File _patchinfo of Package patchinfo.553

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.553

<patchinfo incident="553">
  <packager>jeff_mahoney</packager>
  <issue tracker="bnc" id="717749"></issue>
  <issue tracker="cve" id="CVE-2010-4249"></issue>
  <issue tracker="cve" id="CVE-2012-2123"></issue>
  <issue tracker="cve" id="CVE-2012-2136"></issue>
  <issue tracker="bnc" id="653260"></issue>
  <issue tracker="cve" id="CVE-2012-2663"></issue>
  <issue tracker="bnc" id="758260"></issue>
  <issue tracker="bnc" id="765102"></issue>
  <issue tracker="bnc" id="765320"></issue>
  <issue tracker="cve" id="CVE-2012-1090"></issue>
  <issue tracker="bnc" id="749569"></issue>
  <issue tracker="bnc" id="681639"></issue>
  <issue tracker="cve" id="CVE-2011-2700"></issue>
  <issue tracker="cve" id="CVE-2011-2909"></issue>
  <issue tracker="bnc" id="756840"></issue>
  <issue tracker="cve" id="CVE-2011-2928"></issue>
  <issue tracker="cve" id="CVE-2012-0044"></issue>
  <issue tracker="bnc" id="707332"></issue>
  <issue tracker="bnc" id="756203"></issue>
  <issue tracker="bnc" id="711941"></issue>
  <issue tracker="bnc" id="713430"></issue>
  <issue tracker="bnc" id="740745"></issue>
  <issue tracker="cve" id="CVE-2011-2517"></issue>
  <issue tracker="bnc" id="760902"></issue>
  <issue tracker="bnc" id="689860"></issue>
  <issue tracker="bnc" id="703410"></issue>
  <issue tracker="cve" id="CVE-2012-1097"></issue>
  <issue tracker="bnc" id="750079"></issue>
  <issue tracker="bnc" id="747038"></issue>
  <issue tracker="bnc" id="737624"></issue>
  <issue tracker="bnc" id="726600"></issue>
  <issue tracker="bnc" id="655696"></issue>
  <issue tracker="bnc" id="730118"></issue>
  <issue tracker="bnc" id="757278"></issue>
  <issue tracker="cve" id="CVE-2011-4077"></issue>
  <issue tracker="bnc" id="466279"></issue>
  <issue tracker="cve" id="CVE-2010-4164"></issue>
  <issue tracker="bnc" id="759545"></issue>
  <issue tracker="cve" id="CVE-2009-4020"></issue>
  <issue tracker="bnc" id="740448"></issue>
  <issue tracker="bnc" id="740703"></issue>
  <issue tracker="bnc" id="738644"></issue>
  <issue tracker="bnc" id="714455"></issue>
  <issue tracker="cve" id="CVE-2011-1173"></issue>
  <issue tracker="cve" id="CVE-2010-3873"></issue>
  <issue tracker="bnc" id="683671"></issue>
  <issue tracker="cve" id="CVE-2011-4086"></issue>
  <issue tracker="bnc" id="745832"></issue>
  <issue tracker="bnc" id="721366"></issue>
  <issue tracker="cve" id="CVE-2011-3619"></issue>
  <issue tracker="bnc" id="717209"></issue>
  <issue tracker="cve" id="CVE-2011-1083"></issue>
  <issue tracker="bnc" id="729247"></issue>
  <issue tracker="bnc" id="676204"></issue>
  <issue tracker="cve" id="CVE-2011-3638"></issue>
  <issue tracker="bnc" id="726045"></issue>
  <issue tracker="bnc" id="746980"></issue>
  <issue tracker="bnc" id="758813"></issue>
  <issue tracker="cve" id="CVE-2011-4330"></issue>
  <issue tracker="bnc" id="731673"></issue>
  <issue tracker="cve" id="CVE-2012-0038"></issue>
  <issue tracker="bnc" id="732908"></issue>
  <issue tracker="bnc" id="681186"></issue>
  <issue tracker="cve" id="CVE-2012-2119"></issue>
  <issue tracker="bnc" id="758243"></issue>
  <issue tracker="cve" id="CVE-2012-0207"></issue>
  <issue tracker="bnc" id="747660"></issue>
  <issue tracker="bnc" id="744658"></issue>
  <issue tracker="cve" id="CVE-2012-1146"></issue>
  <issue tracker="bnc" id="750959"></issue>
  <issue tracker="bnc" id="651219"></issue>
  <issue tracker="bnc" id="748859"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Kernel update</summary>
  <description>This kernel update of the openSUSE 12.1 kernel fixes
lots of bugs and security issues.

Following issues were fixed:

- tcp: drop SYN+FIN messages (bnc#765102).
- net: sock: validate data_len before allocating skb in
  sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).

- fcaps: clear the same personality flags as suid when fcaps
  are used (bnc#758260 CVE-2012-2123).

- macvtap: zerocopy: validate vectors before building skb
  (bnc#758243 CVE-2012-2119).

- hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020).

- xfrm: take net hdr len into account for esp payload size
  calculation (bnc#759545).

- ext4: fix undefined behavior in ext4_fill_flex_info()
  (bnc#757278).

- igb: fix rtnl race in PM resume path (bnc#748859).
- ixgbe: add missing rtnl_lock in PM resume path (bnc#748859).

- b43: allocate receive buffers big enough for max frame len +
  offset (bnc#717749).

- xenbus: Reject replies with payload &gt; XENSTORE_PAYLOAD_MAX.
- xenbus_dev: add missing error checks to watch handling.
- hwmon: (coretemp-xen) Fix TjMax detection for older CPUs.
- hwmon: (coretemp-xen) Relax target temperature range check.
- Refresh other Xen patches.

- tlan: add cast needed for proper 64 bit operation (bnc#756840).

- dl2k: Tighten ioctl permissions (bnc#758813).

- [media] cx22702: Fix signal strength.

- fs: cachefiles: Add support for large files in filesystem
  caching (bnc#747038).

- bridge: correct IPv6 checksum after pull (bnc#738644).
- bridge: fix a possible use after free (bnc#738644).
- bridge: Pseudo-header required for the checksum of ICMPv6
  (bnc#738644).
- bridge: mcast snooping, fix length check of snooped MLDv1/2
  (bnc#738644).

- PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455).

- ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203).

- drm/i915/crt: Remove 0xa0 probe for VGA.

- tty_audit: fix tty_audit_add_data live lock on audit disabled
  (bnc#721366).

- drm/i915: suspend fbdev device around suspend/hibernate
  (bnc#732908).

- dlm: Do not allocate a fd for peeloff (bnc#729247).
- sctp: Export sctp_do_peeloff (bnc#729247).

- i2c-algo-bit: Fix spurious SCL timeouts under heavy load.

- patches.fixes/epoll-dont-limit-non-nested.patch: Don't limit
    non-nested epoll paths (bnc#676204).

- Update patches.suse/sd_init.mark_majors_busy.patch (bnc#744658).

- igb: Fix for Alt MAC Address feature on 82580 and later devices
  (bnc#746980).

- mark busy sd majors as allocated (bug#744658).

- regset: Return -EFAULT, not -EIO, on host-side memory fault
  (bnc# 750079 CVE-2012-1097).
- regset: Prevent null pointer reference on readonly regsets
  (bnc#750079 CVE-2012-1097).

- mm: memcg: Correct unregistring of events attached to the same
  eventfd (CVE-2012-1146 bnc#750959).

- befs: Validate length of long symbolic links (CVE-2011-2928
  bnc#713430).

- si4713-i2c: avoid potential buffer overflow on si4713
  (CVE-2011-2700 bnc#707332).

- staging: comedi: fix infoleak to userspace (CVE-2011-2909
  bnc#711941).

- hfs: add sanity check for file name length (CVE-2011-4330
  bnc#731673).

- cifs: fix dentry refcount leak when opening a FIFO on lookup
  (CVE-2012-1090 bnc#749569).

- drm: integer overflow in drm_mode_dirtyfb_ioctl() (CVE-2012-0044
  bnc#740745).

- xfs: fix acl count validation in xfs_acl_from_disk()
  (CVE-2012-0038 bnc#740703).
- xfs: validate acl count (CVE-2012-0038 bnc#740703).

- patches.fixes/xfs-fix-possible-memory-corruption-in-xfs_readlink: Work around missing xfs_alert().

- xfs: Fix missing xfs_iunlock() on error recovery path in
  xfs_readlink() (CVE-2011-4077 bnc#726600).
- xfs: Fix possible memory corruption in xfs_readlink
  (CVE-2011-4077 bnc#726600).

- ext4: make ext4_split_extent() handle error correctly.
- ext4: ext4_ext_convert_to_initialized bug found in extended
  FSX testing.
- ext4: add ext4_split_extent_at() and ext4_split_extent().

- ext4: reimplement convert and split_unwritten (CVE-2011-3638
  bnc#726045).

- patches.fixes/epoll-limit-paths.patch: epoll: limit paths
    (bnc#676204 CVE-2011-1083).
- patches.kabi/epoll-kabi-fix.patch: epoll: hide kabi change in
    struct file (bnc#676204 CVE-2011-1083).

- NAT/FTP: Fix broken conntrack (bnc#681639 bnc#466279 bnc#747660).

- igmp: Avoid zero delay when receiving odd mixture of IGMP
  queries (bnc#740448 CVE-2012-0207).

- jbd2: clear BH_Delay &amp; BH_Unwritten in journal_unmap_buffer
  (bnc#745832 CVE-2011-4086).

- AppArmor: fix oops in apparmor_setprocattr (bnc#717209
  CVE-2011-3619).

- Refresh patches.suse/SoN-22-netvm.patch.
  Clean and *working* patches.

- Refresh patches.suse/SoN-22-netvm.patch. (bnc#683671)
  Fix an rcu locking imbalance in the receive path triggered when using vlans.

- Fix mangled patch (invalid date)
  Although accepted by `patch`, this is rejected by `git apply`

- Fix mangled diff lines (leading space tab vs tab)
  Although accepted by `patch`, these are rejected by `git apply`

- jbd/jbd2: validate sb-&gt;s_first in journal_get_superblock()
  (bnc#730118).

- fsnotify: don't BUG in fsnotify_destroy_mark() (bnc#689860).

- Fix patches.fixes/x25-Handle-undersized-fragmented-skbs.patch
    (CVE-2010-3873 bnc#651219).
- Fix
    patches.fixes/x25-Prevent-skb-overreads-when-checking-call-user-da.patch
    (CVE-2010-3873 bnc#651219).
- Fix
    patches.fixes/x25-Validate-incoming-call-user-data-lengths.patch
    (CVE-2010-3873 bnc#651219).
- Fix
    patches.fixes/x25-possible-skb-leak-on-bad-facilities.patch
    (CVE-2010-3873 bnc#651219 CVE-2010-4164 bnc#653260).

- Update patches.fixes/econet-4-byte-infoleak-to-the-network.patch
  (bnc#681186 CVE-2011-1173).
  Fix reference.

- hwmon: (w83627ehf) Properly report thermal diode sensors.

- nl80211: fix overflow in ssid_len (bnc#703410 CVE-2011-2517).
- nl80211: fix check for valid SSID size in scan operations
  (bnc#703410 CVE-2011-2517).

- x25: Prevent skb overreads when checking call user data
  (CVE-2010-3873 bnc#737624).
- x25: Handle undersized/fragmented skbs (CVE-2010-3873
  bnc#737624).
- x25: Validate incoming call user data lengths (CVE-2010-3873
  bnc#737624).
- x25: possible skb leak on bad facilities (CVE-2010-3873
  bnc#737624).

- net: Add a flow_cache_flush_deferred function (bnc#737624).
- xfrm: avoid possible oopse in xfrm_alloc_dst (bnc#737624).

- scm: lower SCM_MAX_FD (bnc#655696 CVE-2010-4249).
  </description>
  <reboot_needed/>
</patchinfo>

Places

File _patchinfo of Package patchinfo.553

Places