SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0616-1
Rating:             important
References:         #611264 #617344 #624072 #652942 #668194 #676204 
                    #688079 #693639 #697920 #700449 #704280 #713148 
                    #714507 #716850 #717994 #719793 #720374 #721366 
                    #727834 #729247 #731809 #733761 #734300 #734900 
                    #737326 #738210 #738503 #738528 #738679 #740180 
                    #740895 #740969 #742210 #742358 #743209 #743619 
                    #744163 #744658 #745422 #745699 #745832 #745929 
                    #746980 #747028 #747430 #747445 #748112 #748279 
                    #748812 #749342 #749569 #749886 #750079 #750171 
                    #751322 #751844 #751880 #752491 #752634 #752972 
                    #755178 #755537 #756448 #756840 #757917 #758532 
                    #758813 #759544 
Cross-References:   CVE-2011-1083 CVE-2011-4086 CVE-2011-4622
                    CVE-2012-0045 CVE-2012-0879 CVE-2012-1090
                    CVE-2012-1097 CVE-2012-2133
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Server 11 SP1 for VMware
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise High Availability Extension 11 SP1
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP1
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 60 fixes is
   now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 SP1 kernel have been updated
   to the 2.6.32.59  stable release to fix a lot of bugs and
   security issues.

   The following security issues have been fixed:

   * CVE-2012-2133: A use after free bug in hugetlb
   support could be used by local attackers to crash the
   system.
   * CVE-2012-1097: A null pointer dereference bug in the
   regsets proc file could be used by local attackers to
   perhaps crash the system. With mmap_min_addr is set and
   enabled, exploitation is unlikely.
   * CVE-2012-0879: A reference counting issue in CLONE_IO
   could be used by local attackers to cause a denial of
   service (out of memory).
   * CVE-2012-1090: A file handle leak in CIFS code could
   be used by local attackers to crash the system.
   * CVE-2011-1083: Large nested epoll chains could be
   used by local attackers to cause a denial of service
   (excessive CPU consumption).
   * CVE-2011-4622: When using KVM, programming a PIT
   timer without a irqchip configuration, can be used to crash
   the kvm guest. This likely can be done only by a privileged
   guest user.
   * CVE-2012-0045: A KVM 32bit guest crash in "syscall"
   opcode handling was fixed that could be caused by local
   attackers.
   * CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be
   caused by specific filesystem access patterns.

   The following non-security issues have been fixed:

   X86:

   * x86: fix the initialization of physnode_map
   (bnc#748112).
   * x86: Allow bootmem reserves at greater than 8G node
   offset within a node (bnc#740895).
   * x86, tsc: Fix SMI induced variation in
   quick_pit_calibrate(). (bnc#751322)
   * x86, efi: Work around broken firmware. (bnc#714507)

   BONDING:

   * bonding: update speed/duplex for NETDEV_CHANGE
   (bnc#752634).
   * bonding: comparing a u8 with -1 is always false
   (bnc#752634).
   * bonding: start slaves with link down for ARP monitor
   (bnc#752634).
   * bonding: send gratuitous ARP for all addresses
   (bnc#752491).

   XFS:

   * xfs: Fix excessive inode syncing when project quota
   is exceeded (bnc#756448).
   * xfs: Fix oops on IO error during
   xlog_recover_process_iunlinks() (bnc#716850).

   SCSI:

   * scsi/ses: Handle non-unique element descriptors   (bnc#749342, bnc#617344).
   * scsi/sd: mark busy sd majors as allocated
   (bug#744658).
   * scsi: Check for invalid sdev in
   scsi_prep_state_check() (bnc#734300).

   MD/RAID:

   * md: fix possible corruption of array metadata on
   shutdown.
   * md: ensure changes to write-mostly are reflected in
   metadata (bnc#755178).
   * md: do not set md arrays to readonly on shutdown
   (bnc#740180, bnc#713148, bnc#734900).

   XEN:

   * smpboot: adjust ordering of operations.
   * x86-64: provide a memset() that can deal with 4Gb or
   above at a time (bnc#738528).
   * blkfront: properly fail packet requests (bnc#745929).
   * Update Xen patches to 2.6.32.57.
   * xenbus: Reject replies with payload >
   XENSTORE_PAYLOAD_MAX.
   * xenbus_dev: add missing error checks to watch
   handling.
   * Refresh other Xen patches (bnc#652942, bnc#668194,
   bnc#688079).
   * fix Xen-specific kABI issue in Linux 2.6.19.

   NFS:

   * NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and
   MKDIR (bnc#751880).
   * nfs: Include SYNC flag when comparing mount options
   with NOAC flag (bnc#745422).
   * NFS returns EIO for EDQUOT and others (bnc#747028).
   * lockd: fix arg parsing for grace_period and timeout
   (bnc#733761).
   * nfs: allow nfs4leasetime to be set before starting
   servers (bnc#733761).
   * nfs: handle d_revalidate of dot correctly
   (bnc#731809).

   S/390:

   * ctcmpc: use correct idal word list for ctcmpc
   (bnc#750171,LTC#79264).
   * qeth: synchronize discipline module loading
   (bnc#747430,LTC#78788).
   * qdio: avoid race leading to stall when tolerating CQ
   (bnc#737326,LTC#76599).
   * kernel: no storage key operations for invalid page
   table entries (bnc#737326,LTC#77697).

   OTHER:

   * tlan: add cast needed for proper 64 bit operation
   (bnc#756840).
   * dl2k: Tighten ioctl permissions (bnc#758813).
   * tg3: Fix RSS ring refill race condition (bnc#757917).
   * usbhid: fix error handling of not enough bandwidth
   (bnc#704280).
   * pagecache limit: Fix the shmem deadlock (bnc#755537).
   * tty_audit: fix tty_audit_add_data live lock on audit
   disabled (bnc#721366).
   * ixgbe: driver sets all WOL flags upon initialization
   so that machine is powered on as soon at it is switched off
   (bnc#693639)
   * PCI: Set device power state to PCI_D0 for device
   without native PM support (bnc#752972).
   * dlm: Do not allocate a fd for peeloff (bnc#729247).
   * sctp: Export sctp_do_peeloff (bnc#729247).
   * epoll: Do not limit non-nested epoll paths
   (bnc#676204).
   * mlx4: Limit MSI-X vector allocation (bnc#624072).
   * mlx4: Changing interrupt scheme (bnc#624072).
   * mlx4_en: Assigning TX irq per ring (bnc#624072).
   * mlx4_en: Restoring RX buffer pointer in case of
   failure (bnc#624072).
   * mlx4_en: using new mlx4 interrupt scheme (bnc#624072).
   * igb: Fix for Alt MAC Address feature on 82580 and
   later devices (bnc#746980).
   * igb: Power down link when interface is down
   (bnc#745699).
   * igb: use correct bits to identify if managability is
   enabled (bnc#743209).
   * intel_agp: Do not oops with zero stolen memory
   (bnc#738679).
   * agp: fix scratch page cleanup (bnc#738679).
   * hugetlb: add generic definition of NUMA_NO_NODE
   (bnc#751844).
   * sched: Fix proc_sched_set_task() (bnc#717994).
   * PM: Print a warning if firmware is requested when
   tasks are frozen (bnc#749886).
   * PM / Sleep: Fix freezer failures due to racy
   usermodehelper_is_disabled() (bnc#749886).
   * PM / Sleep: Fix read_unlock_usermodehelper() call
   (bnc#749886).
   * firmware loader: allow builtin firmware load even if
   usermodehelper is disabled (bnc#749886).
   * PM / Hibernate: Enable usermodehelpers in
   software_resume() error path (bnc#744163).
   * ipv6: Allow inet6_dump_addr() to handle more than 64
   addresses (bnc#748279).
   * ipv6: fix refcnt problem related to POSTDAD state
   (bnc#743619).
   * be2net: change to show correct physical link status
   (bnc#727834).
   * be2net: changes to properly provide phy details
   (bnc#727834).
   * aio: fix race between io_destroy() and io_submit()
   (bnc#747445 bnc#611264).
   * intel-iommu: Check for identity mapping candidate
   using system dma mask (bnc#700449).
   * intel-iommu: Dont cache iova above 32bit (bnc#700449).
   * intel-iommu: Add domain check in
   domain_remove_one_dev_info (bnc#700449).
   * intel-iommu: Provide option to enable 64-bit IOMMU
   pass through mode (bnc#700449).
   * intel-iommu: Remove Host Bridge devices from identity
   mapping (bnc#700449).
   * intel-iommu: Speed up processing of the
   identity_mapping function (bnc#700449).
   * intel-iommu: Use coherent DMA mask when requested
   (bnc#700449).
   * 1: Fix accounting of softirq time when idle
   (bnc#719793).
   * driver-core: fix race between device_register and
   driver_register (bnc#742358).
   * dcache:
   patches.fixes/large-hash-dcache_init-fix.patch: Fix oops
   when initializing large hash on > 16TB machine (bnc#742210).
   * kdump: Save PG_compound or PG_head value in
   VMCOREINFO (bnc#738503).
   * Update config files: disable NET_9P_RDMA (bnc#720374).
   * cdc-wdm: fix race leading leading to memory
   corruption (bnc#759544).

   Security Issue references:

   * CVE-2011-1083
   
   * CVE-2011-4086
   
   * CVE-2011-4622
   
   * CVE-2012-0045
   
   * CVE-2012-0879
   
   * CVE-2012-1090
   
   * CVE-2012-1097
   
   * CVE-2012-2133
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp1-kernel-6227 slessp1-kernel-6228 slessp1-kernel-6229 slessp1-kernel-6238

   - SUSE Linux Enterprise Server 11 SP1 for VMware:

      zypper in -t patch slessp1-kernel-6227 slessp1-kernel-6230

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-kernel-6227 slessp1-kernel-6228 slessp1-kernel-6229 slessp1-kernel-6230 slessp1-kernel-6238

   - SUSE Linux Enterprise High Availability Extension 11 SP1:

      zypper in -t patch sleshasp1-kernel-6227 sleshasp1-kernel-6228 sleshasp1-kernel-6229 sleshasp1-kernel-6230 sleshasp1-kernel-6238

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp1-kernel-6227

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-kernel-6227 sledsp1-kernel-6230

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x):

      btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92
      ext4dev-kmp-default-0_2.6.32.59_0.3-7.9.59
      ext4dev-kmp-trace-0_2.6.32.59_0.3-7.9.59

   - SUSE Linux Enterprise Server 11 SP2 (ppc64):

      ext4dev-kmp-ppc64-0_2.6.32.59_0.3-7.9.59

   - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 2.6.32.59]:

      btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92
      btrfs-kmp-xen-0_2.6.32.59_0.3-0.3.92
      ext4dev-kmp-pae-0_2.6.32.59_0.3-7.9.59
      ext4dev-kmp-xen-0_2.6.32.59_0.3-7.9.59
      hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16
      hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16
      hyper-v-kmp-trace-0_2.6.32.59_0.3-0.18.16
      kernel-ec2-2.6.32.59-0.3.1
      kernel-ec2-base-2.6.32.59-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92
      ext4dev-kmp-default-0_2.6.32.59_0.3-7.9.59
      ext4dev-kmp-trace-0_2.6.32.59_0.3-7.9.59
      hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16
      hyper-v-kmp-trace-0_2.6.32.59_0.3-0.18.16
      kernel-default-2.6.32.59-0.3.1
      kernel-default-base-2.6.32.59-0.3.1
      kernel-default-devel-2.6.32.59-0.3.1
      kernel-source-2.6.32.59-0.3.1
      kernel-syms-2.6.32.59-0.3.1
      kernel-trace-2.6.32.59-0.3.1
      kernel-trace-base-2.6.32.59-0.3.1
      kernel-trace-devel-2.6.32.59-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.59]:

      btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92
      ext4dev-kmp-pae-0_2.6.32.59_0.3-7.9.59
      hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16
      kernel-pae-2.6.32.59-0.3.1
      kernel-pae-base-2.6.32.59-0.3.1
      kernel-pae-devel-2.6.32.59-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92
      ext4dev-kmp-default-0_2.6.32.59_0.3-7.9.59
      ext4dev-kmp-trace-0_2.6.32.59_0.3-7.9.59
      kernel-default-2.6.32.59-0.3.1
      kernel-default-base-2.6.32.59-0.3.1
      kernel-default-devel-2.6.32.59-0.3.1
      kernel-source-2.6.32.59-0.3.1
      kernel-syms-2.6.32.59-0.3.1
      kernel-trace-2.6.32.59-0.3.1
      kernel-trace-base-2.6.32.59-0.3.1
      kernel-trace-devel-2.6.32.59-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-xen-0_2.6.32.59_0.3-0.3.92
      ext4dev-kmp-xen-0_2.6.32.59_0.3-7.9.59
      hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16
      hyper-v-kmp-trace-0_2.6.32.59_0.3-0.18.16
      kernel-ec2-2.6.32.59-0.3.1
      kernel-ec2-base-2.6.32.59-0.3.1
      kernel-ec2-devel-2.6.32.59-0.3.1
      kernel-xen-2.6.32.59-0.3.1
      kernel-xen-base-2.6.32.59-0.3.1
      kernel-xen-devel-2.6.32.59-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.59]:

      kernel-default-man-2.6.32.59-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.59]:

      ext4dev-kmp-ppc64-0_2.6.32.59_0.3-7.9.59
      kernel-ppc64-2.6.32.59-0.3.1
      kernel-ppc64-base-2.6.32.59-0.3.1
      kernel-ppc64-devel-2.6.32.59-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.59]:

      btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92
      ext4dev-kmp-pae-0_2.6.32.59_0.3-7.9.59
      hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16
      kernel-pae-2.6.32.59-0.3.1
      kernel-pae-base-2.6.32.59-0.3.1
      kernel-pae-devel-2.6.32.59-0.3.1

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_2.6.32.59_0.3-2.5.45
      cluster-network-kmp-trace-1.4_2.6.32.59_0.3-2.5.45
      gfs2-kmp-default-2_2.6.32.59_0.3-0.2.91
      gfs2-kmp-trace-2_2.6.32.59_0.3-0.2.91
      ocfs2-kmp-default-1.6_2.6.32.59_0.3-0.4.2.45
      ocfs2-kmp-trace-1.6_2.6.32.59_0.3-0.4.2.45

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 x86_64):

      cluster-network-kmp-xen-1.4_2.6.32.59_0.3-2.5.45
      gfs2-kmp-xen-2_2.6.32.59_0.3-0.2.91
      ocfs2-kmp-xen-1.6_2.6.32.59_0.3-0.4.2.45

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64):

      cluster-network-kmp-ppc64-1.4_2.6.32.59_0.3-2.5.45
      gfs2-kmp-ppc64-2_2.6.32.59_0.3-0.2.91
      ocfs2-kmp-ppc64-1.6_2.6.32.59_0.3-0.4.2.45

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586):

      cluster-network-kmp-pae-1.4_2.6.32.59_0.3-2.5.45
      gfs2-kmp-pae-2_2.6.32.59_0.3-0.2.91
      ocfs2-kmp-pae-1.6_2.6.32.59_0.3-0.4.2.45

   - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 2.6.32.59]:

      btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92
      btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92
      btrfs-kmp-xen-0_2.6.32.59_0.3-0.3.92
      hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16
      hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16
      kernel-desktop-devel-2.6.32.59-0.3.1

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 2.6.32.59]:

      btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92
      btrfs-kmp-xen-0_2.6.32.59_0.3-0.3.92
      hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16
      kernel-default-2.6.32.59-0.3.1
      kernel-default-base-2.6.32.59-0.3.1
      kernel-default-devel-2.6.32.59-0.3.1
      kernel-default-extra-2.6.32.59-0.3.1
      kernel-desktop-devel-2.6.32.59-0.3.1
      kernel-source-2.6.32.59-0.3.1
      kernel-syms-2.6.32.59-0.3.1
      kernel-trace-devel-2.6.32.59-0.3.1
      kernel-xen-2.6.32.59-0.3.1
      kernel-xen-base-2.6.32.59-0.3.1
      kernel-xen-devel-2.6.32.59-0.3.1
      kernel-xen-extra-2.6.32.59-0.3.1

   - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.59]:

      btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92
      hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16
      kernel-pae-2.6.32.59-0.3.1
      kernel-pae-base-2.6.32.59-0.3.1
      kernel-pae-devel-2.6.32.59-0.3.1
      kernel-pae-extra-2.6.32.59-0.3.1

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-2.6.32.59-0.3.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-2.6.32.59-0.3.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      kernel-ppc64-extra-2.6.32.59-0.3.1

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-2.6.32.59-0.3.1


References:

   http://support.novell.com/security/cve/CVE-2011-1083.html
   http://support.novell.com/security/cve/CVE-2011-4086.html
   http://support.novell.com/security/cve/CVE-2011-4622.html
   https://www.suse.com/security/cve/CVE-2012-0045.html
   http://support.novell.com/security/cve/CVE-2012-0879.html
   http://support.novell.com/security/cve/CVE-2012-1090.html
   http://support.novell.com/security/cve/CVE-2012-1097.html
   http://support.novell.com/security/cve/CVE-2012-2133.html
   https://bugzilla.novell.com/611264
   https://bugzilla.novell.com/617344
   https://bugzilla.novell.com/624072
   https://bugzilla.novell.com/652942
   https://bugzilla.novell.com/668194
   https://bugzilla.novell.com/676204
   https://bugzilla.novell.com/688079
   https://bugzilla.novell.com/693639
   https://bugzilla.novell.com/697920
   https://bugzilla.novell.com/700449
   https://bugzilla.novell.com/704280
   https://bugzilla.novell.com/713148
   https://bugzilla.novell.com/714507
   https://bugzilla.novell.com/716850
   https://bugzilla.novell.com/717994
   https://bugzilla.novell.com/719793
   https://bugzilla.novell.com/720374
   https://bugzilla.novell.com/721366
   https://bugzilla.novell.com/727834
   https://bugzilla.novell.com/729247
   https://bugzilla.novell.com/731809
   https://bugzilla.novell.com/733761
   https://bugzilla.novell.com/734300
   https://bugzilla.novell.com/734900
   https://bugzilla.novell.com/737326
   https://bugzilla.novell.com/738210
   https://bugzilla.novell.com/738503
   https://bugzilla.novell.com/738528
   https://bugzilla.novell.com/738679
   https://bugzilla.novell.com/740180
   https://bugzilla.novell.com/740895
   https://bugzilla.novell.com/740969
   https://bugzilla.novell.com/742210
   https://bugzilla.novell.com/742358
   https://bugzilla.novell.com/743209
   https://bugzilla.novell.com/743619
   https://bugzilla.novell.com/744163
   https://bugzilla.novell.com/744658
   https://bugzilla.novell.com/745422
   https://bugzilla.novell.com/745699
   https://bugzilla.novell.com/745832
   https://bugzilla.novell.com/745929
   https://bugzilla.novell.com/746980
   https://bugzilla.novell.com/747028
   https://bugzilla.novell.com/747430
   https://bugzilla.novell.com/747445
   https://bugzilla.novell.com/748112
   https://bugzilla.novell.com/748279
   https://bugzilla.novell.com/748812
   https://bugzilla.novell.com/749342
   https://bugzilla.novell.com/749569
   https://bugzilla.novell.com/749886
   https://bugzilla.novell.com/750079
   https://bugzilla.novell.com/750171
   https://bugzilla.novell.com/751322
   https://bugzilla.novell.com/751844
   https://bugzilla.novell.com/751880
   https://bugzilla.novell.com/752491
   https://bugzilla.novell.com/752634
   https://bugzilla.novell.com/752972
   https://bugzilla.novell.com/755178
   https://bugzilla.novell.com/755537
   https://bugzilla.novell.com/756448
   https://bugzilla.novell.com/756840
   https://bugzilla.novell.com/757917
   https://bugzilla.novell.com/758532
   https://bugzilla.novell.com/758813
   https://bugzilla.novell.com/759544
   http://download.novell.com/patch/finder/?keywords=1e4adcc13979f6e0edae89a1f83efe4b
   http://download.novell.com/patch/finder/?keywords=53329dfb9cc84e6d2bc6d1f418dd371c
   http://download.novell.com/patch/finder/?keywords=58369efceea971820d4fcd4d5a7c2ef6
   http://download.novell.com/patch/finder/?keywords=59f23e0836e0df248ae14c769ecdd7d3
   http://download.novell.com/patch/finder/?keywords=763d59c2691aa9de51f489118dbe394c
   http://download.novell.com/patch/finder/?keywords=a1f901b5aa53a2ebe1c8ee72b5bf4f77
   http://download.novell.com/patch/finder/?keywords=aec0b832ae76838da3b2076f7d59e991
   http://download.novell.com/patch/finder/?keywords=c9182ab9f8793390d7283366086c5f96
   http://download.novell.com/patch/finder/?keywords=eb828a35b91422d320f8c3f2f81d2876
   http://download.novell.com/patch/finder/?keywords=efd514eca66da8be4a95dffed72779e5

SuSE: 2012:0616-1: important: Linux kernel

May 14, 2012
An update that solves 8 vulnerabilities and has 60 fixes is An update that solves 8 vulnerabilities and has 60 fixes is An update that solves 8 vulnerabilities and has 60 fixes is ...

Summary

The SUSE Linux Enterprise 11 SP1 kernel have been updated to the 2.6.32.59 stable release to fix a lot of bugs and security issues. The following security issues have been fixed: * CVE-2012-2133: A use after free bug in hugetlb support could be used by local attackers to crash the system. * CVE-2012-1097: A null pointer dereference bug in the regsets proc file could be used by local attackers to perhaps crash the system. With mmap_min_addr is set and enabled, exploitation is unlikely. * CVE-2012-0879: A reference counting issue in CLONE_IO could be used by local attackers to cause a denial of service (out of memory). * CVE-2012-1090: A file handle leak in CIFS code could be used by local attackers to crash the system. * CVE-2011-1083: Large nested epoll chains could be used by local attackers to cause a denial of service (excessive CPU consumption). * CVE-2011-4622: When using KVM, programming a PIT timer without a...

Read the Full Advisory

References

#611264 #617344 #624072 #652942 #668194 #676204

#688079 #693639 #697920 #700449 #704280 #713148

#714507 #716850 #717994 #719793 #720374 #721366

#727834 #729247 #731809 #733761 #734300 #734900

#737326 #738210 #738503 #738528 #738679 #740180

#740895 #740969 #742210 #742358 #743209 #743619

#744163 #744658 #745422 #745699 #745832 #745929

#746980 #747028 #747430 #747445 #748112 #748279

#748812 #749342 #749569 #749886 #750079 #750171

#751322 #751844 #751880 #752491 #752634 #752972

#755178 #755537 #756448 #756840 #757917 #758532

#758813 #759544

Cross- CVE-2011-1083 CVE-2011-4086 CVE-2011-4622

CVE-2012-0045 CVE-2012-0879 CVE-2012-1090

CVE-2012-1097 CVE-2012-2133

Affected Products:

SUSE Linux Enterprise Server...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2012:0616-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved