Security update for Linux kernel

SUSE Security Update: Security update for Linux kernel
Announcement ID: SUSE-SU-2014:0140-1
Rating: moderate
References: #708296 #769644 #787843 #789359 #798050 #806988 #807434 #810323 #813245 #818545 #819979 #820102 #820338 #821980 #823618 #825696 #825896 #826602 #826756 #827767 #828236 #831168 #834473 #834708 #834808 #835074 #835186 #836718 #837739 #838623 #839407 #840226 #841445 #842239 #843419 #843429 #843445 #843642 #843645 #845621 #845729 #846036 #846984 #847261 #848321 #848336 #848544 #848652 #849021 #849029 #849034 #849404 #849675 #849809 #849848 #849950 #850640 #851066 #851101 #851314 #852373 #852558 #852559 #852624 #853050 #853051 #853052 #854546 #854634 #854722 #855037
Affected Products:
  • SUSE Linux Enterprise Server 11 SP2 for VMware
  • SUSE Linux Enterprise Server 11 SP2
  • SUSE Linux Enterprise High Availability Extension 11 SP2
  • SUSE Linux Enterprise Desktop 11 SP2
  • SLE 11 SERVER Unsupported Extras

  • An update that solves 14 vulnerabilities and has 57 fixes is now available. It includes one version update.

    Description:


    The SUSE Linux Enterprise 11 Service Pack 2 kernel was
    updated to 3.0.101 and also includes various other bug and
    security fixes.

    A new feature was added:

    * supported.conf: marked net/netfilter/xt_set as
    supported (bnc#851066)(fate#313309)

    The following security bugs have been fixed:

    *

    CVE-2013-4587: Array index error in the
    kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in
    the KVM subsystem in the Linux kernel through 3.12.5 allows
    local users to gain privileges via a large id value.
    (bnc#853050)

    *

    CVE-2013-6368: The KVM subsystem in the Linux kernel
    through 3.12.5 allows local users to gain privileges or
    cause a denial of service (system crash) via a VAPIC
    synchronization operation involving a page-end address.
    (bnc#853052)

    *

    CVE-2013-6367: The apic_get_tmcct function in
    arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
    kernel through 3.12.5 allows guest OS users to cause a
    denial of service (divide-by-zero error and host OS crash)
    via crafted modifications of the TMICT value. (bnc#853051)

    *

    CVE-2013-4592: Memory leak in the
    __kvm_set_memory_region function in virt/kvm/kvm_main.c in
    the Linux kernel before 3.9 allows local users to cause a
    denial of service (memory consumption) by leveraging
    certain device access to trigger movement of memory slots.
    (bnc#851101)

    *

    CVE-2013-6378: The lbs_debugfs_write function in
    drivers/net/wireless/libertas/debugfs.c in the Linux kernel
    through 3.12.1 allows local users to cause a denial of
    service (OOPS) by leveraging root privileges for a
    zero-length write operation. (bnc#852559)

    *

    CVE-2013-4514: Multiple buffer overflows in
    drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
    before 3.12 allow local users to cause a denial of service
    or possibly have unspecified other impact by leveraging the
    CAP_NET_ADMIN capability and providing a long station-name
    string, related to the (1) wvlan_uil_put_info and (2)
    wvlan_set_station_nickname functions. (bnc#849029)

    *

    CVE-2013-4515: The bcm_char_ioctl function in
    drivers/staging/bcm/Bcmchar.c in the Linux kernel before
    3.12 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from
    kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
    call. (bnc#849034)

    *

    CVE-2013-7027: The ieee80211_radiotap_iterator_init
    function in net/wireless/radiotap.c in the Linux kernel
    before 3.11.7 does not check whether a frame contains any
    data outside of the header, which might allow attackers to
    cause a denial of service (buffer over-read) via a crafted
    header. (bnc#854634)

    *

    CVE-2013-4483: The ipc_rcu_putref function in
    ipc/util.c in the Linux kernel before 3.10 does not
    properly manage a reference count, which allows local users
    to cause a denial of service (memory consumption or system
    crash) via a crafted application. (bnc#848321)

    *

    CVE-2013-4511: Multiple integer overflows in Alchemy
    LCD frame-buffer drivers in the Linux kernel before 3.12
    allow local users to create a read-write memory mapping for
    the entirety of kernel memory, and consequently gain
    privileges, via crafted mmap operations, related to the (1)
    au1100fb_fb_mmap function in drivers/video/au1100fb.c and
    the (2) au1200fb_fb_mmap function in
    drivers/video/au1200fb.c. (bnc#849021)

    *

    CVE-2013-6380: The aac_send_raw_srb function in
    drivers/scsi/aacraid/commctrl.c in the Linux kernel through
    3.12.1 does not properly validate a certain size value,
    which allows local users to cause a denial of service
    (invalid pointer dereference) or possibly have unspecified
    other impact via an FSACTL_SEND_RAW_SRB ioctl call that
    triggers a crafted SRB command. (bnc#852373)

    *

    CVE-2013-6463: Linux kernel built with the networking
    support(CONFIG_NET) is vulnerable to an information leakage
    flaw in the socket layer. It could occur while doing
    recvmsg(2), recvfrom(2) socket calls. It occurs due to
    improperly initialised msg_name & msg_namelen message
    header parameters. (bnc#854722)

    *

    CVE-2013-6383: The aac_compat_ioctl function in
    drivers/scsi/aacraid/linit.c in the Linux kernel before
    3.11.8 does not require the CAP_SYS_RAWIO capability, which
    allows local users to bypass intended access restrictions
    via a crafted ioctl call. (bnc#852558)

    *

    CVE-2013-4345: Off-by-one error in the get_prng_bytes
    function in crypto/ansi_cprng.c in the Linux kernel through
    3.11.4 makes it easier for context-dependent attackers to
    defeat cryptographic protection mechanisms via multiple
    requests for small amounts of data, leading to improper
    management of the state of the consumed data. (bnc#840226)

    Also the following non-security bugs have been fixed:

    * kabi: protect bind_conflict callback in struct
    inet_connection_sock_af_ops (bnc#823618).
    * printk: forcibly flush nmi ringbuffer if oops is in
    progress (bnc#849675).
    * blktrace: Send BLK_TN_PROCESS events to all running
    traces (bnc#838623).
    * x86/dumpstack: Fix printk_address for direct
    addresses (bnc#845621).
    * futex: fix handling of read-only-mapped hugepages (VM
    Functionality).
    * random: fix accounting race condition with lockless
    irq entropy_count update (bnc#789359).
    * Provide realtime priority kthread and workqueue boot
    options (bnc#836718).
    * sched: Fix several races in CFS_BANDWIDTH
    (bnc#848336).
    * sched: Fix cfs_bandwidth misuse of
    hrtimer_expires_remaining (bnc#848336).
    * sched: Fix hrtimer_cancel()/rq->lock deadlock
    (bnc#848336).
    * sched: Fix race on toggling cfs_bandwidth_used
    (bnc#848336).
    * sched: Fix buglet in return_cfs_rq_runtime().
    * sched: Guarantee new group-entities always have
    weight (bnc#848336).
    * sched: Use jump labels to reduce overhead when
    bandwidth control is inactive (bnc#848336).
    *

    watchdog: Get rid of MODULE_ALIAS_MISCDEV statements
    (bnc#827767).

    *

    tcp: bind() fix autoselection to share ports
    (bnc#823618).

    * tcp: bind() use stronger condition for bind_conflict
    (bnc#823618).
    * tcp: ipv6: bind() use stronger condition for
    bind_conflict (bnc#823618).
    * macvlan: disable LRO on lower device instead of
    macvlan (bnc#846984).
    * macvlan: introduce IFF_MACVLAN flag and helper
    function (bnc#846984).
    * macvlan: introduce macvlan_dev_real_dev() helper
    function (bnc#846984).
    * xen: netback: bump tx queue length (bnc#849404).
    * xen: xen_spin_kick fixed crash/lock release
    (bnc#807434)(bnc#848652).
    * xen: fixed USB passthrough issue (bnc#852624).
    * netxen: fix off by one bug in
    netxen_release_tx_buffer() (bnc#845729).
    * xfrm: invalidate dst on policy insertion/deletion
    (bnc#842239).
    *

    xfrm: prevent ipcomp scratch buffer race condition
    (bnc#842239).

    *

    crypto: Fix aes-xts parameter corruption (bnc#854546,
    LTC#100718).

    *

    crypto: gf128mul - fix call to memset() (obvious fix).

    *

    autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
    race (bnc#851314).

    * autofs4: catatonic_mode vs. notify_daemon race
    (bnc#851314).
    * autofs4: close the races around
    autofs4_notify_daemon() (bnc#851314).
    * autofs4: deal with autofs4_write/autofs4_write races
    (bnc#851314).
    * autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on
    rootless mount (bnc#851314).
    * autofs4 - fix deal with autofs4_write races
    (bnc#851314).
    *

    autofs4 - use simple_empty() for empty directory
    check (bnc#851314).

    *

    blkdev_max_block: make private to fs/buffer.c
    (bnc#820338).

    *

    Avoid softlockup in shrink_dcache_for_umount_subtree
    (bnc#834473).

    *

    dlm: set zero linger time on sctp socket (bnc#787843).

    * SUNRPC: Fix a data corruption issue when
    retransmitting RPC calls (bnc#855037)
    * nfs: Change NFSv4 to not recover locks after they are
    lost (bnc#828236).
    *

    nfs: Adapt readdirplus to application usage patterns
    (bnc#834708).

    *

    xfs: Account log unmount transaction correctly
    (bnc#849950).

    * xfs: improve ioend error handling (bnc#846036).
    * xfs: reduce ioend latency (bnc#846036).
    * xfs: use per-filesystem I/O completion workqueues
    (bnc#846036).
    *

    xfs: Hide additional entries in struct xfs_mount
    (bnc#846036 bnc#848544).

    *

    vfs: avoid "attempt to access beyond end of device"
    warnings (bnc#820338).

    *

    vfs: fix O_DIRECT read past end of block device
    (bnc#820338).

    *

    cifs: Improve performance of browsing directories
    with several files (bnc#810323).

    *

    cifs: Ensure cifs directories do not show up as files
    (bnc#826602).

    *

    sd: avoid deadlocks when running under multipath
    (bnc#818545).

    * sd: fix crash when UA received on DIF enabled device
    (bnc#841445).
    *

    sg: fix blk_get_queue usage (bnc#834808).

    *

    block: factor out vector mergeable decision to a
    helper function (bnc#769644).

    *

    block: modify __bio_add_page check to accept pages
    that do not start a new segment (bnc#769644).

    *

    dm-multipath: abort all requests when failing a path
    (bnc#798050).

    * scsi: Add "eh_deadline" to limit SCSI EH runtime
    (bnc#798050).
    * scsi: Allow error handling timeout to be specified
    (bnc#798050).
    * scsi: Fixup compilation warning (bnc#798050).
    * scsi: Retry failfast commands after EH (bnc#798050).
    * scsi: Warn on invalid command completion (bnc#798050).
    * scsi: kABI fixes (bnc#798050).
    * scsi: remove check for "resetting" (bnc#798050).
    * advansys: Remove "last_reset" references (bnc#798050).
    * cleanup setting task state in scsi_error_handler()
    (bnc#798050).
    * dc395: Move "last_reset" into internal host structure
    (bnc#798050).
    * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).
    * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
    (bnc#798050).
    *

    tmscsim: Move "last_reset" into host structure
    (bnc#798050).

    *

    scsi_dh: invoke callback if ->activate is not present
    (bnc#708296).

    * scsi_dh: return individual errors in
    scsi_dh_activate() (bnc#708296).
    * scsi_dh_alua: Decode EMC Clariion extended inquiry
    (bnc#708296).
    * scsi_dh_alua: Decode HP EVA array identifier
    (bnc#708296).
    * scsi_dh_alua: Evaluate state for all port groups
    (bnc#708296).
    * scsi_dh_alua: Fix missing close brace in
    alua_check_sense (bnc#843642).
    * scsi_dh_alua: Make stpg synchronous (bnc#708296).
    * scsi_dh_alua: Pass buffer as function argument
    (bnc#708296).
    * scsi_dh_alua: Re-evaluate port group states after
    STPG (bnc#708296).
    * scsi_dh_alua: Recheck state on transitioning
    (bnc#708296).
    * scsi_dh_alua: Rework rtpg workqueue (bnc#708296).
    * scsi_dh_alua: Use separate alua_port_group structure
    (bnc#708296).
    * scsi_dh_alua: Allow get_alua_data() to return NULL
    (bnc#839407).
    * scsi_dh_alua: asynchronous RTPG (bnc#708296).
    * scsi_dh_alua: correctly terminate target port strings
    (bnc#708296).
    * scsi_dh_alua: defer I/O while workqueue item is
    pending (bnc#708296).
    * scsi_dh_alua: Do not attach to RAID or enclosure
    devices (bnc#819979).
    * scsi_dh_alua: Do not attach to well-known LUNs
    (bnc#821980).
    * scsi_dh_alua: fine-grained locking in
    alua_rtpg_work() (bnc#708296).
    * scsi_dh_alua: invalid state information for
    "optimized" paths (bnc#843445).
    * scsi_dh_alua: move RTPG to workqueue (bnc#708296).
    * scsi_dh_alua: move "expiry" into PG structure
    (bnc#708296).
    * scsi_dh_alua: move some sense code handling into
    generic code (bnc#813245).
    * scsi_dh_alua: multipath failover fails with error 15
    (bnc#825696).
    * scsi_dh_alua: parse target device id (bnc#708296).
    * scsi_dh_alua: protect accesses to struct
    alua_port_group (bnc#708296).
    * scsi_dh_alua: put sense buffer on stack (bnc#708296).
    * scsi_dh_alua: reattaching device handler fails with
    "Error 15" (bnc#843429).
    * scsi_dh_alua: remove locking when checking state
    (bnc#708296).
    * scsi_dh_alua: remove stale variable (bnc#708296).
    * scsi_dh_alua: retry RTPG on UNIT ATTENTION
    (bnc#708296).
    * scsi_dh_alua: retry command on "mode parameter
    changed" sense code (bnc#843645).
    * scsi_dh_alua: simplify alua_check_sense()
    (bnc#843642).
    * scsi_dh_alua: simplify state update (bnc#708296).
    * scsi_dh_alua: use delayed_work (bnc#708296).
    * scsi_dh_alua: use flag for RTPG extended header
    (bnc#708296).
    * scsi_dh_alua: use local buffer for VPD inquiry
    (bnc#708296).
    *

    scsi_dh_alua: use spin_lock_irqsave for port group
    (bnc#708296).

    *

    lpfc: Do not free original IOCB whenever ABTS fails
    (bnc#806988).

    * lpfc: Fix kernel warning on spinlock usage
    (bnc#806988).
    *

    lpfc: Fixed system panic due to midlayer abort
    (bnc#806988).

    *

    qla2xxx: Add module parameter to override the default
    request queue size (bnc#826756).

    *

    qla2xxx: Module parameter "ql2xasynclogin"
    (bnc#825896).

    *

    bna: do not register ndo_set_rx_mode callback
    (bnc#847261).

    * hv: handle more than just WS2008 in KVP negotiation
    (bnc#850640).
    *

    drm: do not add inferred modes for monitors that do
    not support them (bnc#849809).

    *

    pci/quirks: Modify reset method for Chelsio T4
    (bnc#831168).

    * pci: fix truncation of resource size to 32 bits
    (bnc#843419).
    * pci: pciehp: Retrieve link speed after link is
    trained (bnc#820102).
    * pci: Separate pci_bus_read_dev_vendor_id from
    pci_scan_device (bnc#820102).
    * pci: pciehp: replace unconditional sleep with config
    space access check (bnc#820102).
    * pci: pciehp: make check_link_active more helpful
    (bnc#820102).
    * pci: pciehp: Add pcie_wait_link_not_active()
    (bnc#820102).
    * pci: pciehp: Add Disable/enable link functions
    (bnc#820102).
    *

    pci: pciehp: Disable/enable link during slot power
    off/on (bnc#820102).

    *

    mlx4: allocate just enough pages instead of always 4
    pages (bnc#835186 bnc#835074).

    * mlx4: allow order-0 memory allocations in RX path
    (bnc#835186 bnc#835074).
    * net/mlx4: use one page fragment per incoming frame
    (bnc#835186 bnc#835074).
    *

    qeth: request length checking in snmp ioctl
    (bnc#849848, LTC#99511).

    *

    cio: add message for timeouts on internal I/O
    (bnc#837739,LTC#97047).

    * s390/cio: dont abort verification after missing irq
    (bnc#837739,LTC#97047).
    * s390/cio: skip broken paths (bnc#837739,LTC#97047).
    * s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).
    * s390/cio: handle unknown pgroup state
    (bnc#837739,LTC#97047).

    Security Issue references:

    * CVE-2013-4345
    >
    * CVE-2013-4483
    >
    * CVE-2013-4511
    >
    * CVE-2013-4514
    >
    * CVE-2013-4515
    >
    * CVE-2013-4587
    >
    * CVE-2013-4592
    >
    * CVE-2013-6367
    >
    * CVE-2013-6368
    >
    * CVE-2013-6378
    >
    * CVE-2013-6380
    >
    * CVE-2013-6383
    >
    * CVE-2013-6463
    >
    * CVE-2013-7027
    >

    Indications:

    Everyone using the Linux Kernel on x86_64 architecture should update.

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP2 for VMware:
      zypper in -t patch slessp2-kernel-8779 slessp2-kernel-8791
    • SUSE Linux Enterprise Server 11 SP2:
      zypper in -t patch slessp2-kernel-8779 slessp2-kernel-8780 slessp2-kernel-8781 slessp2-kernel-8791 slessp2-kernel-8792
    • SUSE Linux Enterprise High Availability Extension 11 SP2:
      zypper in -t patch sleshasp2-kernel-8779 sleshasp2-kernel-8780 sleshasp2-kernel-8781 sleshasp2-kernel-8791 sleshasp2-kernel-8792
    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp2-kernel-8779 sledsp2-kernel-8791

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.101]:
    • kernel-default-3.0.101-0.7.15.1
    • kernel-default-base-3.0.101-0.7.15.1
    • kernel-default-devel-3.0.101-0.7.15.1
    • kernel-source-3.0.101-0.7.15.1
    • kernel-syms-3.0.101-0.7.15.1
    • kernel-trace-3.0.101-0.7.15.1
    • kernel-trace-base-3.0.101-0.7.15.1
    • kernel-trace-devel-3.0.101-0.7.15.1
    • kernel-xen-devel-3.0.101-0.7.15.1
    • xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12
    • SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.101]:
    • kernel-pae-3.0.101-0.7.15.1
    • kernel-pae-base-3.0.101-0.7.15.1
    • kernel-pae-devel-3.0.101-0.7.15.1
    • SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:
    • kernel-default-3.0.101-0.7.15.1
    • kernel-default-base-3.0.101-0.7.15.1
    • kernel-default-devel-3.0.101-0.7.15.1
    • kernel-source-3.0.101-0.7.15.1
    • kernel-syms-3.0.101-0.7.15.1
    • kernel-trace-3.0.101-0.7.15.1
    • kernel-trace-base-3.0.101-0.7.15.1
    • kernel-trace-devel-3.0.101-0.7.15.1
    • SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.101]:
    • kernel-ec2-3.0.101-0.7.15.1
    • kernel-ec2-base-3.0.101-0.7.15.1
    • kernel-ec2-devel-3.0.101-0.7.15.1
    • kernel-xen-3.0.101-0.7.15.1
    • kernel-xen-base-3.0.101-0.7.15.1
    • kernel-xen-devel-3.0.101-0.7.15.1
    • xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12
    • xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12
    • SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.101]:
    • kernel-default-man-3.0.101-0.7.15.1
    • SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.101]:
    • kernel-ppc64-3.0.101-0.7.15.1
    • kernel-ppc64-base-3.0.101-0.7.15.1
    • kernel-ppc64-devel-3.0.101-0.7.15.1
    • SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.101]:
    • kernel-pae-3.0.101-0.7.15.1
    • kernel-pae-base-3.0.101-0.7.15.1
    • kernel-pae-devel-3.0.101-0.7.15.1
    • xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12
    • SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):
    • cluster-network-kmp-default-1.4_3.0.101_0.7.15-2.18.79
    • cluster-network-kmp-trace-1.4_3.0.101_0.7.15-2.18.79
    • gfs2-kmp-default-2_3.0.101_0.7.15-0.7.107
    • gfs2-kmp-trace-2_3.0.101_0.7.15-0.7.107
    • ocfs2-kmp-default-1.6_3.0.101_0.7.15-0.11.78
    • ocfs2-kmp-trace-1.6_3.0.101_0.7.15-0.11.78
    • SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):
    • cluster-network-kmp-xen-1.4_3.0.101_0.7.15-2.18.79
    • gfs2-kmp-xen-2_3.0.101_0.7.15-0.7.107
    • ocfs2-kmp-xen-1.6_3.0.101_0.7.15-0.11.78
    • SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):
    • cluster-network-kmp-ppc64-1.4_3.0.101_0.7.15-2.18.79
    • gfs2-kmp-ppc64-2_3.0.101_0.7.15-0.7.107
    • ocfs2-kmp-ppc64-1.6_3.0.101_0.7.15-0.11.78
    • SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):
    • cluster-network-kmp-pae-1.4_3.0.101_0.7.15-2.18.79
    • gfs2-kmp-pae-2_3.0.101_0.7.15-0.7.107
    • ocfs2-kmp-pae-1.6_3.0.101_0.7.15-0.11.78
    • SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.101]:
    • kernel-default-3.0.101-0.7.15.1
    • kernel-default-base-3.0.101-0.7.15.1
    • kernel-default-devel-3.0.101-0.7.15.1
    • kernel-default-extra-3.0.101-0.7.15.1
    • kernel-source-3.0.101-0.7.15.1
    • kernel-syms-3.0.101-0.7.15.1
    • kernel-trace-3.0.101-0.7.15.1
    • kernel-trace-base-3.0.101-0.7.15.1
    • kernel-trace-devel-3.0.101-0.7.15.1
    • kernel-trace-extra-3.0.101-0.7.15.1
    • kernel-xen-3.0.101-0.7.15.1
    • kernel-xen-base-3.0.101-0.7.15.1
    • kernel-xen-devel-3.0.101-0.7.15.1
    • kernel-xen-extra-3.0.101-0.7.15.1
    • xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12
    • xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12
    • SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.101]:
    • kernel-pae-3.0.101-0.7.15.1
    • kernel-pae-base-3.0.101-0.7.15.1
    • kernel-pae-devel-3.0.101-0.7.15.1
    • kernel-pae-extra-3.0.101-0.7.15.1
    • xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12
    • SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
    • ext4-writeable-kmp-default-0_3.0.101_0.7.15-0.14.88
    • ext4-writeable-kmp-trace-0_3.0.101_0.7.15-0.14.88
    • kernel-default-extra-3.0.101-0.7.15.1
    • SLE 11 SERVER Unsupported Extras (i586 x86_64):
    • ext4-writeable-kmp-xen-0_3.0.101_0.7.15-0.14.88
    • kernel-xen-extra-3.0.101-0.7.15.1
    • SLE 11 SERVER Unsupported Extras (ppc64):
    • ext4-writeable-kmp-ppc64-0_3.0.101_0.7.15-0.14.88
    • kernel-ppc64-extra-3.0.101-0.7.15.1
    • SLE 11 SERVER Unsupported Extras (i586):
    • ext4-writeable-kmp-pae-0_3.0.101_0.7.15-0.14.88
    • kernel-pae-extra-3.0.101-0.7.15.1

    References:

    • http://support.novell.com/security/cve/CVE-2013-4345.html
    • http://support.novell.com/security/cve/CVE-2013-4483.html
    • http://support.novell.com/security/cve/CVE-2013-4511.html
    • http://support.novell.com/security/cve/CVE-2013-4514.html
    • http://support.novell.com/security/cve/CVE-2013-4515.html
    • http://support.novell.com/security/cve/CVE-2013-4587.html
    • http://support.novell.com/security/cve/CVE-2013-4592.html
    • http://support.novell.com/security/cve/CVE-2013-6367.html
    • http://support.novell.com/security/cve/CVE-2013-6368.html
    • http://support.novell.com/security/cve/CVE-2013-6378.html
    • http://support.novell.com/security/cve/CVE-2013-6380.html
    • http://support.novell.com/security/cve/CVE-2013-6383.html
    • http://support.novell.com/security/cve/CVE-2013-6463.html
    • http://support.novell.com/security/cve/CVE-2013-7027.html
    • https://bugzilla.novell.com/708296
    • https://bugzilla.novell.com/769644
    • https://bugzilla.novell.com/787843
    • https://bugzilla.novell.com/789359
    • https://bugzilla.novell.com/798050
    • https://bugzilla.novell.com/806988
    • https://bugzilla.novell.com/807434
    • https://bugzilla.novell.com/810323
    • https://bugzilla.novell.com/813245
    • https://bugzilla.novell.com/818545
    • https://bugzilla.novell.com/819979
    • https://bugzilla.novell.com/820102
    • https://bugzilla.novell.com/820338
    • https://bugzilla.novell.com/821980
    • https://bugzilla.novell.com/823618
    • https://bugzilla.novell.com/825696
    • https://bugzilla.novell.com/825896
    • https://bugzilla.novell.com/826602
    • https://bugzilla.novell.com/826756
    • https://bugzilla.novell.com/827767
    • https://bugzilla.novell.com/828236
    • https://bugzilla.novell.com/831168
    • https://bugzilla.novell.com/834473
    • https://bugzilla.novell.com/834708
    • https://bugzilla.novell.com/834808
    • https://bugzilla.novell.com/835074
    • https://bugzilla.novell.com/835186
    • https://bugzilla.novell.com/836718
    • https://bugzilla.novell.com/837739
    • https://bugzilla.novell.com/838623
    • https://bugzilla.novell.com/839407
    • https://bugzilla.novell.com/840226
    • https://bugzilla.novell.com/841445
    • https://bugzilla.novell.com/842239
    • https://bugzilla.novell.com/843419
    • https://bugzilla.novell.com/843429
    • https://bugzilla.novell.com/843445
    • https://bugzilla.novell.com/843642
    • https://bugzilla.novell.com/843645
    • https://bugzilla.novell.com/845621
    • https://bugzilla.novell.com/845729
    • https://bugzilla.novell.com/846036
    • https://bugzilla.novell.com/846984
    • https://bugzilla.novell.com/847261
    • https://bugzilla.novell.com/848321
    • https://bugzilla.novell.com/848336
    • https://bugzilla.novell.com/848544
    • https://bugzilla.novell.com/848652
    • https://bugzilla.novell.com/849021
    • https://bugzilla.novell.com/849029
    • https://bugzilla.novell.com/849034
    • https://bugzilla.novell.com/849404
    • https://bugzilla.novell.com/849675
    • https://bugzilla.novell.com/849809
    • https://bugzilla.novell.com/849848
    • https://bugzilla.novell.com/849950
    • https://bugzilla.novell.com/850640
    • https://bugzilla.novell.com/851066
    • https://bugzilla.novell.com/851101
    • https://bugzilla.novell.com/851314
    • https://bugzilla.novell.com/852373
    • https://bugzilla.novell.com/852558
    • https://bugzilla.novell.com/852559
    • https://bugzilla.novell.com/852624
    • https://bugzilla.novell.com/853050
    • https://bugzilla.novell.com/853051
    • https://bugzilla.novell.com/853052
    • https://bugzilla.novell.com/854546
    • https://bugzilla.novell.com/854634
    • https://bugzilla.novell.com/854722
    • https://bugzilla.novell.com/855037
    • http://download.novell.com/patch/finder/?keywords=282330ca15c25c5d414afa797fd00055
    • http://download.novell.com/patch/finder/?keywords=3d92bf18525263d6502455d7bb30778d
    • http://download.novell.com/patch/finder/?keywords=457afa810386e3c89cbe7d34f2669ec6
    • http://download.novell.com/patch/finder/?keywords=67177844fdc4ad7928d0b72e827b1792
    • http://download.novell.com/patch/finder/?keywords=6d440d2c2b586181d099e77b38c3f10c
    • http://download.novell.com/patch/finder/?keywords=7e6471ccc2fab115e43fdd4825b2703d
    • http://download.novell.com/patch/finder/?keywords=8f7b9d1a1e950072493fafe9d3ce7b0b
    • http://download.novell.com/patch/finder/?keywords=96c8b378c86a8c1970d130e0ca6c215e
    • http://download.novell.com/patch/finder/?keywords=9a3c3a81214dce764b5a30eb1137ff05
    • http://download.novell.com/patch/finder/?keywords=a3c4d33c79469ac8a1f49845dce098d2