openSUSE Security Update: Kernel update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0781-1
Rating: moderate
References: #700174 #716996 #731720 #732006 #735362 #736268
#745929 #747038 #747404 #748463 #748859 #752460
#754186 #756840 #757783 #757789 #758243 #758260
#758813 #759545 #759554 #760077 #760279 #760860
#760902 #761681 #762991 #762992 #765102 #765320
Cross-References: CVE-2009-4020 CVE-2011-3347 CVE-2012-2119
CVE-2012-2123 CVE-2012-2136 CVE-2012-2373
CVE-2012-2663
Affected Products:
openSUSE 12.1
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 23 fixes is
now available.
Description:
This kernel update of the openSUSE 12.1 kernel brings
various bug and security fixes.
Following issues were fixed:
- tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663).
- net: sock: validate data_len before allocating skb in
sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).
- thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE
(bnc#762991).
- be2net: non-member vlan pkts not received in promiscous
mode (bnc#732006 CVE-2011-3347).
- fcaps: clear the same personality flags as suid when
fcaps are used (bnc#758260 CVE-2012-2123).
- macvtap: zerocopy: validate vectors before building skb
(bnc#758243 CVE-2012-2119).
- macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb
is built successfully (bnc#758243 CVE-2012-2119).
- macvtap: zerocopy: put page when fail to get all
requested user pages (bnc#758243 CVE-2012-2119).
- macvtap: zerocopy: fix offset calculation when building
skb (bnc#758243 CVE-2012-2119).
- Avoid reading past buffer when calling GETACL
(bnc#762992).
- Avoid beyond bounds copy while caching ACL (bnc#762992).
- Fix length of buffer copied in __nfs4_get_acl_uncached
(bnc#762992).
- hfsplus: Fix potential buffer overflows (bnc#760902
CVE-2009-4020).
- usb/net: rndis: merge command codes. only net/hyperv part
- usb/net: rndis: remove ambigous status codes. only
net/hyperv part
- usb/net: rndis: break out defines. only
net/hyperv part
- net/hyperv: Add flow control based on hi/low watermark.
- hv: fix return type of hv_post_message().
- Drivers: hv: util: Properly handle version negotiations.
- Drivers: hv: Get rid of an unnecessary check in
vmbus_prep_negotiate_resp().
- HID: hyperv: Set the hid drvdata correctly.
- HID: hid-hyperv: Do not use hid_parse_report() directly.
- [SCSI] storvsc: Properly handle errors from the host
(bnc#747404).
- Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch.
- patches.suse/suse-hv-pata_piix-ignore-disks.patch replace
our version of this patch with upstream variant:
ata_piix: defer disks to the Hyper-V drivers by default
libata: add a host flag to ignore detected ATA devices.
- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs
pmd_populate SMP race condition (bnc#762991
CVE-2012-2373).
- xfrm: take net hdr len into account for esp payload size
calculation (bnc#759545).
- net/hyperv: Adding cancellation to ensure rndis filter is
closed.
- xfs: Fix oops on IO error during
xlog_recover_process_iunlinks() (bnc#761681).
- thp: reduce khugepaged freezing latency (bnc#760860).
- igb: fix rtnl race in PM resume path (bnc#748859).
- ixgbe: add missing rtnl_lock in PM resume path
(bnc#748859).
- cdc_ether: Ignore bogus union descriptor for RNDIS
devices (bnc#735362). Taking the fix from net-next
- Fix kABI breakage due to including proc_fs.h in
kernel/fork.c modversion changed because of changes in
struct proc_dir_entry (became defined) Refresh
patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-fork-fa
ilure.
- Disabled MMC_TEST (bnc#760077).
- Input: ALPS - add semi-MT support for v3 protocol
(bnc#716996).
- Input: ALPS - add support for protocol versions 3 and 4
(bnc#716996).
- Input: ALPS - remove assumptions about packet size
(bnc#716996).
- Input: ALPS - add protocol version field in
alps_model_info (bnc#716996).
- Input: ALPS - move protocol information to Documentation
(bnc#716996).
- sysctl/defaults: kernel.hung_task_timeout ->
kernel.hung_task_timeout_secs (bnc#700174)
- btrfs: partial revert of truncation improvements
(FATE#306586 bnc#748463 bnc#760279).
- libata: skip old error history when counting probe trials.
- procfs, namespace, pid_ns: fix leakage upon fork()
failure (bnc#757783).
- cdc-wdm: fix race leading leading to memory corruption
(bnc#759554). This patch fixes a race whereby a pointer
to a buffer would be overwritten while the buffer was in
use leading to a double free and a memory leak. This
causes crashes. This bug was introduced in 2.6.34
- netfront: delay gARP until backend switches to Connected.
- xenbus: Reject replies with payload >
XENSTORE_PAYLOAD_MAX.
- xenbus: check availability of XS_RESET_WATCHES command.
- xenbus_dev: add missing error checks to watch handling.
- drivers/xen/: use strlcpy() instead of strncpy().
- blkfront: properly fail packet requests (bnc#745929).
- Linux 3.1.10.
- Update Xen config files.
- Refresh other Xen patches.
- tlan: add cast needed for proper 64 bit operation
(bnc#756840).
- dl2k: Tighten ioctl permissions (bnc#758813).
- mqueue: fix a vfsmount longterm reference leak
(bnc#757783).
- cciss: Add IRQF_SHARED back in for the non-MSI(X)
interrupt handler (bnc#757789).
- procfs: fix a vfsmount longterm reference leak
(bnc#757783).
- uwb: fix error handling (bnc#731720). This fixes a kernel
error on unplugging an uwb dongle
- uwb: fix use of del_timer_sync() in interrupt
(bnc#731720). This fixes a kernel warning on plugging in
an uwb dongle
- acer-wmi: Detect communication hot key number.
- acer-wmi: replaced the hard coded bitmap by the
communication devices bitmap from SMBIOS.
- acer-wmi: add ACER_WMID_v2 interface flag to represent
new notebooks.
- acer-wmi: No wifi rfkill on Sony machines.
- acer-wmi: No wifi rfkill on Lenovo machines.
- [media] cx22702: Fix signal strength.
- fs: cachefiles: Add support for large files in filesystem
caching (bnc#747038).
- Drivers: scsi: storvsc: Account for in-transit packets in
the RESET path.
- CPU hotplug, cpusets, suspend: Don't touch cpusets during
suspend/resume (bnc#752460).
- net: fix a potential rcu_read_lock() imbalance in
rt6_fill_node() (bnc#754186, bnc#736268).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-335
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
kernel-debug-3.1.10-1.13.1
kernel-debug-base-3.1.10-1.13.1
kernel-debug-base-debuginfo-3.1.10-1.13.1
kernel-debug-debuginfo-3.1.10-1.13.1
kernel-debug-debugsource-3.1.10-1.13.1
kernel-debug-devel-3.1.10-1.13.1
kernel-debug-devel-debuginfo-3.1.10-1.13.1
kernel-default-3.1.10-1.13.1
kernel-default-base-3.1.10-1.13.1
kernel-default-base-debuginfo-3.1.10-1.13.1
kernel-default-debuginfo-3.1.10-1.13.1
kernel-default-debugsource-3.1.10-1.13.1
kernel-default-devel-3.1.10-1.13.1
kernel-default-devel-debuginfo-3.1.10-1.13.1
kernel-desktop-3.1.10-1.13.1
kernel-desktop-base-3.1.10-1.13.1
kernel-desktop-base-debuginfo-3.1.10-1.13.1
kernel-desktop-debuginfo-3.1.10-1.13.1
kernel-desktop-debugsource-3.1.10-1.13.1
kernel-desktop-devel-3.1.10-1.13.1
kernel-desktop-devel-debuginfo-3.1.10-1.13.1
kernel-ec2-3.1.10-1.13.1
kernel-ec2-base-3.1.10-1.13.1
kernel-ec2-base-debuginfo-3.1.10-1.13.1
kernel-ec2-debuginfo-3.1.10-1.13.1
kernel-ec2-debugsource-3.1.10-1.13.1
kernel-ec2-devel-3.1.10-1.13.1
kernel-ec2-devel-debuginfo-3.1.10-1.13.1
kernel-ec2-extra-3.1.10-1.13.1
kernel-ec2-extra-debuginfo-3.1.10-1.13.1
kernel-syms-3.1.10-1.13.1
kernel-trace-3.1.10-1.13.1
kernel-trace-base-3.1.10-1.13.1
kernel-trace-base-debuginfo-3.1.10-1.13.1
kernel-trace-debuginfo-3.1.10-1.13.1
kernel-trace-debugsource-3.1.10-1.13.1
kernel-trace-devel-3.1.10-1.13.1
kernel-trace-devel-debuginfo-3.1.10-1.13.1
kernel-vanilla-3.1.10-1.13.1
kernel-vanilla-base-3.1.10-1.13.1
kernel-vanilla-base-debuginfo-3.1.10-1.13.1
kernel-vanilla-debuginfo-3.1.10-1.13.1
kernel-vanilla-debugsource-3.1.10-1.13.1
kernel-vanilla-devel-3.1.10-1.13.1
kernel-vanilla-devel-debuginfo-3.1.10-1.13.1
kernel-xen-3.1.10-1.13.1
kernel-xen-base-3.1.10-1.13.1
kernel-xen-base-debuginfo-3.1.10-1.13.1
kernel-xen-debuginfo-3.1.10-1.13.1
kernel-xen-debugsource-3.1.10-1.13.1
kernel-xen-devel-3.1.10-1.13.1
kernel-xen-devel-debuginfo-3.1.10-1.13.1
- openSUSE 12.1 (noarch):
kernel-devel-3.1.10-1.13.1
kernel-docs-3.1.10-1.13.2
kernel-source-3.1.10-1.13.1
kernel-source-vanilla-3.1.10-1.13.1
- openSUSE 12.1 (i586):
kernel-pae-3.1.10-1.13.1
kernel-pae-base-3.1.10-1.13.1
kernel-pae-base-debuginfo-3.1.10-1.13.1
kernel-pae-debuginfo-3.1.10-1.13.1
kernel-pae-debugsource-3.1.10-1.13.1
kernel-pae-devel-3.1.10-1.13.1
kernel-pae-devel-debuginfo-3.1.10-1.13.1
References:
http://support.novell.com/security/cve/CVE-2009-4020.html
http://support.novell.com/security/cve/CVE-2011-3347.html
http://support.novell.com/security/cve/CVE-2012-2119.html
http://support.novell.com/security/cve/CVE-2012-2123.html
http://support.novell.com/security/cve/CVE-2012-2136.html
http://support.novell.com/security/cve/CVE-2012-2373.html
http://support.novell.com/security/cve/CVE-2012-2663.html
https://bugzilla.novell.com/700174
https://bugzilla.novell.com/716996
https://bugzilla.novell.com/731720
https://bugzilla.novell.com/732006
https://bugzilla.novell.com/735362
https://bugzilla.novell.com/736268
https://bugzilla.novell.com/745929
https://bugzilla.novell.com/747038
https://bugzilla.novell.com/747404
https://bugzilla.novell.com/748463
https://bugzilla.novell.com/748859
https://bugzilla.novell.com/752460
https://bugzilla.novell.com/754186
https://bugzilla.novell.com/756840
https://bugzilla.novell.com/757783
https://bugzilla.novell.com/757789
https://bugzilla.novell.com/758243
https://bugzilla.novell.com/758260
https://bugzilla.novell.com/758813
https://bugzilla.novell.com/759545
https://bugzilla.novell.com/759554
https://bugzilla.novell.com/760077
https://bugzilla.novell.com/760279
https://bugzilla.novell.com/760860
https://bugzilla.novell.com/760902
https://bugzilla.novell.com/761681
https://bugzilla.novell.com/762991
https://bugzilla.novell.com/762992
https://bugzilla.novell.com/765102
https://bugzilla.novell.com/765320