The SUSE Linux Enterprise 11 Service Pack 3 kernel has been
updated to fix various bugs and security issues.
------------ WARNING: If you are running KVM with PCI
pass-through on a system with one of the following Intel
chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or
X58 (revisions 0x12, 0x13, 0x22), please make sure to read
the following support document before installing this
update:
<a href=“https://www.suse.com/support/kb/doc.php?id=7014344”>https://www.suse.com/support/kb/doc.php?id=7014344</a>
<<a href=“https://www.suse.com/support/kb/doc.php?id=7014344”>https://www.suse.com/support/kb/doc.php?id=7014344</a>>
You will have to update your KVM setup to no longer make
use of PCI pass-through before rebooting to the updated
kernel.
The following security bugs have been fixed:
CVE-2013-4470: The Linux kernel before 3.12, when UDP
Fragmentation Offload (UFO) is enabled, does not properly
initialize certain data structures, which allows local
users to cause a denial of service (memory corruption and
system crash) or possibly gain privileges via a crafted
application that uses the UDP_CORK option in a setsockopt
system call and sends both short and long packets, related
to the ip_ufo_append_data function in net/ipv4/ip_output.c
and the ip6_ufo_append_data function in
net/ipv6/ip6_output.c. (bnc#847672)
CVE-2013-6885: The microcode on AMD 16h 00h through
0Fh processors does not properly handle the interaction
between locked instructions and write-combined memory
types, which allows local users to cause a denial of
service (system hang) via a crafted application, aka the
errata 793 issue. (bnc#852967)
CVE-2013-7263: The Linux kernel before 3.12.4 updates
certain length values before ensuring that associated data
structures have been initialized, which allows local users
to obtain sensitive information from kernel stack memory
via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
call, related to net/ipv4/ping.c, net/ipv4/raw.c,
net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
(bnc#857643)
CVE-2013-7264: The l2tp_ip_recvmsg function in
net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4
updates a certain length value before ensuring that an
associated data structure has been initialized, which
allows local users to obtain sensitive information from
kernel stack memory via a (1) recvfrom, (2) recvmmsg, or
(3) recvmsg system call. (bnc#857643)
CVE-2013-7265: The pn_recvmsg function in
net/phonet/datagram.c in the Linux kernel before 3.12.4
updates a certain length value before ensuring that an
associated data structure has been initialized, which
allows local users to obtain sensitive information from
kernel stack memory via a (1) recvfrom, (2) recvmmsg, or
(3) recvmsg system call. (bnc#857643)
CVE-2014-0069: The cifs_iovec_write function in
fs/cifs/file.c in the Linux kernel through 3.13.5 does not
properly handle uncached write operations that copy fewer
than the requested number of bytes, which allows local
users to obtain sensitive information from kernel memory,
cause a denial of service (memory corruption and system
crash), or possibly gain privileges via a writev system
call with a crafted pointer. (bnc#864025)
Also the following non-security bugs have been fixed:
balloon: do not crash in HVM-with-PoD guests.
crypto: s390 - fix des and des3_ede ctr concurrency
issue (bnc#862796, LTC#103744).
dump: Fix dump memory detection
(bnc#862796,LTC#103575).
net: change type of virtio_chan->p9_max_pages
(bnc#864058).
ipvs: fix AF assignment in ip_vs_conn_new()
(bnc#856848).
NFSD/sunrpc: avoid deadlock on TCP connection due to
memory pressure (bnc#853455).
ncpfs: fix rmdir returns Device or resource busy
(bnc#864880).
scsi_dh_alua: fixup RTPG retry delay miscalculation
(bnc#854025).
download.suse.com/patch/finder/?keywords=16687a9fa96ac20af4faa8cdfc9e65af
download.suse.com/patch/finder/?keywords=22dc1e8af18524473cafffecb4b4b14d
download.suse.com/patch/finder/?keywords=2386e6a1a3b32a7da85c7d674d4bc6fc
download.suse.com/patch/finder/?keywords=3d3bd3e381acb377bb739c05c5a6297c
download.suse.com/patch/finder/?keywords=54f3c63bee2dc088c0d6761885a45959
download.suse.com/patch/finder/?keywords=b4a3caafceac4ecd970b8cf2ee7138bb
download.suse.com/patch/finder/?keywords=c09969470032946e130c305f40d89cf3
download.suse.com/patch/finder/?keywords=c62554b736bb29d4bea099174846749f
download.suse.com/patch/finder/?keywords=e622300e3c415568cc6d36c257c6da37
download.suse.com/patch/finder/?keywords=e91b14a6ab1b56e7248783a199bbc01c
bugzilla.novell.com/599263
bugzilla.novell.com/827670
bugzilla.novell.com/833968
bugzilla.novell.com/844513
bugzilla.novell.com/846790
bugzilla.novell.com/847672
bugzilla.novell.com/852488
bugzilla.novell.com/852967
bugzilla.novell.com/853162
bugzilla.novell.com/853166
bugzilla.novell.com/853455
bugzilla.novell.com/854025
bugzilla.novell.com/854445
bugzilla.novell.com/855825
bugzilla.novell.com/856848
bugzilla.novell.com/857358
bugzilla.novell.com/857643
bugzilla.novell.com/858604
bugzilla.novell.com/859225
bugzilla.novell.com/859342
bugzilla.novell.com/861093
bugzilla.novell.com/862796
bugzilla.novell.com/862957
bugzilla.novell.com/863178
bugzilla.novell.com/863526
bugzilla.novell.com/864025
bugzilla.novell.com/864058
bugzilla.novell.com/864833
bugzilla.novell.com/864880
bugzilla.novell.com/865342
bugzilla.novell.com/865783
bugzilla.novell.com/866253
bugzilla.novell.com/866428
bugzilla.novell.com/870801