You are here
Home > Preporuke > Ranjivosti jezgre operacijskih sustava

Ranjivosti jezgre operacijskih sustava

SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:0536-1
Rating: important
References: #702014 #703156 #790920 #798050 #805226 #806219
#808827 #809889 #809891 #809892 #809893 #809894
#809898 #809899 #809900 #809901 #809903 #811354
#816668 #820338 #822722 #823267 #824295 #825052
#826102 #826551 #827362 #827749 #827750 #827855
#827983 #828119 #830344 #831058 #832603 #835839
#842239 #843430 #845028 #847672 #848321 #849765
#850241 #851095 #852558 #853501 #857597 #858869
#858870 #858872
Cross-References: CVE-2011-2492 CVE-2011-2494 CVE-2012-6537
CVE-2012-6539 CVE-2012-6540 CVE-2012-6541
CVE-2012-6542 CVE-2012-6544 CVE-2012-6545
CVE-2012-6546 CVE-2012-6547 CVE-2012-6549
CVE-2013-0343 CVE-2013-0914 CVE-2013-1827
CVE-2013-2141 CVE-2013-2164 CVE-2013-2206
CVE-2013-2232 CVE-2013-2234 CVE-2013-2237
CVE-2013-2888 CVE-2013-2893 CVE-2013-2897
CVE-2013-3222 CVE-2013-3223 CVE-2013-3224
CVE-2013-3228 CVE-2013-3229 CVE-2013-3231
CVE-2013-3232 CVE-2013-3234 CVE-2013-3235
CVE-2013-4162 CVE-2013-4387 CVE-2013-4470
CVE-2013-4483 CVE-2013-4588 CVE-2013-6383
CVE-2014-1444 CVE-2014-1445 CVE-2014-1446

Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

An update that solves 42 vulnerabilities and has 8 fixes is
now available.

Description:

The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS
kernel has been updated to fix various security issues and
several bugs.

The following security issues have been addressed:

*

CVE-2011-2492: The bluetooth subsystem in the Linux
kernel before 3.0-rc4 does not properly initialize certain
data structures, which allows local users to obtain
potentially sensitive information from kernel memory via a
crafted getsockopt system call, related to (1) the
l2cap_sock_getsockopt_old function in
net/bluetooth/l2cap_sock.c and (2) the
rfcomm_sock_getsockopt_old function in
net/bluetooth/rfcomm/sock.c. (bnc#702014)

*

CVE-2011-2494: kernel/taskstats.c in the Linux kernel
before 3.1 allows local users to obtain sensitive I/O
statistics by sending taskstats commands to a netlink
socket, as demonstrated by discovering the length of
another user’s password. (bnc#703156)

*

CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux
kernel before 3.6 does not initialize certain structures,
which allows local users to obtain sensitive information
from kernel memory by leveraging the CAP_NET_ADMIN
capability. (bnc#809889)

*

CVE-2012-6539: The dev_ifconf function in
net/socket.c in the Linux kernel before 3.6 does not
initialize a certain structure, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809891)

*

CVE-2012-6540: The do_ip_vs_get_ctl function in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
3.6 does not initialize a certain structure for
IP_VS_SO_GET_TIMEOUT commands, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809892)

*

CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does
not initialize a certain structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted application. (bnc#809893)

*

CVE-2012-6542: The llc_ui_getname function in
net/llc/af_llc.c in the Linux kernel before 3.6 has an
incorrect return value in certain circumstances, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted application that
leverages an uninitialized pointer argument. (bnc#809894)

*

CVE-2012-6544: The Bluetooth protocol stack in the
Linux kernel before 3.6 does not properly initialize
certain structures, which allows local users to obtain
sensitive information from kernel stack memory via a
crafted application that targets the (1) L2CAP or (2) HCI
implementation. (bnc#809898)

*

CVE-2012-6545: The Bluetooth RFCOMM implementation in
the Linux kernel before 3.6 does not properly initialize
certain structures, which allows local users to obtain
sensitive information from kernel memory via a crafted
application. (bnc#809899)

*

CVE-2012-6546: The ATM implementation in the Linux
kernel before 3.6 does not initialize certain structures,
which allows local users to obtain sensitive information
from kernel stack memory via a crafted application.
(bnc#809900)

*

CVE-2012-6547: The __tun_chr_ioctl function in
drivers/net/tun.c in the Linux kernel before 3.6 does not
initialize a certain structure, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809901)

*

CVE-2012-6549: The isofs_export_encode_fh function in
fs/isofs/export.c in the Linux kernel before 3.6 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory via a crafted application. (bnc#809903)

*

CVE-2013-0343: The ipv6_create_tempaddr function in
net/ipv6/addrconf.c in the Linux kernel through 3.8 does
not properly handle problems with the generation of IPv6
temporary addresses, which allows remote attackers to cause
a denial of service (excessive retries and
address-generation outage), and consequently obtain
sensitive information, via ICMPv6 Router Advertisement (RA)
messages. (bnc#805226)

*

CVE-2013-0914: The flush_signal_handlers function in
kernel/signal.c in the Linux kernel before 3.8.4 preserves
the value of the sa_restorer field across an exec
operation, which makes it easier for local users to bypass
the ASLR protection mechanism via a crafted application
containing a sigaction system call. (bnc#808827)

*

CVE-2013-1827: net/dccp/ccid.h in the Linux kernel
before 3.5.4 allows local users to gain privileges or cause
a denial of service (NULL pointer dereference and system
crash) by leveraging the CAP_NET_ADMIN capability for a
certain (1) sender or (2) receiver getsockopt call.
(bnc#811354)

*

CVE-2013-2141: The do_tkill function in
kernel/signal.c in the Linux kernel before 3.8.9 does not
initialize a certain data structure, which allows local
users to obtain sensitive information from kernel memory
via a crafted application that makes a (1) tkill or (2)
tgkill system call. (bnc#823267)

*

CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
in drivers/cdrom/cdrom.c in the Linux kernel through 3.10
allows local users to obtain sensitive information from
kernel memory via a read operation on a malfunctioning
CD-ROM drive. (bnc#824295)

*

CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function
in net/sctp/sm_statefuns.c in the SCTP implementation in
the Linux kernel before 3.8.5 does not properly handle
associations during the processing of a duplicate COOKIE
ECHO chunk, which allows remote attackers to cause a denial
of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via crafted SCTP
traffic. (bnc#826102)

*

CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel before 3.10
allows local users to cause a denial of service (system
crash) by using an AF_INET6 socket for a connection to an
IPv4 interface. (bnc#827750)

*

CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in
the Linux kernel before 3.10 do not initialize certain
structure members, which allows local users to obtain
sensitive information from kernel heap memory by reading a
broadcast message from the notify interface of an IPSec
key_socket. (bnc#827749)

*

CVE-2013-2237: The key_notify_policy_flush function
in net/key/af_key.c in the Linux kernel before 3.9 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory by reading a broadcast message from the
notify_policy interface of an IPSec key_socket. (bnc#828119)

*

CVE-2013-2888: Multiple array index errors in
drivers/hid/hid-core.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11 allow physically
proximate attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via a crafted
device that provides an invalid Report ID. (bnc#835839)

*

CVE-2013-2893: The Human Interface Device (HID)
subsystem in the Linux kernel through 3.11, when
CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or
CONFIG_LOGIWHEELS_FF is enabled, allows physically
proximate attackers to cause a denial of service
(heap-based out-of-bounds write) via a crafted device,
related to (1) drivers/hid/hid-lgff.c, (2)
drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
(bnc#835839)

*

CVE-2013-2897: Multiple array index errors in
drivers/hid/hid-multitouch.c in the Human Interface Device
(HID) subsystem in the Linux kernel through 3.11, when
CONFIG_HID_MULTITOUCH is enabled, allow physically
proximate attackers to cause a denial of service (heap
memory corruption, or NULL pointer dereference and OOPS)
via a crafted device. (bnc#835839)

*

CVE-2013-3222: The vcc_recvmsg function in
net/atm/common.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

*

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

*

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel before
3.9-rc7 does not properly initialize a certain length
variable, which allows local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call. (bnc#816668)

*

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

*

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

*

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

*

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7
does not initialize a certain data structure, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

*

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

*

CVE-2013-3235: net/tipc/socket.c in the Linux kernel
before 3.9-rc7 does not initialize a certain data structure
and a certain length variable, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted recvmsg or recvfrom system call. (bnc#816668)

*

CVE-2013-4162: The udp_v6_push_pending_frames
function in net/ipv6/udp.c in the IPv6 implementation in
the Linux kernel through 3.10.3 makes an incorrect function
call for pending data, which allows local users to cause a
denial of service (BUG and system crash) via a crafted
application that uses the UDP_CORK option in a setsockopt
system call. (bnc#831058)

*

CVE-2013-4387: net/ipv6/ip6_output.c in the Linux
kernel through 3.11.4 does not properly determine the need
for UDP Fragmentation Offload (UFO) processing of small
packets after the UFO queueing of a large packet, which
allows remote attackers to cause a denial of service
(memory corruption and system crash) or possibly have
unspecified other impact via network traffic that triggers
a large response packet. (bnc#843430)

*

CVE-2013-4470: The Linux kernel before 3.12, when UDP
Fragmentation Offload (UFO) is enabled, does not properly
initialize certain data structures, which allows local
users to cause a denial of service (memory corruption and
system crash) or possibly gain privileges via a crafted
application that uses the UDP_CORK option in a setsockopt
system call and sends both short and long packets, related
to the ip_ufo_append_data function in net/ipv4/ip_output.c
and the ip6_ufo_append_data function in
net/ipv6/ip6_output.c. (bnc#847672)

*

CVE-2013-4483: The ipc_rcu_putref function in
ipc/util.c in the Linux kernel before 3.10 does not
properly manage a reference count, which allows local users
to cause a denial of service (memory consumption or system
crash) via a crafted application. (bnc#848321)

*

CVE-2013-4588: Multiple stack-based buffer overflows
in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel
before 2.6.33, when CONFIG_IP_VS is used, allow local users
to gain privileges by leveraging the CAP_NET_ADMIN
capability for (1) a getsockopt system call, related to the
do_ip_vs_get_ctl function, or (2) a setsockopt system call,
related to the do_ip_vs_set_ctl function. (bnc#851095)

*

CVE-2013-6383: The aac_compat_ioctl function in
drivers/scsi/aacraid/linit.c in the Linux kernel before
3.11.8 does not require the CAP_SYS_RAWIO capability, which
allows local users to bypass intended access restrictions
via a crafted ioctl call. (bnc#852558)

*

CVE-2014-1444: The fst_get_iface function in
drivers/net/wan/farsync.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure,
which allows local users to obtain sensitive information
from kernel memory by leveraging the CAP_NET_ADMIN
capability for an SIOCWANDEV ioctl call. (bnc#858869)

*

CVE-2014-1445: The wanxl_ioctl function in
drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure,
which allows local users to obtain sensitive information
from kernel memory via an ioctl call. (bnc#858870)

*

CVE-2014-1446: The yam_ioctl function in
drivers/net/hamradio/yam.c in the Linux kernel before
3.12.8 does not initialize a certain structure member,
which allows local users to obtain sensitive information
from kernel memory by leveraging the CAP_NET_ADMIN
capability for an SIOCYAMGCFG ioctl call. (bnc#858872)

Also the following non-security bugs have been fixed:

* kernel: Remove newline from execve audit log
(bnc#827855).
* kernel: sclp console hangs (bnc#830344, LTC#95711).
* kernel: fix flush_tlb_kernel_range (bnc#825052,
LTC#94745).
*

kernel: lost IPIs on CPU hotplug (bnc#825052,
LTC#94784).

*

sctp: deal with multiple COOKIE_ECHO chunks
(bnc#826102).

* net: Uninline kfree_skb and allow NULL argument
(bnc#853501).
* netback: don’t disconnect frontend when seeing
oversize packet.
*

netfront: reduce gso_max_size to account for max TCP
header.

*

fs/dcache: Avoid race in d_splice_alias and vfs_rmdir
(bnc#845028).

* fs/proc: proc_task_lookup() fix memory pinning
(bnc#827362 bnc#849765).
* blkdev_max_block: make private to fs/buffer.c
(bnc#820338).
* vfs: avoid “attempt to access beyond end of device”
warnings (bnc#820338).
* vfs: fix O_DIRECT read past end of block device
(bnc#820338).
* cifs: don’t use CIFSGetSrvInodeNumber in
is_path_accessible (bnc#832603).
* xfs: Fix kABI breakage caused by AIL list
transformation (bnc#806219).
* xfs: Replace custom AIL linked-list code with struct
list_head (bnc#806219).
* reiserfs: fix problems with chowning setuid file w/
xattrs (bnc#790920).
* reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry (bnc#822722).
*

jbd: Fix forever sleeping process in
do_get_write_access() (bnc#827983).

*

HID: check for NULL field when setting values
(bnc#835839).

* HID: provide a helper for validating hid reports
(bnc#835839).
* bcm43xx: netlink deadlock fix (bnc#850241).
* bnx2: Close device if tx_timeout reset fails
(bnc#857597).
* xfrm: invalidate dst on policy insertion/deletion
(bnc#842239).
* xfrm: prevent ipcomp scratch buffer race condition
(bnc#842239).
* lpfc: Update to 8.2.0.106 (bnc#798050).
* Make lpfc task management timeout configurable
(bnc#798050).
* dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).
* dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
(bnc#798050).
* advansys: Remove ‘last_reset’ references (bnc#798050).
* tmscsim: Move ‘last_reset’ into host structure
(bnc#798050).
*

dc395: Move ‘last_reset’ into internal host structure
(bnc#798050).

*

scsi: remove check for ‘resetting’ (bnc#798050).

* scsi: Allow error handling timeout to be specified
(bnc#798050).
* scsi: Eliminate error handler overload of the SCSI
serial number (bnc#798050).
* scsi: Reduce sequential pointer derefs in
scsi_error.c and reduce size as well (bnc#798050).
* scsi: Reduce error recovery time by reducing use of
TURs (bnc#798050).
* scsi: fix eh wakeup (scsi_schedule_eh vs
scsi_restart_operations)
* scsi: cleanup setting task state in
scsi_error_handler() (bnc#798050).
* scsi: Add ‘eh_deadline’ to limit SCSI EH runtime
(bnc#798050).
* scsi: Fixup compilation warning (bnc#798050).
* scsi: fc class: fix scanning when devs are offline
(bnc#798050).
* scsi: Warn on invalid command completion (bnc#798050).
* scsi: Retry failfast commands after EH (bnc#798050).
* scsi: kABI fixes (bnc#798050).

Security Issue references:

* CVE-2011-2492
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
>
* CVE-2011-2494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494
>
* CVE-2012-6537
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6537
>
* CVE-2012-6539
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6539
>
* CVE-2012-6540
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6540
>
* CVE-2012-6541
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6541
>
* CVE-2012-6542
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6542
>
* CVE-2012-6544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6544
>
* CVE-2012-6545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6545
>
* CVE-2012-6546
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6546
>
* CVE-2012-6547
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6547
>
* CVE-2012-6549
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6549
>
* CVE-2013-0343
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0343
>
* CVE-2013-0914
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
>
* CVE-2013-1827
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1827
>
* CVE-2013-2141
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
>
* CVE-2013-2164
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
>
* CVE-2013-2206
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206
>
* CVE-2013-2232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
>
* CVE-2013-2234
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
>
* CVE-2013-2237
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
>
* CVE-2013-2888
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2888
>
* CVE-2013-2893
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893
>
* CVE-2013-2897
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897
>
* CVE-2013-3222
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222
>
* CVE-2013-3223
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223
>
* CVE-2013-3224
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224
>
* CVE-2013-3228
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228
>
* CVE-2013-3229
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229
>
* CVE-2013-3231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231
>
* CVE-2013-3232
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3232
>
* CVE-2013-3234
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234
>
* CVE-2013-3235
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235
>
* CVE-2013-4162
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
>
* CVE-2013-4387
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
>
* CVE-2013-4470
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
>
* CVE-2013-4483
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483
>
* CVE-2013-4588
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4588
>
* CVE-2013-6383
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
>
* CVE-2014-1444
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444
>
* CVE-2014-1445
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445
>
* CVE-2014-1446
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446
>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Package List:

– SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

kernel-default-2.6.16.60-0.105.1
kernel-source-2.6.16.60-0.105.1
kernel-syms-2.6.16.60-0.105.1

– SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):

kernel-debug-2.6.16.60-0.105.1
kernel-kdump-2.6.16.60-0.105.1
kernel-smp-2.6.16.60-0.105.1
kernel-xen-2.6.16.60-0.105.1

– SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

kernel-bigsmp-2.6.16.60-0.105.1
kernel-kdumppae-2.6.16.60-0.105.1
kernel-vmi-2.6.16.60-0.105.1
kernel-vmipae-2.6.16.60-0.105.1
kernel-xenpae-2.6.16.60-0.105.1

References:

http://support.novell.com/security/cve/CVE-2011-2492.html
http://support.novell.com/security/cve/CVE-2011-2494.html
http://support.novell.com/security/cve/CVE-2012-6537.html
http://support.novell.com/security/cve/CVE-2012-6539.html
http://support.novell.com/security/cve/CVE-2012-6540.html
http://support.novell.com/security/cve/CVE-2012-6541.html
http://support.novell.com/security/cve/CVE-2012-6542.html
http://support.novell.com/security/cve/CVE-2012-6544.html
http://support.novell.com/security/cve/CVE-2012-6545.html
http://support.novell.com/security/cve/CVE-2012-6546.html
http://support.novell.com/security/cve/CVE-2012-6547.html
http://support.novell.com/security/cve/CVE-2012-6549.html
http://support.novell.com/security/cve/CVE-2013-0343.html
http://support.novell.com/security/cve/CVE-2013-0914.html
http://support.novell.com/security/cve/CVE-2013-1827.html
http://support.novell.com/security/cve/CVE-2013-2141.html
http://support.novell.com/security/cve/CVE-2013-2164.html
http://support.novell.com/security/cve/CVE-2013-2206.html
http://support.novell.com/security/cve/CVE-2013-2232.html
http://support.novell.com/security/cve/CVE-2013-2234.html
http://support.novell.com/security/cve/CVE-2013-2237.html
http://support.novell.com/security/cve/CVE-2013-2888.html
http://support.novell.com/security/cve/CVE-2013-2893.html
http://support.novell.com/security/cve/CVE-2013-2897.html
http://support.novell.com/security/cve/CVE-2013-3222.html
http://support.novell.com/security/cve/CVE-2013-3223.html
http://support.novell.com/security/cve/CVE-2013-3224.html
http://support.novell.com/security/cve/CVE-2013-3228.html
http://support.novell.com/security/cve/CVE-2013-3229.html
http://support.novell.com/security/cve/CVE-2013-3231.html
http://support.novell.com/security/cve/CVE-2013-3232.html
http://support.novell.com/security/cve/CVE-2013-3234.html
http://support.novell.com/security/cve/CVE-2013-3235.html
http://support.novell.com/security/cve/CVE-2013-4162.html
http://support.novell.com/security/cve/CVE-2013-4387.html
http://support.novell.com/security/cve/CVE-2013-4470.html
http://support.novell.com/security/cve/CVE-2013-4483.html
http://support.novell.com/security/cve/CVE-2013-4588.html
http://support.novell.com/security/cve/CVE-2013-6383.html
http://support.novell.com/security/cve/CVE-2014-1444.html
http://support.novell.com/security/cve/CVE-2014-1445.html
http://support.novell.com/security/cve/CVE-2014-1446.html
https://bugzilla.novell.com/702014
https://bugzilla.novell.com/703156
https://bugzilla.novell.com/790920
https://bugzilla.novell.com/798050
https://bugzilla.novell.com/805226
https://bugzilla.novell.com/806219
https://bugzilla.novell.com/808827
https://bugzilla.novell.com/809889
https://bugzilla.novell.com/809891
https://bugzilla.novell.com/809892
https://bugzilla.novell.com/809893
https://bugzilla.novell.com/809894
https://bugzilla.novell.com/809898
https://bugzilla.novell.com/809899
https://bugzilla.novell.com/809900
https://bugzilla.novell.com/809901
https://bugzilla.novell.com/809903
https://bugzilla.novell.com/811354
https://bugzilla.novell.com/816668
https://bugzilla.novell.com/820338
https://bugzilla.novell.com/822722
https://bugzilla.novell.com/823267
https://bugzilla.novell.com/824295
https://bugzilla.novell.com/825052
https://bugzilla.novell.com/826102
https://bugzilla.novell.com/826551
https://bugzilla.novell.com/827362
https://bugzilla.novell.com/827749
https://bugzilla.novell.com/827750
https://bugzilla.novell.com/827855
https://bugzilla.novell.com/827983
https://bugzilla.novell.com/828119
https://bugzilla.novell.com/830344
https://bugzilla.novell.com/831058
https://bugzilla.novell.com/832603
https://bugzilla.novell.com/835839
https://bugzilla.novell.com/842239
https://bugzilla.novell.com/843430
https://bugzilla.novell.com/845028
https://bugzilla.novell.com/847672
https://bugzilla.novell.com/848321
https://bugzilla.novell.com/849765
https://bugzilla.novell.com/850241
https://bugzilla.novell.com/851095
https://bugzilla.novell.com/852558
https://bugzilla.novell.com/853501
https://bugzilla.novell.com/857597
https://bugzilla.novell.com/858869
https://bugzilla.novell.com/858870
https://bugzilla.novell.com/858872
http://download.suse.com/patch/finder/?keywords=bd99d2fcd47fefd9c76757c1e9e1cccb
http://download.suse.com/patch/finder/?keywords=d046a694b83b003f9bb6b21b6c0e8e6f
http://download.suse.com/patch/finder/?keywords=e59a3c9997ba1bed5bbf01d34d34a3d7


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
7e

Top
More in Preporuke
Ranjivosti programskog paketa asterisk

Otkrivene su dvije ranjivosti programskog paketa asterisk na operacijskom sustavu Mandriva Business Server 1.0. Prva ranjivost očitovala se preljevom spremnika...

Close