2013-1928
    >

    Indications:

    Everyone using the Linux Kernel on x86_64 architecture should update.

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Package List:

    • SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
    • kernel-default-2.6.16.60-0.113.1
    • kernel-source-2.6.16.60-0.113.1
    • kernel-syms-2.6.16.60-0.113.1
    • SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64):
    • kernel-debug-2.6.16.60-0.113.1
    • kernel-kdump-2.6.16.60-0.113.1
    • kernel-smp-2.6.16.60-0.113.1
    • kernel-xen-2.6.16.60-0.113.1
    • SUSE Linux Enterprise Server 10 SP3 LTSS (i586):
    • kernel-bigsmp-2.6.16.60-0.113.1
    • kernel-kdumppae-2.6.16.60-0.113.1
    • kernel-vmi-2.6.16.60-0.113.1
    • kernel-vmipae-2.6.16.60-0.113.1
    • kernel-xenpae-2.6.16.60-0.113.1

    References:

    • http://support.novell.com/security/cve/CVE-2009-4020.html
    • http://support.novell.com/security/cve/CVE-2009-4067.html
    • http://support.novell.com/security/cve/CVE-2010-4249.html
    • http://support.novell.com/security/cve/CVE-2011-1170.html
    • http://support.novell.com/security/cve/CVE-2011-1171.html
    • http://support.novell.com/security/cve/CVE-2011-1172.html
    • http://support.novell.com/security/cve/CVE-2011-2203.html
    • http://support.novell.com/security/cve/CVE-2011-2213.html
    • http://support.novell.com/security/cve/CVE-2011-2484.html
    • http://support.novell.com/security/cve/CVE-2011-2492.html
    • http://support.novell.com/security/cve/CVE-2011-2494.html
    • http://support.novell.com/security/cve/CVE-2011-2525.html
    • http://support.novell.com/security/cve/CVE-2011-2534.html
    • http://support.novell.com/security/cve/CVE-2011-2699.html
    • http://support.novell.com/security/cve/CVE-2011-2928.html
    • http://support.novell.com/security/cve/CVE-2011-3209.html
    • http://support.novell.com/security/cve/CVE-2011-3363.html
    • http://support.novell.com/security/cve/CVE-2011-4077.html
    • http://support.novell.com/security/cve/CVE-2011-4110.html
    • http://support.novell.com/security/cve/CVE-2011-4132.html
    • http://support.novell.com/security/cve/CVE-2011-4324.html
    • http://support.novell.com/security/cve/CVE-2011-4330.html
    • http://support.novell.com/security/cve/CVE-2012-2136.html
    • http://support.novell.com/security/cve/CVE-2012-3510.html
    • http://support.novell.com/security/cve/CVE-2012-4444.html
    • http://support.novell.com/security/cve/CVE-2012-4530.html
    • http://support.novell.com/security/cve/CVE-2012-6537.html
    • http://support.novell.com/security/cve/CVE-2012-6539.html
    • http://support.novell.com/security/cve/CVE-2012-6540.html
    • http://support.novell.com/security/cve/CVE-2012-6541.html
    • http://support.novell.com/security/cve/CVE-2012-6542.html
    • http://support.novell.com/security/cve/CVE-2012-6544.html
    • http://support.novell.com/security/cve/CVE-2012-6545.html
    • http://support.novell.com/security/cve/CVE-2012-6546.html
    • http://support.novell.com/security/cve/CVE-2012-6547.html
    • http://support.novell.com/security/cve/CVE-2012-6549.html
    • http://support.novell.com/security/cve/CVE-2013-0160.html
    • http://support.novell.com/security/cve/CVE-2013-0268.html
    • http://support.novell.com/security/cve/CVE-2013-0871.html
    • http://support.novell.com/security/cve/CVE-2013-0914.html
    • http://support.novell.com/security/cve/CVE-2013-1827.html
    • http://support.novell.com/security/cve/CVE-2013-1928.html
    • http://support.novell.com/security/cve/CVE-2013-2141.html
    • http://support.novell.com/security/cve/CVE-2013-2147.html
    • http://support.novell.com/security/cve/CVE-2013-2164.html
    • http://support.novell.com/security/cve/CVE-2013-2206.html
    • http://support.novell.com/security/cve/CVE-2013-2232.html
    • http://support.novell.com/security/cve/CVE-2013-2234.html
    • http://support.novell.com/security/cve/CVE-2013-2237.html
    • http://support.novell.com/security/cve/CVE-2013-3222.html
    • http://support.novell.com/security/cve/CVE-2013-3223.html
    • http://support.novell.com/security/cve/CVE-2013-3224.html
    • http://support.novell.com/security/cve/CVE-2013-3228.html
    • http://support.novell.com/security/cve/CVE-2013-3229.html
    • http://support.novell.com/security/cve/CVE-2013-3231.html
    • http://support.novell.com/security/cve/CVE-2013-3232.html
    • http://support.novell.com/security/cve/CVE-2013-3234.html
    • http://support.novell.com/security/cve/CVE-2013-3235.html
    • https://bugzilla.novell.com/537165
    • https://bugzilla.novell.com/609220
    • https://bugzilla.novell.com/615418
    • https://bugzilla.novell.com/649868
    • https://bugzilla.novell.com/656153
    • https://bugzilla.novell.com/681180
    • https://bugzilla.novell.com/681181
    • https://bugzilla.novell.com/681185
    • https://bugzilla.novell.com/683101
    • https://bugzilla.novell.com/693513
    • https://bugzilla.novell.com/699354
    • https://bugzilla.novell.com/699355
    • https://bugzilla.novell.com/699709
    • https://bugzilla.novell.com/700879
    • https://bugzilla.novell.com/701550
    • https://bugzilla.novell.com/702014
    • https://bugzilla.novell.com/702037
    • https://bugzilla.novell.com/703153
    • https://bugzilla.novell.com/703156
    • https://bugzilla.novell.com/706375
    • https://bugzilla.novell.com/707288
    • https://bugzilla.novell.com/709213
    • https://bugzilla.novell.com/709369
    • https://bugzilla.novell.com/713430
    • https://bugzilla.novell.com/717421
    • https://bugzilla.novell.com/718028
    • https://bugzilla.novell.com/721267
    • https://bugzilla.novell.com/721351
    • https://bugzilla.novell.com/721830
    • https://bugzilla.novell.com/722400
    • https://bugzilla.novell.com/724692
    • https://bugzilla.novell.com/725878
    • https://bugzilla.novell.com/726064
    • https://bugzilla.novell.com/726600
    • https://bugzilla.novell.com/727597
    • https://bugzilla.novell.com/730118
    • https://bugzilla.novell.com/730749
    • https://bugzilla.novell.com/731673
    • https://bugzilla.novell.com/731770
    • https://bugzilla.novell.com/732613
    • https://bugzilla.novell.com/733407
    • https://bugzilla.novell.com/734056
    • https://bugzilla.novell.com/735612
    • https://bugzilla.novell.com/740131
    • https://bugzilla.novell.com/742881
    • https://bugzilla.novell.com/745760
    • https://bugzilla.novell.com/747576
    • https://bugzilla.novell.com/749168
    • https://bugzilla.novell.com/752556
    • https://bugzilla.novell.com/760902
    • https://bugzilla.novell.com/762825
    • https://bugzilla.novell.com/765102
    • https://bugzilla.novell.com/765320
    • https://bugzilla.novell.com/770980
    • https://bugzilla.novell.com/773831
    • https://bugzilla.novell.com/776888
    • https://bugzilla.novell.com/786013
    • https://bugzilla.novell.com/789831
    • https://bugzilla.novell.com/795075
    • https://bugzilla.novell.com/797175
    • https://bugzilla.novell.com/802642
    • https://bugzilla.novell.com/804154
    • https://bugzilla.novell.com/808827
    • https://bugzilla.novell.com/809889
    • https://bugzilla.novell.com/809891
    • https://bugzilla.novell.com/809892
    • https://bugzilla.novell.com/809893
    • https://bugzilla.novell.com/809894
    • https://bugzilla.novell.com/809898
    • https://bugzilla.novell.com/809899
    • https://bugzilla.novell.com/809900
    • https://bugzilla.novell.com/809901
    • https://bugzilla.novell.com/809903
    • https://bugzilla.novell.com/811354
    • https://bugzilla.novell.com/811752
    • https://bugzilla.novell.com/813735
    • https://bugzilla.novell.com/815745
    • https://bugzilla.novell.com/816668
    • https://bugzilla.novell.com/823260
    • https://bugzilla.novell.com/823267
    • https://bugzilla.novell.com/824295
    • https://bugzilla.novell.com/826102
    • https://bugzilla.novell.com/826551
    • https://bugzilla.novell.com/827749
    • https://bugzilla.novell.com/827750
    • https://bugzilla.novell.com/828119
    • https://bugzilla.novell.com/836856
    • https://bugzilla.novell.com/850241
    • http://download.suse.com/patch/finder/?keywords=2edd49abdf9ae71916d1b5acb9177a75
    • http://download.suse.com/patch/finder/?keywords=ab3d3594ee8b8099b9bc0f2a2095b6b6
    • http://download.suse.com/patch/finder/?keywords=ffdbcc106c0e9486ae78943c42345dbd