Security update for Linux kernel

SUSE Security Update: Security update for Linux kernel
Announcement ID: SUSE-SU-2012:0789-1
Rating: important
References: #556135 #735909 #743579 #744404 #747404 #754690 #756050 #757315 #758243 #759336 #759545 #759805 #760237 #760806 #761087 #761245 #762991 #762992 #763267 #763307 #763485 #763717 #764091 #764150 #764209 #764500 #764900 #765102 #765253 #765320 #765524
Affected Products:
  • SUSE Linux Enterprise Server 11 SP2 for VMware
  • SUSE Linux Enterprise Server 11 SP2
  • SUSE Linux Enterprise High Availability Extension 11 SP2
  • SUSE Linux Enterprise Desktop 11 SP2
  • SLE 11 SERVER Unsupported Extras

  • An update that solves 5 vulnerabilities and has 26 fixes is now available. It includes one version update.

    Description:


    The SUSE Linux Enterprise 11 SP2 kernel was updated to
    3.0.34, fixing a lot of bugs and security issues.

    The update from Linux kernel 3.0.31 to 3.0.34 also fixes
    various bugs not listed here.

    The following security issues have been fixed:

    *

    CVE-2012-2136: Local attackers could trigger an
    overflow in sock_alloc_send_pksb(), potentially crashing
    the machine or escalate privileges.

    *

    CVE-2012-2390: A memory leak in transparent hugepages
    on mmap failure could be used by local attacker to run the
    machine out of memory (local denial of service).

    *

    CVE-2012-2119: A malicious guest driver could
    overflow the host stack by passing a long descriptor, so
    potentially crashing the host system or escalating
    privileges on the host.

    *

    CVE-2012-2375: Malicious NFS server could crash the
    clients when more than 2 GETATTR bitmap words are returned
    in response to the FATTR4_ACL attribute requests, only
    incompletely fixed by CVE-2011-4131.

    The following non-security bugs have been fixed:


    Hyper-V:

    * storvsc: Properly handle errors from the host
    (bnc#747404).
    * HID: hid-hyperv: Do not use hid_parse_report()
    directly.
    * HID: hyperv: Set the hid drvdata correctly.
    * drivers/hv: Get rid of an unnecessary check in
    vmbus_prep_negotiate_resp().
    * drivers/hv: util: Properly handle version
    negotiations.
    * hv: fix return type of hv_post_message().
    * net/hyperv: Add flow control based on hi/low
    watermark.
    * usb/net: rndis: break out <1/rndis.h> defines. only
    net/hyperv part
    * usb/net: rndis: remove ambigous status codes. only
    net/hyperv part
    * usb/net: rndis: merge command codes. only net/hyperv
    part
    * net/hyperv: Adding cancellation to ensure rndis
    filter is closed.
    * update hv drivers to 3.4-rc1, requires new
    hv_kvp_daemon:
    * drivers: hv: kvp: Add/cleanup connector defines.
    * drivers: hv: kvp: Move the contents of hv_kvp.h to
    hyperv.h.
    * net/hyperv: Convert camel cased variables in
    rndis_filter.c to lower cases.
    * net/hyperv: Correct the assignment in
    netvsc_recv_callback().
    * net/hyperv: Remove the unnecessary memset in
    rndis_filter_send().
    * drivers: hv: Cleanup the kvp related state in
    hyperv.h.
    * tools: hv: Use hyperv.h to get the KVP definitions.
    * drivers: hv: kvp: Cleanup the kernel/user protocol.
    * drivers: hv: Increase the number of VCPUs supported
    in the guest.
    * net/hyperv: Fix data corruption in
    rndis_filter_receive().
    * net/hyperv: Add support for vlan trunking from guests.
    * Drivers: hv: Add new message types to enhance KVP.
    * Drivers: hv: Support the newly introduced KVP
    messages in the driver.
    * Tools: hv: Fully support the new KVP verbs in the
    user level daemon.
    * Tools: hv: Support enumeration from all the pools.
    * net/hyperv: Fix the code handling tx busy.
    * patches.suse/suse-hv-pata_piix-ignore-disks.patch
    replace our version of this patch with upstream variant:
    ata_piix: defer disks to the Hyper-V drivers by default
    libata: add a host flag to ignore detected ATA devices.


    Btrfs:

    * btrfs: more module message prefixes.
    * vfs: re-implement writeback_inodes_sb(_nr)_if_idle()
    and rename them
    * btrfs: flush all the dirty pages if
    try_to_writeback_inodes_sb_nr() fails
    * vfs: re-implement writeback_inodes_sb(_nr)_if_idle()
    and rename them
    * btrfs: fix locking in btrfs_destroy_delayed_refs
    * btrfs: wake up transaction waiters when aborting a
    transaction
    * btrfs: abort the transaction if the commit fails
    * btrfs: fix btrfs_destroy_marked_extents
    * btrfs: unlock everything properly in the error case
    for nocow
    * btrfs: fix return code in drop_objectid_items
    * btrfs: check to see if the inode is in the log before
    fsyncing
    * btrfs: pass locked_page into
    extent_clear_unlock_delalloc if theres an error
    * btrfs: check the return code of btrfs_save_ino_cache
    * btrfs: do not update atime for RO snapshots
    (FATE#306586).
    * btrfs: convert the inode bit field to use the actual
    bit operations
    * btrfs: fix deadlock when the process of delayed refs
    fails
    * btrfs: stop defrag the files automatically when doin
    readonly remount or umount
    * btrfs: avoid memory leak of extent state in error
    handling routine
    * btrfs: make sure that we have made everything in
    pinned tree clean
    * btrfs: destroy the items of the delayed inodes in
    error handling routine
    * btrfs: ulist realloc bugfix
    * btrfs: bugfix in btrfs_find_parent_nodes
    * btrfs: bugfix: ignore the wrong key for indirect tree
    block backrefs
    * btrfs: avoid buffer overrun in btrfs_printk
    * btrfs: fall back to non-inline if we do not have
    enough space
    * btrfs: NUL-terminate path buffer in DEV_INFO ioctl
    result
    * btrfs: avoid buffer overrun in mount option handling
    * btrfs: do not do balance in readonly mode
    * btrfs: fix the same inode id problem when doing auto
    defragment
    * btrfs: fix wrong error returned by adding a device
    * btrfs: use fastpath in extent state ops as much as
    possible


    Misc:

    * tcp: drop SYN+FIN messages (bnc#765102).
    * mm: avoid swapping out with swappiness==0
    (swappiness).
    * thp: avoid atomic64_read in pmd_read_atomic for 32bit
    PAE (bnc#762991).
    * paravirt: Split paravirt MMU ops (bnc#556135,
    bnc#754690, FATE#306453).
    * paravirt: Only export pv_mmu_ops symbol if
    PARAVIRT_MMU
    * parvirt: Stub support KABI for KVM_MMU (bnc#556135,
    bnc#754690, FATE#306453).
    * tmpfs: implement NUMA node interleaving (bnc#764209).
    * synaptics-hp-clickpad: Fix the detection of LED on
    the recent HP laptops (bnc#765524)
    * supported.conf: mark xt_AUDIT as supported
    (bnc#765253)
    * mm: pmd_read_atomic: fix 32bit PAE pmd walk vs
    pmd_populate SMP race condition (bnc#762991 CVE-2012-2373).
    * xhci: Do not free endpoints in xhci_mem_cleanup()
    (bnc#763307).
    * xhci: Fix invalid loop check in xhci_free_tt_info()
    (bnc#763307).
    * drm: Skip too big EDID extensions (bnc#764900).
    * drm/i915: Add HP EliteBook to LVDS-temporary-disable
    list (bnc#763717).
    * hwmon: (fam15h_power) Increase output resolution
    (bnc#759336).
    * hwmon: (k10temp) Add support for AMD Trinity CPUs
    (bnc#759336).
    * rpm/kernel-binary.spec.in: Own the right -kdump
    initrd (bnc#764500)
    * memcg: prevent from OOM with too many dirty pages.
    * dasd: re-prioritize partition detection message
    (bnc#764091,LTC#81617).
    * kernel: pfault task state race (bnc#764091,LTC#81724).
    * kernel: clear page table for sw large page emulation
    (bnc#764091,LTC#81933).
    * USB: fix bug of device descriptor got from superspeed
    device (bnc#761087).
    * xfrm: take net hdr len into account for esp payload
    size calculation (bnc#759545).
    * st: clean up dev cleanup in st_probe (bnc#760806).
    * st: clean up device file creation and removal
    (bnc#760806).
    * st: get rid of scsi_tapes array (bnc#760806).
    * st: raise device limit (bnc#760806).
    * st: Use static class attributes (bnc#760806).
    * mm: Optimize put_mems_allowed() usage (VM
    performance).
    * cifs: fix oops while traversing open file list (try
    #4) (bnc#756050).
    * scsi: Fix dm-multipath starvation when scsi host is
    busy (bnc#763485).
    * dasd: process all requests in the device tasklet
    (bnc#763267).
    * rt2x00:Add RT539b chipset support (bnc#760237).
    * kabi/severities: Ignore changes in
    drivers/net/wireless/rt2x00, these are just exports used
    among the rt2x00 modules.
    * rt2800: radio 3xxx: reprogram only lower bits of
    RF_R3 (bnc#759805).
    * rt2800: radio 3xxx: program RF_R1 during channel
    switch (bnc#759805).
    * rt2800: radio 3xxxx: channel switch RX/TX calibration
    fixes (bnc#759805).
    * rt2x00: Avoid unnecessary uncached (bnc#759805).
    * rt2x00: Introduce sta_add/remove callbacks
    (bnc#759805).
    * rt2x00: Add WCID to crypto struct (bnc#759805).
    * rt2x00: Add WCID to HT TX descriptor (bnc#759805).
    * rt2x00: Move bssidx calculation into its own function
    (bnc#759805).
    * rt2x00: Make use of sta_add/remove callbacks in
    rt2800 (bnc#759805).
    * rt2x00: Forbid aggregation for STAs not programmed
    into the hw (bnc#759805).
    * rt2x00: handle spurious pci interrupts (bnc#759805).
    * rt2800: disable DMA after firmware load.
    * rt2800: radio 3xxx: add channel switch calibration
    routines (bnc#759805).
    * rpm/kernel-binary.spec.in: Obsolete ath3k, as it is
    now in the tree.
    * floppy: remove floppy-specific O_EXCL handling
    (bnc#757315).
    * floppy: convert to delayed work and single-thread wq
    (bnc#761245).

    Security Issue references:

    * CVE-2012-2119
    >
    * CVE-2012-2136
    >
    * CVE-2012-2373
    >
    * CVE-2012-2390
    >
    * CVE-2012-2375
    >

    Indications:

    Everyone using the Linux Kernel on x86_64 architecture should update.

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP2 for VMware:
      zypper in -t patch slessp2-kernel-6457 slessp2-kernel-6463
    • SUSE Linux Enterprise Server 11 SP2:
      zypper in -t patch slessp2-kernel-6453 slessp2-kernel-6457 slessp2-kernel-6458 slessp2-kernel-6463 slessp2-kernel-6467
    • SUSE Linux Enterprise High Availability Extension 11 SP2:
      zypper in -t patch sleshasp2-kernel-6453 sleshasp2-kernel-6457 sleshasp2-kernel-6458 sleshasp2-kernel-6463 sleshasp2-kernel-6467
    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp2-kernel-6457 sledsp2-kernel-6463

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.34]:
    • kernel-default-3.0.34-0.7.9
    • kernel-default-base-3.0.34-0.7.9
    • kernel-default-devel-3.0.34-0.7.9
    • kernel-source-3.0.34-0.7.9
    • kernel-syms-3.0.34-0.7.9
    • kernel-trace-3.0.34-0.7.9
    • kernel-trace-base-3.0.34-0.7.9
    • kernel-trace-devel-3.0.34-0.7.9
    • kernel-xen-devel-3.0.34-0.7.9
    • SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.34]:
    • kernel-pae-3.0.34-0.7.9
    • kernel-pae-base-3.0.34-0.7.9
    • kernel-pae-devel-3.0.34-0.7.9
    • SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.34]:
    • kernel-default-3.0.34-0.7.9
    • kernel-default-base-3.0.34-0.7.9
    • kernel-default-devel-3.0.34-0.7.9
    • kernel-source-3.0.34-0.7.9
    • kernel-syms-3.0.34-0.7.9
    • kernel-trace-3.0.34-0.7.9
    • kernel-trace-base-3.0.34-0.7.9
    • kernel-trace-devel-3.0.34-0.7.9
    • SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.34]:
    • kernel-ec2-3.0.34-0.7.9
    • kernel-ec2-base-3.0.34-0.7.9
    • kernel-ec2-devel-3.0.34-0.7.9
    • kernel-xen-3.0.34-0.7.9
    • kernel-xen-base-3.0.34-0.7.9
    • kernel-xen-devel-3.0.34-0.7.9
    • SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.34]:
    • kernel-default-man-3.0.34-0.7.9
    • SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.34]:
    • kernel-ppc64-3.0.34-0.7.9
    • kernel-ppc64-base-3.0.34-0.7.9
    • kernel-ppc64-devel-3.0.34-0.7.9
    • SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.34]:
    • kernel-pae-3.0.34-0.7.9
    • kernel-pae-base-3.0.34-0.7.9
    • kernel-pae-devel-3.0.34-0.7.9
    • SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):
    • cluster-network-kmp-default-1.4_3.0.34_0.7-2.10.30
    • cluster-network-kmp-trace-1.4_3.0.34_0.7-2.10.30
    • gfs2-kmp-default-2_3.0.34_0.7-0.7.30
    • gfs2-kmp-trace-2_3.0.34_0.7-0.7.30
    • ocfs2-kmp-default-1.6_3.0.34_0.7-0.7.30
    • ocfs2-kmp-trace-1.6_3.0.34_0.7-0.7.30
    • SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):
    • cluster-network-kmp-xen-1.4_3.0.34_0.7-2.10.30
    • gfs2-kmp-xen-2_3.0.34_0.7-0.7.30
    • ocfs2-kmp-xen-1.6_3.0.34_0.7-0.7.30
    • SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):
    • cluster-network-kmp-ppc64-1.4_3.0.34_0.7-2.10.30
    • gfs2-kmp-ppc64-2_3.0.34_0.7-0.7.30
    • ocfs2-kmp-ppc64-1.6_3.0.34_0.7-0.7.30
    • SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):
    • cluster-network-kmp-pae-1.4_3.0.34_0.7-2.10.30
    • gfs2-kmp-pae-2_3.0.34_0.7-0.7.30
    • ocfs2-kmp-pae-1.6_3.0.34_0.7-0.7.30
    • SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.34]:
    • kernel-default-3.0.34-0.7.9
    • kernel-default-base-3.0.34-0.7.9
    • kernel-default-devel-3.0.34-0.7.9
    • kernel-default-extra-3.0.34-0.7.9
    • kernel-source-3.0.34-0.7.9
    • kernel-syms-3.0.34-0.7.9
    • kernel-trace-3.0.34-0.7.9
    • kernel-trace-base-3.0.34-0.7.9
    • kernel-trace-devel-3.0.34-0.7.9
    • kernel-trace-extra-3.0.34-0.7.9
    • kernel-xen-3.0.34-0.7.9
    • kernel-xen-base-3.0.34-0.7.9
    • kernel-xen-devel-3.0.34-0.7.9
    • kernel-xen-extra-3.0.34-0.7.9
    • SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.34]:
    • kernel-pae-3.0.34-0.7.9
    • kernel-pae-base-3.0.34-0.7.9
    • kernel-pae-devel-3.0.34-0.7.9
    • kernel-pae-extra-3.0.34-0.7.9
    • SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
    • ext4-writeable-kmp-default-0_3.0.34_0.7-0.14.11
    • kernel-default-extra-3.0.34-0.7.9
    • SLE 11 SERVER Unsupported Extras (i586 x86_64):
    • ext4-writeable-kmp-xen-0_3.0.34_0.7-0.14.11
    • kernel-xen-extra-3.0.34-0.7.9
    • SLE 11 SERVER Unsupported Extras (ppc64):
    • ext4-writeable-kmp-ppc64-0_3.0.34_0.7-0.14.11
    • kernel-ppc64-extra-3.0.34-0.7.9
    • SLE 11 SERVER Unsupported Extras (i586):
    • ext4-writeable-kmp-pae-0_3.0.34_0.7-0.14.11
    • kernel-pae-extra-3.0.34-0.7.9

    References:

  • http://support.novell.com/security/cve/CVE-2012-2119.html
  • http://support.novell.com/security/cve/CVE-2012-2136.html
  • http://support.novell.com/security/cve/CVE-2012-2373.html
  • http://support.novell.com/security/cve/CVE-2012-2375.html
  • http://support.novell.com/security/cve/CVE-2012-2390.html
  • https://bugzilla.novell.com/556135
  • https://bugzilla.novell.com/735909
  • https://bugzilla.novell.com/743579
  • https://bugzilla.novell.com/744404
  • https://bugzilla.novell.com/747404
  • https://bugzilla.novell.com/754690
  • https://bugzilla.novell.com/756050
  • https://bugzilla.novell.com/757315
  • https://bugzilla.novell.com/758243
  • https://bugzilla.novell.com/759336
  • https://bugzilla.novell.com/759545
  • https://bugzilla.novell.com/759805
  • https://bugzilla.novell.com/760237
  • https://bugzilla.novell.com/760806
  • https://bugzilla.novell.com/761087
  • https://bugzilla.novell.com/761245
  • https://bugzilla.novell.com/762991
  • https://bugzilla.novell.com/762992
  • https://bugzilla.novell.com/763267
  • https://bugzilla.novell.com/763307
  • https://bugzilla.novell.com/763485
  • https://bugzilla.novell.com/763717
  • https://bugzilla.novell.com/764091
  • https://bugzilla.novell.com/764150
  • https://bugzilla.novell.com/764209
  • https://bugzilla.novell.com/764500
  • https://bugzilla.novell.com/764900
  • https://bugzilla.novell.com/765102
  • https://bugzilla.novell.com/765253
  • https://bugzilla.novell.com/765320
  • https://bugzilla.novell.com/765524
  • http://download.suse.com/patch/finder/?keywords=1a7682fe55225a6d2fb7535ed5b3a6f0
  • http://download.suse.com/patch/finder/?keywords=31fea157a35016e51d4182b32fcb4191
  • http://download.suse.com/patch/finder/?keywords=4011009aab039f02db913a7bce208f8f
  • http://download.suse.com/patch/finder/?keywords=5a7bc846608efdf1aca0d4f66ea9c9bb
  • http://download.suse.com/patch/finder/?keywords=643ef9cef491ee6820b78654f2716745
  • http://download.suse.com/patch/finder/?keywords=681e25e2cce92c21c5a62ccbf5cc5678
  • http://download.suse.com/patch/finder/?keywords=8d123a34ca9f20522bea6195c39428aa
  • http://download.suse.com/patch/finder/?keywords=970acd862c76b234643d06e43d4048ed
  • http://download.suse.com/patch/finder/?keywords=e33c406efece164f0fd3b33e3b387568
  • http://download.suse.com/patch/finder/?keywords=f2bfce4b05959a193517d5099e8b3451