SuSE: 2011:1101-1: important: kernel SLE11 SP1

   SUSE Security Update: kernel update for SLE11 SP1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1101-1
Rating:             important
References:         #588458 #603804 #632870 #642896 #649625 #667386 
                    #669378 #688859 #694670 #699354 #699357 #701443 
                    #701686 #704347 #706557 #707096 #707125 #707737 
                    #708675 #708877 #709412 #711203 #711969 #712456 
                    #712929 #713138 #713430 #714001 #714966 #715235 
                    #715763 #716901 #719117 
Cross-References:   CVE-2011-2928 CVE-2011-3191 CVE-2011-3353
                   
Affected Products:
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves three vulnerabilities and has 30
   fixes is now available.

Description:

   The SUSE Linux Enterprise 11 Service Pack 1 kernel was
   updated to 2.6.32.46 and fixes various bugs and security
   issues.

   Following security issues were fixed: CVE-2011-3191: A
   signedness issue in CIFS could possibly have lead to to
   memory corruption, if a malicious server could send crafted
   replies to the host.

   CVE-2011-3353: In the fuse filesystem,
   FUSE_NOTIFY_INVAL_ENTRY did not check the length of the
   write so the message processing could overrun and result in
   a BUG_ON() in fuse_copy_fill(). This flaw could be used by
   local users able to mount FUSE filesystems to crash the
   system.

   CVE-2011-2928: The befs_follow_link function in
   fs/befs/linuxvfs.c in the Linux kernel did not validate the
   length attribute of long symlinks, which allowed local
   users to cause a denial of service (incorrect pointer
   dereference and OOPS) by accessing a long symlink on a
   malformed Be filesystem.


   Also the following non security bugs were fixed:
   - Added a missing reset for ioc_reset_in_progress in
   SoftReset in the mtpsas driver (bnc#711969).

   - Add support for the Digi/IBM PCIe 2-port Adapter
   (bnc#708675).

   - Always enable MSI-X on 5709 (bnc#707737).

   - sched: fix broken SCHED_RESET_ON_FORK handling
   (bnc#708877).

   - sched: Fix rt_rq runtime leakage bug (bnc#707096).

   - ACPI: allow passing down C1 information if no other
   C-states exist.

   - KDB: turn off kdb usb support by default (bnc#694670
   bnc#603804).

   - xfs: Added event tracing support.
   - xfs: fix xfs_fsblock_t tracing.

   - igb: extend maximum frame size to receive VLAN tagged
   frames (bnc#688859).

   - cfq: Do not allow queue merges for queues that have no
   process references (bnc#712929).
   - cfq: break apart merged cfqqs if they stop cooperating
   (bnc#712929).
   - cfq: calculate the seek_mean per cfq_queue not per
   cfq_io_context (bnc#712929).
   - cfq: change the meaning of the cfqq_coop flag
   (bnc#712929).
   - cfq-iosched: get rid of the coop_preempt flag
   (bnc#712929).
   - cfq: merge cooperating cfq_queues (bnc#712929).

   - Fix FDDI and TR config checks in ipv4 arp and LLC
   (bnc#715235).

   - writeback: do uninterruptible sleep in
   balance_dirty_pages() (bnc#699354 bnc#699357).
   - xfs: fix memory reclaim recursion deadlock on locked
   inode buffer (bnc#699355 bnc#699354).
   - xfs: use GFP_NOFS for page cache allocation (bnc#699355
   bnc#699354).

   - virtio-net: init link state correctly (bnc#714966).

   - cpufreq: pcc-cpufreq: sanity check to prevent a NULL
   pointer dereference (bnc#709412).

   - x86: ucode-amd: Do not warn when no ucode is available
   for a CPU

   - patches.arch/x86_64-unwind-annotations: Refresh
   (bnc#588458).
   - patches.suse/stack-unwind: Refresh (bnc#588458).

   - splice: direct_splice_actor() should not use pos in sd
   (bnc#715763).

   - qdio: 2nd stage retry on SIGA-W busy conditions
   (bnc#713138,LTC#74402).

   - TTY: pty, fix pty counting (bnc#711203).

   - Avoid deadlock in GFP_IO/GFP_FS allocation (bnc#632870).

   - novfs: fix some DirCache locking issues (bnc#669378).
   - novfs: fix some kmalloc/kfree issues (bnc#669378).
   - novfs: fix off-by-one allocation error (bnc#669378).
   - novfs: unlink directory after unmap (bnc#649625).
   - novfs: last modification time not reliable (bnc#642896).

   - x86 / IO APIC: Reset IRR in clear_IO_APIC_pin()
   (bnc#701686, bnc#667386).

   - mptfusion : Added check for SILI bit in READ_6 CDB for
   DATA UNDERRUN ERRATA (bnc #712456).

   - xfs: serialise unaligned direct IOs (bnc#707125).

   - NFS: Ensure that we handle NFS4ERR_STALE_STATEID
   correctly (bnc#701443).
   - NFSv4: Do not call nfs4_state_mark_reclaim_reboot() from
   error handlers (bnc#701443).
   - NFSv4: Fix open recovery (bnc#701443).
   - NFSv4.1: Do not call nfs4_schedule_state_recovery()
   unnecessarily (bnc#701443).


Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-2.6.32.46-0.3.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-2.6.32.46-0.3.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      kernel-ppc64-extra-2.6.32.46-0.3.1

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-2.6.32.46-0.3.1


References:

   https://www.suse.com/security/cve/CVE-2011-2928.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://www.suse.com/security/cve/CVE-2011-3353.html
   https://bugzilla.novell.com/588458
   https://bugzilla.novell.com/603804
   https://bugzilla.novell.com/632870
   https://bugzilla.novell.com/642896
   https://bugzilla.novell.com/649625
   https://bugzilla.novell.com/667386
   https://bugzilla.novell.com/669378
   https://bugzilla.novell.com/688859
   https://bugzilla.novell.com/694670
   https://bugzilla.novell.com/699354
   https://bugzilla.novell.com/699357
   https://bugzilla.novell.com/701443
   https://bugzilla.novell.com/701686
   https://bugzilla.novell.com/704347
   https://bugzilla.novell.com/706557
   https://bugzilla.novell.com/707096
   https://bugzilla.novell.com/707125
   https://bugzilla.novell.com/707737
   https://bugzilla.novell.com/708675
   https://bugzilla.novell.com/708877
   https://bugzilla.novell.com/709412
   https://bugzilla.novell.com/711203
   https://bugzilla.novell.com/711969
   https://bugzilla.novell.com/712456
   https://bugzilla.novell.com/712929
   https://bugzilla.novell.com/713138
   https://bugzilla.novell.com/713430
   https://bugzilla.novell.com/714001
   https://bugzilla.novell.com/714966
   https://bugzilla.novell.com/715235
   https://bugzilla.novell.com/715763
   https://bugzilla.novell.com/716901
   https://bugzilla.novell.com/719117
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/idff/sso

SUSE Security Update: kernel update for SLE11 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:1101-1 Rating: important References: #588458 #603804 #632870 #642896 #649625 #667386 #669378 #688859 #694670 #699354 #699357 #701443 #701686 #704347 #706557 #707096 #707125 #707737 #708675 #708877 #709412 #711203 #711969 #712456 #712929 #713138 #713430 #714001 #714966 #715235 #715763 #716901 #719117 Cross-References: CVE-2011-2928 CVE-2011-3191 CVE-2011-3353 Affected Products: SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves three vulnerabilities and has 30 fixes is now available. Description: The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.46 and fixes various bugs and security issues. Following security issues were fixed: CVE-2011-3191: A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. CVE-2011-2928: The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. Also the following non security bugs were fixed: - Added a missing reset for ioc_reset_in_progress in SoftReset in the mtpsas driver (bnc#711969). - Add support for the Digi/IBM PCIe 2-port Adapter (bnc#708675). - Always enable MSI-X on 5709 (bnc#707737). - sched: fix broken SCHED_RESET_ON_FORK handling (bnc#708877). - sched: Fix rt_rq runtime leakage bug (bnc#707096). - ACPI: allow passing down C1 information if no other C-states exist. - KDB: turn off kdb usb support by default (bnc#694670 bnc#603804). - xfs: Added event tracing support. - xfs: fix xfs_fsblock_t tracing. - igb: extend maximum frame size to receive VLAN tagged frames (bnc#688859). - cfq: Do not allow queue merges for queues that have no process references (bnc#712929). - cfq: break apart merged cfqqs if they stop cooperating (bnc#712929). - cfq: calculate the seek_mean per cfq_queue not per cfq_io_context (bnc#712929). - cfq: change the meaning of the cfqq_coop flag (bnc#712929). - cfq-iosched: get rid of the coop_preempt flag (bnc#712929). - cfq: merge cooperating cfq_queues (bnc#712929). - Fix FDDI and TR config checks in ipv4 arp and LLC (bnc#715235). - writeback: do uninterruptible sleep in balance_dirty_pages() (bnc#699354 bnc#699357). - xfs: fix memory reclaim recursion deadlock on locked inode buffer (bnc#699355 bnc#699354). - xfs: use GFP_NOFS for page cache allocation (bnc#699355 bnc#699354). - virtio-net: init link state correctly (bnc#714966). - cpufreq: pcc-cpufreq: sanity check to prevent a NULL pointer dereference (bnc#709412). - x86: ucode-amd: Do not warn when no ucode is available for a CPU - patches.arch/x86_64-unwind-annotations: Refresh (bnc#588458). - patches.suse/stack-unwind: Refresh (bnc#588458). - splice: direct_splice_actor() should not use pos in sd (bnc#715763). - qdio: 2nd stage retry on SIGA-W busy conditions (bnc#713138,LTC#74402). - TTY: pty, fix pty counting (bnc#711203). - Avoid deadlock in GFP_IO/GFP_FS allocation (bnc#632870). - novfs: fix some DirCache locking issues (bnc#669378). - novfs: fix some kmalloc/kfree issues (bnc#669378). - novfs: fix off-by-one allocation error (bnc#669378). - novfs: unlink directory after unmap (bnc#649625). - novfs: last modification time not reliable (bnc#642896). - x86 / IO APIC: Reset IRR in clear_IO_APIC_pin() (bnc#701686, bnc#667386). - mptfusion : Added check for SILI bit in READ_6 CDB for DATA UNDERRUN ERRATA (bnc #712456). - xfs: serialise unaligned direct IOs (bnc#707125). - NFS: Ensure that we handle NFS4ERR_STALE_STATEID correctly (bnc#701443). - NFSv4: Do not call nfs4_state_mark_reclaim_reboot() from error handlers (bnc#701443). - NFSv4: Fix open recovery (bnc#701443). - NFSv4.1: Do not call nfs4_schedule_state_recovery() unnecessarily (bnc#701443). Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-2.6.32.46-0.3.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-2.6.32.46-0.3.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-2.6.32.46-0.3.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-2.6.32.46-0.3.1 References: https://www.suse.com/security/cve/CVE-2011-2928.html https://www.suse.com/security/cve/CVE-2011-3191.html https://www.suse.com/security/cve/CVE-2011-3353.html https://bugzilla.novell.com/588458 https://bugzilla.novell.com/603804 https://bugzilla.novell.com/632870 https://bugzilla.novell.com/642896 https://bugzilla.novell.com/649625 https://bugzilla.novell.com/667386 https://bugzilla.novell.com/669378 https://bugzilla.novell.com/688859 https://bugzilla.novell.com/694670 https://bugzilla.novell.com/699354 https://bugzilla.novell.com/699357 https://bugzilla.novell.com/701443 https://bugzilla.novell.com/701686 https://bugzilla.novell.com/704347 https://bugzilla.novell.com/706557 https://bugzilla.novell.com/707096 https://bugzilla.novell.com/707125 https://bugzilla.novell.com/707737 https://bugzilla.novell.com/708675 https://bugzilla.novell.com/708877 https://bugzilla.novell.com/709412 https://bugzilla.novell.com/711203 https://bugzilla.novell.com/711969 https://bugzilla.novell.com/712456 https://bugzilla.novell.com/712929 https://bugzilla.novell.com/713138 https://bugzilla.novell.com/713430 https://bugzilla.novell.com/714001 https://bugzilla.novell.com/714966 https://bugzilla.novell.com/715235 https://bugzilla.novell.com/715763 https://bugzilla.novell.com/716901 https://bugzilla.novell.com/719117 https://login.microfocus.com/nidp/idff/sso https://login.microfocus.com/nidp/idff/sso https://login.microfocus.com/nidp/idff/sso https://login.microfocus.com/nidp/idff/sso https://login.microfocus.com/nidp/idff/sso

Get the Latest News & Insights

SuSE: 2011:1101-1: important: kernel SLE11 SP1

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By