SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1195-1
Rating:             important
References:         #616256 #628343 #635880 #683101 #692784 #694315 
                    #699354 #699355 #701355 #701550 #706375 #707439 
                    #709213 #709369 #712009 #713876 #714001 #717126 
                    #717421 #717585 #718028 #721830 #724947 
Cross-References:   CVE-2009-4067 CVE-2011-1776 CVE-2011-3191
                    CVE-2011-3363
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves four vulnerabilities and has 19 fixes
   is now available.

Description:


   This Linux kernel update fixes various security issues and
   bugs in the SUSE  Linux Enterprise 10 SP4 kernel.

   The following security issues have been fixed:

   * CVE-2009-4067: A USB string descriptor overflow in
   the auerwald USB driver was fixed, which could be used by
   physically proximate attackers to cause a kernel crash.
   * CVE-2011-3363: Always check the path in CIFS mounts
   to avoid interesting filesystem path interaction issues and
   potential crashes.
   * CVE-2011-3191: A malicious CIFS server could cause a
   integer overflow on the local machine on directory index
   operations, in turn causing memory corruption.
   * CVE-2011-1776: The is_gpt_valid function in
   fs/partitions/efi.c in the Linux kernel did not check the
   size of an Extensible Firmware Interface (EFI) GUID
   Partition Table (GPT) entry, which allowed physically
   proximate attackers to cause a denial of service
   (heap-based buffer overflow and OOPS) or obtain sensitive
   information from kernel heap memory by connecting a crafted
   GPT storage device, a different vulnerability than
   CVE-2011-1577.

   The following non-security issues have been fixed:

   * md: fix deadlock in md/raid1 and md/raid10 when
   handling a read error (bnc#628343).
   * md: fix possible raid1/raid10 deadlock on read error
   during resync (bnc#628343).
   * Add timeo parameter to /proc/mounts for nfs
   filesystems (bnc#616256).
   * virtio: indirect ring entries
   (VIRTIO_RING_F_INDIRECT_DESC) (bnc#713876).
   * virtio: teach virtio_has_feature() about transport
   features (bnc#713876).
   * nf_nat: do not add NAT extension for confirmed
   conntracks (bnc#709213).
   * 8250: Oxford Semiconductor Devices (bnc#717126).
   * 8250_pci: Add support for the Digi/IBM PCIe 2-port
   Adapter (bnc#717126).
   * 8250: Fix capabilities when changing the port type
   (bnc#717126).
   * 8250: Add EEH support (bnc#717126).
   * xfs: fix memory reclaim recursion deadlock on locked
   inode buffer (bnc#699355 bnc#699354 bnc#721830).
   * ipmi: do not grab locks in run-to-completion mode
   (bnc#717421).
   * cifs: add fallback in is_path_accessible for old
   servers (bnc#718028).
   * cciss: do not attempt to read from a write-only
   register (bnc#683101).
   * s390: kernel: System hang if hangcheck timer expires
   (bnc#712009,LTC#74157).
   * s390: kernel: NSS creation with initrd fails
   (bnc#712009,LTC#74207).
   * s390: kernel: remove code to handle topology
   interrupts (bnc#712009,LTC#74440).
   * xen: Added 1083-kbdfront-absolute-coordinates.patch
   (bnc#717585).
   * acpi: Use a spinlock instead of mutex to guard
   gbl_lock access (bnc#707439).
   * Allow balance_dirty_pages to help other filesystems
   (bnc#709369).
   * nfs: fix congestion control (bnc#709369).
   * NFS: Separate metadata and page cache revalidation
   mechanisms (bnc#709369).
   * jbd: Fix oops in journal_remove_journal_head()
   (bnc#694315).
   * xen/blkfront: avoid NULL de-reference in CDROM ioctl
   handling (bnc#701355).
   * xen/x86: replace order-based range checking of M2P
   table by linear one.
   * xen/x86: use dynamically adjusted upper bound for
   contiguous regions (bnc#635880).
   * Fix type in
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress.
   * s390: cio: Add timeouts for internal IO
   (bnc#701550,LTC#72691).
   * s390: kernel: first time swap use results in heavy
   swapping (bnc#701550,LTC#73132).
   * s390: qeth: wrong number of output queues for
   HiperSockets (bnc#701550,LTC#73814).

   Security Issue references:

   * CVE-2009-4067
   
   * CVE-2011-3363
   
   * CVE-2011-3191
   
   * CVE-2011-1776
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-kdumppae-2.6.16.60-0.91.1
      kernel-vmi-2.6.16.60-0.91.1
      kernel-vmipae-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.91.1
      kernel-ppc64-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-smp-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.91.1


References:

   https://www.suse.com/security/cve/CVE-2009-4067.html
   https://www.suse.com/security/cve/CVE-2011-1776.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://www.suse.com/security/cve/CVE-2011-3363.html
   https://bugzilla.novell.com/616256
   https://bugzilla.novell.com/628343
   https://bugzilla.novell.com/635880
   https://bugzilla.novell.com/683101
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/694315
   https://bugzilla.novell.com/699354
   https://bugzilla.novell.com/699355
   https://bugzilla.novell.com/701355
   https://bugzilla.novell.com/701550
   https://bugzilla.novell.com/706375
   https://bugzilla.novell.com/707439
   https://bugzilla.novell.com/709213
   https://bugzilla.novell.com/709369
   https://bugzilla.novell.com/712009
   https://bugzilla.novell.com/713876
   https://bugzilla.novell.com/714001
   https://bugzilla.novell.com/717126
   https://bugzilla.novell.com/717421
   https://bugzilla.novell.com/717585
   https://bugzilla.novell.com/718028
   https://bugzilla.novell.com/721830
   https://bugzilla.novell.com/724947
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2011:1195-1: important: Linux kernel

October 28, 2011
An update that solves four vulnerabilities and has 19 fixes An update that solves four vulnerabilities and has 19 fixes An update that solves four vulnerabilities and has 19 fixes ...

Summary

   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1195-1
Rating:             important
References:         #616256 #628343 #635880 #683101 #692784 #694315 
                    #699354 #699355 #701355 #701550 #706375 #707439 
                    #709213 #709369 #712009 #713876 #714001 #717126 
                    #717421 #717585 #718028 #721830 #724947 
Cross-References:   CVE-2009-4067 CVE-2011-1776 CVE-2011-3191
                    CVE-2011-3363
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves four vulnerabilities and has 19 fixes
   is now available.

Description:


   This Linux kernel update fixes various security issues and
   bugs in the SUSE  Linux Enterprise 10 SP4 kernel.

   The following security issues have been fixed:

   * CVE-2009-4067: A USB string descriptor overflow in
   the auerwald USB driver was fixed, which could be used by
   physically proximate attackers to cause a kernel crash.
   * CVE-2011-3363: Always check the path in CIFS mounts
   to avoid interesting filesystem path interaction issues and
   potential crashes.
   * CVE-2011-3191: A malicious CIFS server could cause a
   integer overflow on the local machine on directory index
   operations, in turn causing memory corruption.
   * CVE-2011-1776: The is_gpt_valid function in
   fs/partitions/efi.c in the Linux kernel did not check the
   size of an Extensible Firmware Interface (EFI) GUID
   Partition Table (GPT) entry, which allowed physically
   proximate attackers to cause a denial of service
   (heap-based buffer overflow and OOPS) or obtain sensitive
   information from kernel heap memory by connecting a crafted
   GPT storage device, a different vulnerability than
   CVE-2011-1577.

   The following non-security issues have been fixed:

   * md: fix deadlock in md/raid1 and md/raid10 when
   handling a read error (bnc#628343).
   * md: fix possible raid1/raid10 deadlock on read error
   during resync (bnc#628343).
   * Add timeo parameter to /proc/mounts for nfs
   filesystems (bnc#616256).
   * virtio: indirect ring entries
   (VIRTIO_RING_F_INDIRECT_DESC) (bnc#713876).
   * virtio: teach virtio_has_feature() about transport
   features (bnc#713876).
   * nf_nat: do not add NAT extension for confirmed
   conntracks (bnc#709213).
   * 8250: Oxford Semiconductor Devices (bnc#717126).
   * 8250_pci: Add support for the Digi/IBM PCIe 2-port
   Adapter (bnc#717126).
   * 8250: Fix capabilities when changing the port type
   (bnc#717126).
   * 8250: Add EEH support (bnc#717126).
   * xfs: fix memory reclaim recursion deadlock on locked
   inode buffer (bnc#699355 bnc#699354 bnc#721830).
   * ipmi: do not grab locks in run-to-completion mode
   (bnc#717421).
   * cifs: add fallback in is_path_accessible for old
   servers (bnc#718028).
   * cciss: do not attempt to read from a write-only
   register (bnc#683101).
   * s390: kernel: System hang if hangcheck timer expires
   (bnc#712009,LTC#74157).
   * s390: kernel: NSS creation with initrd fails
   (bnc#712009,LTC#74207).
   * s390: kernel: remove code to handle topology
   interrupts (bnc#712009,LTC#74440).
   * xen: Added 1083-kbdfront-absolute-coordinates.patch
   (bnc#717585).
   * acpi: Use a spinlock instead of mutex to guard
   gbl_lock access (bnc#707439).
   * Allow balance_dirty_pages to help other filesystems
   (bnc#709369).
   * nfs: fix congestion control (bnc#709369).
   * NFS: Separate metadata and page cache revalidation
   mechanisms (bnc#709369).
   * jbd: Fix oops in journal_remove_journal_head()
   (bnc#694315).
   * xen/blkfront: avoid NULL de-reference in CDROM ioctl
   handling (bnc#701355).
   * xen/x86: replace order-based range checking of M2P
   table by linear one.
   * xen/x86: use dynamically adjusted upper bound for
   contiguous regions (bnc#635880).
   * Fix type in
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress.
   * s390: cio: Add timeouts for internal IO
   (bnc#701550,LTC#72691).
   * s390: kernel: first time swap use results in heavy
   swapping (bnc#701550,LTC#73132).
   * s390: qeth: wrong number of output queues for
   HiperSockets (bnc#701550,LTC#73814).

   Security Issue references:

   * CVE-2009-4067
   
   * CVE-2011-3363
   
   * CVE-2011-3191
   
   * CVE-2011-1776
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-kdumppae-2.6.16.60-0.91.1
      kernel-vmi-2.6.16.60-0.91.1
      kernel-vmipae-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.91.1
      kernel-ppc64-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-smp-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.91.1


References:

   https://www.suse.com/security/cve/CVE-2009-4067.html
   https://www.suse.com/security/cve/CVE-2011-1776.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://www.suse.com/security/cve/CVE-2011-3363.html
   https://bugzilla.novell.com/616256
   https://bugzilla.novell.com/628343
   https://bugzilla.novell.com/635880
   https://bugzilla.novell.com/683101
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/694315
   https://bugzilla.novell.com/699354
   https://bugzilla.novell.com/699355
   https://bugzilla.novell.com/701355
   https://bugzilla.novell.com/701550
   https://bugzilla.novell.com/706375
   https://bugzilla.novell.com/707439
   https://bugzilla.novell.com/709213
   https://bugzilla.novell.com/709369
   https://bugzilla.novell.com/712009
   https://bugzilla.novell.com/713876
   https://bugzilla.novell.com/714001
   https://bugzilla.novell.com/717126
   https://bugzilla.novell.com/717421
   https://bugzilla.novell.com/717585
   https://bugzilla.novell.com/718028
   https://bugzilla.novell.com/721830
   https://bugzilla.novell.com/724947
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

References

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved