SUSE-SU-2012:1391-1: important: Security update for Linux kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Oct 24 01:08:38 MDT 2012


   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1391-1
Rating:             important
References:         #674284 #703156 #734056 #738400 #738528 #747576 
                    #755546 #758985 #760974 #762581 #763526 #765102 
                    #765320 #767277 #767504 #767766 #767939 #769784 
                    #770507 #770697 #772409 #773272 #773831 #776888 
                    #777575 #783058 
Cross-References:   CVE-2011-1044 CVE-2011-4110 CVE-2012-2136
                    CVE-2012-2663 CVE-2012-2744 CVE-2012-3510
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 20 fixes is
   now available.

Description:


   This Linux kernel update fixes various security issues and
   bugs in the SUSE  Linux Enterprise 10 SP4 kernel.

   The following security issues have been fixed:

   *

   CVE-2011-2494: kernel/taskstats.c in the Linux kernel
   allowed local users to obtain sensitive I/O statistics by
   sending taskstats commands to a netlink socket, as
   demonstrated by discovering the length of another users
   password (a side channel attack).

   *

   CVE-2012-2744:
   net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux
   kernel, when the nf_conntrack_ipv6 module is enabled,
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and system crash) via certain types of
   fragmented IPv6 packets.

   *

   CVE-2012-3510: Use-after-free vulnerability in the
   xacct_add_tsk function in kernel/tsacct.c in the Linux
   kernel allowed local users to obtain potentially sensitive
   information from kernel memory or cause a denial of service
   (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
   command.

   *

   CVE-2011-4110: The user_update function in
   security/keys/user_defined.c in the Linux kernel 2.6
   allowed local users to cause a denial of service (NULL
   pointer dereference and kernel oops) via vectors related to
   a user-defined key and updating a negative key into a fully
   instantiated key.

   *

   CVE-2011-1044: The ib_uverbs_poll_cq function in
   drivers/infiniband/core/uverbs_cmd.c in the Linux kernel
   did not initialize a certain response buffer, which allowed
   local users to obtain potentially sensitive information
   from kernel memory via vectors that cause this buffer to be
   only partially filled, a different vulnerability than
   CVE-2010-4649.

   *

   CVE-2012-3400: Heap-based buffer overflow in the
   udf_load_logicalvol function in fs/udf/super.c in the Linux
   kernel allowed remote attackers to cause a denial of
   service (system crash) or possibly have unspecified other
   impact via a crafted UDF filesystem.

   *

   CVE-2012-2136: The sock_alloc_send_pskb function in
   net/core/sock.c in the Linux kernel did not properly
   validate a certain length value, which allowed local users
   to cause a denial of service (heap-based buffer overflow
   and system crash) or possibly gain privileges by leveraging
   access to a TUN/TAP device.

   *

   CVE-2012-2663: A small denial of service leak in
   dropping syn+fin messages was fixed.

   The following non-security issues have been fixed:

   Packaging:

   * kbuild: Fix gcc -x syntax (bnc#773831).

   NFS:

   * knfsd: An assortment of little fixes to the sunrpc
   cache code (bnc#767766).
   * knfsd: Unexport cache_fresh and fix a small race
   (bnc#767766).
   * knfsd: nfsd: do not drop silently on upcall deferral
   (bnc#767766).
   * knfsd: svcrpc: remove another silent drop from
   deferral code (bnc#767766).
   * sunrpc/cache: simplify cache_fresh_locked and
   cache_fresh_unlocked (bnc#767766).
   * sunrpc/cache: recheck cache validity after
   cache_defer_req (bnc#767766).
   * sunrpc/cache: use list_del_init for the list_head
   entries in cache_deferred_req (bnc#767766).
   * sunrpc/cache: avoid variable over-loading in
   cache_defer_req (bnc#767766).
   * sunrpc/cache: allow thread to block while waiting for
   cache update (bnc#767766).
   * sunrpc/cache: Fix race in sunrpc/cache introduced by
   patch to allow thread to block while waiting for cache
   update (bnc#767766).
   * sunrpc/cache: Another fix for race problem with
   sunrpc cache deferal (bnc#767766).
   * knfsd: nfsd: make all exp_finding functions return
   -errnos on err (bnc#767766).
   * Fix kabi breakage in previous nfsd patch series
   (bnc#767766).
   * nfsd: Work around incorrect return type for
   wait_for_completion_interruptible_timeout (bnc#767766).
   * nfs: Fix a potential file corruption issue when
   writing (bnc#773272).
   * nfs: Allow sync writes to be multiple pages
   (bnc#763526).
   * nfs: fix reference counting for NFSv4 callback thread
   (bnc#767504).
   * nfs: flush signals before taking down callback thread
   (bnc#767504).
   * nfsv4: Ensure nfs_callback_down() calls svc_destroy()
   (bnc#767504).

   SCSI:

   * SCSI/ch: Check NULL for kmalloc() return (bnc#783058).
   *

   drivers/scsi/aic94xx/aic94xx_init.c: correct the size
   argument to kmalloc (bnc#783058).

   *

   block: fail SCSI passthrough ioctls on partition
   devices (bnc#738400).

   *

   dm: do not forward ioctls from logical volumes to the
   underlying device (bnc#738400).

   *

   vmware: Fix VMware hypervisor detection (bnc#777575,
   bnc#770507).

   S/390:

   * lgr: Make lgr_page static (bnc#772409,LTC#83520).
   * zfcp: Fix oops in _blk_add_trace()
   (bnc#772409,LTC#83510).
   *

   kernel: Add z/VM LGR detection
   (bnc#767277,LTC#RAS1203).

   *

   be2net: Fix EEH error reset before a flash dump
   completes (bnc#755546).

   * mptfusion: fix msgContext in mptctl_hp_hostinfo
   (bnc#767939).
   * PCI: Fix bus resource assignment on 32 bits with 64b
   resources. (bnc#762581)
   * PCI: fix up setup-bus.c #ifdef. (bnc#762581)
   *

   x86: powernow-k8: Fix indexing issue (bnc#758985).

   *

   net: Fix race condition about network device name
   allocation (bnc#747576).

   XEN:

   * smpboot: adjust ordering of operations.
   * xen/x86-64: provide a memset() that can deal with 4Gb
   or above at a time (bnc#738528).
   * xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53
   (bnc#760974).
   * xen/gntdev: fix multi-page slot allocation
   (bnc#760974).

   Security Issues:

   * CVE-2011-1044
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044
   >
   * CVE-2011-4110
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110
   >
   * CVE-2012-2136
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136
   >
   * CVE-2012-2663
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663
   >
   * CVE-2012-2744
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2744
   >
   * CVE-2012-3510
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510
   >

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.99.1
      kernel-source-2.6.16.60-0.99.1
      kernel-syms-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.99.1
      kernel-xen-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.99.1
      kernel-kdumppae-2.6.16.60-0.99.1
      kernel-vmi-2.6.16.60-0.99.1
      kernel-vmipae-2.6.16.60-0.99.1
      kernel-xenpae-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.99.1
      kernel-ppc64-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.99.1
      kernel-smp-2.6.16.60-0.99.1
      kernel-source-2.6.16.60-0.99.1
      kernel-syms-2.6.16.60-0.99.1
      kernel-xen-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.99.1
      kernel-xenpae-2.6.16.60-0.99.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.99.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.99.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.99.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.99.1


References:

   http://support.novell.com/security/cve/CVE-2011-1044.html
   http://support.novell.com/security/cve/CVE-2011-4110.html
   http://support.novell.com/security/cve/CVE-2012-2136.html
   http://support.novell.com/security/cve/CVE-2012-2663.html
   http://support.novell.com/security/cve/CVE-2012-2744.html
   http://support.novell.com/security/cve/CVE-2012-3510.html
   https://bugzilla.novell.com/674284
   https://bugzilla.novell.com/703156
   https://bugzilla.novell.com/734056
   https://bugzilla.novell.com/738400
   https://bugzilla.novell.com/738528
   https://bugzilla.novell.com/747576
   https://bugzilla.novell.com/755546
   https://bugzilla.novell.com/758985
   https://bugzilla.novell.com/760974
   https://bugzilla.novell.com/762581
   https://bugzilla.novell.com/763526
   https://bugzilla.novell.com/765102
   https://bugzilla.novell.com/765320
   https://bugzilla.novell.com/767277
   https://bugzilla.novell.com/767504
   https://bugzilla.novell.com/767766
   https://bugzilla.novell.com/767939
   https://bugzilla.novell.com/769784
   https://bugzilla.novell.com/770507
   https://bugzilla.novell.com/770697
   https://bugzilla.novell.com/772409
   https://bugzilla.novell.com/773272
   https://bugzilla.novell.com/773831
   https://bugzilla.novell.com/776888
   https://bugzilla.novell.com/777575
   https://bugzilla.novell.com/783058
   http://download.novell.com/patch/finder/?keywords=118cf41af33f48911c473f3bd88c74a8
   http://download.novell.com/patch/finder/?keywords=1d5bd8295622191606c935851bd82ff9
   http://download.novell.com/patch/finder/?keywords=3b3320a96f49fe4615b35ba22bb6cbf3
   http://download.novell.com/patch/finder/?keywords=9dc087603b172b449aa9a07b548bf3cf
   http://download.novell.com/patch/finder/?keywords=c77cfcc87d8e54df006cb42c12c2fadb



More information about the sle-security-updates mailing list