SUSE Security Update: kernel update for SLE11 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0689-1
Rating:             important
References:         #704280 #708836 #718521 #721857 #725592 #732296 
                    #738528 #738644 #743232 #744758 #745088 #746938 
                    #748112 #748463 #748806 #748859 #750426 #751550 
                    #752022 #752634 #753172 #753698 #754085 #754428 
                    #754690 #754969 #755178 #755537 #755758 #755812 
                    #756236 #756821 #756840 #756940 #757077 #757202 
                    #757205 #757289 #757373 #757517 #757565 #757719 
                    #757783 #757789 #757950 #758104 #758279 #758532 
                    #758540 #758731 #758813 #758833 #759340 #759539 
                    #759541 #759657 #759908 #759971 #760015 #760279 
                    #760346 #760974 #761158 #761387 #761772 #762285 
                    #762329 #762424 
Cross-References:   CVE-2012-2127 CVE-2012-2133 CVE-2012-2313
                    CVE-2012-2319
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise High Availability Extension 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves four vulnerabilities and has 64 fixes
   is now available. It includes one version update.

Description:

   The SUSE Linux Enterprise 11 SP2 kernel was updated to
   3.0.31, fixing lots of bugs and security issues.

   Various security and bug fixes contained in the Linux 3.0
   stable releases 3.0.27 up to 3.0.31 are included, but not
   explicitly listed below.

   Following security issues were fixed: CVE-2012-2313: The
   dl2k network card driver lacked permission handling for
   some ethtool ioctls, which could allow local attackers to
   start/stop the network card.

   CVE-2012-2133: A use after free bug in hugetlb support
   could be used by local attackers to crash the system.

   CVE-2012-2127: Various leaks in namespace handling over
   fork where fixed, which could be exploited by e.g. vsftpd
   access by remote users.

   CVE-2012-2319: A memory corruption when mounting a hfsplus
   filesystem was fixed that could be used by local attackers   able to mount filesystem to crash the system.

   Following non security bugs were fixed by this update:
   BTRFS:
   - btrfs: partial revert of truncation improvements
   (bnc#748463 bnc#760279).
   - btrfs: fix eof while discarding extents
   - btrfs: check return value of bio_alloc() properly
   - btrfs: return void from clear_state_bit
   - btrfs: avoid possible use-after-free in clear_extent_bit()
   - btrfs: Make free_ipath() deal gracefully with NULL
   pointers   - btrfs: do not call free_extent_buffer twice in
   iterate_irefs
   - btrfs: add missing read locks in backref.c
   - btrfs: fix max chunk size check in chunk allocator
   - btrfs: double unlock bug in error handling
   - btrfs: do not return EINTR
   - btrfs: fix btrfs_ioctl_dev_info() crash on missing device
   - btrfs: fix that check_int_data mount option was ignored
   - btrfs: do not mount when we have a sectorsize unequal to
   PAGE_SIZE
   - btrfs: avoid possible use-after-free in clear_extent_bit()
   - btrfs: retrurn void from clear_state_bit
   - btrfs: Fix typo in free-space-cache.c
   - btrfs: remove the ideal caching code
   - btrfs: remove search_start and search_end from
   find_free_extent and callers   - btrfs: adjust the write_lock_level as we unlock
   - btrfs: actually call btrfs_init_lockdep
   - btrfs: fix regression in scrub path resolving
   - btrfs: show useful info in space reservation tracepoint
   - btrfs: flush out and clean up any block device pages
   during mount
   - btrfs: fix deadlock during allocating chunks
   - btrfs: fix race between direct io and autodefrag
   - btrfs: fix the mismatch of page->mapping
   - btrfs: fix recursive defragment with autodefrag option
   - btrfs: add a check to decide if we should defrag the range
   - btrfs: do not bother to defrag an extent if it is a big
   real extent
   - btrfs: update to the right index of defragment
   - btrfs: Fix use-after-free in __btrfs_end_transaction
   - btrfs: stop silently switching single chunks to raid0 on
   balance
   - btrfs: add wrappers for working with alloc profiles
   - btrfs: make profile_is_valid() check more strict
   - btrfs: move alloc_profile_is_valid() to volumes.c
   - btrfs: add get_restripe_target() helper
   - btrfs: add __get_block_group_index() helper
   - btrfs: improve the logic in btrfs_can_relocate()
   - btrfs: validate target profiles only if we are going to
   use them
   - btrfs: allow dup for data chunks in mixed mode
   - btrfs: fix memory leak in resolver code
   - btrfs: fix infinite loop in btrfs_shrink_device()
   - btrfs: error handling locking fixu
   - btrfs: fix uninit variable in repair_eb_io_failure
   - btrfs: always store the mirror we read the eb from
   - btrfs: do not count CRC or header errors twice while
   scrubbing
   - btrfs: do not start delalloc inodes during sync
   - btrfs: fix repair code for RAID10
   - btrfs: Prevent root_list corruption
   - btrfs: fix block_rsv and space_info lock ordering
   - btrfs: Fix space checking during fs resize
   - btrfs: avoid deadlocks from GFP_KERNEL allocations during
   btrfs_real_readdir
   - btrfs: reduce lock contention during extent insertion
   - btrfs: Add properly locking around add_root_to_dirty_list
   - btrfs: Fix mismatching struct members in ioctl.h

   netfilter:
   - netfilter: nf_conntrack: make event callback registration
   per-netns (bnc#758540).


   DRM:
   - drm/edid: Add a workaround for 1366x768 HD panel
   (bnc#753172).
   - drm/edid: Add extra_modes (bnc#753172).
   - drm/edid: Add packed attribute to new gtf2 and cvt
   structs (bnc#753172).
   - drm/edid: Add the reduced blanking DMT modes to the DMT
   list (bnc#753172).
   - drm/edid: Allow drm_mode_find_dmt to hunt for
   reduced-blanking modes (bnc#753172).
   - drm/edid: Do drm_dmt_modes_for_range() for all range
   descriptor types (bnc#753172).
   - drm/edid: Document drm_mode_find_dmt (bnc#753172).
   - drm/edid: Fix some comment typos in the DMT mode list
   (bnc#753172).
   - drm/edid: Generate modes from extra_modes for range
   descriptors (bnc#753172).
   - drm/edid: Give the est3 mode struct a real name
   (bnc#753172).
   - drm/edid: Remove a misleading comment (bnc#753172).
   - drm/edid: Rewrite drm_mode_find_dmt search loop
   (bnc#753172).
   - drm/edid: Update range descriptor struct for EDID 1.4
   (bnc#753172).
   - drm/edid: add missing NULL checks (bnc#753172).
   - drm/edid:
   s/drm_gtf_modes_for_range/drm_dmt_modes_for_range/
   (bnc#753172).
   - Fix kABI for drm EDID improvement patches (bnc#753172).
   - drm: Fix the case where multiple modes are returned from
   EDID (bnc#753172)
   - drm/i915: Add more standard modes to LVDS output
   (bnc#753172).
   - drm/i915: Disable LVDS at mode change (bnc#752022).
   - drm/i915: add Ivy Bridge GT2 Server entries (bnc#759971).
   - drm/i915: delay drm_irq_install() at resume (bnc#753698).
   - EDD: Check for correct EDD 3.0 length (bnc#762285).

   XEN:
   - blkfront: make blkif_io_lock spinlock per-device.
   - blkback: streamline main processing loop (fate#309305).
   - blkback: Implement discard requests handling
   (fate#309305).
   - blkback: Enhance discard support with secure erasing
   support (fate#309305).
   - blkfront: Handle discard requests (fate#309305).
   - blkfront: Enhance discard support with secure erasing
   support (fate#309305).
   - blkif: support discard (fate#309305).
   - blkif: Enhance discard support with secure erasing
   support (fate#309305).
   - xen/smpboot: adjust ordering of operations.
   - x86-64: provide a memset() that can deal with 4Gb or
   above at a time (bnc#738528).
   - Update Xen patches to 3.0.27.
   - Update Xen patches to 3.0.31.
   - xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53
   (bnc#760974).
   - xen/gntdev: fix multi-page slot allocation (bnc#760974).

   TG3:
   - tg3: Avoid panic from reserved statblk field access
   (bnc#760346).
   - tg3: Fix 5717 serdes powerdown problem (bnc#756940).
   - tg3: Fix RSS ring refill race condition (bnc#756940).
   - tg3: Fix single-vector MSI-X code (bnc#756940).
   - tg3: fix ipv6 header length computation (bnc#756940).

   S/390:
   - dasd: Fix I/O stall when reserving dasds (bnc#757719).
   - s390/af_iucv: detect down state of HS transport interface
   (bnc#758279,LTC#80859).
   - s390/af_iucv: allow shutdown for HS transport sockets
   (bnc#758279,LTC#80860).
   - mm: s390: Fix BUG by using __set_page_dirty_no_writeback
   on swap. (bnc#751550)
   - s390/qeth: Improve OSA Express 4 blkt defaults
   (bnc#754969,LTC#80325).
   - s390/zcrypt: Fix parameter checking for ZSECSENDCPRB
   ioctl (bnc#754969,LTC#80378).
   - zfcpdump: Implement async sdias event processing
   (bnc#761387,LTC#81330).

   ALSA:
   - ALSA: hda - Always resume the codec immediately
   (bnc#750426).
   - ALSA: hda - Add Creative CA0132 HDA codec support
   (bnc#762424).
   - ALSA: hda - Fix error handling in patch_ca0132.c
   (bnc#762424).
   - ALSA: hda - Add the support for Creative SoundCore3D
   (bnc#762424).

   OTHER:
   - ixgbe: fix ring assignment issues for SR-IOV and drop
   cases (bnc#761158).
   - ixgbe: add missing rtnl_lock in PM resume path
   (bnc#748859).

   - MCE, AMD: Drop too granulary family model checks
   (bnc#758833).
   - EDAC, MCE, AMD: Print CPU number when reporting the error
   (bnc#758833).
   - EDAC, MCE, AMD: Print valid addr when reporting an error
   (bnc#758833).

   - libata: skip old error history when counting probe trials.

   - x86: kdb: restore kdb stack trace (bnc#760015).

   - ehea: fix allmulticast support,
   - ehea: fix promiscuous mode (both bnc#757289)
   - ehea: only register irq after setting up ports
   (bnc#758731).
   - ehea: fix losing of NEQ events when one event occurred
   early (bnc#758731).

   - scsi: Silence unnecessary warnings about ioctl to
   partition (bnc#758104).
   - scsi_dh_rdac: Update match function to check page C8
   (bnc#757077).
   - scsi_dh_rdac: Add new NetApp IDs (bnc#757077).

   - bluetooth: Add support for Foxconn/Hon Hai AR5BBU22
   0489:E03C (bnc#759908).

   - x86/amd: Add missing feature flag for fam15h models
   10h-1fh processors (bnc#759340).
   - x86: Report cpb and eff_freq_ro flags correctly
   (bnc#759340).
   - x86, amd: Fix up numa_node information for AMD CPU family
   15h model 0-0fh northbridge functions (bnc#759340).
   - x86/PCI: amd: Kill misleading message about enablement of
   IO access to PCI ECS] (bnc#759340).

   - cdc-wdm: fix race leading leading to memory corruption
   (bnc#759539).

   - tlan: add cast needed for proper 64 bit operation
   (bnc#756840).

   - bonding:update speed/duplex for NETDEV_CHANGE
   (bnc#752634).
   - bonding: comparing a u8 with -1 is always false
   (bnc#752634).
   - bonding: start slaves with link down for ARP monitor
   (bnc#752634).
   - bonding: do not increase rx_dropped after processing
   LACPDUs (bnc#759657).

   - x86: fix the initialization of physnode_map (bnc#748112).

   - sched,rt: fix isolated CPUs leaving root_task_group
   indefinitely throttled (bnc#754085).

   - Fix SLE11-SP1->SLE11-SP2 interrupt latency regression.
   Revert 0209f649, and turn tick skew on globally, since
   0209f649 came about to mitigate lock contention that skew
   removal induces, both on xtime_lock and on RCU leaf node
   locks. NOTE: This change trades ~400% latency regression
   fix for power consumption progression that skew removal
   bought (at high cost).
   - Revert mainline 0209f649 - rcu: limit rcu_node leaf-level
   fanout (bnc#718521).

   - md: fix possible corruption of array metadata on shutdown.
   - md/bitmap: prevent bitmap_daemon_work running while
   initialising bitmap.
   - md: ensure changes to write-mostly are reflected in
   metadata (bnc#755178).

   - cciss: Add IRQF_SHARED back in for the non-MSI(X)
   interrupt handler (bnc#757789).

   - procfs, namespace, pid_ns: fix leakage upon fork()
   failure (bnc#757783).
   - mqueue: fix a vfsmount longterm reference leak
   (bnc#757783).
   - procfs: fix a vfsmount longterm reference leak
   (bnc#757783).


   - scsi_dh_alua: Optimize stpg command (bnc#744758).
   - scsi_dh_alua: Store pref bit from RTPG (bnc#755758).
   - scsi_dh_alua: set_params interface (bnc#755758).

   - uwb: fix error handling (bnc#757950).
   - uwb: fix use of del_timer_sync() in interrupt
   (bnc#757950).

   - usbhid: fix error handling of not enough bandwidth
   (bnc#704280).

   - mm: Improve preservation of page-age information
   (bnc#754690)

   - pagecache limit: Fix the shmem deadlock (bnc#755537).

   - USB: sierra: add support for Sierra Wireless MC7710
   (bnc#757517).
   - USB: fix resource leak in xhci power loss path
   (bnc#746938).

   - x86/iommu/intel: Fix identity mapping for sandy bridge
   (bnc#743232).

   - ipv6: Check dest prefix length on original route not
   copied one in rt6_alloc_cow() (bnc#757202).
   - ipv6: do not use inetpeer to store metrics for routes
   (bnc#757202).
   - ipv6: fix problem with expired dst cache (bnc#757205).
   - ipv6: unshare inetpeers.
   - bridge: correct IPv6 checksum after pull (bnc#738644).

   - scsi: storvsc: Account for in-transit packets in the
   RESET path.

   -
   patches.fixes/mm-mempolicy.c-fix-pgoff-in-mbind-vma-merge.pa
   tch:
   -
   patches.fixes/mm-mempolicy.c-refix-mbind_range-vma-issue.pat
   ch: Fix vma merging issue during mbind affecting JVMs.

   - ACPI, APEI: Fix incorrect APEI register bit width check
   and usage (bnc#725592).

   - vmxnet3: cap copy length at size of skb to prevent
   dropped frames on tx (bnc#755812).

   - rt2x00: rt2x00dev: move rfkill_polling register to proper
   place (bnc#748806).

   - pagecache: fix the BUG_ON safety belt
   - pagecache: Fixed the GFP_NOWAIT is zero and not suitable
   for tests bug (bnc#755537)

   - igb: reset PHY after recovering from PHY power down.
   (bnc#745088)
   - igb: fix rtnl race in PM resume path (bnc#748859).

   - watchdog: iTCO_wdt.c - problems with newer hardware due
   to SMI clearing (bnc#757373).
   - watchdog: iTCO_wdt.c - problems with newer hardware due
   to SMI clearing (bnc#757373, redhat#727875).

