File _patchinfo of Package patchinfo.1641

<patchinfo incident="1641">
  <packager>jeff_mahoney</packager>
  <issue tracker="bnc" id="808829">VUL-1: CVE-2013-0913: kernel: drm/i915 integer overflow</issue>
  <issue tracker="bnc" id="805633">VUL-0: CVE-2013-1763: kernel: local privilege escalation via sock_diag netlink socket</issue>
  <issue tracker="bnc" id="806138">VUL-1: CVE-2013-1767: kernel: tmpfs: use-after-free with mempolicy</issue>
  <issue tracker="bnc" id="806976">VUL-1:  CVE-2013-1774: kernel: usb: io_ti: NULL pointer dereference</issue>
  <issue tracker="bnc" id="802153">quota: quota_v2 not autoloaded when QFMT_VFS_V1 used</issue>
  <issue tracker="bnc" id="809330">OpenSUSE 12.3 telnet server: corrupt text on telnet client</issue>
  <issue tracker="bnc" id="809748">loopdev: deadlock between open and ioctl(LOOP_SET_CAPACITY)</issue>
  <issue tracker="bnc" id="792500">L3-Question: "Switching to clocksource hyperv_clocksource" - SLES 11 SP2 DomU hangs on boot on top of Citrix 6.0.2 version</issue>
  <issue tracker="bnc" id="813963">bootsplash broken on 3.0.67+</issue>
  <issue tracker="bnc" id="809155">VUL-1: CVE-2013-1848: kernel: format string exploit in ext3 super</issue>
  <issue tracker="bnc" id="806980">VUL-0: kvm:CVE-2013-1796, CVE-2013-1797,CVE-2013-1798: multiple buffer overflows</issue>
  <issue tracker="cve" id="CVE-2013-1763"></issue>
  <issue tracker="cve" id="CVE-2013-1767"></issue>
  <issue tracker="cve" id="CVE-2013-0913"></issue>
  <issue tracker="cve" id="CVE-2013-1796"></issue>
  <issue tracker="cve" id="CVE-2013-1797"></issue>
  <issue tracker="cve" id="CVE-2013-1774"></issue>
  <issue tracker="cve" id="CVE-2013-1848"></issue>
  <issue tracker="cve" id="CVE-2013-1798"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>kernel: Security and Bugfix update for 3.4.42</summary>
  <description>
Linux kernel was updated to kernel 3.4.42 fixing various bugs and security issues.

- Refresh patches.suse/SUSE-bootsplash.
  Fix bootsplash breakage due to stable fix (bnc#813963)

- Linux 3.4.39.
- kABI: protect struct tracer.

- Linux 3.4.38 (bnc#808829,CVE-2013-0913).
- patches.kabi/kabi-protect-struct-sk_buff.patch: kABI: protect struct sk_buff.
- patches.kabi/kabi-ipv4-remove-inclusion.patch: kABI: ipv4, remove inclusion.

- USB: io_ti: Fix NULL dereference in chase_port() (bnc#806976,
  CVE-2013-1774).

- Linux 3.4.37 (bnc#809155 bnc#809330 bnc#809748 CVE-2013-1848).
- Linux 3.4.36.

- KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init
  (bnc#806980 CVE-2013-1797).
- KVM: Fix bounds checking in ioapic indirect register read
  (bnc#806980 CVE-2013-1798).
- KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME
  (bnc#806980 CVE-2013-1796).
- kabi/severities: Allow kvm abi changes - kvm modules are self consistent

- loopdev: fix a deadlock (bnc#809748).
- block: use i_size_write() in bd_set_size() (bnc#809748).

- drm/i915: bounds check execbuffer relocation count
  (bnc#808829,CVE-2013-0913).

- TTY: do not reset master's packet mode (bnc#809330).

- Update patches.fixes/ext3-Fix-format-string-issues.patch
  (bnc#809155 CVE-2013-1848).

- ext3: Fix format string issues (bnc#809155).

- Linux 3.4.35 (bnc#802153).

- Linux 3.4.34 (CVE-2013-1763 CVE-2013-1767 bnc#792500 bnc#806138
  bnc#805633).

- tmpfs: fix use-after-free of mempolicy object (bnc#806138,
  CVE-2013-1767).
</description>
  <reboot_needed/>
</patchinfo>