Hello community, here is the log from the commit of package patchinfo.1389 for openSUSE:12.2:Update checked in at 2013-03-05 16:51:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/patchinfo.1389 (Old) and /work/SRC/openSUSE:12.2:Update/.patchinfo.1389.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.1389", Maintainer is "" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="1389"> <packager>jeff_mahoney</packager> <issue tracker="bnc" id="804738">VUL-1: CVE-2012-5374: kernel: btrfs: denial of service via CRC32C computational overflowing</issue> <issue tracker="bnc" id="805633">VUL-0: CVE-2013-1763: kernel: local privilege escalation via sock_diag netlink socket</issue> <issue tracker="bnc" id="802153">quota: quota_v2 not autoloaded when QFMT_VFS_V1 used</issue> <issue tracker="bnc" id="797175">VUL-1: kernel: /dev/ptmx timing attacks</issue> <issue tracker="bnc" id="801782">[HP BCS SLES11 ]: Stack overflow in __reserve_region_with_split</issue> <issue tracker="bnc" id="799209">Newer Emulex be2net drivers need upstream bridge patch</issue> <issue tracker="bnc" id="800280">VUL-0: XSA-39: CVE-2013-0216 CVE-2013-0217: xen: netback DoS via malicious guest ring</issue> <issue tracker="bnc" id="801178">VUL-0: Xen: XSA-43: CVE-2013-0231: Linux pciback DoS via not rate limited log messages</issue> <issue tracker="cve" id="CVE-2013-1763"></issue> <issue tracker="cve" id="CVE-2012-5374"></issue> <issue tracker="cve" id="CVE-2013-0160"></issue> <issue tracker="cve" id="CVE-2013-0231"></issue> <issue tracker="cve" id="CVE-2013-0216"></issue> <category>security</category> <rating>important</rating> <summary>kernel: fixed local privilege escalation</summary> <description> The Linux kernel was updated to 3.4.33 and to fix a local root privilege escalation and various other security and non-security bugs. CVE-2013-1763: A out of bounds access in sock_diag could be used by local attackers to execute code in kernel context and so become root. CVE-2013-0160: The atime of /dev/ptmx is no longer updated, avoiding side channel attacks via user typing speed. CVE-2012-5374: Denial of service via btrfs hashes could have been used by local attackers to cause a compute denial of service. CVE-2013-0216: Fixed a problem in XEN netback: shutdown the ring if it contains garbage. CVE-2013-0231: Fixed a problem in XEN pciback: rate limit error messages from xen_pcibk_enable_msi(x). </description> <reboot_needed/> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org