Security update for Real Time Linux kernel
SUSE Security Update: Security update for Real Time Linux kernel
The SUSE Linux Enterprise Server 11 SP1 Realtime kernel has
been updated to fix various bugs and security issues.
The following security issues have been fixed:
* CVE-2012-3375: Fixed a denial of service condition in
the epoll loop detection.
*
CVE-2012-2390: Memory leaks in the hugetlbfs map
reservation code have been fixed that could be used by
local attackers to exhaust machine memory.
*
CVE-2012-2133: A fix use after free bug in "quota"
handling of hugepages has been fixed that could cause a
local denial of service.
*
CVE-2012-2384: A integer overflow in
i915_gem_do_execbuffer() has been fixed that might be used
by local attackers to crash the kernel or potentially
execute code.
*
CVE-2012-2383: A integer overflow in
i915_gem_execbuffer2() has been fixed that might be used by
local attackers to crash the kernel or potentially execute
code.
*
CVE-2012-2123: The filesystem cabability handling was
not fully correct, allowing local users to bypass fscaps
related restrictions to disable e.g. address space
randomization.
*
CVE-2009-4020: Fixed a potential buffer overflow in
hfsplus that could have been used to crash the kernel by
supplying a bad hfsplus image for mounting.
*
CVE-2011-4330: Mounting a corrupted hfs filesystem
could have lead to a buffer overflow.
*
CVE-2012-1097: The regset common infrastructure
assumed that regsets would always have .get and .set
methods, but necessarily .active methods. Unfortunately
people have since written regsets without .set method, so
NULL pointer dereference attacks were possible.
*
CVE-2011-1083: Limit the path length users can build
using epoll() to avoid local attackers consuming lots of
kernel CPU time.
*
CVE-2012-1090: Fixed a dentry refcount leak when
opening a FIFO on lookup in cifs that could have been used
to crash the kernel.
*
CVE-2012-0810: A stack reusage bug has been fixed
which could be used by local attackers to crash the kernel
in some circumstances. As this only affects x86 32bit, it
does not affect x86_64 at all.
*
CVE-2012-0044: A integer overflow in
drm_mode_dirtyfb_ioctl() has been fixed that might be used
by local attackers to crash the kernel or execute code.
*
CVE-2011-4077: A possible memory corruption in
xfs_readlink has been fixed that could be used by local
users able to mount xfs images to crash the kernel.
*
CVE-2011-4132: Fixed a oops in jbd/jbd2 that could
have been caused by mounting a malicious prepared
filesystem.
*
CVE-2011-4086: Fixed a oops in jbd/jbd2 that could
have been caused by specific filesystem access patterns.
Also the following non security bugs have been fixed:
* sched: Fix proc_sched_set_task() (bnc#717994).
* vlan/core: Fix memory leak/corruption on VLAN
GRO_DROP (bnc#758058).
Security Issue references:
* CVE-2009-4020
>
* CVE-2011-1083
>
* CVE-2011-4077
>
* CVE-2011-4086
>
* CVE-2011-4132
>
* CVE-2011-4330
>
* CVE-2012-0044
>
* CVE-2012-0810
>
* CVE-2012-1090
>
* CVE-2012-1097
>
* CVE-2012-2123
>
* CVE-2012-2383
>
* CVE-2012-2384
>
* CVE-2012-2390
>
* CVE-2012-3375
>
* CVE-2012-2133
>
http://support.novell.com/security/cve/CVE-2009-4020.html
http://support.novell.com/security/cve/CVE-2011-1083.html
http://support.novell.com/security/cve/CVE-2011-4077.html
http://support.novell.com/security/cve/CVE-2011-4086.html
http://support.novell.com/security/cve/CVE-2011-4132.html
http://support.novell.com/security/cve/CVE-2011-4330.html
http://support.novell.com/security/cve/CVE-2012-0044.html
http://support.novell.com/security/cve/CVE-2012-0810.html
http://support.novell.com/security/cve/CVE-2012-1090.html
http://support.novell.com/security/cve/CVE-2012-1097.html
http://support.novell.com/security/cve/CVE-2012-2123.html
http://support.novell.com/security/cve/CVE-2012-2133.html
http://support.novell.com/security/cve/CVE-2012-2383.html
http://support.novell.com/security/cve/CVE-2012-2384.html
http://support.novell.com/security/cve/CVE-2012-2390.html
http://support.novell.com/security/cve/CVE-2012-3375.html
https://bugzilla.novell.com/676204
https://bugzilla.novell.com/717994
https://bugzilla.novell.com/726600
https://bugzilla.novell.com/730118
https://bugzilla.novell.com/731673
https://bugzilla.novell.com/740745
https://bugzilla.novell.com/745832
https://bugzilla.novell.com/749118
https://bugzilla.novell.com/749569
https://bugzilla.novell.com/750079
https://bugzilla.novell.com/758058
https://bugzilla.novell.com/758260
https://bugzilla.novell.com/758532
https://bugzilla.novell.com/760902
https://bugzilla.novell.com/763194
https://bugzilla.novell.com/764150
https://bugzilla.novell.com/769896
http://download.suse.com/patch/finder/?keywords=6ec388979fe13af4de509d36e09a4dc4
| Announcement ID: | SUSE-SU-2012:1056-1 |
| Rating: | moderate |
| References: | #676204 #717994 #726600 #730118 #731673 #740745 #745832 #749118 #749569 #750079 #758058 #758260 #758532 #760902 #763194 #764150 #769896 |
| Affected Products: |
An update that solves 16 vulnerabilities and has one errata is now available. It includes one version update.
Description:
The SUSE Linux Enterprise Server 11 SP1 Realtime kernel has
been updated to fix various bugs and security issues.
The following security issues have been fixed:
* CVE-2012-3375: Fixed a denial of service condition in
the epoll loop detection.
*
CVE-2012-2390: Memory leaks in the hugetlbfs map
reservation code have been fixed that could be used by
local attackers to exhaust machine memory.
*
CVE-2012-2133: A fix use after free bug in "quota"
handling of hugepages has been fixed that could cause a
local denial of service.
*
CVE-2012-2384: A integer overflow in
i915_gem_do_execbuffer() has been fixed that might be used
by local attackers to crash the kernel or potentially
execute code.
*
CVE-2012-2383: A integer overflow in
i915_gem_execbuffer2() has been fixed that might be used by
local attackers to crash the kernel or potentially execute
code.
*
CVE-2012-2123: The filesystem cabability handling was
not fully correct, allowing local users to bypass fscaps
related restrictions to disable e.g. address space
randomization.
*
CVE-2009-4020: Fixed a potential buffer overflow in
hfsplus that could have been used to crash the kernel by
supplying a bad hfsplus image for mounting.
*
CVE-2011-4330: Mounting a corrupted hfs filesystem
could have lead to a buffer overflow.
*
CVE-2012-1097: The regset common infrastructure
assumed that regsets would always have .get and .set
methods, but necessarily .active methods. Unfortunately
people have since written regsets without .set method, so
NULL pointer dereference attacks were possible.
*
CVE-2011-1083: Limit the path length users can build
using epoll() to avoid local attackers consuming lots of
kernel CPU time.
*
CVE-2012-1090: Fixed a dentry refcount leak when
opening a FIFO on lookup in cifs that could have been used
to crash the kernel.
*
CVE-2012-0810: A stack reusage bug has been fixed
which could be used by local attackers to crash the kernel
in some circumstances. As this only affects x86 32bit, it
does not affect x86_64 at all.
*
CVE-2012-0044: A integer overflow in
drm_mode_dirtyfb_ioctl() has been fixed that might be used
by local attackers to crash the kernel or execute code.
*
CVE-2011-4077: A possible memory corruption in
xfs_readlink has been fixed that could be used by local
users able to mount xfs images to crash the kernel.
*
CVE-2011-4132: Fixed a oops in jbd/jbd2 that could
have been caused by mounting a malicious prepared
filesystem.
*
CVE-2011-4086: Fixed a oops in jbd/jbd2 that could
have been caused by specific filesystem access patterns.
Also the following non security bugs have been fixed:
* sched: Fix proc_sched_set_task() (bnc#717994).
* vlan/core: Fix memory leak/corruption on VLAN
GRO_DROP (bnc#758058).
Security Issue references:
* CVE-2009-4020
* CVE-2011-1083
* CVE-2011-4077
* CVE-2011-4086
* CVE-2011-4132
* CVE-2011-4330
* CVE-2012-0044
* CVE-2012-0810
* CVE-2012-1090
* CVE-2012-1097
* CVE-2012-2123
* CVE-2012-2383
* CVE-2012-2384
* CVE-2012-2390
* CVE-2012-3375
* CVE-2012-2133
Indications:
Everyone using the Real Time Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time 11 SP1:
zypper in -t patch slertesp1-kernel-6677
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time 11 SP1 (x86_64) [New Version: 2.6.33.20]:
- brocade-bna-kmp-rt-2.1.0.0_2.6.33.20_rt31_0.5-0.2.52
- cluster-network-kmp-rt-1.4_2.6.33.20_rt31_0.5-2.5.62
- cluster-network-kmp-rt_trace-1.4_2.6.33.20_rt31_0.5-2.5.62
- drbd-kmp-rt-8.3.11_2.6.33.20_rt31_0.5-0.3.62
- drbd-kmp-rt_trace-8.3.11_2.6.33.20_rt31_0.5-0.3.62
- iscsitarget-kmp-rt-1.4.19_2.6.33.20_rt31_0.5-0.9.11.38
- kernel-rt-2.6.33.20-0.5.1
- kernel-rt-base-2.6.33.20-0.5.1
- kernel-rt-devel-2.6.33.20-0.5.1
- kernel-rt_trace-2.6.33.20-0.5.1
- kernel-rt_trace-base-2.6.33.20-0.5.1
- kernel-rt_trace-devel-2.6.33.20-0.5.1
- kernel-source-rt-2.6.33.20-0.5.1
- kernel-syms-rt-2.6.33.20-0.5.1
- ocfs2-kmp-rt-1.6_2.6.33.20_rt31_0.5-0.4.2.62
- ocfs2-kmp-rt_trace-1.6_2.6.33.20_rt31_0.5-0.4.2.62
- ofed-kmp-rt-1.5.2_2.6.33.20_rt31_0.5-0.9.13.49