[security-announce] SUSE-SU-2012:1391-1: important: Security update for Linux kernel

news · October 24, 2012

SUSE Security Update: Security update for Linux kernel

______________________________________________________________________________

Announcement ID: SUSE-SU-2012:1391-1

Rating: important

References: #674284 #703156 #734056 #738400 #738528 #747576

#755546 #758985 #760974 #762581 #763526 #765102

#765320 #767277 #767504 #767766 #767939 #769784

#770507 #770697 #772409 #773272 #773831 #776888

#777575 #783058

Cross-References: CVE-2011-1044 CVE-2011-4110 CVE-2012-2136

CVE-2012-2663 CVE-2012-2744 CVE-2012-3510

Affected Products:

SUSE Linux Enterprise Server 10 SP4

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

______________________________________________________________________________

An update that solves 6 vulnerabilities and has 20 fixes is

now available.

Description:

This Linux kernel update fixes various security issues and

bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed:

*

CVE-2011-2494: kernel/taskstats.c in the Linux kernel

allowed local users to obtain sensitive I/O statistics by

sending taskstats commands to a netlink socket, as

demonstrated by discovering the length of another users

password (a side channel attack).

*

CVE-2012-2744:

net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux

kernel, when the nf_conntrack_ipv6 module is enabled,

allowed remote attackers to cause a denial of service (NULL

pointer dereference and system crash) via certain types of

fragmented IPv6 packets.

*

CVE-2012-3510: Use-after-free vulnerability in the

xacct_add_tsk function in kernel/tsacct.c in the Linux

kernel allowed local users to obtain potentially sensitive

information from kernel memory or cause a denial of service

(system crash) via a taskstats TASKSTATS_CMD_ATTR_PID

command.

*

CVE-2011-4110: The user_update function in

security/keys/user_defined.c in the Linux kernel 2.6

allowed local users to cause a denial of service (NULL

pointer dereference and kernel oops) via vectors related to

a user-defined key and up[censored] a negative key into a fully

instantiated key.

*

CVE-2011-1044: The ib_uverbs_poll_cq function in

drivers/infiniband/core/uverbs_cmd.c in the Linux kernel

did not initialize a certain response buffer, which allowed

local users to obtain potentially sensitive information

from kernel memory via vectors that cause this buffer to be

only partially filled, a different vulnerability than

CVE-2010-4649.

*

CVE-2012-3400: Heap-based buffer overflow in the

udf_load_logicalvol function in fs/udf/super.c in the Linux

kernel allowed remote attackers to cause a denial of

service (system crash) or possibly have unspecified other

impact via a crafted UDF filesystem.

*

CVE-2012-2136: The sock_alloc_send_pskb function in

net/core/sock.c in the Linux kernel did not properly

validate a certain length value, which allowed local users

to cause a denial of service (heap-based buffer overflow

and system crash) or possibly gain privileges by leveraging

access to a TUN/TAP device.

*

CVE-2012-2663: A small denial of service leak in

dropping syn+fin messages was fixed.

The following non-security issues have been fixed:

Packaging:

* kbuild: Fix gcc -x syntax (bnc#773831).

NFS:

* knfsd: An assortment of little fixes to the sunrpc

cache code (bnc#767766).

* knfsd: Unexport cache_fresh and fix a small race

(bnc#767766).

* knfsd: nfsd: do not drop silently on upcall deferral

(bnc#767766).

* knfsd: svcrpc: remove another silent drop from

deferral code (bnc#767766).

* sunrpc/cache: simplify cache_fresh_locked and

cache_fresh_unlocked (bnc#767766).

* sunrpc/cache: recheck cache validity after

cache_defer_req (bnc#767766).

* sunrpc/cache: use list_del_init for the list_head

entries in cache_deferred_req (bnc#767766).

* sunrpc/cache: avoid variable over-loading in

cache_defer_req (bnc#767766).

* sunrpc/cache: allow thread to block while waiting for

cache update (bnc#767766).

* sunrpc/cache: Fix race in sunrpc/cache introduced by

patch to allow thread to block while waiting for cache

update (bnc#767766).

* sunrpc/cache: Another fix for race problem with

sunrpc cache deferal (bnc#767766).

* knfsd: nfsd: make all exp_finding functions return

-errnos on err (bnc#767766).

* Fix kabi breakage in previous nfsd patch series

(bnc#767766).

* nfsd: Work around incorrect return type for

wait_for_completion_interruptible_timeout (bnc#767766).

* nfs: Fix a potential file corruption issue when

writing (bnc#773272).

* nfs: Allow sync writes to be multiple pages

(bnc#763526).

* nfs: fix reference counting for NFSv4 callback thread

(bnc#767504).

* nfs: flush signals before taking down callback thread

(bnc#767504).

* nfsv4: Ensure nfs_callback_down() calls svc_destroy()

(bnc#767504).

SCSI:

* SCSI/ch: Check NULL for kmalloc() return (bnc#783058).

*

drivers/scsi/aic94xx/aic94xx_init.c: correct the size

argument to kmalloc (bnc#783058).

*

block: fail SCSI passthrough ioctls on partition

devices (bnc#738400).

*

dm: do not forward ioctls from logical volumes to the

underlying device (bnc#738400).

*

vmware: Fix VMware hypervisor detection (bnc#777575,

bnc#770507).

S/390:

* lgr: Make lgr_page static (bnc#772409,LTC#83520).

* zfcp: Fix oops in _blk_add_trace()

(bnc#772409,LTC#83510).

*

kernel: Add z/VM LGR detection

(bnc#767277,LTC#RAS1203).

*

be2net: Fix EEH error reset before a flash dump

completes (bnc#755546).

* mptfusion: fix msgContext in mptctl_hp_hostinfo

(bnc#767939).

* PCI: Fix bus resource assignment on 32 bits with 64b

resources. (bnc#762581)

* PCI: fix up setup-bus.c #ifdef. (bnc#762581)

*

x86: powernow-k8: Fix indexing issue (bnc#758985).

*

net: Fix race condition about network device name

allocation (bnc#747576).

XEN:

* smpboot: adjust ordering of operations.

* xen/x86-64: provide a memset() that can deal with 4Gb

or above at a time (bnc#738528).

* xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53

(bnc#760974).

* xen/gntdev: fix multi-page slot allocation

(bnc#760974).

Security Issues:

* CVE-2011-1044

* CVE-2011-4110

* CVE-2012-2136

* CVE-2012-2663

* CVE-2012-2744

* CVE-2012-3510

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Package List:

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

kernel-default-2.6.16.60-0.99.1

kernel-source-2.6.16.60-0.99.1

kernel-syms-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

kernel-smp-2.6.16.60-0.99.1

kernel-xen-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.99.1

kernel-kdumppae-2.6.16.60-0.99.1

kernel-vmi-2.6.16.60-0.99.1

kernel-vmipae-2.6.16.60-0.99.1

kernel-xenpae-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (ppc):

kernel-iseries64-2.6.16.60-0.99.1

kernel-ppc64-2.6.16.60-0.99.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

kernel-default-2.6.16.60-0.99.1

kernel-smp-2.6.16.60-0.99.1

kernel-source-2.6.16.60-0.99.1

kernel-syms-2.6.16.60-0.99.1

kernel-xen-2.6.16.60-0.99.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.99.1

kernel-xenpae-2.6.16.60-0.99.1

- SLE SDK 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.99.1

- SLE SDK 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.99.1

- SLE SDK 10 SP4 (i586 x86_64):

kernel-xen-2.6.16.60-0.99.1

- SLE SDK 10 SP4 (i586):

kernel-xenpae-2.6.16.60-0.99.1

References:

http://support.novell.com/security/cve/CVE-2011-1044.html

http://support.novell.com/security/cve/CVE-2011-4110.html

http://support.novell.com/security/cve/CVE-2012-2136.html

http://support.novell.com/security/cve/CVE-2012-2663.html

http://support.novell.com/security/cve/CVE-2012-2744.html

http://support.novell.com/security/cve/CVE-2012-3510.html

https://bugzilla.novell.com/674284

https://bugzilla.novell.com/703156

https://bugzilla.novell.com/734056

https://bugzilla.novell.com/738400

https://bugzilla.novell.com/738528

https://bugzilla.novell.com/747576

https://bugzilla.novell.com/755546

https://bugzilla.novell.com/758985

https://bugzilla.novell.com/760974

https://bugzilla.novell.com/762581

https://bugzilla.novell.com/763526

https://bugzilla.novell.com/765102

https://bugzilla.novell.com/765320

https://bugzilla.novell.com/767277

https://bugzilla.novell.com/767504

https://bugzilla.novell.com/767766

https://bugzilla.novell.com/767939

https://bugzilla.novell.com/769784

https://bugzilla.novell.com/770507

https://bugzilla.novell.com/770697

https://bugzilla.novell.com/772409

https://bugzilla.novell.com/773272

https://bugzilla.novell.com/773831

https://bugzilla.novell.com/776888

https://bugzilla.novell.com/777575

https://bugzilla.novell.com/783058

http://download.novell.com/patch/finder/?keywords=118cf41af33f48911c473f3bd88c74a8

http://download.novell.com/patch/finder/?keywords=1d5bd8295622191606c935851bd82ff9

http://download.novell.com/patch/finder/?keywords=3b3320a96f49fe4615b35ba22bb6cbf3

http://download.novell.com/patch/finder/?keywords=9dc087603b172b449aa9a07b548bf3cf

http://download.novell.com/patch/finder/?keywords=c77cfcc87d8e54df006cb42c12c2fadb

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] SUSE-SU-2012:1391-1: important: Security update for Linux kernel

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity