Security update for Linux kernel
SUSE Security Update: Security update for Linux kernel
The SUSE Linux Enterprise 11 SP1 kernel was updated to
2.6.32.54, fixing lots of bugs and security issues.
The following security issues have been fixed:
* CVE-2011-4127: A potential hypervisor escape by
issuing SG_IO commands to partitiondevices was fixed by
restricting access to these commands.
* CVE-2011-4110: KEYS: Fix a NULL pointer deref in the
user-defined key type, which allowed local attackers to
Oops the kernel.
* CVE-2011-4081: Avoid potential NULL pointer deref in
ghash, which allowed local attackers to Oops the kernel.
* CVE-2011-4077: Fixed a memory corruption possibility
in xfs readlink, which could be used by local attackers to
crash the system or potentially execute code by mounting a
prepared xfs filesystem image.
* CVE-2012-0038: A overflow in the xfs acl handling was
fixed that could be used by local attackers to crash the
system or potentially execute code by mounting a prepared
xfs filesystem image.
* CVE-2011-4132: A flaw in the ext3/ext4 filesystem
allowed a local attacker to crash the kernel by getting a
prepared ext3/ext4 filesystem mounted.
* CVE-2011-2494: Access to the taskstats /proc file was
restricted to avoid local attackers gaining knowledge of IO
of other users (and so effecting side-channel attacks for
e.g. guessing passwords by typing speed).
* CVE-2010-3873: When using X.25 communication a
malicious sender could corrupt data structures, causing
crashes or potential code execution. Please note that X.25
needs to be setup to make this effective, which these days
is usually not the case.
* CVE-2010-4164: When using X.25 communication a
malicious sender could make the machine leak memory,
causing crashes. Please note that X.25 needs to be setup to
make this effective, which these days is usually not the
case.
* CVE-2011-2699: A remote denial of service due to a
NULL pointer dereference by using IPv6 fragments was fixed.
The following non-security issues have been fixed:
* elousb: Fixed bug in USB core API usage, code cleanup
(bnc#733863).
* cifs: overhaul cifs_revalidate and rename to
cifs_revalidate_dentry (bnc#735453).
* cifs: set server_eof in cifs_fattr_to_inode
(bnc#735453).
* xfs: Fix missing xfs_iunlock() on error recovery path
in xfs_readlink() (bnc#726600).
* block: add and use scsi_blk_cmd_ioctl (bnc#738400
CVE-2011-4127).
* block: fail SCSI passthrough ioctls on partition
devices (bnc#738400 CVE-2011-4127).
* dm: do not forward ioctls from logical volumes to the
underlying device (bnc#738400 CVE-2011-4127).
* Silence some warnings about ioctls on partitions.
* netxen: Remove all references to unified firmware
file (bnc#708625).
* bonding: send out gratuitous arps even with no
address configured (bnc#742270).
* patches.fixes/ocfs2-serialize_unaligned_aio.patch:
ocfs2: serialize unaligned aio (bnc#671479).
*
patches.fixes/bonding-check-if-clients-MAC-addr-has-changed.
patch: Update references (bnc#729854, bnc#731004).
* xfs: Fix wait calculations on lock acquisition and
use milliseconds instead of jiffies to print the wait time.
* ipmi: reduce polling when interrupts are available
(bnc#740867).
* ipmi: reduce polling (bnc#740867).
* Linux 2.6.32.54.
* export shrink_dcache_for_umount_subtree.
* patches.suse/stack-unwind: Fix more 2.6.29 merge
problems plus a glue code problem (bnc#736018).
* PM / Sleep: Fix race between CPU hotplug and freezer
(bnc#740535).
* jbd: Issue cache flush after checkpointing
(bnc#731770).
* lpfc: make sure job exists when processing BSG
(bnc#735635).
* Linux 2.6.32.53.
* blktap: fix locking (again) (bnc#724734).
* xen: Update Xen patches to 2.6.32.52.
* Linux 2.6.32.52.
* Linux 2.6.32.51.
* Linux 2.6.32.50.
* reiserfs: Lock buffers unconditionally in
reiserfs_write_full_page() (bnc#716023).
* writeback: Include all dirty inodes in background
writeback (bnc#716023).
* reiserfs: Fix quota mount option parsing (bnc#728626).
* bonding: check if clients MAC addr has changed
(bnc#729854).
* rpc client can not deal with ENOSOCK, so translate it
into ENOCONN (bnc#733146).
* st: modify tape driver to allow writing immediate
filemarks (bnc#688996).
* xfs: fix for xfssyncd failure to wake (bnc#722910).
* ipmi: Fix deadlock in start_next_msg().
* net: bind() fix error return on wrong address family
(bnc#735216).
* net: ipv4: relax AF_INET check in bind() (bnc#735216).
* net/ipv6: check for mistakenly passed in non-AF_INET6
sockaddrs (bnc#735216).
* Bluetooth: Fixed Atheros AR3012 Maryann PID/VID
supported (bnc#732296).
* percpu: fix chunk range calculation (bnc#668872).
* x86, UV: Fix kdump reboot (bnc#735446).
* dm: Use done_bytes for io_completion (bnc#711378).
* Bluetooth: Add Atheros AR3012 Maryann PID/VID
supported. (bnc#732296)
* Bluetooth: Add Atheros AR3012 one PID/VID supported.
(bnc#732296)
* fix missing hunk in oplock break patch (bnc#706973).
* patches.arch/s390-34-01-pfault-cpu-hotplug.patch:
Refresh. Surrounded s390x lowcore change with __GENKSYMS__
(bnc#728339)
* patches.xen/xen3-patch-2.6.30: Refresh.
* sched, x86: Avoid unnecessary overflow in sched_clock
(bnc#725709).
* ACPI thermal: Do not invalidate thermal zone if
critical trip point is bad.
Security Issue references:
* CVE-2010-3873
>
* CVE-2010-4164
>
* CVE-2011-2494
>
* CVE-2011-2699
>
* CVE-2011-4077
>
* CVE-2011-4081
>
* CVE-2011-4110
>
* CVE-2011-4127
>
* CVE-2011-4132
>
* CVE-2012-0038
>
| Announcement ID: | SUSE-SU-2012:0153-2 |
| Rating: | important |
| References: | #651219 #653260 #668872 #671479 #688996 #694945 #697920 #703156 #706973 #707288 #708625 #711378 #716023 #722910 #724734 #725709 #726600 #726788 #728339 #728626 #729854 #730118 #731004 #731770 #732296 #732677 #733146 #733863 #734056 #735216 #735446 #735453 #735635 #736018 #738400 #740535 #740703 #740867 #742270 |
| Affected Products: |
An update that solves 10 vulnerabilities and has 29 fixes is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 SP1 kernel was updated to
2.6.32.54, fixing lots of bugs and security issues.
The following security issues have been fixed:
* CVE-2011-4127: A potential hypervisor escape by
issuing SG_IO commands to partitiondevices was fixed by
restricting access to these commands.
* CVE-2011-4110: KEYS: Fix a NULL pointer deref in the
user-defined key type, which allowed local attackers to
Oops the kernel.
* CVE-2011-4081: Avoid potential NULL pointer deref in
ghash, which allowed local attackers to Oops the kernel.
* CVE-2011-4077: Fixed a memory corruption possibility
in xfs readlink, which could be used by local attackers to
crash the system or potentially execute code by mounting a
prepared xfs filesystem image.
* CVE-2012-0038: A overflow in the xfs acl handling was
fixed that could be used by local attackers to crash the
system or potentially execute code by mounting a prepared
xfs filesystem image.
* CVE-2011-4132: A flaw in the ext3/ext4 filesystem
allowed a local attacker to crash the kernel by getting a
prepared ext3/ext4 filesystem mounted.
* CVE-2011-2494: Access to the taskstats /proc file was
restricted to avoid local attackers gaining knowledge of IO
of other users (and so effecting side-channel attacks for
e.g. guessing passwords by typing speed).
* CVE-2010-3873: When using X.25 communication a
malicious sender could corrupt data structures, causing
crashes or potential code execution. Please note that X.25
needs to be setup to make this effective, which these days
is usually not the case.
* CVE-2010-4164: When using X.25 communication a
malicious sender could make the machine leak memory,
causing crashes. Please note that X.25 needs to be setup to
make this effective, which these days is usually not the
case.
* CVE-2011-2699: A remote denial of service due to a
NULL pointer dereference by using IPv6 fragments was fixed.
The following non-security issues have been fixed:
* elousb: Fixed bug in USB core API usage, code cleanup
(bnc#733863).
* cifs: overhaul cifs_revalidate and rename to
cifs_revalidate_dentry (bnc#735453).
* cifs: set server_eof in cifs_fattr_to_inode
(bnc#735453).
* xfs: Fix missing xfs_iunlock() on error recovery path
in xfs_readlink() (bnc#726600).
* block: add and use scsi_blk_cmd_ioctl (bnc#738400
CVE-2011-4127).
* block: fail SCSI passthrough ioctls on partition
devices (bnc#738400 CVE-2011-4127).
* dm: do not forward ioctls from logical volumes to the
underlying device (bnc#738400 CVE-2011-4127).
* Silence some warnings about ioctls on partitions.
* netxen: Remove all references to unified firmware
file (bnc#708625).
* bonding: send out gratuitous arps even with no
address configured (bnc#742270).
* patches.fixes/ocfs2-serialize_unaligned_aio.patch:
ocfs2: serialize unaligned aio (bnc#671479).
*
patches.fixes/bonding-check-if-clients-MAC-addr-has-changed.
patch: Update references (bnc#729854, bnc#731004).
* xfs: Fix wait calculations on lock acquisition and
use milliseconds instead of jiffies to print the wait time.
* ipmi: reduce polling when interrupts are available
(bnc#740867).
* ipmi: reduce polling (bnc#740867).
* Linux 2.6.32.54.
* export shrink_dcache_for_umount_subtree.
* patches.suse/stack-unwind: Fix more 2.6.29 merge
problems plus a glue code problem (bnc#736018).
* PM / Sleep: Fix race between CPU hotplug and freezer
(bnc#740535).
* jbd: Issue cache flush after checkpointing
(bnc#731770).
* lpfc: make sure job exists when processing BSG
(bnc#735635).
* Linux 2.6.32.53.
* blktap: fix locking (again) (bnc#724734).
* xen: Update Xen patches to 2.6.32.52.
* Linux 2.6.32.52.
* Linux 2.6.32.51.
* Linux 2.6.32.50.
* reiserfs: Lock buffers unconditionally in
reiserfs_write_full_page() (bnc#716023).
* writeback: Include all dirty inodes in background
writeback (bnc#716023).
* reiserfs: Fix quota mount option parsing (bnc#728626).
* bonding: check if clients MAC addr has changed
(bnc#729854).
* rpc client can not deal with ENOSOCK, so translate it
into ENOCONN (bnc#733146).
* st: modify tape driver to allow writing immediate
filemarks (bnc#688996).
* xfs: fix for xfssyncd failure to wake (bnc#722910).
* ipmi: Fix deadlock in start_next_msg().
* net: bind() fix error return on wrong address family
(bnc#735216).
* net: ipv4: relax AF_INET check in bind() (bnc#735216).
* net/ipv6: check for mistakenly passed in non-AF_INET6
sockaddrs (bnc#735216).
* Bluetooth: Fixed Atheros AR3012 Maryann PID/VID
supported (bnc#732296).
* percpu: fix chunk range calculation (bnc#668872).
* x86, UV: Fix kdump reboot (bnc#735446).
* dm: Use done_bytes for io_completion (bnc#711378).
* Bluetooth: Add Atheros AR3012 Maryann PID/VID
supported. (bnc#732296)
* Bluetooth: Add Atheros AR3012 one PID/VID supported.
(bnc#732296)
* fix missing hunk in oplock break patch (bnc#706973).
* patches.arch/s390-34-01-pfault-cpu-hotplug.patch:
Refresh. Surrounded s390x lowcore change with __GENKSYMS__
(bnc#728339)
* patches.xen/xen3-patch-2.6.30: Refresh.
* sched, x86: Avoid unnecessary overflow in sched_clock
(bnc#725709).
* ACPI thermal: Do not invalidate thermal zone if
critical trip point is bad.
Security Issue references:
* CVE-2010-3873
* CVE-2010-4164
* CVE-2011-2494
* CVE-2011-2699
* CVE-2011-4077
* CVE-2011-4081
* CVE-2011-4110
* CVE-2011-4127
* CVE-2011-4132
* CVE-2012-0038
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-kernel-5732 - SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-kernel-5732 - SUSE Linux Enterprise High Availability Extension 11 SP1:
zypper in -t patch sleshasp1-kernel-5732 - SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-kernel-5732
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 2.6.32.54]:
- btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73
- ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40
- ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40
- hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3
- hyper-v-kmp-trace-0_2.6.32.54_0.3-0.18.3
- kernel-default-2.6.32.54-0.3.1
- kernel-default-base-2.6.32.54-0.3.1
- kernel-default-devel-2.6.32.54-0.3.1
- kernel-source-2.6.32.54-0.3.1
- kernel-syms-2.6.32.54-0.3.1
- kernel-trace-2.6.32.54-0.3.1
- kernel-trace-base-2.6.32.54-0.3.1
- kernel-trace-devel-2.6.32.54-0.3.1
- SUSE Linux Enterprise Server 11 SP1 (x86_64) [New Version: 2.6.32.54]:
- btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73
- btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73
- ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40
- ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40
- ext4dev-kmp-xen-0_2.6.32.54_0.3-7.9.40
- hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3
- hyper-v-kmp-trace-0_2.6.32.54_0.3-0.18.3
- kernel-default-2.6.32.54-0.3.1
- kernel-default-base-2.6.32.54-0.3.1
- kernel-default-devel-2.6.32.54-0.3.1
- kernel-ec2-2.6.32.54-0.3.1
- kernel-ec2-base-2.6.32.54-0.3.1
- kernel-source-2.6.32.54-0.3.1
- kernel-syms-2.6.32.54-0.3.1
- kernel-trace-2.6.32.54-0.3.1
- kernel-trace-base-2.6.32.54-0.3.1
- kernel-trace-devel-2.6.32.54-0.3.1
- kernel-xen-2.6.32.54-0.3.1
- kernel-xen-base-2.6.32.54-0.3.1
- kernel-xen-devel-2.6.32.54-0.3.1
- SUSE Linux Enterprise High Availability Extension 11 SP1 (x86_64):
- cluster-network-kmp-default-1.4_2.6.32.54_0.3-2.5.25
- cluster-network-kmp-trace-1.4_2.6.32.54_0.3-2.5.25
- cluster-network-kmp-xen-1.4_2.6.32.54_0.3-2.5.25
- gfs2-kmp-default-2_2.6.32.54_0.3-0.2.72
- gfs2-kmp-trace-2_2.6.32.54_0.3-0.2.72
- gfs2-kmp-xen-2_2.6.32.54_0.3-0.2.72
- ocfs2-kmp-default-1.6_2.6.32.54_0.3-0.4.2.25
- ocfs2-kmp-trace-1.6_2.6.32.54_0.3-0.4.2.25
- ocfs2-kmp-xen-1.6_2.6.32.54_0.3-0.4.2.25
- SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 2.6.32.54]:
- btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73
- btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73
- hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3
- kernel-default-2.6.32.54-0.3.1
- kernel-default-base-2.6.32.54-0.3.1
- kernel-default-devel-2.6.32.54-0.3.1
- kernel-default-extra-2.6.32.54-0.3.1
- kernel-desktop-devel-2.6.32.54-0.3.1
- kernel-source-2.6.32.54-0.3.1
- kernel-syms-2.6.32.54-0.3.1
- kernel-trace-devel-2.6.32.54-0.3.1
- kernel-xen-2.6.32.54-0.3.1
- kernel-xen-base-2.6.32.54-0.3.1
- kernel-xen-devel-2.6.32.54-0.3.1
- kernel-xen-extra-2.6.32.54-0.3.1
References:
- http://support.novell.com/security/cve/CVE-2010-3873.html
- http://support.novell.com/security/cve/CVE-2010-4164.html
- http://support.novell.com/security/cve/CVE-2011-2494.html
- http://support.novell.com/security/cve/CVE-2011-2699.html
- http://support.novell.com/security/cve/CVE-2011-4077.html
- http://support.novell.com/security/cve/CVE-2011-4081.html
- http://support.novell.com/security/cve/CVE-2011-4110.html
- http://support.novell.com/security/cve/CVE-2011-4127.html
- http://support.novell.com/security/cve/CVE-2011-4132.html
- http://support.novell.com/security/cve/CVE-2012-0038.html
- https://bugzilla.novell.com/651219
- https://bugzilla.novell.com/653260
- https://bugzilla.novell.com/668872
- https://bugzilla.novell.com/671479
- https://bugzilla.novell.com/688996
- https://bugzilla.novell.com/694945
- https://bugzilla.novell.com/697920
- https://bugzilla.novell.com/703156
- https://bugzilla.novell.com/706973
- https://bugzilla.novell.com/707288
- https://bugzilla.novell.com/708625
- https://bugzilla.novell.com/711378
- https://bugzilla.novell.com/716023
- https://bugzilla.novell.com/722910
- https://bugzilla.novell.com/724734
- https://bugzilla.novell.com/725709
- https://bugzilla.novell.com/726600
- https://bugzilla.novell.com/726788
- https://bugzilla.novell.com/728339
- https://bugzilla.novell.com/728626
- https://bugzilla.novell.com/729854
- https://bugzilla.novell.com/730118
- https://bugzilla.novell.com/731004
- https://bugzilla.novell.com/731770
- https://bugzilla.novell.com/732296
- https://bugzilla.novell.com/732677
- https://bugzilla.novell.com/733146
- https://bugzilla.novell.com/733863
- https://bugzilla.novell.com/734056
- https://bugzilla.novell.com/735216
- https://bugzilla.novell.com/735446
- https://bugzilla.novell.com/735453
- https://bugzilla.novell.com/735635
- https://bugzilla.novell.com/736018
- https://bugzilla.novell.com/738400
- https://bugzilla.novell.com/740535
- https://bugzilla.novell.com/740703
- https://bugzilla.novell.com/740867
- https://bugzilla.novell.com/742270
- http://download.suse.com/patch/finder/?keywords=3b09a8aade4545cf04761628743fec0e