[security-announce] SUSE-SU-2011:1319-1: important: Security update for Linux kernel

[news 28]

SUSE Security Update: Security update for Linux kernel

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2011:1319-1

Rating: important

References: #659101 #675127 #687049 #691440 #694863 #695898

#698450 #699709 #701183 #702013 #706374 #707288

#709671 #711501 #711539 #712002 #712404 #712405

#713229 #713650 #714744 #717263 #717690 #717884

#719450 #719786 #719916 #720536 #721299 #721337

#721464 #721830 #721840 #722429 #722504 #723542

#723815 #724365 #724800 #724989 #725453 #725502

#725709 #725878 #728626 #729111 #729721 #731035

#731229 #731673 #731981 #732021 #732535

Cross-References: CVE-2011-1576 CVE-2011-1833 CVE-2011-2203

CVE-2011-2699 CVE-2011-3188 CVE-2011-4326

CVE-2011-4330

Affected Products:

SUSE Linux Enterprise Server 11 SP1 for VMware

SUSE Linux Enterprise Server 11 SP1

SUSE Linux Enterprise High Availability Extension 11 SP1

SUSE Linux Enterprise Desktop 11 SP1

______________________________________________________________________________

 

An update that solves 7 vulnerabilities and has 46 fixes is

now available. It includes one version update.

 

Description:

 

 

The SUSE Linux Enterprise 11 Service Pack 1 kernel has been

updated to version 2.6.32.49 and fixes various bugs and

security issues.

 

* CVE-2011-3188: The TCP/IP initial sequence number

generation effectively only used 24 bits of 32 to generate

randomness, making a brute force man-in-the-middle attack

on TCP/IP connections feasible. The generator was changed

to use full 32bit randomness.

* CVE-2011-2699: Fernando Gont discovered that the IPv6

stack used predictable fragment identification numbers. A

remote attacker could exploit this to exhaust network

resources, leading to a denial of service.

* CVE-2011-2203: A NULL ptr dereference on mounting

corrupt hfs filesystems was fixed which could be used by

local attackers to crash the kernel.

* CVE-2011-1833: Added a kernel option to ensure

ecryptfs is mounting only on paths belonging to the current

ui, which would have allowed local attackers to potentially

gain privileges via symlink attacks.

* CVE-2011-1576: The Generic Receive Offload (GRO)

implementation in the Linux kernel allowed remote attackers

to cause a denial of service via crafted VLAN packets that

are processed by the napi_reuse_skb function, leading to

(1) a memory leak or (2) memory corruption, a different

vulnerability than CVE-2011-1478.

* CVE-2011-4330: A name overflow in the hfs filesystem

was fixed, where mounting a corrupted hfs filesystem could

lead to a stack overflow and code execution in the kernel.

This requires a local attacker to be able to mount hfs

filesystems.

* CVE-2011-4326: A bug was found in the way headroom

check was performed in udp6_ufo_fragment() function. A

remote attacker could use this flaw to crash the system.

 

The following non-security bugs have been fixed:

 

* ALSA: hda - Fix S3/S4 problem on machines with

VREF-pin mute-LED (bnc#732535).

* patches.xen/xen-pcpu-hotplug: Fix a double kfree().

* ixgbe: fix bug with vlan strip in promsic mode

(bnc#687049, fate#311821).

* ixgbe: fix panic when shutting down system with WoL

enabled.

* fnic: Allow users to modify dev_loss_tmo setting

(bnc#719786).

* x86, intel: Do not mark sched_clock() as stable

(bnc#725709).

* ALSA: hda - Keep vref-LED during power-saving on IDT

codecs (bnc#731981).

* cifs: Assume passwords are encoded according to

iocharset (bnc#731035).

* scsi_dh: Check queuedata pointer before proceeding

(bnc#714744).

* netback: use correct index for invalidation in

netbk_tx_check_mop().

* ACPI video: introduce module parameter

video.use_bios_initial_backlight (bnc#731229).

* SUNRPC: prevent task_cleanup running on freed xprt

(bnc#709671).

* add device entry for Broadcom Valentine combo card

(bnc#722429).

* quota: Fix WARN_ON in lookup_one_len (bnc#728626).

* Update Xen patches to 2.6.32.48.

* pv-on-hvm/kexec: add xs_reset_watches to shutdown

watches from old kernel (bnc#694863).

* x86: undo_limit_pages() must reset page count.

* mm/vmstat.c: cache align vm_stat (bnc#729721).

* s390/ccwgroup: fix uevent vs dev attrs race

(bnc#659101,LTC#69028).

* Warn on pagecache limit usage (FATE309111).

* SCSI: st: fix race in st_scsi_execute_end

(bnc#720536).

* ACPI: introduce "acpi_rsdp=" parameter for kdump

(bnc#717263).

* elousb: Limit the workaround warning to one per

error, control workaround activity (bnc#719916).

* SCSI: libiscsi: reset cmd timer if cmds are making

progress (bnc#691440).

* SCSI: fix crash in scsi_dispatch_cmd() (bnc#724989).

* NFS/sunrpc: do not use a credential with extra groups

(bnc#725878).

* s390/qdio: EQBS retry after CCQ 96

(bnc#725453,LTC#76117).

* fcoe: Reduce max_sectors to 1024 (bnc#695898).

* apparmor: return -ENOENT when there is no profile for

a hat (bnc#725502).

* sched, cgroups: disallow attaching kthreadd

(bnc#721840).

* nfs: Check validity of cl_rpcclient in

nfs_server_list_show (bnc#717884).

* x86, vt-d: enable x2apic opt out (disabling x2apic

through BIOS flag) (bnc#701183, fate#311989).

* block: Free queue resources at blk_release_queue()

(bnc#723815).

* ALSA: hda - Add post_suspend patch ops (bnc#724800).

* ALSA: hda - Allow codec-specific set_power_state ops

(bnc#724800).

* ALSA: hda - Add support for vref-out based mute LED

control on IDT codecs (bnc#724800).

* scsi_dh_rdac : Add definitions for different RDAC

operating modes (bnc#724365).

* scsi_dh_rdac : Detect the different RDAC operating

modes (bnc#724365).

* scsi_dh_rdac : decide whether to send mode select

based on operating mode (bnc#724365).

* scsi_dh_rdac: Use WWID from C8 page instead of

Subsystem id from C4 page to identify storage (bnc#724365).

* vlan: Match underlying dev carrier on vlan add

(bnc#722504).

* scsi_lib: pause between error retries (bnc#675127).

* xfs: use KM_NOFS for allocations during attribute

list operations (bnc#721830)

* bootsplash: Do not crash when no fb is set

(bnc#723542).

* cifs: do not allow cifs_iget to match inodes of the

wrong type (bnc#711501).

* cifs: fix noserverino handling when 1 extensions are

enabled (bnc#711501).

* cifs: reduce false positives with inode aliasing

serverino autodisable (bnc#711501).

* parport_pc: release IO region properly if unsupported

ITE887x card is found (bnc#721464).

* writeback: avoid unnecessary calculation of bdi dirty

thresholds (bnc#721299).

* 1: Fix bogus it_blocksize in VIO iommu code

(bnc#717690).

* ext4: Fix max file size and logical block counting of

extent format file (bnc#706374).

* novfs: Unable to change password in the Novell Client

for Linux (bnc#713229).

* xfs: add more ilock tracing.

* sched: move wakeup tracepoint above out_running

(bnc#712002).

* config.conf: Build KMPs for the -trace flavor as well

(fate#312759, bnc#712404, bnc#712405, bnc#721337).

* memsw: remove noswapaccount kernel parameter

(bnc#719450).

 

Security Issue references:

 

* CVE-2011-3188

 

* CVE-2011-2699

 

* CVE-2011-2203

 

* CVE-2011-1833

 

* CVE-2011-1576

 

* CVE-2011-4330

 

* CVE-2011-4326

 

 

Indications:

 

Everyone using the Linux Kernel on x86_64 architecture should update.

 

Special Instructions and Notes:

 

Please reboot the system after installing this update.

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Server 11 SP1 for VMware:

 

zypper in -t patch slessp1-kernel-5511

 

- SUSE Linux Enterprise Server 11 SP1:

 

zypper in -t patch slessp1-kernel-5494 slessp1-kernel-5507 slessp1-kernel-5511

 

- SUSE Linux Enterprise High Availability Extension 11 SP1:

 

zypper in -t patch sleshasp1-kernel-5494 sleshasp1-kernel-5507 sleshasp1-kernel-5511

 

- SUSE Linux Enterprise Desktop 11 SP1:

 

zypper in -t patch sledsp1-kernel-5511

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 2.6.32.49]:

 

btrfs-kmp-default-0_2.6.32.49_0.3-0.3.66

ext4dev-kmp-default-0_2.6.32.49_0.3-7.9.33

hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17

kernel-default-2.6.32.49-0.3.1

kernel-default-base-2.6.32.49-0.3.1

kernel-default-devel-2.6.32.49-0.3.1

kernel-source-2.6.32.49-0.3.1

kernel-syms-2.6.32.49-0.3.1

kernel-trace-2.6.32.49-0.3.1

kernel-trace-base-2.6.32.49-0.3.1

kernel-trace-devel-2.6.32.49-0.3.1

 

- SUSE Linux Enterprise Server 11 SP1 (ia64 ppc64 x86_64) [New Version: 2.6.32.49]:

 

btrfs-kmp-default-0_2.6.32.49_0.3-0.3.66

ext4dev-kmp-default-0_2.6.32.49_0.3-7.9.33

ext4dev-kmp-trace-0_2.6.32.49_0.3-7.9.33

kernel-default-2.6.32.49-0.3.1

kernel-default-base-2.6.32.49-0.3.1

kernel-default-devel-2.6.32.49-0.3.1

kernel-source-2.6.32.49-0.3.1

kernel-syms-2.6.32.49-0.3.1

kernel-trace-2.6.32.49-0.3.1

kernel-trace-base-2.6.32.49-0.3.1

kernel-trace-devel-2.6.32.49-0.3.1

 

- SUSE Linux Enterprise Server 11 SP1 (x86_64) [New Version: 2.6.32.49]:

 

btrfs-kmp-xen-0_2.6.32.49_0.3-0.3.66

ext4dev-kmp-xen-0_2.6.32.49_0.3-7.9.33

hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17

hyper-v-kmp-trace-0_2.6.32.49_0.3-0.18.1

kernel-ec2-2.6.32.49-0.3.1

kernel-ec2-base-2.6.32.49-0.3.1

kernel-xen-2.6.32.49-0.3.1

kernel-xen-base-2.6.32.49-0.3.1

kernel-xen-devel-2.6.32.49-0.3.1

 

- SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.49]:

 

ext4dev-kmp-ppc64-0_2.6.32.49_0.3-7.9.33

kernel-ppc64-2.6.32.49-0.3.1

kernel-ppc64-base-2.6.32.49-0.3.1

kernel-ppc64-devel-2.6.32.49-0.3.1

 

- SUSE Linux Enterprise High Availability Extension 11 SP1 (ia64 ppc64 x86_64):

 

cluster-network-kmp-default-1.4_2.6.32.49_0.3-2.5.18

cluster-network-kmp-trace-1.4_2.6.32.49_0.3-2.5.18

gfs2-kmp-default-2_2.6.32.49_0.3-0.2.65

gfs2-kmp-trace-2_2.6.32.49_0.3-0.2.65

ocfs2-kmp-default-1.6_2.6.32.49_0.3-0.4.2.18

ocfs2-kmp-trace-1.6_2.6.32.49_0.3-0.4.2.18

 

- SUSE Linux Enterprise High Availability Extension 11 SP1 (x86_64):

 

cluster-network-kmp-xen-1.4_2.6.32.49_0.3-2.5.18

gfs2-kmp-xen-2_2.6.32.49_0.3-0.2.65

ocfs2-kmp-xen-1.6_2.6.32.49_0.3-0.4.2.18

 

- SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64):

 

cluster-network-kmp-ppc64-1.4_2.6.32.49_0.3-2.5.18

gfs2-kmp-ppc64-2_2.6.32.49_0.3-0.2.65

ocfs2-kmp-ppc64-1.6_2.6.32.49_0.3-0.4.2.18

 

- SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 2.6.32.49]:

 

btrfs-kmp-default-0_2.6.32.49_0.3-0.3.66

btrfs-kmp-xen-0_2.6.32.49_0.3-0.3.66

hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17

kernel-default-2.6.32.49-0.3.1

kernel-default-base-2.6.32.49-0.3.1

kernel-default-devel-2.6.32.49-0.3.1

kernel-default-extra-2.6.32.49-0.3.1

kernel-desktop-devel-2.6.32.49-0.3.1

kernel-source-2.6.32.49-0.3.1

kernel-syms-2.6.32.49-0.3.1

kernel-trace-devel-2.6.32.49-0.3.1

kernel-xen-2.6.32.49-0.3.1

kernel-xen-base-2.6.32.49-0.3.1

kernel-xen-devel-2.6.32.49-0.3.1

kernel-xen-extra-2.6.32.49-0.3.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2011-1576.html

http://support.novell.com/security/cve/CVE-2011-1833.html

http://support.novell.com/security/cve/CVE-2011-2203.html

http://support.novell.com/security/cve/CVE-2011-2699.html

http://support.novell.com/security/cve/CVE-2011-3188.html

http://support.novell.com/security/cve/CVE-2011-4326.html

http://support.novell.com/security/cve/CVE-2011-4330.html

https://bugzilla.novell.com/659101

https://bugzilla.novell.com/675127

https://bugzilla.novell.com/687049

https://bugzilla.novell.com/691440

https://bugzilla.novell.com/694863

https://bugzilla.novell.com/695898

https://bugzilla.novell.com/698450

https://bugzilla.novell.com/699709

https://bugzilla.novell.com/701183

https://bugzilla.novell.com/702013

https://bugzilla.novell.com/706374

https://bugzilla.novell.com/707288

https://bugzilla.novell.com/709671

https://bugzilla.novell.com/711501

https://bugzilla.novell.com/711539

https://bugzilla.novell.com/712002

https://bugzilla.novell.com/712404

https://bugzilla.novell.com/712405

https://bugzilla.novell.com/713229

https://bugzilla.novell.com/713650

https://bugzilla.novell.com/714744

https://bugzilla.novell.com/717263

https://bugzilla.novell.com/717690

https://bugzilla.novell.com/717884

https://bugzilla.novell.com/719450

https://bugzilla.novell.com/719786

https://bugzilla.novell.com/719916

https://bugzilla.novell.com/720536

https://bugzilla.novell.com/721299

https://bugzilla.novell.com/721337

https://bugzilla.novell.com/721464

https://bugzilla.novell.com/721830

https://bugzilla.novell.com/721840

https://bugzilla.novell.com/722429

https://bugzilla.novell.com/722504

https://bugzilla.novell.com/723542

https://bugzilla.novell.com/723815

https://bugzilla.novell.com/724365

https://bugzilla.novell.com/724800

https://bugzilla.novell.com/724989

https://bugzilla.novell.com/725453

https://bugzilla.novell.com/725502

https://bugzilla.novell.com/725709

https://bugzilla.novell.com/725878

https://bugzilla.novell.com/728626

https://bugzilla.novell.com/729111

https://bugzilla.novell.com/729721

https://bugzilla.novell.com/731035

https://bugzilla.novell.com/731229

https://bugzilla.novell.com/731673

https://bugzilla.novell.com/731981

https://bugzilla.novell.com/732021

https://bugzilla.novell.com/732535

http://download.novell.com/patch/finder/?keywords=0b7e04a54fedaae34f6309faa0744773

http://download.novell.com/patch/finder/?keywords=31d452e9bdc91325cef696c4c54131ba

http://download.novell.com/patch/finder/?keywords=836acbf4bd9c116e2d6a3b8cc8e914ff

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org