SuSE: 2011:1319-1: important: Linux kernel
Summary
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:1319-1
Rating: important
References: #659101 #675127 #687049 #691440 #694863 #695898
#698450 #699709 #701183 #702013 #706374 #707288
#709671 #711501 #711539 #712002 #712404 #712405
#713229 #713650 #714744 #717263 #717690 #717884
#719450 #719786 #719916 #720536 #721299 #721337
#721464 #721830 #721840 #722429 #722504 #723542
#723815 #724365 #724800 #724989 #725453 #725502
#725709 #725878 #728626 #729111 #729721 #731035
#731229 #731673 #731981 #732021 #732535
Cross-References: CVE-2011-1576 CVE-2011-1833 CVE-2011-2203
CVE-2011-2699 CVE-2011-3188 CVE-2011-4326
CVE-2011-4330
Affected Products:
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise High Availability Extension 11 SP1
SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 46 fixes is
now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 1 kernel has been
updated to version 2.6.32.49 and fixes various bugs and
security issues.
* CVE-2011-3188: The TCP/IP initial sequence number
generation effectively only used 24 bits of 32 to generate
randomness, making a brute force man-in-the-middle attack
on TCP/IP connections feasible. The generator was changed
to use full 32bit randomness.
* CVE-2011-2699: Fernando Gont discovered that the IPv6
stack used predictable fragment identification numbers. A
remote attacker could exploit this to exhaust network
resources, leading to a denial of service.
* CVE-2011-2203: A NULL ptr dereference on mounting
corrupt hfs filesystems was fixed which could be used by
local attackers to crash the kernel.
* CVE-2011-1833: Added a kernel option to ensure
ecryptfs is mounting only on paths belonging to the current
ui, which would have allowed local attackers to potentially
gain privileges via symlink attacks.
* CVE-2011-1576: The Generic Receive Offload (GRO)
implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that
are processed by the napi_reuse_skb function, leading to
(1) a memory leak or (2) memory corruption, a different
vulnerability than CVE-2011-1478.
* CVE-2011-4330: A name overflow in the hfs filesystem
was fixed, where mounting a corrupted hfs filesystem could
lead to a stack overflow and code execution in the kernel.
This requires a local attacker to be able to mount hfs
filesystems.
* CVE-2011-4326: A bug was found in the way headroom
check was performed in udp6_ufo_fragment() function. A
remote attacker could use this flaw to crash the system.
The following non-security bugs have been fixed:
* ALSA: hda - Fix S3/S4 problem on machines with
VREF-pin mute-LED (bnc#732535).
* patches.xen/xen-pcpu-hotplug: Fix a double kfree().
* ixgbe: fix bug with vlan strip in promsic mode
(bnc#687049, fate#311821).
* ixgbe: fix panic when shutting down system with WoL
enabled.
* fnic: Allow users to modify dev_loss_tmo setting
(bnc#719786).
* x86, intel: Do not mark sched_clock() as stable
(bnc#725709).
* ALSA: hda - Keep vref-LED during power-saving on IDT
codecs (bnc#731981).
* cifs: Assume passwords are encoded according to
iocharset (bnc#731035).
* scsi_dh: Check queuedata pointer before proceeding
(bnc#714744).
* netback: use correct index for invalidation in
netbk_tx_check_mop().
* ACPI video: introduce module parameter
video.use_bios_initial_backlight (bnc#731229).
* SUNRPC: prevent task_cleanup running on freed xprt
(bnc#709671).
* add device entry for Broadcom Valentine combo card
(bnc#722429).
* quota: Fix WARN_ON in lookup_one_len (bnc#728626).
* Update Xen patches to 2.6.32.48.
* pv-on-hvm/kexec: add xs_reset_watches to shutdown
watches from old kernel (bnc#694863).
* x86: undo_limit_pages() must reset page count.
* mm/vmstat.c: cache align vm_stat (bnc#729721).
* s390/ccwgroup: fix uevent vs dev attrs race
(bnc#659101,LTC#69028).
* Warn on pagecache limit usage (FATE309111).
* SCSI: st: fix race in st_scsi_execute_end
(bnc#720536).
* ACPI: introduce "acpi_rsdp=" parameter for kdump
(bnc#717263).
* elousb: Limit the workaround warning to one per
error, control workaround activity (bnc#719916).
* SCSI: libiscsi: reset cmd timer if cmds are making
progress (bnc#691440).
* SCSI: fix crash in scsi_dispatch_cmd() (bnc#724989).
* NFS/sunrpc: do not use a credential with extra groups
(bnc#725878).
* s390/qdio: EQBS retry after CCQ 96
(bnc#725453,LTC#76117).
* fcoe: Reduce max_sectors to 1024 (bnc#695898).
* apparmor: return -ENOENT when there is no profile for
a hat (bnc#725502).
* sched, cgroups: disallow attaching kthreadd
(bnc#721840).
* nfs: Check validity of cl_rpcclient in
nfs_server_list_show (bnc#717884).
* x86, vt-d: enable x2apic opt out (disabling x2apic
through BIOS flag) (bnc#701183, fate#311989).
* block: Free queue resources at blk_release_queue()
(bnc#723815).
* ALSA: hda - Add post_suspend patch ops (bnc#724800).
* ALSA: hda - Allow codec-specific set_power_state ops
(bnc#724800).
* ALSA: hda - Add support for vref-out based mute LED
control on IDT codecs (bnc#724800).
* scsi_dh_rdac : Add definitions for different RDAC
operating modes (bnc#724365).
* scsi_dh_rdac : Detect the different RDAC operating
modes (bnc#724365).
* scsi_dh_rdac : decide whether to send mode select
based on operating mode (bnc#724365).
* scsi_dh_rdac: Use WWID from C8 page instead of
Subsystem id from C4 page to identify storage (bnc#724365).
* vlan: Match underlying dev carrier on vlan add
(bnc#722504).
* scsi_lib: pause between error retries (bnc#675127).
* xfs: use KM_NOFS for allocations during attribute
list operations (bnc#721830)
* bootsplash: Do not crash when no fb is set
(bnc#723542).
* cifs: do not allow cifs_iget to match inodes of the
wrong type (bnc#711501).
* cifs: fix noserverino handling when 1 extensions are
enabled (bnc#711501).
* cifs: reduce false positives with inode aliasing
serverino autodisable (bnc#711501).
* parport_pc: release IO region properly if unsupported
ITE887x card is found (bnc#721464).
* writeback: avoid unnecessary calculation of bdi dirty
thresholds (bnc#721299).
* 1: Fix bogus it_blocksize in VIO iommu code
(bnc#717690).
* ext4: Fix max file size and logical block counting of
extent format file (bnc#706374).
* novfs: Unable to change password in the Novell Client
for Linux (bnc#713229).
* xfs: add more ilock tracing.
* sched: move wakeup tracepoint above out_running
(bnc#712002).
* config.conf: Build KMPs for the -trace flavor as well
(fate#312759, bnc#712404, bnc#712405, bnc#721337).
* memsw: remove noswapaccount kernel parameter
(bnc#719450).
Security Issue references:
* CVE-2011-3188
References
