Security update for Linux kernel

SUSE Security Update: Security update for Linux kernel
Announcement ID: SUSE-SU-2012:1391-1
Rating: important
References: #674284 #703156 #734056 #738400 #738528 #747576 #755546 #758985 #760974 #762581 #763526 #765102 #765320 #767277 #767504 #767766 #767939 #769784 #770507 #770697 #772409 #773272 #773831 #776888 #777575 #783058
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4
  • SUSE Linux Enterprise Desktop 10 SP4
  • SLE SDK 10 SP4

  • An update that solves 6 vulnerabilities and has 20 fixes is now available.

    Description:


    This Linux kernel update fixes various security issues and
    bugs in the SUSE Linux Enterprise 10 SP4 kernel.

    The following security issues have been fixed:

    *

    CVE-2011-2494: kernel/taskstats.c in the Linux kernel
    allowed local users to obtain sensitive I/O statistics by
    sending taskstats commands to a netlink socket, as
    demonstrated by discovering the length of another users
    password (a side channel attack).

    *

    CVE-2012-2744:
    net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux
    kernel, when the nf_conntrack_ipv6 module is enabled,
    allowed remote attackers to cause a denial of service (NULL
    pointer dereference and system crash) via certain types of
    fragmented IPv6 packets.

    *

    CVE-2012-3510: Use-after-free vulnerability in the
    xacct_add_tsk function in kernel/tsacct.c in the Linux
    kernel allowed local users to obtain potentially sensitive
    information from kernel memory or cause a denial of service
    (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
    command.

    *

    CVE-2011-4110: The user_update function in
    security/keys/user_defined.c in the Linux kernel 2.6
    allowed local users to cause a denial of service (NULL
    pointer dereference and kernel oops) via vectors related to
    a user-defined key and updating a negative key into a fully
    instantiated key.

    *

    CVE-2011-1044: The ib_uverbs_poll_cq function in
    drivers/infiniband/core/uverbs_cmd.c in the Linux kernel
    did not initialize a certain response buffer, which allowed
    local users to obtain potentially sensitive information
    from kernel memory via vectors that cause this buffer to be
    only partially filled, a different vulnerability than
    CVE-2010-4649.

    *

    CVE-2012-3400: Heap-based buffer overflow in the
    udf_load_logicalvol function in fs/udf/super.c in the Linux
    kernel allowed remote attackers to cause a denial of
    service (system crash) or possibly have unspecified other
    impact via a crafted UDF filesystem.

    *

    CVE-2012-2136: The sock_alloc_send_pskb function in
    net/core/sock.c in the Linux kernel did not properly
    validate a certain length value, which allowed local users
    to cause a denial of service (heap-based buffer overflow
    and system crash) or possibly gain privileges by leveraging
    access to a TUN/TAP device.

    *

    CVE-2012-2663: A small denial of service leak in
    dropping syn+fin messages was fixed.

    The following non-security issues have been fixed:

    Packaging:

    * kbuild: Fix gcc -x syntax (bnc#773831).

    NFS:

    * knfsd: An assortment of little fixes to the sunrpc
    cache code (bnc#767766).
    * knfsd: Unexport cache_fresh and fix a small race
    (bnc#767766).
    * knfsd: nfsd: do not drop silently on upcall deferral
    (bnc#767766).
    * knfsd: svcrpc: remove another silent drop from
    deferral code (bnc#767766).
    * sunrpc/cache: simplify cache_fresh_locked and
    cache_fresh_unlocked (bnc#767766).
    * sunrpc/cache: recheck cache validity after
    cache_defer_req (bnc#767766).
    * sunrpc/cache: use list_del_init for the list_head
    entries in cache_deferred_req (bnc#767766).
    * sunrpc/cache: avoid variable over-loading in
    cache_defer_req (bnc#767766).
    * sunrpc/cache: allow thread to block while waiting for
    cache update (bnc#767766).
    * sunrpc/cache: Fix race in sunrpc/cache introduced by
    patch to allow thread to block while waiting for cache
    update (bnc#767766).
    * sunrpc/cache: Another fix for race problem with
    sunrpc cache deferal (bnc#767766).
    * knfsd: nfsd: make all exp_finding functions return
    -errnos on err (bnc#767766).
    * Fix kabi breakage in previous nfsd patch series
    (bnc#767766).
    * nfsd: Work around incorrect return type for
    wait_for_completion_interruptible_timeout (bnc#767766).
    * nfs: Fix a potential file corruption issue when
    writing (bnc#773272).
    * nfs: Allow sync writes to be multiple pages
    (bnc#763526).
    * nfs: fix reference counting for NFSv4 callback thread
    (bnc#767504).
    * nfs: flush signals before taking down callback thread
    (bnc#767504).
    * nfsv4: Ensure nfs_callback_down() calls svc_destroy()
    (bnc#767504).

    SCSI:

    * SCSI/ch: Check NULL for kmalloc() return (bnc#783058).
    *

    drivers/scsi/aic94xx/aic94xx_init.c: correct the size
    argument to kmalloc (bnc#783058).

    *

    block: fail SCSI passthrough ioctls on partition
    devices (bnc#738400).

    *

    dm: do not forward ioctls from logical volumes to the
    underlying device (bnc#738400).

    *

    vmware: Fix VMware hypervisor detection (bnc#777575,
    bnc#770507).

    S/390:

    * lgr: Make lgr_page static (bnc#772409,LTC#83520).
    * zfcp: Fix oops in _blk_add_trace()
    (bnc#772409,LTC#83510).
    *

    kernel: Add z/VM LGR detection
    (bnc#767277,LTC#RAS1203).

    *

    be2net: Fix EEH error reset before a flash dump
    completes (bnc#755546).

    * mptfusion: fix msgContext in mptctl_hp_hostinfo
    (bnc#767939).
    * PCI: Fix bus resource assignment on 32 bits with 64b
    resources. (bnc#762581)
    * PCI: fix up setup-bus.c #ifdef. (bnc#762581)
    *

    x86: powernow-k8: Fix indexing issue (bnc#758985).

    *

    net: Fix race condition about network device name
    allocation (bnc#747576).

    XEN:

    * smpboot: adjust ordering of operations.
    * xen/x86-64: provide a memset() that can deal with 4Gb
    or above at a time (bnc#738528).
    * xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53
    (bnc#760974).
    * xen/gntdev: fix multi-page slot allocation
    (bnc#760974).

    Security Issues:

    * CVE-2011-1044
    >
    * CVE-2011-4110
    >
    * CVE-2012-2136
    >
    * CVE-2012-2663
    >
    * CVE-2012-2744
    >
    * CVE-2012-3510
    >

    Indications:

    Everyone using the Linux Kernel on x86_64 architecture should update.

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
    • kernel-default-2.6.16.60-0.99.1
    • kernel-source-2.6.16.60-0.99.1
    • kernel-syms-2.6.16.60-0.99.1
    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):
    • kernel-debug-2.6.16.60-0.99.1
    • SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):
    • kernel-kdump-2.6.16.60-0.99.1
    • SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):
    • kernel-smp-2.6.16.60-0.99.1
    • kernel-xen-2.6.16.60-0.99.1
    • SUSE Linux Enterprise Server 10 SP4 (i586):
    • kernel-bigsmp-2.6.16.60-0.99.1
    • kernel-kdumppae-2.6.16.60-0.99.1
    • kernel-vmi-2.6.16.60-0.99.1
    • kernel-vmipae-2.6.16.60-0.99.1
    • kernel-xenpae-2.6.16.60-0.99.1
    • SUSE Linux Enterprise Server 10 SP4 (ppc):
    • kernel-iseries64-2.6.16.60-0.99.1
    • kernel-ppc64-2.6.16.60-0.99.1
    • SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
    • kernel-default-2.6.16.60-0.99.1
    • kernel-smp-2.6.16.60-0.99.1
    • kernel-source-2.6.16.60-0.99.1
    • kernel-syms-2.6.16.60-0.99.1
    • kernel-xen-2.6.16.60-0.99.1
    • SUSE Linux Enterprise Desktop 10 SP4 (i586):
    • kernel-bigsmp-2.6.16.60-0.99.1
    • kernel-xenpae-2.6.16.60-0.99.1
    • SLE SDK 10 SP4 (i586 ia64 x86_64):
    • kernel-debug-2.6.16.60-0.99.1
    • SLE SDK 10 SP4 (i586 ppc x86_64):
    • kernel-kdump-2.6.16.60-0.99.1
    • SLE SDK 10 SP4 (i586 x86_64):
    • kernel-xen-2.6.16.60-0.99.1
    • SLE SDK 10 SP4 (i586):
    • kernel-xenpae-2.6.16.60-0.99.1

    References:

    • http://support.novell.com/security/cve/CVE-2011-1044.html
    • http://support.novell.com/security/cve/CVE-2011-4110.html
    • http://support.novell.com/security/cve/CVE-2012-2136.html
    • http://support.novell.com/security/cve/CVE-2012-2663.html
    • http://support.novell.com/security/cve/CVE-2012-2744.html
    • http://support.novell.com/security/cve/CVE-2012-3510.html
    • https://bugzilla.novell.com/674284
    • https://bugzilla.novell.com/703156
    • https://bugzilla.novell.com/734056
    • https://bugzilla.novell.com/738400
    • https://bugzilla.novell.com/738528
    • https://bugzilla.novell.com/747576
    • https://bugzilla.novell.com/755546
    • https://bugzilla.novell.com/758985
    • https://bugzilla.novell.com/760974
    • https://bugzilla.novell.com/762581
    • https://bugzilla.novell.com/763526
    • https://bugzilla.novell.com/765102
    • https://bugzilla.novell.com/765320
    • https://bugzilla.novell.com/767277
    • https://bugzilla.novell.com/767504
    • https://bugzilla.novell.com/767766
    • https://bugzilla.novell.com/767939
    • https://bugzilla.novell.com/769784
    • https://bugzilla.novell.com/770507
    • https://bugzilla.novell.com/770697
    • https://bugzilla.novell.com/772409
    • https://bugzilla.novell.com/773272
    • https://bugzilla.novell.com/773831
    • https://bugzilla.novell.com/776888
    • https://bugzilla.novell.com/777575
    • https://bugzilla.novell.com/783058
    • http://download.suse.com/patch/finder/?keywords=118cf41af33f48911c473f3bd88c74a8
    • http://download.suse.com/patch/finder/?keywords=1d5bd8295622191606c935851bd82ff9
    • http://download.suse.com/patch/finder/?keywords=3b3320a96f49fe4615b35ba22bb6cbf3
    • http://download.suse.com/patch/finder/?keywords=9dc087603b172b449aa9a07b548bf3cf
    • http://download.suse.com/patch/finder/?keywords=c77cfcc87d8e54df006cb42c12c2fadb