Security update for Linux kernel
SUSE Security Update: Security update for Linux kernel
This Linux kernel update fixes various security issues and
bugs in the SUSE Linux Enterprise 10 SP4 kernel.
The following security issues have been fixed:
*
CVE-2011-2494: kernel/taskstats.c in the Linux kernel
allowed local users to obtain sensitive I/O statistics by
sending taskstats commands to a netlink socket, as
demonstrated by discovering the length of another users
password (a side channel attack).
*
CVE-2012-2744:
net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux
kernel, when the nf_conntrack_ipv6 module is enabled,
allowed remote attackers to cause a denial of service (NULL
pointer dereference and system crash) via certain types of
fragmented IPv6 packets.
*
CVE-2012-3510: Use-after-free vulnerability in the
xacct_add_tsk function in kernel/tsacct.c in the Linux
kernel allowed local users to obtain potentially sensitive
information from kernel memory or cause a denial of service
(system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
command.
*
CVE-2011-4110: The user_update function in
security/keys/user_defined.c in the Linux kernel 2.6
allowed local users to cause a denial of service (NULL
pointer dereference and kernel oops) via vectors related to
a user-defined key and updating a negative key into a fully
instantiated key.
*
CVE-2011-1044: The ib_uverbs_poll_cq function in
drivers/infiniband/core/uverbs_cmd.c in the Linux kernel
did not initialize a certain response buffer, which allowed
local users to obtain potentially sensitive information
from kernel memory via vectors that cause this buffer to be
only partially filled, a different vulnerability than
CVE-2010-4649.
*
CVE-2012-3400: Heap-based buffer overflow in the
udf_load_logicalvol function in fs/udf/super.c in the Linux
kernel allowed remote attackers to cause a denial of
service (system crash) or possibly have unspecified other
impact via a crafted UDF filesystem.
*
CVE-2012-2136: The sock_alloc_send_pskb function in
net/core/sock.c in the Linux kernel did not properly
validate a certain length value, which allowed local users
to cause a denial of service (heap-based buffer overflow
and system crash) or possibly gain privileges by leveraging
access to a TUN/TAP device.
*
CVE-2012-2663: A small denial of service leak in
dropping syn+fin messages was fixed.
The following non-security issues have been fixed:
Packaging:
* kbuild: Fix gcc -x syntax (bnc#773831).
NFS:
* knfsd: An assortment of little fixes to the sunrpc
cache code (bnc#767766).
* knfsd: Unexport cache_fresh and fix a small race
(bnc#767766).
* knfsd: nfsd: do not drop silently on upcall deferral
(bnc#767766).
* knfsd: svcrpc: remove another silent drop from
deferral code (bnc#767766).
* sunrpc/cache: simplify cache_fresh_locked and
cache_fresh_unlocked (bnc#767766).
* sunrpc/cache: recheck cache validity after
cache_defer_req (bnc#767766).
* sunrpc/cache: use list_del_init for the list_head
entries in cache_deferred_req (bnc#767766).
* sunrpc/cache: avoid variable over-loading in
cache_defer_req (bnc#767766).
* sunrpc/cache: allow thread to block while waiting for
cache update (bnc#767766).
* sunrpc/cache: Fix race in sunrpc/cache introduced by
patch to allow thread to block while waiting for cache
update (bnc#767766).
* sunrpc/cache: Another fix for race problem with
sunrpc cache deferal (bnc#767766).
* knfsd: nfsd: make all exp_finding functions return
-errnos on err (bnc#767766).
* Fix kabi breakage in previous nfsd patch series
(bnc#767766).
* nfsd: Work around incorrect return type for
wait_for_completion_interruptible_timeout (bnc#767766).
* nfs: Fix a potential file corruption issue when
writing (bnc#773272).
* nfs: Allow sync writes to be multiple pages
(bnc#763526).
* nfs: fix reference counting for NFSv4 callback thread
(bnc#767504).
* nfs: flush signals before taking down callback thread
(bnc#767504).
* nfsv4: Ensure nfs_callback_down() calls svc_destroy()
(bnc#767504).
SCSI:
* SCSI/ch: Check NULL for kmalloc() return (bnc#783058).
*
drivers/scsi/aic94xx/aic94xx_init.c: correct the size
argument to kmalloc (bnc#783058).
*
block: fail SCSI passthrough ioctls on partition
devices (bnc#738400).
*
dm: do not forward ioctls from logical volumes to the
underlying device (bnc#738400).
*
vmware: Fix VMware hypervisor detection (bnc#777575,
bnc#770507).
S/390:
* lgr: Make lgr_page static (bnc#772409,LTC#83520).
* zfcp: Fix oops in _blk_add_trace()
(bnc#772409,LTC#83510).
*
kernel: Add z/VM LGR detection
(bnc#767277,LTC#RAS1203).
*
be2net: Fix EEH error reset before a flash dump
completes (bnc#755546).
* mptfusion: fix msgContext in mptctl_hp_hostinfo
(bnc#767939).
* PCI: Fix bus resource assignment on 32 bits with 64b
resources. (bnc#762581)
* PCI: fix up setup-bus.c #ifdef. (bnc#762581)
*
x86: powernow-k8: Fix indexing issue (bnc#758985).
*
net: Fix race condition about network device name
allocation (bnc#747576).
XEN:
* smpboot: adjust ordering of operations.
* xen/x86-64: provide a memset() that can deal with 4Gb
or above at a time (bnc#738528).
* xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53
(bnc#760974).
* xen/gntdev: fix multi-page slot allocation
(bnc#760974).
Security Issues:
* CVE-2011-1044
>
* CVE-2011-4110
>
* CVE-2012-2136
>
* CVE-2012-2663
>
* CVE-2012-2744
>
* CVE-2012-3510
>
| Announcement ID: | SUSE-SU-2012:1391-1 |
| Rating: | important |
| References: | #674284 #703156 #734056 #738400 #738528 #747576 #755546 #758985 #760974 #762581 #763526 #765102 #765320 #767277 #767504 #767766 #767939 #769784 #770507 #770697 #772409 #773272 #773831 #776888 #777575 #783058 |
| Affected Products: |
An update that solves 6 vulnerabilities and has 20 fixes is now available.
Description:
This Linux kernel update fixes various security issues and
bugs in the SUSE Linux Enterprise 10 SP4 kernel.
The following security issues have been fixed:
*
CVE-2011-2494: kernel/taskstats.c in the Linux kernel
allowed local users to obtain sensitive I/O statistics by
sending taskstats commands to a netlink socket, as
demonstrated by discovering the length of another users
password (a side channel attack).
*
CVE-2012-2744:
net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux
kernel, when the nf_conntrack_ipv6 module is enabled,
allowed remote attackers to cause a denial of service (NULL
pointer dereference and system crash) via certain types of
fragmented IPv6 packets.
*
CVE-2012-3510: Use-after-free vulnerability in the
xacct_add_tsk function in kernel/tsacct.c in the Linux
kernel allowed local users to obtain potentially sensitive
information from kernel memory or cause a denial of service
(system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
command.
*
CVE-2011-4110: The user_update function in
security/keys/user_defined.c in the Linux kernel 2.6
allowed local users to cause a denial of service (NULL
pointer dereference and kernel oops) via vectors related to
a user-defined key and updating a negative key into a fully
instantiated key.
*
CVE-2011-1044: The ib_uverbs_poll_cq function in
drivers/infiniband/core/uverbs_cmd.c in the Linux kernel
did not initialize a certain response buffer, which allowed
local users to obtain potentially sensitive information
from kernel memory via vectors that cause this buffer to be
only partially filled, a different vulnerability than
CVE-2010-4649.
*
CVE-2012-3400: Heap-based buffer overflow in the
udf_load_logicalvol function in fs/udf/super.c in the Linux
kernel allowed remote attackers to cause a denial of
service (system crash) or possibly have unspecified other
impact via a crafted UDF filesystem.
*
CVE-2012-2136: The sock_alloc_send_pskb function in
net/core/sock.c in the Linux kernel did not properly
validate a certain length value, which allowed local users
to cause a denial of service (heap-based buffer overflow
and system crash) or possibly gain privileges by leveraging
access to a TUN/TAP device.
*
CVE-2012-2663: A small denial of service leak in
dropping syn+fin messages was fixed.
The following non-security issues have been fixed:
Packaging:
* kbuild: Fix gcc -x syntax (bnc#773831).
NFS:
* knfsd: An assortment of little fixes to the sunrpc
cache code (bnc#767766).
* knfsd: Unexport cache_fresh and fix a small race
(bnc#767766).
* knfsd: nfsd: do not drop silently on upcall deferral
(bnc#767766).
* knfsd: svcrpc: remove another silent drop from
deferral code (bnc#767766).
* sunrpc/cache: simplify cache_fresh_locked and
cache_fresh_unlocked (bnc#767766).
* sunrpc/cache: recheck cache validity after
cache_defer_req (bnc#767766).
* sunrpc/cache: use list_del_init for the list_head
entries in cache_deferred_req (bnc#767766).
* sunrpc/cache: avoid variable over-loading in
cache_defer_req (bnc#767766).
* sunrpc/cache: allow thread to block while waiting for
cache update (bnc#767766).
* sunrpc/cache: Fix race in sunrpc/cache introduced by
patch to allow thread to block while waiting for cache
update (bnc#767766).
* sunrpc/cache: Another fix for race problem with
sunrpc cache deferal (bnc#767766).
* knfsd: nfsd: make all exp_finding functions return
-errnos on err (bnc#767766).
* Fix kabi breakage in previous nfsd patch series
(bnc#767766).
* nfsd: Work around incorrect return type for
wait_for_completion_interruptible_timeout (bnc#767766).
* nfs: Fix a potential file corruption issue when
writing (bnc#773272).
* nfs: Allow sync writes to be multiple pages
(bnc#763526).
* nfs: fix reference counting for NFSv4 callback thread
(bnc#767504).
* nfs: flush signals before taking down callback thread
(bnc#767504).
* nfsv4: Ensure nfs_callback_down() calls svc_destroy()
(bnc#767504).
SCSI:
* SCSI/ch: Check NULL for kmalloc() return (bnc#783058).
*
drivers/scsi/aic94xx/aic94xx_init.c: correct the size
argument to kmalloc (bnc#783058).
*
block: fail SCSI passthrough ioctls on partition
devices (bnc#738400).
*
dm: do not forward ioctls from logical volumes to the
underlying device (bnc#738400).
*
vmware: Fix VMware hypervisor detection (bnc#777575,
bnc#770507).
S/390:
* lgr: Make lgr_page static (bnc#772409,LTC#83520).
* zfcp: Fix oops in _blk_add_trace()
(bnc#772409,LTC#83510).
*
kernel: Add z/VM LGR detection
(bnc#767277,LTC#RAS1203).
*
be2net: Fix EEH error reset before a flash dump
completes (bnc#755546).
* mptfusion: fix msgContext in mptctl_hp_hostinfo
(bnc#767939).
* PCI: Fix bus resource assignment on 32 bits with 64b
resources. (bnc#762581)
* PCI: fix up setup-bus.c #ifdef. (bnc#762581)
*
x86: powernow-k8: Fix indexing issue (bnc#758985).
*
net: Fix race condition about network device name
allocation (bnc#747576).
XEN:
* smpboot: adjust ordering of operations.
* xen/x86-64: provide a memset() that can deal with 4Gb
or above at a time (bnc#738528).
* xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53
(bnc#760974).
* xen/gntdev: fix multi-page slot allocation
(bnc#760974).
Security Issues:
* CVE-2011-1044
* CVE-2011-4110
* CVE-2012-2136
* CVE-2012-2663
* CVE-2012-2744
* CVE-2012-3510
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
- kernel-default-2.6.16.60-0.99.1
- kernel-source-2.6.16.60-0.99.1
- kernel-syms-2.6.16.60-0.99.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):
- kernel-debug-2.6.16.60-0.99.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):
- kernel-kdump-2.6.16.60-0.99.1
- SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):
- kernel-smp-2.6.16.60-0.99.1
- kernel-xen-2.6.16.60-0.99.1
- SUSE Linux Enterprise Server 10 SP4 (i586):
- kernel-bigsmp-2.6.16.60-0.99.1
- kernel-kdumppae-2.6.16.60-0.99.1
- kernel-vmi-2.6.16.60-0.99.1
- kernel-vmipae-2.6.16.60-0.99.1
- kernel-xenpae-2.6.16.60-0.99.1
- SUSE Linux Enterprise Server 10 SP4 (ppc):
- kernel-iseries64-2.6.16.60-0.99.1
- kernel-ppc64-2.6.16.60-0.99.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
- kernel-default-2.6.16.60-0.99.1
- kernel-smp-2.6.16.60-0.99.1
- kernel-source-2.6.16.60-0.99.1
- kernel-syms-2.6.16.60-0.99.1
- kernel-xen-2.6.16.60-0.99.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586):
- kernel-bigsmp-2.6.16.60-0.99.1
- kernel-xenpae-2.6.16.60-0.99.1
- SLE SDK 10 SP4 (i586 ia64 x86_64):
- kernel-debug-2.6.16.60-0.99.1
- SLE SDK 10 SP4 (i586 ppc x86_64):
- kernel-kdump-2.6.16.60-0.99.1
- SLE SDK 10 SP4 (i586 x86_64):
- kernel-xen-2.6.16.60-0.99.1
- SLE SDK 10 SP4 (i586):
- kernel-xenpae-2.6.16.60-0.99.1
References:
- http://support.novell.com/security/cve/CVE-2011-1044.html
- http://support.novell.com/security/cve/CVE-2011-4110.html
- http://support.novell.com/security/cve/CVE-2012-2136.html
- http://support.novell.com/security/cve/CVE-2012-2663.html
- http://support.novell.com/security/cve/CVE-2012-2744.html
- http://support.novell.com/security/cve/CVE-2012-3510.html
- https://bugzilla.novell.com/674284
- https://bugzilla.novell.com/703156
- https://bugzilla.novell.com/734056
- https://bugzilla.novell.com/738400
- https://bugzilla.novell.com/738528
- https://bugzilla.novell.com/747576
- https://bugzilla.novell.com/755546
- https://bugzilla.novell.com/758985
- https://bugzilla.novell.com/760974
- https://bugzilla.novell.com/762581
- https://bugzilla.novell.com/763526
- https://bugzilla.novell.com/765102
- https://bugzilla.novell.com/765320
- https://bugzilla.novell.com/767277
- https://bugzilla.novell.com/767504
- https://bugzilla.novell.com/767766
- https://bugzilla.novell.com/767939
- https://bugzilla.novell.com/769784
- https://bugzilla.novell.com/770507
- https://bugzilla.novell.com/770697
- https://bugzilla.novell.com/772409
- https://bugzilla.novell.com/773272
- https://bugzilla.novell.com/773831
- https://bugzilla.novell.com/776888
- https://bugzilla.novell.com/777575
- https://bugzilla.novell.com/783058
- http://download.suse.com/patch/finder/?keywords=118cf41af33f48911c473f3bd88c74a8
- http://download.suse.com/patch/finder/?keywords=1d5bd8295622191606c935851bd82ff9
- http://download.suse.com/patch/finder/?keywords=3b3320a96f49fe4615b35ba22bb6cbf3
- http://download.suse.com/patch/finder/?keywords=9dc087603b172b449aa9a07b548bf3cf
- http://download.suse.com/patch/finder/?keywords=c77cfcc87d8e54df006cb42c12c2fadb