Articles / SuSE: New Linux kernel pack…

SuSE: New Linux kernel packages fix security vulnerabilities

The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a privileged guest user could crash the kvm host system. A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. A local attacker could oops the kernel using memory control groups and eventfds.

Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. Access to the /proc/pid/taskstats file requires root access to avoid side channel (timing keypresses etc.) attacks on other users.

Fixed an oops in jbd/jbd2 that could be caused by specific filesystem access patterns. A malicious NFSv4 server could have caused a oops in the nfsv4 acl handling. Fixed a oops in jbd/jbd2 that could be caused by mounting a malicious prepared filesystem.

Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0554-1
Rating:             important
References:         #624072 #676204 #688996 #703156 #705551 #713148 
                   #714604 #716850 #716971 #718863 #718918 #721587 
                   #722560 #728840 #729247 #730117 #730118 #731387 
                   #732070 #732296 #732908 #733761 #734900 #735909 
                   #738583 #738597 #738679 #739837 #740180 #741824 
                   #742845 #742871 #744315 #744392 #744658 #744795 
                   #745400 #745422 #745424 #745741 #745832 #745867 
                   #745876 #745929 #746373 #746454 #746526 #746579 
                   #746717 #746883 #747071 #747159 #747867 #747878 
                   #747944 #748384 #748456 #748629 #748632 #748827 
                   #748854 #748862 #749049 #749115 #749417 #749543 
                   #749569 #749651 #749787 #749980 #750041 #750079 
                   #750173 #750402 #750426 #750459 #750959 #750995 
                   #751015 #751171 #751322 #751743 #751885 #751903 
                   #751916 #752408 #752484 #752599 #752972 #754052 
                   #756821 
Cross-References:   CVE-2011-1083 CVE-2011-2494 CVE-2011-4086
                   CVE-2011-4127 CVE-2011-4131 CVE-2011-4132
                   CVE-2012-1097 CVE-2012-1146 CVE-2012-1179

Affected Products:
                   SUSE Linux Enterprise Server 11 SP2 for VMware
                   SUSE Linux Enterprise Server 11 SP2
                   SUSE Linux Enterprise High Availability Extension 11 SP2
                   SUSE Linux Enterprise Desktop 11 SP2
                   SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

  An update that solves 9 vulnerabilities and has 82 fixes is
  now available. It includes one version update.

Description:


  The SUSE Linux Enterprise 11 SP2 kernel has been updated to
  3.0.26, which  fixes a lot of bugs and security issues.

  The following security issues have been fixed:

  * CVE-2012-1179: A locking problem in transparent
  hugepage support could be used by local attackers to
  potentially crash the host, or via kvm a privileged guest
  user could crash the kvm host system.
  * CVE-2011-4127: A potential hypervisor escape by
  issuing SG_IO commands to partitiondevices was fixed by
  restricting access to these commands.
  * CVE-2012-1146: A local attacker could oops the kernel
  using memory control groups and eventfds.
  * CVE-2011-1083: Limit the path length users can build
  using epoll() to avoid local attackers consuming lots of
  kernel CPU time.
  * CVE-2012-1097: The regset common infrastructure
  assumed that regsets would always have .get and .set
  methods, but necessarily .active methods. Unfortunately
  people have since written regsets without .set method, so
  NULL pointer dereference attacks were possible.
  * CVE-2011-2494: Access to the /proc/pid/taskstats file
  requires root access to avoid side channel (timing
  keypresses etc.) attacks on other users.
  * CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be
  caused by specific filesystem access patterns.
  * CVE-2011-4131: A malicious NFSv4 server could have
  caused a oops in the nfsv4 acl handling.
  * CVE-2011-4132: Fixed a oops in jbd/jbd2 that could be
  caused by mounting a malicious prepared filesystem.

  (Also included are all fixes from the 3.0.14 -> 3.0.25
  stable kernel  updates.)

  The following non-security issues have been fixed:

  EFI:

  * efivars: add missing parameter to efi_pstore_read().

  BTRFS:

  * add a few error cleanups.
  * btrfs: handle errors when excluding super extents
  (FATE#306586 bnc#751015).
  * btrfs: Fix missing goto in btrfs_ioctl_clone.
  * btrfs: Fixed mishandled -EAGAIN error case from
  btrfs_split_item (bnc#750459).
  * btrfs: disallow unequal data/metadata blocksize for
  mixed block groups (FATE#306586).
  * btrfs: enhance superblock sanity checks (FATE#306586
  bnc#749651).
  * btrfs: update message levels (FATE#306586).
  * btrfs 3.3-rc6 updates: o avoid setting ->d_op twice
  (FATE#306586 bnc#731387). o btrfs: fix wrong information of
  the directory in the snapshot (FATE#306586). o btrfs: fix
  race in reada (FATE#306586). o btrfs: do not add both
  copies of DUP to reada extent tree (FATE#306586). o btrfs:
  stop silently switching single chunks to raid0 on balance
  (FATE#306586). o btrfs: fix locking issues in
  find_parent_nodes() (FATE#306586). o btrfs: fix casting
  error in scrub reada code (FATE#306586).
  * btrfs sync with upstream up to 3.3-rc5 (FATE#306586)
  * btrfs: Sector Size check during Mount
  * btrfs: avoid positive number with ERR_PTR
  * btrfs: return the internal error unchanged if
  btrfs_get_extent_fiemap() call failed for
  SEEK_DATA/SEEK_HOLE inquiry.
  * btrfs: fix trim 0 bytes after a device delete
  * btrfs: do not check DUP chunks twice
  * btrfs: fix memory leak in load_free_space_cache()
  * btrfs: delalloc for page dirtied out-of-band in fixup
  worker
  * btrfs: fix structs where bitfields and
  spinlock/atomic share 8B word.
  * btrfs: silence warning in raid array setup.
  * btrfs: honor umask when creating subvol root.
  * btrfs: fix return value check of extent_io_ops.
  * btrfs: fix deadlock on page lock when doing
  auto-defragment.
  * btrfs: check return value of lookup_extent_mapping()
  correctly.
  * btrfs: skip states when they does not contain bits to
  clear.
  * btrfs: kick out redundant stuff in convert_extent_bit.
  * btrfs: fix a bug on overcommit stuff.
  * btrfs: be less strict on finding next node in
  clear_extent_bit.
  * btrfs: improve error handling for
  btrfs_insert_dir_item callers.
  * btrfs: make sure we update latest_bdev.
  * btrfs: add extra sanity checks on the path names in
  btrfs_mksubvol.
  * btrfs: clear the extent uptodate bits during parent
  transid failures.
  * btrfs: increase the global block reserve estimates.
  * btrfs: fix compiler warnings on 32 bit systems.
  * Clean up unused code, fix use of error-indicated
  pointer in transaction teardown (bnc#748854).
  * btrfs: fix return value check of extent_io_ops.
  * btrfs: fix deadlock on page lock when doing
  auto-defragment.
  * btrfs: check return value of lookup_extent_mapping()
  correctly.
  * btrfs: skip states when they does not contain bits to
  clear.
  * btrfs: kick out redundant stuff in convert_extent_bit.
  * btrfs: fix a bug on overcommit stuff.
  * btrfs: be less strict on finding next node in
  clear_extent_bit.
  * btrfs: do not reserve data with extents locked in
  btrfs_fallocate.
  * btrfs: avoid positive number with ERR_PTR.
  * btrfs: return the internal error unchanged if
  btrfs_get_extent_fiemap() call failed for
  SEEK_DATA/SEEK_HOLE inquiry.
  * btrfs: fix trim 0 bytes after a device delete.
  * btrfs: do not check DUP chunks twice.
  * btrfs: fix memory leak in load_free_space_cache().
  * btrfs: fix permissions of new subvolume (bnc#746373).
  * btrfs: set ioprio of scrub readahead to idle.
  * fix logic in condition in
  BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS
  * fix incorrect exclusion of superblock from
  blockgroups (bnc#751743)
  *
  patches.suse/btrfs-8059-handle-errors-when-excluding-super-e
  xtents.patch: fix incorrect default value.
  * fix aio/dio bio refcounting bnc#718918.
  * btrfs: fix locking issues in find_parent_nodes()
  * Btrfs: fix casting error in scrub reada code
  *
  patches.suse/btrfs-8059-handle-errors-when-excluding-super-e
  xtents.patch: Fix uninitialized variable.
  * btrfs: handle errors from read_tree_block
  (bnc#748632).
  * btrfs: push-up errors from btrfs_num_copies
  (bnc#748632).
  *
  patches.suse/btrfs-8059-handle-errors-when-excluding-super-e
  xtents.patch: disable due to potential corruptions
  (bnc#751743)

  XFS:

  * XFS read/write calls do not generate DMAPI events
  (bnc#751885).
  * xfs/dmapi: Remove cached vfsmount (bnc#749417).
  * xfs: Fix oops on IO error during
  xlog_recover_process_iunlinks() (bnc#716850).

  NFS:

  * nfs: Do not allow multiple mounts on same mountpoint
  when using -o noac (bnc#745422).
  * lockd: fix arg parsing for grace_period and timeout
  (bnc#733761).

  MD:

  * raid10: Disable recovery when recovery cannot proceed
  (bnc#751171).
  * md/bitmap: ensure to load bitmap when creating via
  sysfs.
  * md: do not set md arrays to readonly on shutdown
  (bnc#740180, bnc#713148, bnc#734900).
  * md: allow last device to be forcibly removed from
  RAID1/RAID10 (bnc#746717).
  * md: allow re-add to failed arrays (bnc#746717).
  * md: Correctly handle read failure from last working
  device in RAID10 (bnc#746717).
  *
  patches.suse/0003-md-raid1-add-failfast-handling-for-writes.
  patch: Refresh to not crash when handling write error on
  FailFast devices. bnc#747159
  * md/raid10: Fix kernel oops during drive failure
  (bnc#750995).
  * patches.suse/md-re-add-to-failed: Update references
  (bnc#746717).
  * md/raid10: handle merge_bvec_fn in member devices.
  * md/raid10 - support resizing some RAID10 arrays.

  Hyper-V:

  * update hyperv drivers to 3.3-rc7 and move them out of
  staging: hv_timesource -> merged into core kernel hv_vmbus
  -> drivers/hv/hv_vmbus hv_utils -> drivers/hv/hv_utils
  hv_storvsc -> drivers/scsi/hv_storvsc hv_netvsc ->
  drivers/net/hyperv/hv_netvsc hv_mousevsc ->
  drivers/hid/hid-hyperv add compat modalias for hv_mousevsc
  update supported.conf rename all 333 patches, use msft-hv-
  and suse-hv- as prefix
  * net/hyperv: Use netif_tx_disable() instead of
  netif_stop_queue() when necessary.
  * net/hyperv: rx_bytes should account the ether header
  size.
  * net/hyperv: fix the issue that large packets be
  dropped under bridge.
  * net/hyperv: Fix the page buffer when an RNDIS message
  goes beyond page boundary.
  * net/hyperv: fix erroneous NETDEV_TX_BUSY use.

  SCSI:

  * sd: mark busy sd majors as allocated (bug#744658).
  * st: expand tape driver ability to write immediate
  filemarks (bnc#688996).
  * scsi scan: do not fail scans when host is in recovery
  (bnc#747867).

  S/390:

  * dasd: Implement block timeout handling (bnc#746717).
  * callhome: fix broken proc interface and activate
  compid (bnc#748862,LTC#79115).
  * ctcmpc: use correct idal word list for ctcmpc
  (bnc#750173,LTC#79264).
  * Fix recovery in case of concurrent asynchronous
  deliveries (bnc#748629,LTC#78309).
  * kernel: 3215 console deadlock (bnc#748629,LTC#78612).
  * qeth: synchronize discipline module loading
  (bnc#748629,LTC#78788).
  * memory hotplug: prevent memory zone interleave
  (bnc#748629,LTC#79113).
  * dasd: fix fixpoint divide exception in define_extent
  (bnc#748629,LTC#79125).
  * kernel: incorrect kernel message tags
  (bnc#744795,LTC#78356).
  * lcs: lcs offline failure (bnc#752484,LTC#79788).
  * qeth: add missing wake_up call (bnc#752484,LTC#79899).
  * dasd: Terminate inactive cqrs correctly (bnc#750995)
  * dasd: detailed I/O errors (bnc#746717).
  * patches.suse/dasd-blk-timeout.patch: Only activate
  blk_timeout for failfast requests (bnc#753617).

  ALSA:

  * ALSA: hda - Set codec to D3 forcibly even if not used
  (bnc#750426).
  * ALSA: hda - Add Realtek ALC269VC codec support
  (bnc#748827).
  * ALSA: hda/realtek - Apply the coef-setup only to
  ALC269VB (bnc#748827).
  * ALSA: pcm - Export snd_pcm_lib_default_mmap() helper
  (bnc#748384,bnc#738597).
  * ALSA: hda - Add snoop option (bnc#748384,bnc#738597).
  * ALSA: HDA: Add support for new AMD products
  (bnc#748384,bnc#738597).
  * ALSA: hda - Fix audio playback support on HP Zephyr
  system (bnc#749787).
  * ALSA: hda - Fix mute-LED VREF value for new HP
  laptops (bnc#745741).

  EXT3:

  * enable
  patches.suse/ext3-increase-reservation-window.patch.

  DRM:

  * drm/i915: Force explicit bpp selection for
  intel_dp_link_required (bnc#749980).
  * drm/i915/dp: Dither down to 6bpc if it makes the mode
  fit (bnc#749980).
  * drm/i915/dp: Read more DPCD registers on connection
  probe (bnc#749980).
  * drm/i915: fixup interlaced bits clearing in PIPECONF
  on PCH_SPLIT (bnc#749980).
  * drm/i915: read full receiver capability field during
  DP hot plug (bnc#749980).
  * drm/intel: Fix initialization if startup happens in
  interlaced mode [v2] (bnc#749980).
  * drm/i915 IVY/SNB fix patches from upstream 3.3-rc5 &
  rc6:
  patches.drivers/drm-i915-Prevent-a-machine-hang-by-checking-
  crtc-act,
  patches.drivers/drm-i915-do-not-enable-RC6p-on-Sandy-Bridge,
  patches.drivers/drm-i915-fix-operator-precedence-when-enabli
  ng-RC6p,
  patches.drivers/drm-i915-gen7-Disable-the-RHWO-optimization-
  as-it-ca,
  patches.drivers/drm-i915-gen7-Implement-an-L3-caching-workar
  ound,
  patches.drivers/drm-i915-gen7-implement-rczunit-workaround,
  patches.drivers/drm-i915-gen7-work-around-a-system-hang-on-I
  VB
  * drm/i915: Clear the TV sense state bits on cantiga to
  make TV detection reliable (bnc#750041).
  * drm/i915: Do not write DSPSURF for old chips
  (bnc#747071).
  * drm: Do not delete DPLL Multiplier during DAC init
  (bnc #728840).
  * drm: Set depth on low mem Radeon cards to 16 instead
  of 8 (bnc #746883).
  *
  patches.drivers/drm-i915-set-AUD_CONFIG_N_index-for-DP:
  Refresh. Updated the patch from the upstream (bnc#722560)
  * Add a few missing drm/i915 fixes from upstream 3.2
  kernel (bnc#744392):
  * drm/i915: Sanitize BIOS debugging bits from PIPECONF
  (bnc#751916).
  * drm/i915: Add lvds_channel module option (bnc#739837).
  * drm/i915: Check VBIOS value for determining LVDS dual
  channel mode, too (bnc#739837).
  * agp: fix scratch page cleanup (bnc#738679).
  * drm/i915: suspend fbdev device around
  suspend/hibernate (bnc#732908).

  ACPI:

  * supported.conf: Add acpi_ipmi as supported
  (bnc#716971).

  MM:

  * cpusets: avoid looping when storing to mems_allowed
  if one.
  * cpusets: avoid stall when updating mems_allowed for
  mempolicy.
  * cpuset: mm: Reduce large amounts of memory barrier
  related slowdown.
  * mm: make swapin readahead skip over holes.
  * mm: allow PF_MEMALLOC from softirq context.
  * mm: Ensure processes do not remain throttled under
  memory pressure. (Swap over NFS (fate#304949, bnc#747944).
  * mm: Allow sparsemem usemap allocations for very large
  NUMA nodes (bnc#749049).
  * backing-dev: fix wakeup timer races with
  bdi_unregister() (bnc#741824).
  * readahead: fix pipeline break caused by block plug
  (bnc#746454).
  * Fix uninitialised variable warning and obey the
  [get|put]_mems_allowed API.

  CIFS:

  * cifs: fix dentry refcount leak when opening a FIFO on
  lookup (CVE-2012-1090 bnc#749569).

  USB:

  * xhci: Fix encoding for HS bulk/control NAK rate
  (bnc#750402).
  * USB: Fix handoff when BIOS disables host PCI device
  (bnc#747878).
  * USB: Do not fail USB3 probe on missing legacy PCI IRQ
  (bnc#749543).
  * USB: Adding #define in hub_configure() and hcd.c file
  (bnc#714604).
  * USB: remove BKL comments (bnc#714604).
  * xHCI: Adding #define values used for hub descriptor
  (bnc#714604).
  * xHCI: Kick khubd when USB3 resume really completes
  (bnc#714604).
  * xhci: Fix oops caused by more USB2 ports than USB3
  ports (bnc#714604).
  * USB/xhci: Enable remote wakeup for USB3 devices
  (bnc#714604).
  * USB: Suspend functions before putting dev into U3
  (bnc#714604).
  * USB/xHCI: Enable USB 3.0 hub remote wakeup
  (bnc#714604).
  * USB: Refactor hub remote wake handling (bnc#714604).
  * USB/xHCI: Support device-initiated USB 3.0 resume
  (bnc#714604).
  * USB: Set wakeup bits for all children hubs
  (bnc#714604).
  * USB: Turn on auto-suspend for USB 3.0 hubs
  (bnc#714604).
  * USB: Set hub depth after USB3 hub reset (bnc#749115).
  * xhci: Fix USB 3.0 device restart on resume
  (bnc#745867).
  * xhci: Remove scary warnings about transfer issues
  (bnc#745867).
  * xhci: Remove warnings about MSI and MSI-X
  capabilities (bnc#745867).

  Other:

  * PCI / PCIe: Introduce command line option to disable
  ARI (bnc#742845).
  * PCI: Set device power state to PCI_D0 for device
  without native PM support (bnc#752972).

  X86:

  * x86/UV: Lower UV rtc clocksource rating (bnc#748456).
  * x86, mce, therm_throt: Do not report power limit and
  package level thermal throttle events in mcelog
  (bnc#745876).
  * x86: Unlock nmi lock after kdb_ipi call (bnc#745424).
  * x86, tsc: Fix SMI induced variation in
  quick_pit_calibrate(). (bnc#751322)

  XEN:

  * Update Xen patches to 3.0.22.
  * xenbus_dev: add missing error checks to watch
  handling.
  * drivers/xen/: use strlcpy() instead of strncpy().
  * xenoprof: backward compatibility for changed
  XENOPROF_ESCAPE_CODE.
  * blkfront: properly fail packet requests (bnc#745929).
  * Refresh other Xen patches (bnc#732070, bnc#742871).
  * xenbus: do not free other end details too early.
  * blkback: also call blkif_disconnect() when frontend
  switched to closed.
  * gnttab: add deferred freeing logic.
  * blkback: failure to write "feature-barrier" node is
  non-fatal.

  Infiniband:

  * RDMA/cxgb4: Make sure flush CQ entries are collected
  on connection close (bnc#721587).
  * RDMA/cxgb4: Serialize calls to CQs comp_handler
  (bnc#721587).
  * mlx4_en: Assigning TX irq per ring (bnc#624072).

  Bluetooth:

  * Bluetooth: Add Atheros AR3012 Maryann PID/VID
  supported in ath3k (bnc#732296).
  * Bluetooth: btusb: fix bInterval for high/super speed
  isochronous endpoints (bnc#754052).

  SCTP:

  * dlm: Do not allocate a fd for peeloff (bnc#729247).
  * sctp: Export sctp_do_peeloff (bnc#729247).

  Other:

  * qlge: Removing needless prints which are not
  (bnc#718863).
  * ibft: Fix finding IBFT ACPI table on UEFI
  (bnc#746579).
  * proc: Consider NO_HZ when printing idle and iowait
  times (bnc#705551).
  * procfs: do not confuse jiffies with cputime64_t
  (bnc#705551).
  * procfs: do not overflow get_{idle,iowait}_time for
  nohz (bnc#705551).
  * bfa: Do not return DID_ABORT on failure (bnc#745400).
  * epoll: Do not limit non-nested epoll paths
  (bnc#676204).
  * Bridge: Always send NETDEV_CHANGEADDR up on br MAC
  change (bnc#752408).
  * hp_accel: Ignore the error from lis3lv02d_poweron()
  at resume (bnc#751903).
  * watchdog: make sure the watchdog thread gets CPU on
  loaded system (bnc#738583).

  Security Issue references:

  * CVE-2011-1083
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1083

  * CVE-2011-2494
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494

  * CVE-2011-4086
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4086

  * CVE-2011-4127
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4127

  * CVE-2011-4131
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4131

  * CVE-2011-4132
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132

  * CVE-2012-1097
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1097

  * CVE-2012-1146
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1146

  * CVE-2012-1179
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1179


Indications:

  Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

  Please reboot the system after installing this update.

Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Server 11 SP2 for VMware:

     zypper in -t patch slessp2-kernel-6164 slessp2-kernel-6172

  - SUSE Linux Enterprise Server 11 SP2:

     zypper in -t patch slessp2-kernel-6161 slessp2-kernel-6162 slessp2-kernel-6163 slessp2-kernel-6164 slessp2-kernel-6172

  - SUSE Linux Enterprise High Availability Extension 11 SP2:

     zypper in -t patch sleshasp2-kernel-6161 sleshasp2-kernel-6162 sleshasp2-kernel-6163 sleshasp2-kernel-6164 sleshasp2-kernel-6172

  - SUSE Linux Enterprise Desktop 11 SP2:

     zypper in -t patch sledsp2-kernel-6164 sledsp2-kernel-6172

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.26]:

     kernel-default-3.0.26-0.7.6
     kernel-default-base-3.0.26-0.7.6
     kernel-default-devel-3.0.26-0.7.6
     kernel-source-3.0.26-0.7.6
     kernel-syms-3.0.26-0.7.6
     kernel-trace-3.0.26-0.7.6
     kernel-trace-base-3.0.26-0.7.6
     kernel-trace-devel-3.0.26-0.7.6
     kernel-xen-devel-3.0.26-0.7.6

  - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.26]:

     kernel-pae-3.0.26-0.7.6
     kernel-pae-base-3.0.26-0.7.6
     kernel-pae-devel-3.0.26-0.7.6

  - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.26]:

     kernel-default-3.0.26-0.7.6
     kernel-default-base-3.0.26-0.7.6
     kernel-default-devel-3.0.26-0.7.6
     kernel-source-3.0.26-0.7.6
     kernel-syms-3.0.26-0.7.6
     kernel-trace-3.0.26-0.7.6
     kernel-trace-base-3.0.26-0.7.6
     kernel-trace-devel-3.0.26-0.7.6

  - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.26]:

     kernel-ec2-3.0.26-0.7.6
     kernel-ec2-base-3.0.26-0.7.6
     kernel-ec2-devel-3.0.26-0.7.6
     kernel-xen-3.0.26-0.7.6
     kernel-xen-base-3.0.26-0.7.6
     kernel-xen-devel-3.0.26-0.7.6

  - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.26]:

     kernel-default-man-3.0.26-0.7.6

  - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.26]:

     kernel-ppc64-3.0.26-0.7.6
     kernel-ppc64-base-3.0.26-0.7.6
     kernel-ppc64-devel-3.0.26-0.7.6

  - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.26]:

     kernel-pae-3.0.26-0.7.6
     kernel-pae-base-3.0.26-0.7.6
     kernel-pae-devel-3.0.26-0.7.6

  - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):

     cluster-network-kmp-default-1.4_3.0.26_0.7-2.10.13
     cluster-network-kmp-trace-1.4_3.0.26_0.7-2.10.13
     gfs2-kmp-default-2_3.0.26_0.7-0.7.13
     gfs2-kmp-trace-2_3.0.26_0.7-0.7.13
     ocfs2-kmp-default-1.6_3.0.26_0.7-0.7.13
     ocfs2-kmp-trace-1.6_3.0.26_0.7-0.7.13

  - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):

     cluster-network-kmp-xen-1.4_3.0.26_0.7-2.10.13
     gfs2-kmp-xen-2_3.0.26_0.7-0.7.13
     ocfs2-kmp-xen-1.6_3.0.26_0.7-0.7.13

  - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):

     cluster-network-kmp-ppc64-1.4_3.0.26_0.7-2.10.13
     gfs2-kmp-ppc64-2_3.0.26_0.7-0.7.13
     ocfs2-kmp-ppc64-1.6_3.0.26_0.7-0.7.13

  - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):

     cluster-network-kmp-pae-1.4_3.0.26_0.7-2.10.13
     gfs2-kmp-pae-2_3.0.26_0.7-0.7.13
     ocfs2-kmp-pae-1.6_3.0.26_0.7-0.7.13

  - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.26]:

     kernel-default-3.0.26-0.7.6
     kernel-default-base-3.0.26-0.7.6
     kernel-default-devel-3.0.26-0.7.6
     kernel-default-extra-3.0.26-0.7.6
     kernel-source-3.0.26-0.7.6
     kernel-syms-3.0.26-0.7.6
     kernel-trace-3.0.26-0.7.6
     kernel-trace-base-3.0.26-0.7.6
     kernel-trace-devel-3.0.26-0.7.6
     kernel-trace-extra-3.0.26-0.7.6
     kernel-xen-3.0.26-0.7.6
     kernel-xen-base-3.0.26-0.7.6
     kernel-xen-devel-3.0.26-0.7.6
     kernel-xen-extra-3.0.26-0.7.6

  - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.26]:

     kernel-pae-3.0.26-0.7.6
     kernel-pae-base-3.0.26-0.7.6
     kernel-pae-devel-3.0.26-0.7.6
     kernel-pae-extra-3.0.26-0.7.6

  - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 x86_64):

     ext4-writeable-kmp-default-0_3.0.26_0.7-0.12.13
     kernel-default-extra-3.0.26-0.7.6

  - SLE 11 SERVER Unsupported Extras (i586 x86_64):

     ext4-writeable-kmp-xen-0_3.0.26_0.7-0.12.13
     kernel-xen-extra-3.0.26-0.7.6

  - SLE 11 SERVER Unsupported Extras (s390x):

     ext4-writeable-kmp-default-0_3.0.26_0.7-0.12.14
     kernel-default-extra-3.0.26-0.7.9

  - SLE 11 SERVER Unsupported Extras (ppc64):

     ext4-writeable-kmp-ppc64-0_3.0.26_0.7-0.12.13
     kernel-ppc64-extra-3.0.26-0.7.6

  - SLE 11 SERVER Unsupported Extras (i586):

     ext4-writeable-kmp-pae-0_3.0.26_0.7-0.12.13
     kernel-pae-extra-3.0.26-0.7.6


References:

  http://support.novell.com/security/cve/CVE-2011-1083.html
  http://support.novell.com/security/cve/CVE-2011-2494.html
  http://support.novell.com/security/cve/CVE-2011-4086.html
  http://support.novell.com/security/cve/CVE-2011-4127.html
  http://support.novell.com/security/cve/CVE-2011-4131.html
  http://support.novell.com/security/cve/CVE-2011-4132.html
  http://support.novell.com/security/cve/CVE-2012-1097.html
  http://support.novell.com/security/cve/CVE-2012-1146.html
  http://support.novell.com/security/cve/CVE-2012-1179.html
  https://bugzilla.novell.com/624072
  https://bugzilla.novell.com/676204
  https://bugzilla.novell.com/688996
  https://bugzilla.novell.com/703156
  https://bugzilla.novell.com/705551
  https://bugzilla.novell.com/713148
  https://bugzilla.novell.com/714604
  https://bugzilla.novell.com/716850
  https://bugzilla.novell.com/716971
  https://bugzilla.novell.com/718863
  https://bugzilla.novell.com/718918
  https://bugzilla.novell.com/721587
  https://bugzilla.novell.com/722560
  https://bugzilla.novell.com/728840
  https://bugzilla.novell.com/729247
  https://bugzilla.novell.com/730117
  https://bugzilla.novell.com/730118
  https://bugzilla.novell.com/731387
  https://bugzilla.novell.com/732070
  https://bugzilla.novell.com/732296
  https://bugzilla.novell.com/732908
  https://bugzilla.novell.com/733761
  https://bugzilla.novell.com/734900
  https://bugzilla.novell.com/735909
  https://bugzilla.novell.com/738583
  https://bugzilla.novell.com/738597
  https://bugzilla.novell.com/738679
  https://bugzilla.novell.com/739837
  https://bugzilla.novell.com/740180
  https://bugzilla.novell.com/741824
  https://bugzilla.novell.com/742845
  https://bugzilla.novell.com/742871
  https://bugzilla.novell.com/744315
  https://bugzilla.novell.com/744392
  https://bugzilla.novell.com/744658
  https://bugzilla.novell.com/744795
  https://bugzilla.novell.com/745400
  https://bugzilla.novell.com/745422
  https://bugzilla.novell.com/745424
  https://bugzilla.novell.com/745741
  https://bugzilla.novell.com/745832
  https://bugzilla.novell.com/745867
  https://bugzilla.novell.com/745876
  https://bugzilla.novell.com/745929
  https://bugzilla.novell.com/746373
  https://bugzilla.novell.com/746454
  https://bugzilla.novell.com/746526
  https://bugzilla.novell.com/746579
  https://bugzilla.novell.com/746717
  https://bugzilla.novell.com/746883
  https://bugzilla.novell.com/747071
  https://bugzilla.novell.com/747159
  https://bugzilla.novell.com/747867
  https://bugzilla.novell.com/747878
  https://bugzilla.novell.com/747944
  https://bugzilla.novell.com/748384
  https://bugzilla.novell.com/748456
  https://bugzilla.novell.com/748629
  https://bugzilla.novell.com/748632
  https://bugzilla.novell.com/748827
  https://bugzilla.novell.com/748854
  https://bugzilla.novell.com/748862
  https://bugzilla.novell.com/749049
  https://bugzilla.novell.com/749115
  https://bugzilla.novell.com/749417
  https://bugzilla.novell.com/749543
  https://bugzilla.novell.com/749569
  https://bugzilla.novell.com/749651
  https://bugzilla.novell.com/749787
  https://bugzilla.novell.com/749980
  https://bugzilla.novell.com/750041
  https://bugzilla.novell.com/750079
  https://bugzilla.novell.com/750173
  https://bugzilla.novell.com/750402
  https://bugzilla.novell.com/750426
  https://bugzilla.novell.com/750459
  https://bugzilla.novell.com/750959
  https://bugzilla.novell.com/750995
  https://bugzilla.novell.com/751015
  https://bugzilla.novell.com/751171
  https://bugzilla.novell.com/751322
  https://bugzilla.novell.com/751743
  https://bugzilla.novell.com/751885
  https://bugzilla.novell.com/751903
  https://bugzilla.novell.com/751916
  https://bugzilla.novell.com/752408
  https://bugzilla.novell.com/752484
  https://bugzilla.novell.com/752599
  https://bugzilla.novell.com/752972
  https://bugzilla.novell.com/754052
  https://bugzilla.novell.com/756821
  http://download.novell.com/patch/finder/?keywords=0c0599ba7eb3ff19e03145395221492d
  http://download.novell.com/patch/finder/?keywords=2e90c1323c443452ce1300d028485433
  http://download.novell.com/patch/finder/?keywords=3013eaf2835f479bb179809bbe457341
  http://download.novell.com/patch/finder/?keywords=32e6cc1c03753bb6fea3e11ac96fa022
  http://download.novell.com/patch/finder/?keywords=473d38c1e40bf853caa492bc515a7ef3
  http://download.novell.com/patch/finder/?keywords=801367ba5926dca980d4cca08cb89d42
  http://download.novell.com/patch/finder/?keywords=964c5d721958050cf002b86dc6679a38
  http://download.novell.com/patch/finder/?keywords=999e5682f16cf2722ec13361cda52a51
  http://download.novell.com/patch/finder/?keywords=c376b59b3b132786ff345a43f594d3dd
  http://download.novell.com/patch/finder/?keywords=def01de6b281f8b8cf0625ebfad3cb09
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.