Update for kernel-debug.openSUSE_Evergreen_11.4,... security important

3.0.80 kernel update

The kernel was updated to Linux kernel 3.0.80, fixing various bugs and security issues.

Following security issues were fixed: CVE-2013-0160: Timing
side channel on attacks were possible on /dev/ptmx that
could allow local attackers to predict keypresses like e.g.
passwords. This has been fixed again by updating
accessed/modified time on the pty devices in resolution of
8 seconds, so that idle time detection can still work.

CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
in the Linux kernel did not initialize a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call.

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom
system call.

CVE-2013-3225: The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3227: The caif_seqpkt_recvmsg function in
net/caif/caif_socket.c in the Linux kernel did not
initialize a certain length variable, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3235: net/tipc/socket.c in the Linux kernel did
not initialize a certain data structure and a certain
length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call.

CVE-2013-3076: The crypto API in the Linux kernel did not
initialize certain length variables, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call,
related to the hash_recvmsg function in crypto/algif_hash.c
and the skcipher_recvmsg function in
crypto/algif_skcipher.c.

CVE-2013-1979: The scm_set_cred function in
include/net/scm.h in the Linux kernel used incorrect uid
and gid values during credentials passing, which allowed
local users to gain privileges via a crafted application.

A kernel information leak via tkill/tgkill was fixed.

Following bugs were fixed:
- reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry (bnc#822722).

- libfc: do not exch_done() on invalid sequence ptr
(bnc#810722).

- netfilter: ip6t_LOG: fix logging of packet mark
(bnc#821930).

- hyperv: use 3.4 as LIC version string (bnc#822431).

- virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID
(bnc#819655).

- xen/netback: do not disconnect frontend when seeing
oversize packet.
- xen/netfront: reduce gso_max_size to account for max TCP
header.
- xen/netfront: fix kABI after "reduce gso_max_size to
account for max TCP header".

- xfs: Fix kABI due to change in xfs_buf (bnc#815356).

- xfs: fix race while discarding buffers [V4] (bnc#815356
(comment 36)).

- xfs: Serialize file-extending direct IO (bnc#818371).

- xhci: Do not switch webcams in some HP ProBooks to XHCI
(bnc#805804).
- bluetooth: Do not switch BT on HP ProBook 4340
(bnc#812281).

- s390/ftrace: fix mcount adjustment (bnc#809895).

- mm: memory_dev_init make sure nmi watchdog does not
trigger while registering memory sections (bnc#804609,
bnc#820434).

- patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid
pathological backwards allocation (bnc#805945).

- mm: compaction: Restart compaction from near where it
left off
- mm: compaction: cache if a pageblock was scanned and no
pages were isolated
- mm: compaction: clear PG_migrate_skip based on compaction
and reclaim activity
- mm: compaction: Scan PFN caching KABI workaround
- mm: page_allocator: Remove first_pass guard
- mm: vmscan: do not stall on writeback during memory
compaction Cache compaction restart points for faster
compaction cycles (bnc#816451)

- qlge: fix dma map leak when the last chunk is not
allocated (bnc#819519).

- SUNRPC: Get rid of the redundant xprt->shutdown bit field
(bnc#800907).
- SUNRPC: Ensure that we grab the XPRT_LOCK before calling
xprt_alloc_slot (bnc#800907).
- SUNRPC: Fix a UDP transport regression (bnc#800907).
- SUNRPC: Allow caller of rpc_sleep_on() to select priority
levels (bnc#800907).
- SUNRPC: Replace xprt->resend and xprt->sending with a
priority queue (bnc#800907).
- SUNRPC: Fix potential races in xprt_lock_write_next()
(bnc#800907).

- md: cannot re-add disks after recovery (bnc#808647).

- fs/xattr.c:getxattr(): improve handling of allocation
failures (bnc#818053).
- fs/xattr.c:listxattr(): fall back to vmalloc() if
kmalloc() failed (bnc#818053).
- fs/xattr.c:setxattr(): improve handling of allocation
failures (bnc#818053).
- fs/xattr.c: suppress page allocation failure warnings
from sys_listxattr() (bnc#818053).

- virtio-blk: Call revalidate_disk() upon online disk
resize (bnc#817339).

- usb-storage: CY7C68300A chips do not support Cypress
ATACB (bnc#819295).

- patches.kernel.org/patch-3.0.60-61: Update references
(add bnc#810580).

- usb: Using correct way to clear usb3.0 devices remote
wakeup feature (bnc#818516).

- xhci: Fix TD size for isochronous URBs (bnc#818514).

- ALSA: hda - fixup D3 pin and right channel mute on
Haswell HDMI audio (bnc#818798).
- ALSA: hda - Apply pin-enablement workaround to all
Haswell HDMI codecs (bnc#818798).

- xfs: fallback to vmalloc for large buffers in
xfs_attrmulti_attr_get (bnc#818053).
- xfs: fallback to vmalloc for large buffers in
xfs_attrlist_by_handle (bnc#818053).
- xfs: xfs: fallback to vmalloc for large buffers in
xfs_compat_attrlist_by_handle (bnc#818053).

- xHCI: store rings type.
- xhci: Fix hang on back-to-back Set TR Deq Ptr commands.
- xHCI: check enqueue pointer advance into dequeue seg.
- xHCI: store rings last segment and segment numbers.
- xHCI: Allocate 2 segments for transfer ring.
- xHCI: count free TRBs on transfer ring.
- xHCI: factor out segments allocation and free function.
- xHCI: update sg tablesize.
- xHCI: set cycle state when allocate rings.
- xhci: Reserve one command for USB3 LPM disable.
- xHCI: dynamic ring expansion.
- xhci: Do not warn on empty ring for suspended devices.

- md/raid1: Do not release reference to device while
handling read error (bnc#809122, bnc#814719).

- rpm/mkspec: Stop generating the get_release_number.sh
file.

- rpm/kernel-spec-macros: Properly handle KOTD release
numbers with .g suffix.

- rpm/kernel-spec-macros: Drop the %release_num macro We no
longer put the -rcX tag into the release string.

- rpm/kernel-*.spec.in, rpm/mkspec: Do not force the
"" string in specfiles.

- mm/mmap: check for RLIMIT_AS before unmapping
(bnc#818327).

- mm: Fix add_page_wait_queue() to work for PG_Locked bit
waiters (bnc#792584).

- mm: Fix add_page_wait_queue() to work for PG_Locked bit
waiters (bnc#792584).

- bonding: only use primary address for ARP (bnc#815444).
- bonding: remove entries for master_ip and vlan_ip and
query devices instead (bnc#815444).

- mm: speedup in __early_pfn_to_nid (bnc#810624).

- TTY: fix atime/mtime regression (bnc#815745).

- sd_dif: problem with verify of type 1 protection
information (PI) (bnc#817010).

- sched: harden rq rt usage accounting (bnc#769685,
bnc#788590).

- rcu: Avoid spurious RCU CPU stall warnings (bnc#816586).
- rcu: Dump local stack if cannot dump all CPUs stacks
(bnc#816586).
- rcu: Fix detection of abruptly-ending stall (bnc#816586).
- rcu: Suppress NMI backtraces when stall ends before dump
(bnc#816586).

- Update Xen patches to 3.0.74.

- btrfs: do not re-enter when allocating a chunk.
- btrfs: save us a read_lock.
- btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS.
- btrfs: remove unused fs_info from btrfs_decode_error().
- btrfs: handle null fs_info in btrfs_panic().
- btrfs: fix varargs in __btrfs_std_error.
- btrfs: fix the race between bio and btrfs_stop_workers.
- btrfs: fix NULL pointer after aborting a transaction.
- btrfs: fix infinite loop when we abort on mount.

- xfs: Do not allocate new buffers on every call to
_xfs_buf_find (bnc#763968).
- xfs: fix buffer lookup race on allocation failure
(bnc#763968).

Fixed bugs
bnc#763968
SLES 11 SP2 appliance experiencing kernel soft lockup during load testing
bnc#769685
sched: Make sure to not re-read variables after validation
bnc#788590
UV2 SLES11SP2 divide error: 0000 in find_busiest_group
bnc#789359
[Regression] /dev/urandom returning EOF kills all applications relying on it being blocking but never empty
bnc#792584
cp from NFS mount to local disk hangs when fsc is enabled
bnc#797175
VUL-1: kernel: /dev/ptmx timing attacks
bnc#800907
request to port upstream fixes for nfs/infiniband into SLES 11 SP2
bnc#802642
VUL-1: CVE-2013-0268: kernel: code exec via /dev/cpu/*/msr
bnc#804609
[HP BCS SLES11 Bug]: Booting SLES 11 SP2 on DL980 G7 causes soft lockup and init call trace in dmesg
bnc#804656
VUL-1: CVE-2013-0311: kernel: vhost: fix length for cross region descriptor
bnc#805804
SLED11 SP2/30.7.1/Comet1.0/SI-1/Cheese application cannot initialize HP web-Camera
bnc#805945
XFS: Inconsistent write throughput to XFS volume
bnc#806238
VUL-1: CVE-2013-1772: kernel: Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow
bnc#806980
VUL-0: kvm:CVE-2013-1796, CVE-2013-1797,CVE-2013-1798: multiple buffer overflows
bnc#808358
VUL-1: kernel: CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()
bnc#808647
DASD(s) wont be re-added automatically to the MD Array after channel path(s) online.
bnc#808827
VUL-1: CVE-2013-0914: kernel: sa_restorer information leak
bnc#809122
L3: kernel crash with NULL pointer in raid code on host based softraid mirrors
bnc#809895
trace_events.c:1738 appear and ftrace dont work, if ipl with kernel-trace on s390x.
bnc#809902
VUL-1: CVE-2012-6548: kernel: udf: information leak in udf_encode_fh function in fs/udf/namei.c
bnc#809903
VUL-1: CVE-2012-6549: kernel: isofs information leak via isofs_export_encode_fh function in fs/isofs/export.c
bnc#810473
VUL-1: CVE-2013-2634/CVE-2013-2635/CVE-2013-2636: kernel: net - three info leaks in rtnl
bnc#810580
L3: crash dump fails with kernel panic at uhci_scan_schedule
bnc#810624
Performance improvement in __early_pfn_to_nid()
bnc#810722
Kernel oops crash with fnic driver
bnc#812281
SLED 11 SP2 /30.1.2/Racer1.0/Bluetooth/Mango - function lost when resume from s3.
bnc#814719
null pointer dereference in raid1d
bnc#815356
ISST-LTE: uselp8 crashed to xmon (.update_curr+0x260/0x2d8)
bnc#815444
Bonding: Only use primary address for ARP
bnc#815745
terminal idle time displayed by "w" command is incorrect
bnc#816443
RC1candidate kernel: hang accessing /sys/devices/system/node/node0
bnc#816451
SLES 11 SP2 - disabling transparent hugepages significantly improves application start-up time
bnc#816586
L3: rcu_bh_state detected stall on CPU 3 (t=0 jiffies)
bnc#817010
sles11sp2: incorrect verify of type 1 PI causes PI errors with > 2TB lun
bnc#817339
virtio_blk does not update device size properly
bnc#818053
TiNa backups fail due to page allocation failure from getxattr
bnc#818327
Kernel 3.0.74-0.6.6: regression: LTP (openposix) mmap_24_2
bnc#818371
XFS data corruption
bnc#818514
xhci: Fix TD size for isochronous URBs.
bnc#818516
usb: Using correct way to clear usb3.0 devices remote wakeup feature.
bnc#818798
Haswell HDMI audio errors after S3 on RACER
bnc#819295
Some Cypress drive enclosures need reset after hdparm and ata_id
bnc#819519
qlge fails to DLPAR (Qlogic)
bnc#819655
Ethernet bridge doesnt seem to work properly on s390x
bnc#820434
L3: CPU#0 stuck for 22s! during creation of sysfs directories despite fix from bug 755620
bnc#821930
ip6tables/xt_LOG recursion does not log FWMARK
bnc#822431
Fix the LIS version string
bnc#822722
reiserfs: readdir() can return the same entry multiple times under load
Selected Binaries
openSUSE Build Service is sponsored by