SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1391-1
Rating:             important
References:         #674284 #703156 #734056 #738400 #738528 #747576 
                    #755546 #758985 #760974 #762581 #763526 #765102 
                    #765320 #767277 #767504 #767766 #767939 #769784 
                    #770507 #770697 #772409 #773272 #773831 #776888 
                    #777575 #783058 
Cross-References:   CVE-2011-1044 CVE-2011-4110 CVE-2012-2136
                    CVE-2012-2663 CVE-2012-2744 CVE-2012-3510
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 20 fixes is
   now available.

Description:


   This Linux kernel update fixes various security issues and
   bugs in the SUSE  Linux Enterprise 10 SP4 kernel.

   The following security issues have been fixed:

   *

   CVE-2011-2494: kernel/taskstats.c in the Linux kernel
   allowed local users to obtain sensitive I/O statistics by
   sending taskstats commands to a netlink socket, as
   demonstrated by discovering the length of another users   password (a side channel attack).

   *

   CVE-2012-2744:
   net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux
   kernel, when the nf_conntrack_ipv6 module is enabled,
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and system crash) via certain types of
   fragmented IPv6 packets.

   *

   CVE-2012-3510: Use-after-free vulnerability in the
   xacct_add_tsk function in kernel/tsacct.c in the Linux
   kernel allowed local users to obtain potentially sensitive
   information from kernel memory or cause a denial of service
   (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
   command.

   *

   CVE-2011-4110: The user_update function in
   security/keys/user_defined.c in the Linux kernel 2.6
   allowed local users to cause a denial of service (NULL
   pointer dereference and kernel oops) via vectors related to
   a user-defined key and updating a negative key into a fully
   instantiated key.

   *

   CVE-2011-1044: The ib_uverbs_poll_cq function in
   drivers/infiniband/core/uverbs_cmd.c in the Linux kernel
   did not initialize a certain response buffer, which allowed
   local users to obtain potentially sensitive information
   from kernel memory via vectors that cause this buffer to be
   only partially filled, a different vulnerability than
   CVE-2010-4649.

   *

   CVE-2012-3400: Heap-based buffer overflow in the
   udf_load_logicalvol function in fs/udf/super.c in the Linux
   kernel allowed remote attackers to cause a denial of
   service (system crash) or possibly have unspecified other
   impact via a crafted UDF filesystem.

   *

   CVE-2012-2136: The sock_alloc_send_pskb function in
   net/core/sock.c in the Linux kernel did not properly
   validate a certain length value, which allowed local users   to cause a denial of service (heap-based buffer overflow
   and system crash) or possibly gain privileges by leveraging
   access to a TUN/TAP device.

   *

   CVE-2012-2663: A small denial of service leak in
   dropping syn+fin messages was fixed.

   The following non-security issues have been fixed:

   Packaging:

   * kbuild: Fix gcc -x syntax (bnc#773831).

   NFS:

   * knfsd: An assortment of little fixes to the sunrpc
   cache code (bnc#767766).
   * knfsd: Unexport cache_fresh and fix a small race
   (bnc#767766).
   * knfsd: nfsd: do not drop silently on upcall deferral
   (bnc#767766).
   * knfsd: svcrpc: remove another silent drop from
   deferral code (bnc#767766).
   * sunrpc/cache: simplify cache_fresh_locked and
   cache_fresh_unlocked (bnc#767766).
   * sunrpc/cache: recheck cache validity after
   cache_defer_req (bnc#767766).
   * sunrpc/cache: use list_del_init for the list_head
   entries in cache_deferred_req (bnc#767766).
   * sunrpc/cache: avoid variable over-loading in
   cache_defer_req (bnc#767766).
   * sunrpc/cache: allow thread to block while waiting for
   cache update (bnc#767766).
   * sunrpc/cache: Fix race in sunrpc/cache introduced by
   patch to allow thread to block while waiting for cache
   update (bnc#767766).
   * sunrpc/cache: Another fix for race problem with
   sunrpc cache deferal (bnc#767766).
   * knfsd: nfsd: make all exp_finding functions return
   -errnos on err (bnc#767766).
   * Fix kabi breakage in previous nfsd patch series
   (bnc#767766).
   * nfsd: Work around incorrect return type for
   wait_for_completion_interruptible_timeout (bnc#767766).
   * nfs: Fix a potential file corruption issue when
   writing (bnc#773272).
   * nfs: Allow sync writes to be multiple pages
   (bnc#763526).
   * nfs: fix reference counting for NFSv4 callback thread
   (bnc#767504).
   * nfs: flush signals before taking down callback thread
   (bnc#767504).
   * nfsv4: Ensure nfs_callback_down() calls svc_destroy()
   (bnc#767504).

   SCSI:

   * SCSI/ch: Check NULL for kmalloc() return (bnc#783058).
   *

   drivers/scsi/aic94xx/aic94xx_init.c: correct the size
   argument to kmalloc (bnc#783058).

   *

   block: fail SCSI passthrough ioctls on partition
   devices (bnc#738400).

   *

   dm: do not forward ioctls from logical volumes to the
   underlying device (bnc#738400).

   *

   vmware: Fix VMware hypervisor detection (bnc#777575,
   bnc#770507).

   S/390:

   * lgr: Make lgr_page static (bnc#772409,LTC#83520).
   * zfcp: Fix oops in _blk_add_trace()
   (bnc#772409,LTC#83510).
   *

   kernel: Add z/VM LGR detection
   (bnc#767277,LTC#RAS1203).

   *

   be2net: Fix EEH error reset before a flash dump
   completes (bnc#755546).

   * mptfusion: fix msgContext in mptctl_hp_hostinfo
   (bnc#767939).
   * PCI: Fix bus resource assignment on 32 bits with 64b
   resources. (bnc#762581)
   * PCI: fix up setup-bus.c #ifdef. (bnc#762581)
   *

   x86: powernow-k8: Fix indexing issue (bnc#758985).

   *

   net: Fix race condition about network device name
   allocation (bnc#747576).

   XEN:

   * smpboot: adjust ordering of operations.
   * xen/x86-64: provide a memset() that can deal with 4Gb
   or above at a time (bnc#738528).
   * xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53
   (bnc#760974).
   * xen/gntdev: fix multi-page slot allocation
   (bnc#760974).

   Security Issues:

   * CVE-2011-1044
   
   * CVE-2011-4110
   
   * CVE-2012-2136
   
   * CVE-2012-2663
   
   * CVE-2012-2744
   
   * CVE-2012-3510
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.99.1
      kernel-source-2.6.16.60-0.99.1
      kernel-syms-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.99.1
      kernel-xen-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.99.1
      kernel-kdumppae-2.6.16.60-0.99.1
      kernel-vmi-2.6.16.60-0.99.1
      kernel-vmipae-2.6.16.60-0.99.1
      kernel-xenpae-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.99.1
      kernel-ppc64-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.99.1
      kernel-smp-2.6.16.60-0.99.1
      kernel-source-2.6.16.60-0.99.1
      kernel-syms-2.6.16.60-0.99.1
      kernel-xen-2.6.16.60-0.99.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.99.1
      kernel-xenpae-2.6.16.60-0.99.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.99.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.99.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.99.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.99.1


References:

   https://www.suse.com/security/cve/CVE-2011-1044.html
   https://www.suse.com/security/cve/CVE-2011-4110.html
   https://www.suse.com/security/cve/CVE-2012-2136.html
   https://www.suse.com/security/cve/CVE-2012-2663.html
   https://www.suse.com/security/cve/CVE-2012-2744.html
   https://www.suse.com/security/cve/CVE-2012-3510.html
   https://bugzilla.novell.com/674284
   https://bugzilla.novell.com/703156
   https://bugzilla.novell.com/734056
   https://bugzilla.novell.com/738400
   https://bugzilla.novell.com/738528
   https://bugzilla.novell.com/747576
   https://bugzilla.novell.com/755546
   https://bugzilla.novell.com/758985
   https://bugzilla.novell.com/760974
   https://bugzilla.novell.com/762581
   https://bugzilla.novell.com/763526
   https://bugzilla.novell.com/765102
   https://bugzilla.novell.com/765320
   https://bugzilla.novell.com/767277
   https://bugzilla.novell.com/767504
   https://bugzilla.novell.com/767766
   https://bugzilla.novell.com/767939
   https://bugzilla.novell.com/769784
   https://bugzilla.novell.com/770507
   https://bugzilla.novell.com/770697
   https://bugzilla.novell.com/772409
   https://bugzilla.novell.com/773272
   https://bugzilla.novell.com/773831
   https://bugzilla.novell.com/776888
   https://bugzilla.novell.com/777575
   https://bugzilla.novell.com/783058
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2012:1391-1: important: Linux kernel

October 24, 2012
An update that solves 6 vulnerabilities and has 20 fixes is An update that solves 6 vulnerabilities and has 20 fixes is An update that solves 6 vulnerabilities and has 20 fixes is ...

Summary

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed: * CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password (a side channel attack). * CVE-2012-2744: net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel, when the nf_conntrack_ipv6 module is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. * CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. * CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and updating a negative key into a fully instantiated key. * CVE-2011-1044: The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel did not initialize a certain response buffer, which allowed local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. * CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. * CVE-2012-2136: The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. * CVE-2012-2663: A small denial of service leak in dropping syn+fin messages was fixed. The following non-security issues have been fixed: Packaging: * kbuild: Fix gcc -x syntax (bnc#773831). NFS: * knfsd: An assortment of little fixes to the sunrpc cache code (bnc#767766). * knfsd: Unexport cache_fresh and fix a small race (bnc#767766). * knfsd: nfsd: do not drop silently on upcall deferral (bnc#767766). * knfsd: svcrpc: remove another silent drop from deferral code (bnc#767766). * sunrpc/cache: simplify cache_fresh_locked and cache_fresh_unlocked (bnc#767766). * sunrpc/cache: recheck cache validity after cache_defer_req (bnc#767766). * sunrpc/cache: use list_del_init for the list_head entries in cache_deferred_req (bnc#767766). * sunrpc/cache: avoid variable over-loading in cache_defer_req (bnc#767766). * sunrpc/cache: allow thread to block while waiting for cache update (bnc#767766). * sunrpc/cache: Fix race in sunrpc/cache introduced by patch to allow thread to block while waiting for cache update (bnc#767766). * sunrpc/cache: Another fix for race problem with sunrpc cache deferal (bnc#767766). * knfsd: nfsd: make all exp_finding functions return -errnos on err (bnc#767766). * Fix kabi breakage in previous nfsd patch series (bnc#767766). * nfsd: Work around incorrect return type for wait_for_completion_interruptible_timeout (bnc#767766). * nfs: Fix a potential file corruption issue when writing (bnc#773272). * nfs: Allow sync writes to be multiple pages (bnc#763526). * nfs: fix reference counting for NFSv4 callback thread (bnc#767504). * nfs: flush signals before taking down callback thread (bnc#767504). * nfsv4: Ensure nfs_callback_down() calls svc_destroy() (bnc#767504). SCSI: * SCSI/ch: Check NULL for kmalloc() return (bnc#783058). * drivers/scsi/aic94xx/aic94xx_init.c: correct the size argument to kmalloc (bnc#783058). * block: fail SCSI passthrough ioctls on partition devices (bnc#738400). * dm: do not forward ioctls from logical volumes to the underlying device (bnc#738400). * vmware: Fix VMware hypervisor detection (bnc#777575, bnc#770507). S/390: * lgr: Make lgr_page static (bnc#772409,LTC#83520). * zfcp: Fix oops in _blk_add_trace() (bnc#772409,LTC#83510). * kernel: Add z/VM LGR detection (bnc#767277,LTC#RAS1203). * be2net: Fix EEH error reset before a flash dump completes (bnc#755546). * mptfusion: fix msgContext in mptctl_hp_hostinfo (bnc#767939). * PCI: Fix bus resource assignment on 32 bits with 64b resources. (bnc#762581) * PCI: fix up setup-bus.c #ifdef. (bnc#762581) * x86: powernow-k8: Fix indexing issue (bnc#758985). * net: Fix race condition about network device name allocation (bnc#747576). XEN: * smpboot: adjust ordering of operations. * xen/x86-64: provide a memset() that can deal with 4Gb or above at a time (bnc#738528). * xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53 (bnc#760974). * xen/gntdev: fix multi-page slot allocation (bnc#760974). Security Issues: * CVE-2011-1044 * CVE-2011-4110 * CVE-2012-2136 * CVE-2012-2663 * CVE-2012-2744 * CVE-2012-3510 Indications: Everyone using the Linux Kernel on x86_64 architecture should update.

References

#674284 #703156 #734056 #738400 #738528 #747576

#755546 #758985 #760974 #762581 #763526 #765102

#765320 #767277 #767504 #767766 #767939 #769784

#770507 #770697 #772409 #773272 #773831 #776888

#777575 #783058

Cross- CVE-2011-1044 CVE-2011-4110 CVE-2012-2136

CVE-2012-2663 CVE-2012-2744 CVE-2012-3510

Affected Products:

SUSE Linux Enterprise Server 10 SP4

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

https://www.suse.com/security/cve/CVE-2011-1044.html

https://www.suse.com/security/cve/CVE-2011-4110.html

https://www.suse.com/security/cve/CVE-2012-2136.html

https://www.suse.com/security/cve/CVE-2012-2663.html

https://www.suse.com/security/cve/CVE-2012-2744.html

https://www.suse.com/security/cve/CVE-2012-3510.html

https://bugzilla.novell.com/674284

https://bugzilla.novell.com/703156

https://bugzilla.novell.com/734056

https://bugzilla.novell.com/738400

https://bugzilla.novell.com/738528

https://bugzilla.novell.com/747576

https://bugzilla.novell.com/755546

https://bugzilla.novell.com/758985

https://bugzilla.novell.com/760974

https://bugzilla.novell.com/762581

https://bugzilla.novell.com/763526

https://bugzilla.novell.com/765102

https://bugzilla.novell.com/765320

https://bugzilla.novell.com/767277

https://bugzilla.novell.com/767504

https://bugzilla.novell.com/767766

https://bugzilla.novell.com/767939

https://bugzilla.novell.com/769784

https://bugzilla.novell.com/770507

https://bugzilla.novell.com/770697

https://bugzilla.novell.com/772409

https://bugzilla.novell.com/773272

https://bugzilla.novell.com/773831

https://bugzilla.novell.com/776888

https://bugzilla.novell.com/777575

https://bugzilla.novell.com/783058

https://login.microfocus.com/nidp/app/login

https://login.microfocus.com/nidp/app/login

https://login.microfocus.com/nidp/app/login

https://login.microfocus.com/nidp/app/login

https://login.microfocus.com/nidp/app/login

Severity
Announcement ID: SUSE-SU-2012:1391-1
Rating: important

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved