SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0736-1
Rating:             important
References:         #671124 #671479 #683270 #693639 #713430 #718343 
                    #721869 #722400 #723294 #724692 #724734 #726600 
                    #729685 #730118 #730200 #731673 #732613 #733155 
                    #734707 #737325 #737899 #740131 #742148 #742881 
                    #744592 #745640 #745732 #745760 #745929 #746397 
                    #746980 #747381 #749168 #750168 #750928 #751880 
                    #752486 #754964 #758813 #760902 #761389 #762111 
                    #764128 
Cross-References:   CVE-2011-2928 CVE-2011-4077 CVE-2011-4324
                    CVE-2011-4330 CVE-2012-2313 CVE-2012-2319
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 37 fixes is
   now available.

Description:


   This Linux kernel update fixes various security issues and
   bugs in the SUSE  Linux Enterprise 10 SP4 kernel.

   The following security issues have been fixed:

   *

   CVE-2012-2319: A memory corruption when mounting a
   hfsplus filesystem was fixed that could be used by local
   attackers able to mount filesystem to crash the system.

   *

   CVE-2012-2313: The dl2k network card driver lacked
   permission handling for some ethtool ioctls, which could
   allow local attackers to start/stop the network card.

   *

   CVE-2011-2928: The befs_follow_linkl function in
   fs/befs/linuxvfs.c in the Linux kernel did not validate the
   lenght attribute of long symlinsk, which allowed local
   users to cause a denial of service (incorrect pointer
   dereference and Ooops) by accessing a long symlink on a
   malformed Be filesystem.

   *

   CVE-2011-4077: Fixed a memory corruption possibility
   in xfs readlink, which could be used by local attackers to
   crash the system or potentially execute code by mounting a
   prepared xfs filesystem image.

   *

   CVE-2011-4324: A BUG() error report in the nfs4xdr
   routines on a NFSv4 mount was fixed that could happen
   during mknod.

   *

   CVE-2011-4330: Mounting a corrupted hfs filesystem
   could lead to a buffer overflow.

   The following non-security issues have been fixed:

   * kernel: pfault task state race (bnc#764128,LTC#81724).
   * ap: Toleration for ap bus devices with device type 10
   (bnc#761389).
   * hugetlb, numa: fix interleave mpol reference count
   (bnc#762111).
   * cciss: fixup kdump (bnc#730200).
   * kdump: Avoid allocating bootmem map over crash
   reserved region (bnc#749168, bnc#722400, bnc#742881).
   * qeth: Improve OSA Express 4 blkt defaults
   (bnc#754964,LTC#80325).
   * zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl
   (bnc#754964,LTC#80378).
   * virtio: add names to virtqueue struct, mapping from
   devices to queues (bnc#742148).
   * virtio: find_vqs/del_vqs virtio operations
   (bnc#742148).
   * virtio_pci: optional MSI-X support (bnc#742148).
   * virtio_pci: split up vp_interrupt (bnc#742148).
   * knfsd: nfsd4: fix laundromat shutdown race (752556).
   * driver core: Check for valid device in
   bus_find_device() (bnc#729685).
   * VMware detection backport from mainline (bnc#671124,
   bnc#747381).
   * net: adding memory barrier to the poll and receive
   callbacks (bnc#746397 bnc#750928).
   * qla2xxx: drop reference before wait for completion
   (bnc#744592).
   * qla2xxx: drop reference before wait for completion
   (bnc#744592).
   * ixgbe driver sets all WOL flags upon initialization
   so that machine is powered on as soon at it is switched off
   (bnc#693639)
   * Properly release MSI(X) vector(s) when MSI(X) gets
   disabled (bnc#723294, bnc#721869).
   * scsi: Always retry internal target error (bnc#745640).
   * cxgb4: fix parent device access in netdev_printk
   (bnc#733155).
   * lcs: lcs offline failure (bnc#752486,LTC#79788).
   * qeth: add missing wake_up call (bnc#752486,LTC#79899).
   * NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and
   MKDIR (bnc#751880).
   * xenbus: Reject replies with payload >
   XENSTORE_PAYLOAD_MAX.
   * xenbus_dev: add missing error checks to watch
   handling.
   * blkfront: properly fail packet requests (bnc#745929).
   * blkback: failure to write "feature-barrier" node is
   non-fatal.
   * igb: Free MSI and MSIX interrupt vectors on driver
   remove or shutdown (bnc#723294).
   * igb: Fix for Alt MAC Address feature on 82580 and
   later devices (bnc#746980).
   * igb: Free MSI and MSIX interrupt vectors on driver
   remove or shutdown (bnc#723294).
   * cfq: Fix infinite loop in cfq_preempt_queue()
   (bnc#724692).
   * dasd: fix fixpoint divide exception in define_extent
   (bnc#750168,LTC#79125).
   * ctcmpc: use correct idal word list for ctcmpc
   (bnc#750168,LTC#79264).
   * patches.fixes/ext3-fix-reuse-of-freed-blocks.diff:
   Delete. Patch should not really be needed and apparently
   causes a performance regression (bnc#683270)
   * tcp: fix race condition leading to premature
   termination of sockets in FIN_WAIT2 state and connection
   being reset (bnc#745760)
   * kernel: console interrupts vs. panic
   (bnc#737325,LTC#77272).
   * af_iucv: remove IUCV-pathes completely
   (bnc#737325,LTC#78292).
   * qdio: wrong buffers-used counter for ERROR buffers   (bnc#737325,LTC#78758).
   * ext3: Fix credit estimate for DIO allocation
   (bnc#745732).
   * jbd: validate sb->s_first in journal_get_superblock()
   (bnc#730118).
   * ocfs2: serialize unaligned aio (bnc#671479).
   * cifs: eliminate usage of kthread_stop for cifsd
   (bnc#718343).
   * virtio: fix wrong type used, resulting in truncated
   addresses in bigsmp kernel. (bnc#737899)
   * cciss: Adds simple mode functionality (bnc#730200).
   * blktap: fix locking (again) (bnc#724734).
   * block: Initial support for data-less (or empty)
   barrier support (bnc#734707 FATE#313126).
   * xen: Do not allow empty barriers to be passed down to
   queues that do not grok them (bnc#734707 FATE#313126).
   * linkwatch: Handle jiffies wrap-around (bnc#740131).

   Security Issue references:

   * CVE-2011-2928
   
   * CVE-2011-4077
   
   * CVE-2011-4324
   
   * CVE-2011-4330
   
   * CVE-2012-2319
   
   * CVE-2012-2313
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.97.1
      kernel-source-2.6.16.60-0.97.1
      kernel-syms-2.6.16.60-0.97.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.97.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.97.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.97.1
      kernel-xen-2.6.16.60-0.97.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.97.1
      kernel-kdumppae-2.6.16.60-0.97.1
      kernel-vmi-2.6.16.60-0.97.1
      kernel-vmipae-2.6.16.60-0.97.1
      kernel-xenpae-2.6.16.60-0.97.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.97.1
      kernel-ppc64-2.6.16.60-0.97.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.97.1
      kernel-smp-2.6.16.60-0.97.1
      kernel-source-2.6.16.60-0.97.1
      kernel-syms-2.6.16.60-0.97.1
      kernel-xen-2.6.16.60-0.97.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.97.1
      kernel-xenpae-2.6.16.60-0.97.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.97.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.97.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.97.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.97.1


References:

   https://www.suse.com/security/cve/CVE-2011-2928.html
   https://www.suse.com/security/cve/CVE-2011-4077.html
   https://www.suse.com/security/cve/CVE-2011-4324.html
   https://www.suse.com/security/cve/CVE-2011-4330.html
   https://www.suse.com/security/cve/CVE-2012-2313.html
   https://www.suse.com/security/cve/CVE-2012-2319.html
   https://bugzilla.novell.com/671124
   https://bugzilla.novell.com/671479
   https://bugzilla.novell.com/683270
   https://bugzilla.novell.com/693639
   https://bugzilla.novell.com/713430
   https://bugzilla.novell.com/718343
   https://bugzilla.novell.com/721869
   https://bugzilla.novell.com/722400
   https://bugzilla.novell.com/723294
   https://bugzilla.novell.com/724692
   https://bugzilla.novell.com/724734
   https://bugzilla.novell.com/726600
   https://bugzilla.novell.com/729685
   https://bugzilla.novell.com/730118
   https://bugzilla.novell.com/730200
   https://bugzilla.novell.com/731673
   https://bugzilla.novell.com/732613
   https://bugzilla.novell.com/733155
   https://bugzilla.novell.com/734707
   https://bugzilla.novell.com/737325
   https://bugzilla.novell.com/737899
   https://bugzilla.novell.com/740131
   https://bugzilla.novell.com/742148
   https://bugzilla.novell.com/742881
   https://bugzilla.novell.com/744592
   https://bugzilla.novell.com/745640
   https://bugzilla.novell.com/745732
   https://bugzilla.novell.com/745760
   https://bugzilla.novell.com/745929
   https://bugzilla.novell.com/746397
   https://bugzilla.novell.com/746980
   https://bugzilla.novell.com/747381
   https://bugzilla.novell.com/749168
   https://bugzilla.novell.com/750168
   https://bugzilla.novell.com/750928
   https://bugzilla.novell.com/751880
   https://bugzilla.novell.com/752486
   https://bugzilla.novell.com/754964
   https://bugzilla.novell.com/758813
   https://bugzilla.novell.com/760902
   https://bugzilla.novell.com/761389
   https://bugzilla.novell.com/762111
   https://bugzilla.novell.com/764128
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2012:0736-1: important: Linux kernel

June 14, 2012
An update that solves 6 vulnerabilities and has 37 fixes is An update that solves 6 vulnerabilities and has 37 fixes is An update that solves 6 vulnerabilities and has 37 fixes is ...

Summary

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed: * CVE-2012-2319: A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system. * CVE-2012-2313: The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card. * CVE-2011-2928: The befs_follow_linkl function in fs/befs/linuxvfs.c in the Linux kernel did not validate the lenght attribute of long symlinsk, which allowed local users to cause a denial of service (incorrect pointer dereference and Ooops) by accessing a long symlink on a malformed Be filesystem. * CVE-2011-4077: Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system o...

Read the Full Advisory

References

#671124 #671479 #683270 #693639 #713430 #718343

#721869 #722400 #723294 #724692 #724734 #726600

#729685 #730118 #730200 #731673 #732613 #733155

#734707 #737325 #737899 #740131 #742148 #742881

#744592 #745640 #745732 #745760 #745929 #746397

#746980 #747381 #749168 #750168 #750928 #751880

#752486 #754964 #758813 #760902 #761389 #762111

#764128

Cross- CVE-2011-2928 CVE-2011-4077 CVE-2011-4324

CVE-2011-4330 CVE-2012-2313 CVE-2012-2319

Affected Products:

SUSE Linux Enterprise Server 10 SP4

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

https://www.suse.com/security/cve/CVE-2011-2928.html

https://www.suse.com/security/cve/CVE-2011-4077.html

https://www.suse.com/security/cve/CVE-2011-4324.html

https://www.suse.com/security/cve/CVE-2011-...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2012:0736-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved