SUSE-SU-2012:1056-1: moderate: Security update for Real Time Linux kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Aug 29 13:08:37 MDT 2012
SUSE Security Update: Security update for Real Time Linux kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:1056-1
Rating: moderate
References: #676204 #717994 #726600 #730118 #731673 #740745
#745832 #749118 #749569 #750079 #758058 #758260
#758532 #760902 #763194 #764150 #769896
Cross-References: CVE-2009-4020 CVE-2011-1083 CVE-2011-4077
CVE-2011-4086 CVE-2011-4132 CVE-2011-4330
CVE-2012-0044 CVE-2012-0810 CVE-2012-1090
CVE-2012-1097 CVE-2012-2123 CVE-2012-2133
CVE-2012-2383 CVE-2012-2384 CVE-2012-2390
CVE-2012-3375
Affected Products:
SUSE Linux Enterprise Real Time 11 SP1
______________________________________________________________________________
An update that solves 16 vulnerabilities and has one errata
is now available. It includes one version update.
Description:
The SUSE Linux Enterprise Server 11 SP1 Realtime kernel has
been updated to fix various bugs and security issues.
The following security issues have been fixed:
* CVE-2012-3375: Fixed a denial of service condition in
the epoll loop detection.
*
CVE-2012-2390: Memory leaks in the hugetlbfs map
reservation code have been fixed that could be used by
local attackers to exhaust machine memory.
*
CVE-2012-2133: A fix use after free bug in "quota"
handling of hugepages has been fixed that could cause a
local denial of service.
*
CVE-2012-2384: A integer overflow in
i915_gem_do_execbuffer() has been fixed that might be used
by local attackers to crash the kernel or potentially
execute code.
*
CVE-2012-2383: A integer overflow in
i915_gem_execbuffer2() has been fixed that might be used by
local attackers to crash the kernel or potentially execute
code.
*
CVE-2012-2123: The filesystem cabability handling was
not fully correct, allowing local users to bypass fscaps
related restrictions to disable e.g. address space
randomization.
*
CVE-2009-4020: Fixed a potential buffer overflow in
hfsplus that could have been used to crash the kernel by
supplying a bad hfsplus image for mounting.
*
CVE-2011-4330: Mounting a corrupted hfs filesystem
could have lead to a buffer overflow.
*
CVE-2012-1097: The regset common infrastructure
assumed that regsets would always have .get and .set
methods, but necessarily .active methods. Unfortunately
people have since written regsets without .set method, so
NULL pointer dereference attacks were possible.
*
CVE-2011-1083: Limit the path length users can build
using epoll() to avoid local attackers consuming lots of
kernel CPU time.
*
CVE-2012-1090: Fixed a dentry refcount leak when
opening a FIFO on lookup in cifs that could have been used
to crash the kernel.
*
CVE-2012-0810: A stack reusage bug has been fixed
which could be used by local attackers to crash the kernel
in some circumstances. As this only affects x86 32bit, it
does not affect x86_64 at all.
*
CVE-2012-0044: A integer overflow in
drm_mode_dirtyfb_ioctl() has been fixed that might be used
by local attackers to crash the kernel or execute code.
*
CVE-2011-4077: A possible memory corruption in
xfs_readlink has been fixed that could be used by local
users able to mount xfs images to crash the kernel.
*
CVE-2011-4132: Fixed a oops in jbd/jbd2 that could
have been caused by mounting a malicious prepared
filesystem.
*
CVE-2011-4086: Fixed a oops in jbd/jbd2 that could
have been caused by specific filesystem access patterns.
Also the following non security bugs have been fixed:
* sched: Fix proc_sched_set_task() (bnc#717994).
* vlan/core: Fix memory leak/corruption on VLAN
GRO_DROP (bnc#758058).
Security Issue references:
* CVE-2009-4020
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4020
>
* CVE-2011-1083
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1083
>
* CVE-2011-4077
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077
>
* CVE-2011-4086
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4086
>
* CVE-2011-4132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132
>
* CVE-2011-4330
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4330
>
* CVE-2012-0044
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0044
>
* CVE-2012-0810
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0810
>
* CVE-2012-1090
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1090
>
* CVE-2012-1097
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1097
>
* CVE-2012-2123
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2123
>
* CVE-2012-2383
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2383
>
* CVE-2012-2384
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2384
>
* CVE-2012-2390
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2390
>
* CVE-2012-3375
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3375
>
* CVE-2012-2133
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2133
>
Indications:
Everyone using the Real Time Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time 11 SP1:
zypper in -t patch slertesp1-kernel-6677
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time 11 SP1 (x86_64) [New Version: 2.6.33.20]:
brocade-bna-kmp-rt-2.1.0.0_2.6.33.20_rt31_0.5-0.2.52
cluster-network-kmp-rt-1.4_2.6.33.20_rt31_0.5-2.5.62
cluster-network-kmp-rt_trace-1.4_2.6.33.20_rt31_0.5-2.5.62
drbd-kmp-rt-8.3.11_2.6.33.20_rt31_0.5-0.3.62
drbd-kmp-rt_trace-8.3.11_2.6.33.20_rt31_0.5-0.3.62
iscsitarget-kmp-rt-1.4.19_2.6.33.20_rt31_0.5-0.9.11.38
kernel-rt-2.6.33.20-0.5.1
kernel-rt-base-2.6.33.20-0.5.1
kernel-rt-devel-2.6.33.20-0.5.1
kernel-rt_trace-2.6.33.20-0.5.1
kernel-rt_trace-base-2.6.33.20-0.5.1
kernel-rt_trace-devel-2.6.33.20-0.5.1
kernel-source-rt-2.6.33.20-0.5.1
kernel-syms-rt-2.6.33.20-0.5.1
ocfs2-kmp-rt-1.6_2.6.33.20_rt31_0.5-0.4.2.62
ocfs2-kmp-rt_trace-1.6_2.6.33.20_rt31_0.5-0.4.2.62
ofed-kmp-rt-1.5.2_2.6.33.20_rt31_0.5-0.9.13.49
References:
http://support.novell.com/security/cve/CVE-2009-4020.html
http://support.novell.com/security/cve/CVE-2011-1083.html
http://support.novell.com/security/cve/CVE-2011-4077.html
http://support.novell.com/security/cve/CVE-2011-4086.html
http://support.novell.com/security/cve/CVE-2011-4132.html
http://support.novell.com/security/cve/CVE-2011-4330.html
http://support.novell.com/security/cve/CVE-2012-0044.html
http://support.novell.com/security/cve/CVE-2012-0810.html
http://support.novell.com/security/cve/CVE-2012-1090.html
http://support.novell.com/security/cve/CVE-2012-1097.html
http://support.novell.com/security/cve/CVE-2012-2123.html
http://support.novell.com/security/cve/CVE-2012-2133.html
http://support.novell.com/security/cve/CVE-2012-2383.html
http://support.novell.com/security/cve/CVE-2012-2384.html
http://support.novell.com/security/cve/CVE-2012-2390.html
http://support.novell.com/security/cve/CVE-2012-3375.html
https://bugzilla.novell.com/676204
https://bugzilla.novell.com/717994
https://bugzilla.novell.com/726600
https://bugzilla.novell.com/730118
https://bugzilla.novell.com/731673
https://bugzilla.novell.com/740745
https://bugzilla.novell.com/745832
https://bugzilla.novell.com/749118
https://bugzilla.novell.com/749569
https://bugzilla.novell.com/750079
https://bugzilla.novell.com/758058
https://bugzilla.novell.com/758260
https://bugzilla.novell.com/758532
https://bugzilla.novell.com/760902
https://bugzilla.novell.com/763194
https://bugzilla.novell.com/764150
https://bugzilla.novell.com/769896
http://download.novell.com/patch/finder/?keywords=6ec388979fe13af4de509d36e09a4dc4
More information about the sle-security-updates
mailing list