   - cfq-iosched: Reduce linked group count upon group
   destruction (bnc#759541).
   - cdc_ether: Ignore bogus union descriptor for RNDIS
   devices (bnc#761772).
   - sys_poll: fix incorrect type for timeout parameter
   (bnc#754428).

   - staging:rts_pstor:Avoid "Bad target number" message when
   probing driver (bnc#762329).
   - staging:rts_pstor:Complete scanning_done variable
   (bnc#762329).
   - staging:rts_pstor:Fix SDIO issue (bnc#762329).
   - staging:rts_pstor: Fix a bug that a MMCPlus card ca not
   be accessed (bnc#762329).
   - staging:rts_pstor: Fix a miswriting (bnc#762329).
   - staging:rts_pstor:Fix possible panic by NULL pointer
   dereference (bnc#762329).
   - staging:rts_pstor: fix thread synchronization flow
   (bnc#762329).
   - freezer:do not unnecessarily set PF_NOFREEZE explicitly
   (bnc#762329).
   - staging:rts_pstor: off by one in for loop (bnc#762329).

   - patches.suse/cgroup-disable-memcg-when-low-lowmem.patch:
   fix typo: use if defined(CONFIG_*) rather than if CONFIG_*

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.
Contraindications:


   Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-kernel-6338 slessp2-kernel-6349

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-kernel-6338 slessp2-kernel-6339 slessp2-kernel-6345 slessp2-kernel-6348 slessp2-kernel-6349

   - SUSE Linux Enterprise High Availability Extension 11 SP2:

      zypper in -t patch sleshasp2-kernel-6338 sleshasp2-kernel-6339 sleshasp2-kernel-6345 sleshasp2-kernel-6348 sleshasp2-kernel-6349

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-kernel-6338 sledsp2-kernel-6349

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.31]:

      kernel-default-3.0.31-0.9.1
      kernel-default-base-3.0.31-0.9.1
      kernel-default-devel-3.0.31-0.9.1
      kernel-source-3.0.31-0.9.1
      kernel-syms-3.0.31-0.9.1
      kernel-trace-3.0.31-0.9.1
      kernel-trace-base-3.0.31-0.9.1
      kernel-trace-devel-3.0.31-0.9.1
      kernel-xen-devel-3.0.31-0.9.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.31]:

      kernel-pae-3.0.31-0.9.1
      kernel-pae-base-3.0.31-0.9.1
      kernel-pae-devel-3.0.31-0.9.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.31]:

      kernel-default-3.0.31-0.9.1
      kernel-default-base-3.0.31-0.9.1
      kernel-default-devel-3.0.31-0.9.1
      kernel-source-3.0.31-0.9.1
      kernel-syms-3.0.31-0.9.1
      kernel-trace-3.0.31-0.9.1
      kernel-trace-base-3.0.31-0.9.1
      kernel-trace-devel-3.0.31-0.9.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.31]:

      kernel-ec2-3.0.31-0.9.1
      kernel-ec2-base-3.0.31-0.9.1
      kernel-ec2-devel-3.0.31-0.9.1
      kernel-xen-3.0.31-0.9.1
      kernel-xen-base-3.0.31-0.9.1
      kernel-xen-devel-3.0.31-0.9.1

   - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.31]:

      kernel-default-man-3.0.31-0.9.1

   - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.31]:

      kernel-ppc64-3.0.31-0.9.1
      kernel-ppc64-base-3.0.31-0.9.1
      kernel-ppc64-devel-3.0.31-0.9.1

   - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.31]:

      kernel-pae-3.0.31-0.9.1
      kernel-pae-base-3.0.31-0.9.1
      kernel-pae-devel-3.0.31-0.9.1

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_3.0.31_0.9-2.10.23
      cluster-network-kmp-trace-1.4_3.0.31_0.9-2.10.23
      gfs2-kmp-default-2_3.0.31_0.9-0.7.23
      gfs2-kmp-trace-2_3.0.31_0.9-0.7.23
      ocfs2-kmp-default-1.6_3.0.31_0.9-0.7.23
      ocfs2-kmp-trace-1.6_3.0.31_0.9-0.7.23

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.31_0.9-2.10.23
      gfs2-kmp-xen-2_3.0.31_0.9-0.7.23
      ocfs2-kmp-xen-1.6_3.0.31_0.9-0.7.23

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):

      cluster-network-kmp-ppc64-1.4_3.0.31_0.9-2.10.23
      gfs2-kmp-ppc64-2_3.0.31_0.9-0.7.23
      ocfs2-kmp-ppc64-1.6_3.0.31_0.9-0.7.23

   - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):

      cluster-network-kmp-pae-1.4_3.0.31_0.9-2.10.23
      gfs2-kmp-pae-2_3.0.31_0.9-0.7.23
      ocfs2-kmp-pae-1.6_3.0.31_0.9-0.7.23

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.31]:

      kernel-default-3.0.31-0.9.1
      kernel-default-base-3.0.31-0.9.1
      kernel-default-devel-3.0.31-0.9.1
      kernel-default-extra-3.0.31-0.9.1
      kernel-source-3.0.31-0.9.1
      kernel-syms-3.0.31-0.9.1
      kernel-trace-3.0.31-0.9.1
      kernel-trace-base-3.0.31-0.9.1
      kernel-trace-devel-3.0.31-0.9.1
      kernel-trace-extra-3.0.31-0.9.1
      kernel-xen-3.0.31-0.9.1
      kernel-xen-base-3.0.31-0.9.1
      kernel-xen-devel-3.0.31-0.9.1
      kernel-xen-extra-3.0.31-0.9.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.31]:

      kernel-pae-3.0.31-0.9.1
      kernel-pae-base-3.0.31-0.9.1
      kernel-pae-devel-3.0.31-0.9.1
      kernel-pae-extra-3.0.31-0.9.1

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      ext4-writeable-kmp-default-0_3.0.31_0.9-0.14.4
      kernel-default-extra-3.0.31-0.9.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      ext4-writeable-kmp-xen-0_3.0.31_0.9-0.14.4
      kernel-xen-extra-3.0.31-0.9.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      ext4-writeable-kmp-ppc64-0_3.0.31_0.9-0.14.4
      kernel-ppc64-extra-3.0.31-0.9.1

   - SLE 11 SERVER Unsupported Extras (i586):

      ext4-writeable-kmp-pae-0_3.0.31_0.9-0.14.4
      kernel-pae-extra-3.0.31-0.9.1


References:

   https://www.suse.com/security/cve/CVE-2012-2127.html
   https://www.suse.com/security/cve/CVE-2012-2133.html
   https://www.suse.com/security/cve/CVE-2012-2313.html
   https://www.suse.com/security/cve/CVE-2012-2319.html
   https://bugzilla.novell.com/704280
   https://bugzilla.novell.com/708836
   https://bugzilla.novell.com/718521
   https://bugzilla.novell.com/721857
   https://bugzilla.novell.com/725592
   https://bugzilla.novell.com/732296
   https://bugzilla.novell.com/738528
   https://bugzilla.novell.com/738644
   https://bugzilla.novell.com/743232
   https://bugzilla.novell.com/744758
   https://bugzilla.novell.com/745088
   https://bugzilla.novell.com/746938
   https://bugzilla.novell.com/748112
   https://bugzilla.novell.com/748463
   https://bugzilla.novell.com/748806
   https://bugzilla.novell.com/748859
   https://bugzilla.novell.com/750426
   https://bugzilla.novell.com/751550
   https://bugzilla.novell.com/752022
   https://bugzilla.novell.com/752634
   https://bugzilla.novell.com/753172
   https://bugzilla.novell.com/753698
   https://bugzilla.novell.com/754085
   https://bugzilla.novell.com/754428
   https://bugzilla.novell.com/754690
   https://bugzilla.novell.com/754969
   https://bugzilla.novell.com/755178
   https://bugzilla.novell.com/755537
   https://bugzilla.novell.com/755758
   https://bugzilla.novell.com/755812
   https://bugzilla.novell.com/756236
   https://bugzilla.novell.com/756821
   https://bugzilla.novell.com/756840
   https://bugzilla.novell.com/756940
   https://bugzilla.novell.com/757077
   https://bugzilla.novell.com/757202
   https://bugzilla.novell.com/757205
   https://bugzilla.novell.com/757289
   https://bugzilla.novell.com/757373
   https://bugzilla.novell.com/757517
   https://bugzilla.novell.com/757565
   https://bugzilla.novell.com/757719
   https://bugzilla.novell.com/757783
   https://bugzilla.novell.com/757789
   https://bugzilla.novell.com/757950
   https://bugzilla.novell.com/758104
   https://bugzilla.novell.com/758279
   https://bugzilla.novell.com/758532
   https://bugzilla.novell.com/758540
   https://bugzilla.novell.com/758731
   https://bugzilla.novell.com/758813
   https://bugzilla.novell.com/758833
   https://bugzilla.novell.com/759340
   https://bugzilla.novell.com/759539
   https://bugzilla.novell.com/759541
   https://bugzilla.novell.com/759657
   https://bugzilla.novell.com/759908
   https://bugzilla.novell.com/759971
   https://bugzilla.novell.com/760015
   https://bugzilla.novell.com/760279
   https://bugzilla.novell.com/760346
   https://bugzilla.novell.com/760974
   https://bugzilla.novell.com/761158
   https://bugzilla.novell.com/761387
   https://bugzilla.novell.com/761772
   https://bugzilla.novell.com/762285
   https://bugzilla.novell.com/762329
   https://bugzilla.novell.com/762424
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2012:0689-1: important: kernel SLE11 SP2

June 2, 2012
An update that solves four vulnerabilities and has 64 fixes An update that solves four vulnerabilities and has 64 fixes An update that solves four vulnerabilities and has 64 fixes ...

Summary

The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.31, fixing lots of bugs and security issues. Various security and bug fixes contained in the Linux 3.0 stable releases 3.0.27 up to 3.0.31 are included, but not explicitly listed below. Following security issues were fixed: CVE-2012-2313: The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card. CVE-2012-2133: A use after free bug in hugetlb support could be used by local attackers to crash the system. CVE-2012-2127: Various leaks in namespace handling over fork where fixed, which could be exploited by e.g. vsftpd access by remote users. CVE-2012-2319: A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system. Following non security bugs were fixed by this update: BTRFS: - btrfs: par...

Read the Full Advisory

References

#704280 #708836 #718521 #721857 #725592 #732296

#738528 #738644 #743232 #744758 #745088 #746938

#748112 #748463 #748806 #748859 #750426 #751550

#752022 #752634 #753172 #753698 #754085 #754428

#754690 #754969 #755178 #755537 #755758 #755812

#756236 #756821 #756840 #756940 #757077 #757202

#757205 #757289 #757373 #757517 #757565 #757719

#757783 #757789 #757950 #758104 #758279 #758532

#758540 #758731 #758813 #758833 #759340 #759539

#759541 #759657 #759908 #759971 #760015 #760279

#760346 #760974 #761158 #761387 #761772 #762285

#762329 #762424

Cross- CVE-2012-2127 CVE-2012-2133 CVE-2012-2313

CVE-2012-2319

Affected Products:

SUSE Linux Enterprise Server 11 SP2 for VMware

SUSE Linux Enterprise Server 11 SP2

...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2012:0689-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved