SUSE-SU-2012:0904-1: moderate: Security update for Linux kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jul 23 16:08:32 MDT 2012


   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0904-1
Rating:             moderate
References:         #630970 #661605 #720374 #729247 #734300 #752858 
                    #754085 #754428 #755513 #755537 #755546 #756050 
                    #758013 #758058 #758104 #758260 #759545 #760902 
                    #760974 #761414 #761988 #763194 #763656 #763830 
                    #764098 #764150 #764500 #765022 #765102 #765320 
                    #765548 #767684 #768632 #769210 #769685 #769777 
                    #769784 #769896 
Cross-References:   CVE-2012-2123 CVE-2012-2136 CVE-2012-2319
                    CVE-2012-2383 CVE-2012-2384 CVE-2012-2390
                    CVE-2012-2663 CVE-2012-3375 CVE-2012-3400
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 for VMware
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise High Availability Extension 11 SP1
                    SUSE Linux Enterprise Desktop 11 SP1
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 9 vulnerabilities and has 29 fixes is
   now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 SP1 kernel have been updated
   to fix various  bugs and security issues.

   The following security issues have been fixed:

   *

   CVE-2012-3400: Several buffer overread and overwrite
   errors in the UDF logical volume descriptor code were fixed
   that might have allowed local attackers able to mount UDF
   volumes to crash the kernel or potentially gain privileges.

   *

   CVE-2012-3375: A local denial of service in the last
   epoll fix was fixed.

   *

   CVE-2012-2384: A integer overflow in
   i915_gem_do_execbuffer() was fixed that might be used by
   local attackers to crash the kernel or potentially execute
   code.

   *

   CVE-2012-2383: A integer overflow in
   i915_gem_execbuffer2() was fixed that might be used by
   local attackers to crash the kernel or potentially execute
   code.

   *

   CVE-2012-2390: Memiory leaks in the hugetlbfs map
   reservation code were fixed that could be used by local
   attackers to exhaust machine memory.

   *

   CVE-2012-2123: The filesystem cabability handling was
   not fully correct, allowing local users to bypass fscaps
   related restrictions to disable e.g. address space
   randomization.

   *

   CVE-2012-2136: Validation of data_len before
   allocating fragments of skbs was fixed that might have
   allowed a heap overflow.

   *

   CVE-2012-2319: Fixed potential buffer overflows in
   the hfsplus filesystem, which might be exploited by local
   attackers able to mount such filesystems.

   Several leapsecond related bug fixes have been created:

   * hrtimer: provide clock_was_set_delayed() (bnc#768632).
   * time: Fix leapsecond triggered hrtimer/futex load
   spike issue (bnc#768632).
   * ntp: fix leap second hrtimer deadlock (bnc#768632).
   * ntp: avoid printk under xtime_lock (bnc#767684).

   The following non-security issues have been fixed:

   * tcp: drop SYN+FIN messages to avoid memory leaks
   (bnc#765102)
   * be2net: Fix EEH error reset before a flash dump
   completes (bnc#755546).
   * REVERT svcrpc: destroy server sockets all at once
   (bnc#769210).
   * sched: Make sure to not re-read variables after
   validation (bnc#769685).
   * audit: Do not send uninitialized data for
   AUDIT_TTY_GET (bnc#755513).
   * dlm: do not depend on sctp (bnc#729247, bnc#763656).
   * RPC: killing RPC tasks races fixed (bnc#765548).
   * vlan/core: Fix memory leak/corruption on VLAN
   GRO_DROP (bnc#758058).
   * CPU hotplug, cpusets, suspend/resume: Do not modify
   cpusets during suspend/resume (bnc#752858).
   * ioat2: kill pending flag (bnc#765022).
   * Fix massive driver induced spin_lock_bh() contention.
   * ipmi: Fix IPMI errors due to timing problems
   (bnc#761988).
   * xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53
   (bnc#760974).
   * xen: gntdev: fix multi-page slot allocation
   (bnc#760974).
   * rpm/kernel-binary.spec.in: Own the right -kdump
   initrd (bnc#764500)
   * kernel: pfault task state race (bnc#764098,LTC#81724).
   * xfrm: take net hdr len into account for esp payload
   size calculation (bnc#759545).
   * bonding: do not dereference null pointer to device of
   VLAN 0 (bnc#763830).
   * cifs: fix oops while traversing open file list (try
   #4) (bnc#756050).
   * nfsd: fix BUG at fs/nfsd/nfsfh.h:199 on unlink
   (bnc#769777).
   * nfs: Ensure we never try to mount an NFS auto-mount
   dir (bnc748601).
   *
   patches.suse/cgroup-disable-memcg-when-low-lowmem.patch:
   fix typo: use if defined(CONFIG_) rather than if CONFIG_
   *
   patches.suse/pagecache-limit-fix-shmem-deadlock.patch:
   Fixed the GFP_NOWAIT is zero and not suitable for tests bug
   (bnc#755537)
   * sys_poll: fix incorrect type for timeout parameter
   (bnc#754428).
   * scsi_transport_fc: fix blocked bsg request when fc
   object deleted (bnc#761414, bnc#734300).
   * ehea: fix allmulticast support (bnc#758013).
   * scsi: Silence unnecessary warnings about ioctl to
   partition (bnc#758104).
   * sched/x86: Fix overflow in cyc2ns_offset (bnc#630970,
   bnc#661605).
   * sched/rt: Do not throttle when PI boosting
   (bnc#754085).
   * sched/rt: Keep period timer ticking when rt
   throttling is active (bnc#754085).
   * sched,rt: fix isolated CPUs leaving root_task_group
   indefinitely throttled (bnc#754085).

   Security Issue references:

   * CVE-2012-2123
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2123
   >
   * CVE-2012-2136
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136
   >
   * CVE-2012-2383
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2383
   >
   * CVE-2012-2384
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2384
   >
   * CVE-2012-2390
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2390
   >
   * CVE-2012-2663
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663
   >
   * CVE-2012-3400
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3400
   >
   * CVE-2012-3375
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3375
   >
   * CVE-2012-2319
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2319
   >

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 for VMware:

      zypper in -t patch slessp1-kernel-6547 slessp1-kernel-6548

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-kernel-6547 slessp1-kernel-6548 slessp1-kernel-6549 slessp1-kernel-6550 slessp1-kernel-6556

   - SUSE Linux Enterprise High Availability Extension 11 SP1:

      zypper in -t patch sleshasp1-kernel-6547 sleshasp1-kernel-6548 sleshasp1-kernel-6549 sleshasp1-kernel-6550 sleshasp1-kernel-6556

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-kernel-6547 sledsp1-kernel-6548

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-default-0_2.6.32.59_0.7-0.3.107
      ext4dev-kmp-default-0_2.6.32.59_0.7-7.9.74
      ext4dev-kmp-trace-0_2.6.32.59_0.7-7.9.74
      hyper-v-kmp-default-0_2.6.32.59_0.7-0.18.20
      hyper-v-kmp-trace-0_2.6.32.59_0.7-0.18.20
      kernel-default-2.6.32.59-0.7.1
      kernel-default-base-2.6.32.59-0.7.1
      kernel-default-devel-2.6.32.59-0.7.1
      kernel-source-2.6.32.59-0.7.1
      kernel-syms-2.6.32.59-0.7.1
      kernel-trace-2.6.32.59-0.7.1
      kernel-trace-base-2.6.32.59-0.7.1
      kernel-trace-devel-2.6.32.59-0.7.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.59]:

      btrfs-kmp-pae-0_2.6.32.59_0.7-0.3.107
      ext4dev-kmp-pae-0_2.6.32.59_0.7-7.9.74
      hyper-v-kmp-pae-0_2.6.32.59_0.7-0.18.20
      kernel-pae-2.6.32.59-0.7.1
      kernel-pae-base-2.6.32.59-0.7.1
      kernel-pae-devel-2.6.32.59-0.7.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-default-0_2.6.32.59_0.7-0.3.107
      ext4dev-kmp-default-0_2.6.32.59_0.7-7.9.74
      ext4dev-kmp-trace-0_2.6.32.59_0.7-7.9.74
      kernel-default-2.6.32.59-0.7.1
      kernel-default-base-2.6.32.59-0.7.1
      kernel-default-devel-2.6.32.59-0.7.1
      kernel-source-2.6.32.59-0.7.1
      kernel-syms-2.6.32.59-0.7.1
      kernel-trace-2.6.32.59-0.7.1
      kernel-trace-base-2.6.32.59-0.7.1
      kernel-trace-devel-2.6.32.59-0.7.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-xen-0_2.6.32.59_0.7-0.3.107
      ext4dev-kmp-xen-0_2.6.32.59_0.7-7.9.74
      hyper-v-kmp-default-0_2.6.32.59_0.7-0.18.20
      hyper-v-kmp-trace-0_2.6.32.59_0.7-0.18.20
      kernel-ec2-2.6.32.59-0.7.1
      kernel-ec2-base-2.6.32.59-0.7.1
      kernel-ec2-devel-2.6.32.59-0.7.1
      kernel-xen-2.6.32.59-0.7.1
      kernel-xen-base-2.6.32.59-0.7.1
      kernel-xen-devel-2.6.32.59-0.7.1

   - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.59]:

      kernel-default-man-2.6.32.59-0.7.1

   - SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.59]:

      ext4dev-kmp-ppc64-0_2.6.32.59_0.7-7.9.74
      kernel-ppc64-2.6.32.59-0.7.1
      kernel-ppc64-base-2.6.32.59-0.7.1
      kernel-ppc64-devel-2.6.32.59-0.7.1

   - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.59]:

      btrfs-kmp-pae-0_2.6.32.59_0.7-0.3.107
      ext4dev-kmp-pae-0_2.6.32.59_0.7-7.9.74
      hyper-v-kmp-pae-0_2.6.32.59_0.7-0.18.20
      kernel-pae-2.6.32.59-0.7.1
      kernel-pae-base-2.6.32.59-0.7.1
      kernel-pae-devel-2.6.32.59-0.7.1

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_2.6.32.59_0.7-2.5.60
      cluster-network-kmp-trace-1.4_2.6.32.59_0.7-2.5.60
      gfs2-kmp-default-2_2.6.32.59_0.7-0.2.106
      gfs2-kmp-trace-2_2.6.32.59_0.7-0.2.106
      ocfs2-kmp-default-1.6_2.6.32.59_0.7-0.4.2.60
      ocfs2-kmp-trace-1.6_2.6.32.59_0.7-0.4.2.60

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 x86_64):

      cluster-network-kmp-xen-1.4_2.6.32.59_0.7-2.5.60
      gfs2-kmp-xen-2_2.6.32.59_0.7-0.2.106
      ocfs2-kmp-xen-1.6_2.6.32.59_0.7-0.4.2.60

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64):

      cluster-network-kmp-ppc64-1.4_2.6.32.59_0.7-2.5.60
      gfs2-kmp-ppc64-2_2.6.32.59_0.7-0.2.106
      ocfs2-kmp-ppc64-1.6_2.6.32.59_0.7-0.4.2.60

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586):

      cluster-network-kmp-pae-1.4_2.6.32.59_0.7-2.5.60
      gfs2-kmp-pae-2_2.6.32.59_0.7-0.2.106
      ocfs2-kmp-pae-1.6_2.6.32.59_0.7-0.4.2.60

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-default-0_2.6.32.59_0.7-0.3.107
      btrfs-kmp-xen-0_2.6.32.59_0.7-0.3.107
      hyper-v-kmp-default-0_2.6.32.59_0.7-0.18.20
      kernel-default-2.6.32.59-0.7.1
      kernel-default-base-2.6.32.59-0.7.1
      kernel-default-devel-2.6.32.59-0.7.1
      kernel-default-extra-2.6.32.59-0.7.1
      kernel-desktop-devel-2.6.32.59-0.7.1
      kernel-source-2.6.32.59-0.7.1
      kernel-syms-2.6.32.59-0.7.1
      kernel-trace-devel-2.6.32.59-0.7.1
      kernel-xen-2.6.32.59-0.7.1
      kernel-xen-base-2.6.32.59-0.7.1
      kernel-xen-devel-2.6.32.59-0.7.1
      kernel-xen-extra-2.6.32.59-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.59]:

      btrfs-kmp-pae-0_2.6.32.59_0.7-0.3.107
      hyper-v-kmp-pae-0_2.6.32.59_0.7-0.18.20
      kernel-pae-2.6.32.59-0.7.1
      kernel-pae-base-2.6.32.59-0.7.1
      kernel-pae-devel-2.6.32.59-0.7.1
      kernel-pae-extra-2.6.32.59-0.7.1

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-2.6.32.59-0.7.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-2.6.32.59-0.7.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      kernel-ppc64-extra-2.6.32.59-0.7.1

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-2.6.32.59-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2012-2123.html
   http://support.novell.com/security/cve/CVE-2012-2136.html
   http://support.novell.com/security/cve/CVE-2012-2319.html
   http://support.novell.com/security/cve/CVE-2012-2383.html
   http://support.novell.com/security/cve/CVE-2012-2384.html
   http://support.novell.com/security/cve/CVE-2012-2390.html
   http://support.novell.com/security/cve/CVE-2012-2663.html
   http://support.novell.com/security/cve/CVE-2012-3375.html
   http://support.novell.com/security/cve/CVE-2012-3400.html
   https://bugzilla.novell.com/630970
   https://bugzilla.novell.com/661605
   https://bugzilla.novell.com/720374
   https://bugzilla.novell.com/729247
   https://bugzilla.novell.com/734300
   https://bugzilla.novell.com/752858
   https://bugzilla.novell.com/754085
   https://bugzilla.novell.com/754428
   https://bugzilla.novell.com/755513
   https://bugzilla.novell.com/755537
   https://bugzilla.novell.com/755546
   https://bugzilla.novell.com/756050
   https://bugzilla.novell.com/758013
   https://bugzilla.novell.com/758058
   https://bugzilla.novell.com/758104
   https://bugzilla.novell.com/758260
   https://bugzilla.novell.com/759545
   https://bugzilla.novell.com/760902
   https://bugzilla.novell.com/760974
   https://bugzilla.novell.com/761414
   https://bugzilla.novell.com/761988
   https://bugzilla.novell.com/763194
   https://bugzilla.novell.com/763656
   https://bugzilla.novell.com/763830
   https://bugzilla.novell.com/764098
   https://bugzilla.novell.com/764150
   https://bugzilla.novell.com/764500
   https://bugzilla.novell.com/765022
   https://bugzilla.novell.com/765102
   https://bugzilla.novell.com/765320
   https://bugzilla.novell.com/765548
   https://bugzilla.novell.com/767684
   https://bugzilla.novell.com/768632
   https://bugzilla.novell.com/769210
   https://bugzilla.novell.com/769685
   https://bugzilla.novell.com/769777
   https://bugzilla.novell.com/769784
   https://bugzilla.novell.com/769896
   http://download.novell.com/patch/finder/?keywords=06fda69d421dc021aa1af6db3dbbfe00
   http://download.novell.com/patch/finder/?keywords=175c75ce63a62eca1f569471fb682a0d
   http://download.novell.com/patch/finder/?keywords=229c8046cc2d922862a076dcade035ee
   http://download.novell.com/patch/finder/?keywords=2bf30579d340919def37b6c31f52d5cc
   http://download.novell.com/patch/finder/?keywords=30e20c3438f64370257cb21aa8034b43
   http://download.novell.com/patch/finder/?keywords=5399a2fd4163cc21db7ac98a1c252c2d
   http://download.novell.com/patch/finder/?keywords=7d95313094a63156fae454daf49c9590
   http://download.novell.com/patch/finder/?keywords=95c9d9077bf68ea687769a36cfba8c10
   http://download.novell.com/patch/finder/?keywords=aa8ba1a426ec842bf42ddf697706fb0a
   http://download.novell.com/patch/finder/?keywords=da9cb313bde70908a00e430c3f84de25



More information about the sle-security-updates mailing list