SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1195-1
Rating:             important
References:         #616256 #628343 #635880 #683101 #692784 #694315 
                    #699354 #699355 #701355 #701550 #706375 #707439 
                    #709213 #709369 #712009 #713876 #714001 #717126 
                    #717421 #717585 #718028 #721830 #724947 
Cross-References:   CVE-2009-4067 CVE-2011-1776 CVE-2011-3191
                    CVE-2011-3363
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves four vulnerabilities and has 19 fixes
   is now available.

Description:


   This Linux kernel update fixes various security issues and
   bugs in the SUSE  Linux Enterprise 10 SP4 kernel.

   The following security issues have been fixed:

   * CVE-2009-4067: A USB string descriptor overflow in
   the auerwald USB driver was fixed, which could be used by
   physically proximate attackers to cause a kernel crash.
   * CVE-2011-3363: Always check the path in CIFS mounts
   to avoid interesting filesystem path interaction issues and
   potential crashes.
   * CVE-2011-3191: A malicious CIFS server could cause a
   integer overflow on the local machine on directory index
   operations, in turn causing memory corruption.
   * CVE-2011-1776: The is_gpt_valid function in
   fs/partitions/efi.c in the Linux kernel did not check the
   size of an Extensible Firmware Interface (EFI) GUID
   Partition Table (GPT) entry, which allowed physically
   proximate attackers to cause a denial of service
   (heap-based buffer overflow and OOPS) or obtain sensitive
   information from kernel heap memory by connecting a crafted
   GPT storage device, a different vulnerability than
   CVE-2011-1577.

   The following non-security issues have been fixed:

   * md: fix deadlock in md/raid1 and md/raid10 when
   handling a read error (bnc#628343).
   * md: fix possible raid1/raid10 deadlock on read error
   during resync (bnc#628343).
   * Add timeo parameter to /proc/mounts for nfs
   filesystems (bnc#616256).
   * virtio: indirect ring entries
   (VIRTIO_RING_F_INDIRECT_DESC) (bnc#713876).
   * virtio: teach virtio_has_feature() about transport
   features (bnc#713876).
   * nf_nat: do not add NAT extension for confirmed
   conntracks (bnc#709213).
   * 8250: Oxford Semiconductor Devices (bnc#717126).
   * 8250_pci: Add support for the Digi/IBM PCIe 2-port
   Adapter (bnc#717126).
   * 8250: Fix capabilities when changing the port type
   (bnc#717126).
   * 8250: Add EEH support (bnc#717126).
   * xfs: fix memory reclaim recursion deadlock on locked
   inode buffer (bnc#699355 bnc#699354 bnc#721830).
   * ipmi: do not grab locks in run-to-completion mode
   (bnc#717421).
   * cifs: add fallback in is_path_accessible for old
   servers (bnc#718028).
   * cciss: do not attempt to read from a write-only
   register (bnc#683101).
   * s390: kernel: System hang if hangcheck timer expires
   (bnc#712009,LTC#74157).
   * s390: kernel: NSS creation with initrd fails
   (bnc#712009,LTC#74207).
   * s390: kernel: remove code to handle topology
   interrupts (bnc#712009,LTC#74440).
   * xen: Added 1083-kbdfront-absolute-coordinates.patch
   (bnc#717585).
   * acpi: Use a spinlock instead of mutex to guard
   gbl_lock access (bnc#707439).
   * Allow balance_dirty_pages to help other filesystems
   (bnc#709369).
   * nfs: fix congestion control (bnc#709369).
   * NFS: Separate metadata and page cache revalidation
   mechanisms (bnc#709369).
   * jbd: Fix oops in journal_remove_journal_head()
   (bnc#694315).
   * xen/blkfront: avoid NULL de-reference in CDROM ioctl
   handling (bnc#701355).
   * xen/x86: replace order-based range checking of M2P
   table by linear one.
   * xen/x86: use dynamically adjusted upper bound for
   contiguous regions (bnc#635880).
   * Fix type in
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress.
   * s390: cio: Add timeouts for internal IO
   (bnc#701550,LTC#72691).
   * s390: kernel: first time swap use results in heavy
   swapping (bnc#701550,LTC#73132).
   * s390: qeth: wrong number of output queues for
   HiperSockets (bnc#701550,LTC#73814).

   Security Issue references:

   * CVE-2009-4067
   
   * CVE-2011-3363
   
   * CVE-2011-3191
   
   * CVE-2011-1776
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-kdumppae-2.6.16.60-0.91.1
      kernel-vmi-2.6.16.60-0.91.1
      kernel-vmipae-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.91.1
      kernel-ppc64-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-smp-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.91.1


References:

   https://www.suse.com/security/cve/CVE-2009-4067.html
   https://www.suse.com/security/cve/CVE-2011-1776.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://www.suse.com/security/cve/CVE-2011-3363.html
   https://bugzilla.novell.com/616256
   https://bugzilla.novell.com/628343
   https://bugzilla.novell.com/635880
   https://bugzilla.novell.com/683101
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/694315
   https://bugzilla.novell.com/699354
   https://bugzilla.novell.com/699355
   https://bugzilla.novell.com/701355
   https://bugzilla.novell.com/701550
   https://bugzilla.novell.com/706375
   https://bugzilla.novell.com/707439
   https://bugzilla.novell.com/709213
   https://bugzilla.novell.com/709369
   https://bugzilla.novell.com/712009
   https://bugzilla.novell.com/713876
   https://bugzilla.novell.com/714001
   https://bugzilla.novell.com/717126
   https://bugzilla.novell.com/717421
   https://bugzilla.novell.com/717585
   https://bugzilla.novell.com/718028
   https://bugzilla.novell.com/721830
   https://bugzilla.novell.com/724947
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2011:1195-1: important: Linux kernel

October 28, 2011
An update that solves four vulnerabilities and has 19 fixes An update that solves four vulnerabilities and has 19 fixes An update that solves four vulnerabilities and has 19 fixes ...

Summary

   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1195-1
Rating:             important
References:         #616256 #628343 #635880 #683101 #692784 #694315 
                    #699354 #699355 #701355 #701550 #706375 #707439 
                    #709213 #709369 #712009 #713876 #714001 #717126 
                    #717421 #717585 #718028 #721830 #724947 
Cross-References:   CVE-2009-4067 CVE-2011-1776 CVE-2011-3191
                    CVE-2011-3363
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves four vulnerabilities and has 19 fixes
   is now available.

Description:


   This Linux kernel update fixes various security issues and
   bugs in the SUSE  Linux Enterprise 10 SP4 kernel.

   The following security issues have been fixed:

   * CVE-2009-4067: A USB string descriptor overflow in
   the auerwald USB driver was fixed, which could be used by
   physically proximate attackers to cause a kernel crash.
   * CVE-2011-3363: Always check the path in CIFS mounts
   to avoid interesting filesystem path interaction issues and
   potential crashes.
   * CVE-2011-3191: A malicious CIFS server could cause a
   integer overflow on the local machine on directory index
   operations, in turn causing memory corruption.
   * CVE-2011-1776: The is_gpt_valid function in
   fs/partitions/efi.c in the Linux kernel did not check the
   size of an Extensible Firmware Interface (EFI) GUID
   Partition Table (GPT) entry, which allowed physically
   proximate attackers to cause a denial of service
   (heap-based buffer overflow and OOPS) or obtain sensitive
   information from kernel heap memory by connecting a crafted
   GPT storage device, a different vulnerability than
   CVE-2011-1577.

   The following non-security issues have been fixed:

   * md: fix deadlock in md/raid1 and md/raid10 when
   handling a read error (bnc#628343).
   * md: fix possible raid1/raid10 deadlock on read error
   during resync (bnc#628343).
   * Add timeo parameter to /proc/mounts for nfs
   filesystems (bnc#616256).
   * virtio: indirect ring entries
   (VIRTIO_RING_F_INDIRECT_DESC) (bnc#713876).
   * virtio: teach virtio_has_feature() about transport
   features (bnc#713876).
   * nf_nat: do not add NAT extension for confirmed
   conntracks (bnc#709213).
   * 8250: Oxford Semiconductor Devices (bnc#717126).
   * 8250_pci: Add support for the Digi/IBM PCIe 2-port
   Adapter (bnc#717126).
   * 8250: Fix capabilities when changing the port type
   (bnc#717126).
   * 8250: Add EEH support (bnc#717126).
   * xfs: fix memory reclaim recursion deadlock on locked
   inode buffer (bnc#699355 bnc#699354 bnc#721830).
   * ipmi: do not grab locks in run-to-completion mode
   (bnc#717421).
   * cifs: add fallback in is_path_accessible for old
   servers (bnc#718028).
   * cciss: do not attempt to read from a write-only
   register (bnc#683101).
   * s390: kernel: System hang if hangcheck timer expires
   (bnc#712009,LTC#74157).
   * s390: kernel: NSS creation with initrd fails
   (bnc#712009,LTC#74207).
   * s390: kernel: remove code to handle topology
   interrupts (bnc#712009,LTC#74440).
   * xen: Added 1083-kbdfront-absolute-coordinates.patch
   (bnc#717585).
   * acpi: Use a spinlock instead of mutex to guard
   gbl_lock access (bnc#707439).
   * Allow balance_dirty_pages to help other filesystems
   (bnc#709369).
   * nfs: fix congestion control (bnc#709369).
   * NFS: Separate metadata and page cache revalidation
   mechanisms (bnc#709369).
   * jbd: Fix oops in journal_remove_journal_head()
   (bnc#694315).
   * xen/blkfront: avoid NULL de-reference in CDROM ioctl
   handling (bnc#701355).
   * xen/x86: replace order-based range checking of M2P
   table by linear one.
   * xen/x86: use dynamically adjusted upper bound for
   contiguous regions (bnc#635880).
   * Fix type in
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress.
   * s390: cio: Add timeouts for internal IO
   (bnc#701550,LTC#72691).
   * s390: kernel: first time swap use results in heavy
   swapping (bnc#701550,LTC#73132).
   * s390: qeth: wrong number of output queues for
   HiperSockets (bnc#701550,LTC#73814).

   Security Issue references:

   * CVE-2009-4067
   
   * CVE-2011-3363
   
   * CVE-2011-3191
   
   * CVE-2011-1776
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-kdumppae-2.6.16.60-0.91.1
      kernel-vmi-2.6.16.60-0.91.1
      kernel-vmipae-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.91.1
      kernel-ppc64-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-smp-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.91.1


References:

   https://www.suse.com/security/cve/CVE-2009-4067.html
   https://www.suse.com/security/cve/CVE-2011-1776.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://www.suse.com/security/cve/CVE-2011-3363.html
   https://bugzilla.novell.com/616256
   https://bugzilla.novell.com/628343
   https://bugzilla.novell.com/635880
   https://bugzilla.novell.com/683101
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/694315
   https://bugzilla.novell.com/699354
   https://bugzilla.novell.com/699355
   https://bugzilla.novell.com/701355
   https://bugzilla.novell.com/701550
   https://bugzilla.novell.com/706375
   https://bugzilla.novell.com/707439
   https://bugzilla.novell.com/709213
   https://bugzilla.novell.com/709369
   https://bugzilla.novell.com/712009
   https://bugzilla.novell.com/713876
   https://bugzilla.novell.com/714001
   https://bugzilla.novell.com/717126
   https://bugzilla.novell.com/717421
   https://bugzilla.novell.com/717585
   https://bugzilla.novell.com/718028
   https://bugzilla.novell.com/721830
   https://bugzilla.novell.com/724947
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

References

Severity

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved