[security-announce] SUSE-SU-2012:0736-1: important: Security update for Linux kernel

news · June 20, 2012

SUSE Security Update: Security update for Linux kernel

______________________________________________________________________________

Announcement ID: SUSE-SU-2012:0736-1

Rating: important

References: #671124 #671479 #683270 #693639 #713430 #718343

#721869 #722400 #723294 #724692 #724734 #726600

#729685 #730118 #730200 #731673 #732613 #733155

#734707 #737325 #737899 #740131 #742148 #742881

#744592 #745640 #745732 #745760 #745929 #746397

#746980 #747381 #749168 #750168 #750928 #751880

#752486 #754964 #758813 #760902 #761389 #762111

#764128

Cross-References: CVE-2011-2928 CVE-2011-4077 CVE-2011-4324

CVE-2011-4330 CVE-2012-2313 CVE-2012-2319

Affected Products:

SUSE Linux Enterprise Server 10 SP4

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

______________________________________________________________________________

An update that solves 6 vulnerabilities and has 37 fixes is

now available.

Description:

This Linux kernel update fixes various security issues and

bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed:

*

CVE-2012-2319: A memory corruption when mounting a

hfsplus filesystem was fixed that could be used by local

attackers able to mount filesystem to crash the system.

*

CVE-2012-2313: The dl2k network card driver lacked

permission handling for some ethtool ioctls, which could

allow local attackers to start/stop the network card.

*

CVE-2011-2928: The befs_follow_linkl function in

fs/befs/linuxvfs.c in the Linux kernel did not validate the

lenght attribute of long symlinsk, which allowed local

users to cause a denial of service (incorrect pointer

dereference and Ooops) by accessing a long symlink on a

malformed Be filesystem.

*

CVE-2011-4077: Fixed a memory corruption possibility

in xfs readlink, which could be used by local attackers to

crash the system or potentially execute code by mounting a

prepared xfs filesystem image.

*

CVE-2011-4324: A BUG() error report in the nfs4xdr

routines on a NFSv4 mount was fixed that could happen

during mknod.

*

CVE-2011-4330: Mounting a corrupted hfs filesystem

could lead to a buffer overflow.

The following non-security issues have been fixed:

* kernel: pfault task state race (bnc#764128,LTC#81724).

* ap: Toleration for ap bus devices with device type 10

(bnc#761389).

* hugetlb, numa: fix interleave mpol reference count

(bnc#762111).

* cciss: fixup kdump (bnc#730200).

* kdump: Avoid allocating bootmem map over crash

reserved region (bnc#749168, bnc#722400, bnc#742881).

* qeth: Improve OSA Express 4 blkt defaults

(bnc#754964,LTC#80325).

* zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl

(bnc#754964,LTC#80378).

* virtio: add names to virtqueue struct, mapping from

devices to queues (bnc#742148).

* virtio: find_vqs/del_vqs virtio operations

(bnc#742148).

* virtio_pci: optional MSI-X support (bnc#742148).

* virtio_pci: split up vp_interrupt (bnc#742148).

* knfsd: nfsd4: fix laundromat shutdown race (752556).

* driver core: Check for valid device in

bus_find_device() (bnc#729685).

* VMware detection backport from mainline (bnc#671124,

bnc#747381).

* net: adding memory barrier to the poll and receive

callbacks (bnc#746397 bnc#750928).

* qla2xxx: drop reference before wait for completion

(bnc#744592).

* qla2xxx: drop reference before wait for completion

(bnc#744592).

* ixgbe driver sets all WOL flags upon initialization

so that machine is powered on as soon at it is switched off

(bnc#693639)

* Properly release MSI(X) vector(s) when MSI(X) gets

disabled (bnc#723294, bnc#721869).

* scsi: Always retry internal target error (bnc#745640).

* cxgb4: fix parent device access in netdev_printk

(bnc#733155).

* lcs: lcs offline failure (bnc#752486,LTC#79788).

* qeth: add missing wake_up call (bnc#752486,LTC#79899).

* NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and

MKDIR (bnc#751880).

* xenbus: Reject replies with payload >

XENSTORE_PAYLOAD_MAX.

* xenbus_dev: add missing error checks to watch

handling.

* blkfront: properly fail packet requests (bnc#745929).

* blkback: failure to write "feature-barrier" node is

non-fatal.

* igb: Free MSI and MSIX interrupt vectors on driver

remove or shutdown (bnc#723294).

* igb: Fix for Alt MAC Address feature on 82580 and

later devices (bnc#746980).

* igb: Free MSI and MSIX interrupt vectors on driver

remove or shutdown (bnc#723294).

* cfq: Fix infinite loop in cfq_preempt_queue()

(bnc#724692).

* dasd: fix fixpoint divide exception in define_extent

(bnc#750168,LTC#79125).

* ctcmpc: use correct idal word list for ctcmpc

(bnc#750168,LTC#79264).

* patches.fixes/ext3-fix-reuse-of-freed-blocks.diff:

Delete. Patch should not really be needed and apparently

causes a performance regression (bnc#683270)

* tcp: fix race condition leading to premature

termination of sockets in FIN_WAIT2 state and connection

being reset (bnc#745760)

* kernel: console interrupts vs. panic

(bnc#737325,LTC#77272).

* af_iucv: remove IUCV-pathes completely

(bnc#737325,LTC#78292).

* qdio: wrong buffers-used counter for ERROR buffers

(bnc#737325,LTC#78758).

* ext3: Fix credit estimate for DIO allocation

(bnc#745732).

* jbd: validate sb->s_first in journal_get_superblock()

(bnc#730118).

* ocfs2: serialize unaligned aio (bnc#671479).

* cifs: eliminate usage of kthread_stop for cifsd

(bnc#718343).

* virtio: fix wrong type used, resulting in truncated

addresses in bigsmp kernel. (bnc#737899)

* cciss: Adds simple mode functionality (bnc#730200).

* blktap: fix locking (again) (bnc#724734).

* block: Initial support for data-less (or empty)

barrier support (bnc#734707 FATE#313126).

* xen: Do not allow empty barriers to be passed down to

queues that do not grok them (bnc#734707 FATE#313126).

* linkwatch: Handle jiffies wrap-around (bnc#740131).

Security Issue references:

* CVE-2011-2928

* CVE-2011-4077

* CVE-2011-4324

* CVE-2011-4330

* CVE-2012-2319

* CVE-2012-2313

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Package List:

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

kernel-default-2.6.16.60-0.97.1

kernel-source-2.6.16.60-0.97.1

kernel-syms-2.6.16.60-0.97.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.97.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.97.1

- SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

kernel-smp-2.6.16.60-0.97.1

kernel-xen-2.6.16.60-0.97.1

- SUSE Linux Enterprise Server 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.97.1

kernel-kdumppae-2.6.16.60-0.97.1

kernel-vmi-2.6.16.60-0.97.1

kernel-vmipae-2.6.16.60-0.97.1

kernel-xenpae-2.6.16.60-0.97.1

- SUSE Linux Enterprise Server 10 SP4 (ppc):

kernel-iseries64-2.6.16.60-0.97.1

kernel-ppc64-2.6.16.60-0.97.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

kernel-default-2.6.16.60-0.97.1

kernel-smp-2.6.16.60-0.97.1

kernel-source-2.6.16.60-0.97.1

kernel-syms-2.6.16.60-0.97.1

kernel-xen-2.6.16.60-0.97.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.97.1

kernel-xenpae-2.6.16.60-0.97.1

- SLE SDK 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.97.1

- SLE SDK 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.97.1

- SLE SDK 10 SP4 (i586 x86_64):

kernel-xen-2.6.16.60-0.97.1

- SLE SDK 10 SP4 (i586):

kernel-xenpae-2.6.16.60-0.97.1

References:

http://support.novell.com/security/cve/CVE-2011-2928.html

http://support.novell.com/security/cve/CVE-2011-4077.html

http://support.novell.com/security/cve/CVE-2011-4324.html

http://support.novell.com/security/cve/CVE-2011-4330.html

http://support.novell.com/security/cve/CVE-2012-2313.html

http://support.novell.com/security/cve/CVE-2012-2319.html

https://bugzilla.novell.com/671124

https://bugzilla.novell.com/671479

https://bugzilla.novell.com/683270

https://bugzilla.novell.com/693639

https://bugzilla.novell.com/713430

https://bugzilla.novell.com/718343

https://bugzilla.novell.com/721869

https://bugzilla.novell.com/722400

https://bugzilla.novell.com/723294

https://bugzilla.novell.com/724692

https://bugzilla.novell.com/724734

https://bugzilla.novell.com/726600

https://bugzilla.novell.com/729685

https://bugzilla.novell.com/730118

https://bugzilla.novell.com/730200

https://bugzilla.novell.com/731673

https://bugzilla.novell.com/732613

https://bugzilla.novell.com/733155

https://bugzilla.novell.com/734707

https://bugzilla.novell.com/737325

https://bugzilla.novell.com/737899

https://bugzilla.novell.com/740131

https://bugzilla.novell.com/742148

https://bugzilla.novell.com/742881

https://bugzilla.novell.com/744592

https://bugzilla.novell.com/745640

https://bugzilla.novell.com/745732

https://bugzilla.novell.com/745760

https://bugzilla.novell.com/745929

https://bugzilla.novell.com/746397

https://bugzilla.novell.com/746980

https://bugzilla.novell.com/747381

https://bugzilla.novell.com/749168

https://bugzilla.novell.com/750168

https://bugzilla.novell.com/750928

https://bugzilla.novell.com/751880

https://bugzilla.novell.com/752486

https://bugzilla.novell.com/754964

https://bugzilla.novell.com/758813

https://bugzilla.novell.com/760902

https://bugzilla.novell.com/761389

https://bugzilla.novell.com/762111

https://bugzilla.novell.com/764128

http://download.novell.com/patch/finder/?keywords=3395803e5857d3e0f44b39331dc3b010

http://download.novell.com/patch/finder/?keywords=74169532cbeb6a34c2168ce4ce202dbf

http://download.novell.com/patch/finder/?keywords=96d47125b6fb737bee4bf3f7619aa63d

http://download.novell.com/patch/finder/?keywords=9fe1c1f891de7bb8b0abad73549e497a

http://download.novell.com/patch/finder/?keywords=d66830daf8e6d37d2c64dfa779e3a77d

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] SUSE-SU-2012:0736-1: important: Security update for Linux kernel

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity