SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0153-1
Rating:             important
References:         #651219 #653260 #668872 #671479 #688996 #694945 
                    #697920 #703156 #706973 #707288 #708625 #711378 
                    #716023 #722910 #724734 #725709 #726600 #726788 
                    #728339 #728626 #729854 #730118 #731004 #731770 
                    #732296 #732677 #733146 #733863 #734056 #735216 
                    #735446 #735453 #735635 #736018 #738400 #740535 
                    #740703 #740867 #742270 
Cross-References:   CVE-2010-3873 CVE-2010-4164 CVE-2011-2494
                    CVE-2011-2699 CVE-2011-4077 CVE-2011-4081
                    CVE-2011-4110 CVE-2011-4127 CVE-2011-4132
                    CVE-2012-0038
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 for VMware
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise High Availability Extension 11 SP1
                    SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

   An update that solves 10 vulnerabilities and has 29 fixes
   is now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 SP1 kernel has been updated to
   2.6.32.54,  fixing numerous bugs and security issues.

   The following security issues have been fixed:

   * A potential hypervisor escape by issuing SG_IO
   commands to partitiondevices was fixed by restricting
   access to these commands. ( CVE-2011-4127
    )
   * KEYS: Fix a NULL pointer deref in the user-defined
   key type, which allowed local attackers to Oops the kernel.
   (CVE-2011-4110
    )
   * Avoid potential NULL pointer deref in ghash, which
   allowed local attackers to Oops the kernel. (CVE-2011-4081
    )
   * Fixed a memory corruption possibility in xfs
   readlink, which could be used by local attackers to crash
   the system or potentially execute code by mounting a
   prepared xfs filesystem image. (CVE-2011-4077
    )
   * A overflow in the xfs acl handling was fixed that
   could be used by local attackers to crash the system or
   potentially execute code by mounting a prepared xfs
   filesystem image. (CVE-2012-0038
    )
   * A flaw in the ext3/ext4 filesystem allowed a local
   attacker to crash the kernel by getting a prepared
   ext3/ext4 filesystem mounted. ( CVE-2011-4132
    )
   * Access to the taskstats /proc file was restricted to
   avoid local attackers gaining knowledge of IO of other
   users (and so effecting side-channel attacks for e.g.
   guessing passwords by typing speed). ( CVE-2011-2494
    )
   * When using X.25 communication a malicious sender
   could corrupt data structures, causing crashes or potential
   code execution. Please note that X.25 needs to be setup to
   make this effective, which these days is usually not the
   case. (CVE-2010-3873
    )
   * When using X.25 communication a malicious sender
   could make the machine leak memory, causing crashes. Please
   note that X.25 needs to be setup to make this effective,
   which these days is usually not the case. (CVE-2010-4164
    )
   * A remote denial of service due to a NULL pointer
   dereference by using IPv6 fragments was fixed.
   (CVE-2011-2699
    )

   The following non-security issues have been fixed (excerpt
   from changelog):

   * elousb: Fixed bug in USB core API usage, code cleanup.
   * cifs: overhaul cifs_revalidate and rename to
   cifs_revalidate_dentry.
   * cifs: set server_eof in cifs_fattr_to_inode.
   * xfs: Fix missing xfs_iunlock() on error recovery path
   in xfs_readlink().
   * Silence some warnings about ioctls on partitions.
   * netxen: Remove all references to unified firmware
   file.
   * bonding: send out gratuitous arps even with no
   address configured.
   * patches.fixes/ocfs2-serialize_unaligned_aio.patch:
   ocfs2: serialize unaligned aio.
   *
   patches.fixes/bonding-check-if-clients-MAC-addr-has-changed.
   patch: Update references.
   * xfs: Fix wait calculations on lock acquisition and
   use milliseconds instead of jiffies to print the wait time.
   * ipmi: reduce polling when interrupts are available.
   * ipmi: reduce polling.
   * export shrink_dcache_for_umount_subtree.
   * patches.suse/stack-unwind: Fix more 2.6.29 merge
   problems plus a glue code problem.
   * PM / Sleep: Fix race between CPU hotplug and freezer.
   * jbd: Issue cache flush after checkpointing.
   * lpfc: make sure job exists when processing BSG.
   * blktap: fix locking (again).
   * xen: Update Xen patches to 2.6.32.52.
   * reiserfs: Lock buffers unconditionally in
   reiserfs_write_full_page().
   * writeback: Include all dirty inodes in background
   writeback.
   * reiserfs: Fix quota mount option parsing.
   * bonding: check if clients MAC addr has changed.
   * rpc client can not deal with ENOSOCK, so translate it
   into ENOCONN.
   * st: modify tape driver to allow writing immediate
   filemarks.
   * xfs: fix for xfssyncd failure to wake.
   * ipmi: Fix deadlock in start_next_msg().
   * net: bind() fix error return on wrong address family.
   * net: ipv4: relax AF_INET check in bind().
   * net/ipv6: check for mistakenly passed in non-AF_INET6
   sockaddrs.
   * Bluetooth: Fixed Atheros AR3012 Maryann PID/VID
   supported.
   * percpu: fix chunk range calculation.
   * x86, UV: Fix kdump reboot.
   * dm: Use done_bytes for io_completion.
   * Bluetooth: Add Atheros AR3012 Maryann PID/VID
   supported.
   * Bluetooth: Add Atheros AR3012 one PID/VID supported.
   * fix missing hunk in oplock break patch.
   * patches.arch/s390-34-01-pfault-cpu-hotplug.patch:
   Refresh.
   * Surrounded s390x lowcore change with __GENKSYMS__
   * patches.xen/xen3-patch-2.6.30: Refresh.
   * sched, x86: Avoid unnecessary overflow in sched_clock.
   * ACPI thermal: Do not invalidate thermal zone if
   critical trip point is bad.

Indications:

   Everyone using the Linux Kernel on x86 (32 bit) architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 for VMware:

      zypper in -t patch slessp1-kernel-5723

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-kernel-5723 slessp1-kernel-5724 slessp1-kernel-5725 slessp1-kernel-5729

   - SUSE Linux Enterprise High Availability Extension 11 SP1:

      zypper in -t patch sleshasp1-kernel-5723 sleshasp1-kernel-5724 sleshasp1-kernel-5725 sleshasp1-kernel-5729

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-kernel-5723

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.54]:

      btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73
      btrfs-kmp-pae-0_2.6.32.54_0.3-0.3.73
      ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40
      ext4dev-kmp-pae-0_2.6.32.54_0.3-7.9.40
      ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40
      hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3
      hyper-v-kmp-pae-0_2.6.32.54_0.3-0.18.3
      hyper-v-kmp-trace-0_2.6.32.54_0.3-0.18.3
      kernel-default-2.6.32.54-0.3.1
      kernel-default-base-2.6.32.54-0.3.1
      kernel-default-devel-2.6.32.54-0.3.1
      kernel-pae-2.6.32.54-0.3.1
      kernel-pae-base-2.6.32.54-0.3.1
      kernel-pae-devel-2.6.32.54-0.3.1
      kernel-source-2.6.32.54-0.3.1
      kernel-syms-2.6.32.54-0.3.1
      kernel-trace-2.6.32.54-0.3.1
      kernel-trace-base-2.6.32.54-0.3.1
      kernel-trace-devel-2.6.32.54-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x) [New Version: 2.6.32.54]:

      btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73
      ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40
      ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40
      kernel-default-2.6.32.54-0.3.1
      kernel-default-base-2.6.32.54-0.3.1
      kernel-default-devel-2.6.32.54-0.3.1
      kernel-source-2.6.32.54-0.3.1
      kernel-syms-2.6.32.54-0.3.1
      kernel-trace-2.6.32.54-0.3.1
      kernel-trace-base-2.6.32.54-0.3.1
      kernel-trace-devel-2.6.32.54-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.54]:

      kernel-default-man-2.6.32.54-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.54]:

      ext4dev-kmp-ppc64-0_2.6.32.54_0.3-7.9.40
      kernel-ppc64-2.6.32.54-0.3.1
      kernel-ppc64-base-2.6.32.54-0.3.1
      kernel-ppc64-devel-2.6.32.54-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.54]:

      btrfs-kmp-pae-0_2.6.32.54_0.3-0.3.73
      btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73
      ext4dev-kmp-pae-0_2.6.32.54_0.3-7.9.40
      ext4dev-kmp-xen-0_2.6.32.54_0.3-7.9.40
      hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3
      hyper-v-kmp-pae-0_2.6.32.54_0.3-0.18.3
      hyper-v-kmp-trace-0_2.6.32.54_0.3-0.18.3
      kernel-ec2-2.6.32.54-0.3.1
      kernel-ec2-base-2.6.32.54-0.3.1
      kernel-pae-2.6.32.54-0.3.1
      kernel-pae-base-2.6.32.54-0.3.1
      kernel-pae-devel-2.6.32.54-0.3.1
      kernel-xen-2.6.32.54-0.3.1
      kernel-xen-base-2.6.32.54-0.3.1
      kernel-xen-devel-2.6.32.54-0.3.1

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x):

      cluster-network-kmp-default-1.4_2.6.32.54_0.3-2.5.25
      cluster-network-kmp-trace-1.4_2.6.32.54_0.3-2.5.25
      gfs2-kmp-default-2_2.6.32.54_0.3-0.2.72
      gfs2-kmp-trace-2_2.6.32.54_0.3-0.2.72
      ocfs2-kmp-default-1.6_2.6.32.54_0.3-0.4.2.25
      ocfs2-kmp-trace-1.6_2.6.32.54_0.3-0.4.2.25

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64):

      cluster-network-kmp-ppc64-1.4_2.6.32.54_0.3-2.5.25
      gfs2-kmp-ppc64-2_2.6.32.54_0.3-0.2.72
      ocfs2-kmp-ppc64-1.6_2.6.32.54_0.3-0.4.2.25

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586):

      cluster-network-kmp-pae-1.4_2.6.32.54_0.3-2.5.25
      cluster-network-kmp-xen-1.4_2.6.32.54_0.3-2.5.25
      gfs2-kmp-pae-2_2.6.32.54_0.3-0.2.72
      gfs2-kmp-xen-2_2.6.32.54_0.3-0.2.72
      ocfs2-kmp-pae-1.6_2.6.32.54_0.3-0.4.2.25
      ocfs2-kmp-xen-1.6_2.6.32.54_0.3-0.4.2.25

   - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.54]:

      btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73
      btrfs-kmp-pae-0_2.6.32.54_0.3-0.3.73
      btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73
      hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3
      hyper-v-kmp-pae-0_2.6.32.54_0.3-0.18.3
      kernel-default-2.6.32.54-0.3.1
      kernel-default-base-2.6.32.54-0.3.1
      kernel-default-devel-2.6.32.54-0.3.1
      kernel-default-extra-2.6.32.54-0.3.1
      kernel-desktop-devel-2.6.32.54-0.3.1
      kernel-pae-2.6.32.54-0.3.1
      kernel-pae-base-2.6.32.54-0.3.1
      kernel-pae-devel-2.6.32.54-0.3.1
      kernel-pae-extra-2.6.32.54-0.3.1
      kernel-source-2.6.32.54-0.3.1
      kernel-syms-2.6.32.54-0.3.1
      kernel-trace-devel-2.6.32.54-0.3.1
      kernel-xen-2.6.32.54-0.3.1
      kernel-xen-base-2.6.32.54-0.3.1
      kernel-xen-devel-2.6.32.54-0.3.1
      kernel-xen-extra-2.6.32.54-0.3.1


References:

   https://www.suse.com/security/cve/CVE-2010-3873.html
   https://www.suse.com/security/cve/CVE-2010-4164.html
   https://www.suse.com/security/cve/CVE-2011-2494.html
   https://www.suse.com/security/cve/CVE-2011-2699.html
   https://www.suse.com/security/cve/CVE-2011-4077.html
   https://www.suse.com/security/cve/CVE-2011-4081.html
   https://www.suse.com/security/cve/CVE-2011-4110.html
   https://www.suse.com/security/cve/CVE-2011-4127.html
   https://www.suse.com/security/cve/CVE-2011-4132.html
   https://www.suse.com/security/cve/CVE-2012-0038.html
   https://bugzilla.novell.com/651219
   https://bugzilla.novell.com/653260
   https://bugzilla.novell.com/668872
   https://bugzilla.novell.com/671479
   https://bugzilla.novell.com/688996
   https://bugzilla.novell.com/694945
   https://bugzilla.novell.com/697920
   https://bugzilla.novell.com/703156
   https://bugzilla.novell.com/706973
   https://bugzilla.novell.com/707288
   https://bugzilla.novell.com/708625
   https://bugzilla.novell.com/711378
   https://bugzilla.novell.com/716023
   https://bugzilla.novell.com/722910
   https://bugzilla.novell.com/724734
   https://bugzilla.novell.com/725709
   https://bugzilla.novell.com/726600
   https://bugzilla.novell.com/726788
   https://bugzilla.novell.com/728339
   https://bugzilla.novell.com/728626
   https://bugzilla.novell.com/729854
   https://bugzilla.novell.com/730118
   https://bugzilla.novell.com/731004
   https://bugzilla.novell.com/731770
   https://bugzilla.novell.com/732296
   https://bugzilla.novell.com/732677
   https://bugzilla.novell.com/733146
   https://bugzilla.novell.com/733863
   https://bugzilla.novell.com/734056
   https://bugzilla.novell.com/735216
   https://bugzilla.novell.com/735446
   https://bugzilla.novell.com/735453
   https://bugzilla.novell.com/735635
   https://bugzilla.novell.com/736018
   https://bugzilla.novell.com/738400
   https://bugzilla.novell.com/740535
   https://bugzilla.novell.com/740703
   https://bugzilla.novell.com/740867
   https://bugzilla.novell.com/742270
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/idff/sso

SuSE: 2012:0153-1: important: the Linux Kernel

February 6, 2012
An update that solves 10 vulnerabilities and has 29 fixes An update that solves 10 vulnerabilities and has 29 fixes An update that solves 10 vulnerabilities and has 29 fixes is now...

Summary

The SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54, fixing numerous bugs and security issues. The following security issues have been fixed: * A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. ( CVE-2011-4127 ) * KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. (CVE-2011-4110 ) * Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. (CVE-2011-4081 ) * Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077 ) * A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs f...

Read the Full Advisory

References

#651219 #653260 #668872 #671479 #688996 #694945

#697920 #703156 #706973 #707288 #708625 #711378

#716023 #722910 #724734 #725709 #726600 #726788

#728339 #728626 #729854 #730118 #731004 #731770

#732296 #732677 #733146 #733863 #734056 #735216

#735446 #735453 #735635 #736018 #738400 #740535

#740703 #740867 #742270

Cross- CVE-2010-3873 CVE-2010-4164 CVE-2011-2494

CVE-2011-2699 CVE-2011-4077 CVE-2011-4081

CVE-2011-4110 CVE-2011-4127 CVE-2011-4132

CVE-2012-0038

Affected Products:

SUSE Linux Enterprise Server 11 SP1 for VMware

SUSE Linux Enterprise Server 11 SP1

SUSE Linux Enterprise High Availability Extension 11 SP1

SUSE Linux Enterprise Desktop 11 SP1

https://www.suse.com/security/cve/CVE-2010-3873.html

https://www.suse.com/s...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2012:0153-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved