openSUSE Security Update: Kernel update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0781-1 Rating: moderate References: #700174 #716996 #731720 #732006 #735362 #736268 #745929 #747038 #747404 #748463 #748859 #752460 #754186 #756840 #757783 #757789 #758243 #758260 #758813 #759545 #759554 #760077 #760279 #760860 #760902 #761681 #762991 #762992 #765102 #765320 Cross-References: CVE-2009-4020 CVE-2011-3347 CVE-2012-2119 CVE-2012-2123 CVE-2012-2136 CVE-2012-2373 CVE-2012-2663 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 23 fixes is now available. Description: This kernel update of the openSUSE 12.1 kernel brings various bug and security fixes. Following issues were fixed: - tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). - be2net: non-member vlan pkts not received in promiscous mode (bnc#732006 CVE-2011-3347). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: put page when fail to get all requested user pages (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: fix offset calculation when building skb (bnc#758243 CVE-2012-2119). - Avoid reading past buffer when calling GETACL (bnc#762992). - Avoid beyond bounds copy while caching ACL (bnc#762992). - Fix length of buffer copied in __nfs4_get_acl_uncached (bnc#762992). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - usb/net: rndis: merge command codes. only net/hyperv part - usb/net: rndis: remove ambigous status codes. only net/hyperv part - usb/net: rndis: break out <linux/rndis.h> defines. only net/hyperv part - net/hyperv: Add flow control based on hi/low watermark. - hv: fix return type of hv_post_message(). - Drivers: hv: util: Properly handle version negotiations. - Drivers: hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - HID: hyperv: Set the hid drvdata correctly. - HID: hid-hyperv: Do not use hid_parse_report() directly. - [SCSI] storvsc: Properly handle errors from the host (bnc#747404). - Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (bnc#762991 CVE-2012-2373). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - net/hyperv: Adding cancellation to ensure rndis filter is closed. - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#761681). - thp: reduce khugepaged freezing latency (bnc#760860). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - cdc_ether: Ignore bogus union descriptor for RNDIS devices (bnc#735362). Taking the fix from net-next - Fix kABI breakage due to including proc_fs.h in kernel/fork.c modversion changed because of changes in struct proc_dir_entry (became defined) Refresh patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-fork-fa ilure. - Disabled MMC_TEST (bnc#760077). - Input: ALPS - add semi-MT support for v3 protocol (bnc#716996). - Input: ALPS - add support for protocol versions 3 and 4 (bnc#716996). - Input: ALPS - remove assumptions about packet size (bnc#716996). - Input: ALPS - add protocol version field in alps_model_info (bnc#716996). - Input: ALPS - move protocol information to Documentation (bnc#716996). - sysctl/defaults: kernel.hung_task_timeout -> kernel.hung_task_timeout_secs (bnc#700174) - btrfs: partial revert of truncation improvements (FATE#306586 bnc#748463 bnc#760279). - libata: skip old error history when counting probe trials. - procfs, namespace, pid_ns: fix leakage upon fork() failure (bnc#757783). - cdc-wdm: fix race leading leading to memory corruption (bnc#759554). This patch fixes a race whereby a pointer to a buffer would be overwritten while the buffer was in use leading to a double free and a memory leak. This causes crashes. This bug was introduced in 2.6.34 - netfront: delay gARP until backend switches to Connected. - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus: check availability of XS_RESET_WATCHES command. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - blkfront: properly fail packet requests (bnc#745929). - Linux 3.1.10. - Update Xen config files. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - mqueue: fix a vfsmount longterm reference leak (bnc#757783). - cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (bnc#757789). - procfs: fix a vfsmount longterm reference leak (bnc#757783). - uwb: fix error handling (bnc#731720). This fixes a kernel error on unplugging an uwb dongle - uwb: fix use of del_timer_sync() in interrupt (bnc#731720). This fixes a kernel warning on plugging in an uwb dongle - acer-wmi: Detect communication hot key number. - acer-wmi: replaced the hard coded bitmap by the communication devices bitmap from SMBIOS. - acer-wmi: add ACER_WMID_v2 interface flag to represent new notebooks. - acer-wmi: No wifi rfkill on Sony machines. - acer-wmi: No wifi rfkill on Lenovo machines. - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - Drivers: scsi: storvsc: Account for in-transit packets in the RESET path. - CPU hotplug, cpusets, suspend: Don't touch cpusets during suspend/resume (bnc#752460). - net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() (bnc#754186, bnc#736268). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-335 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): kernel-debug-3.1.10-1.13.1 kernel-debug-base-3.1.10-1.13.1 kernel-debug-base-debuginfo-3.1.10-1.13.1 kernel-debug-debuginfo-3.1.10-1.13.1 kernel-debug-debugsource-3.1.10-1.13.1 kernel-debug-devel-3.1.10-1.13.1 kernel-debug-devel-debuginfo-3.1.10-1.13.1 kernel-default-3.1.10-1.13.1 kernel-default-base-3.1.10-1.13.1 kernel-default-base-debuginfo-3.1.10-1.13.1 kernel-default-debuginfo-3.1.10-1.13.1 kernel-default-debugsource-3.1.10-1.13.1 kernel-default-devel-3.1.10-1.13.1 kernel-default-devel-debuginfo-3.1.10-1.13.1 kernel-desktop-3.1.10-1.13.1 kernel-desktop-base-3.1.10-1.13.1 kernel-desktop-base-debuginfo-3.1.10-1.13.1 kernel-desktop-debuginfo-3.1.10-1.13.1 kernel-desktop-debugsource-3.1.10-1.13.1 kernel-desktop-devel-3.1.10-1.13.1 kernel-desktop-devel-debuginfo-3.1.10-1.13.1 kernel-ec2-3.1.10-1.13.1 kernel-ec2-base-3.1.10-1.13.1 kernel-ec2-base-debuginfo-3.1.10-1.13.1 kernel-ec2-debuginfo-3.1.10-1.13.1 kernel-ec2-debugsource-3.1.10-1.13.1 kernel-ec2-devel-3.1.10-1.13.1 kernel-ec2-devel-debuginfo-3.1.10-1.13.1 kernel-ec2-extra-3.1.10-1.13.1 kernel-ec2-extra-debuginfo-3.1.10-1.13.1 kernel-syms-3.1.10-1.13.1 kernel-trace-3.1.10-1.13.1 kernel-trace-base-3.1.10-1.13.1 kernel-trace-base-debuginfo-3.1.10-1.13.1 kernel-trace-debuginfo-3.1.10-1.13.1 kernel-trace-debugsource-3.1.10-1.13.1 kernel-trace-devel-3.1.10-1.13.1 kernel-trace-devel-debuginfo-3.1.10-1.13.1 kernel-vanilla-3.1.10-1.13.1 kernel-vanilla-base-3.1.10-1.13.1 kernel-vanilla-base-debuginfo-3.1.10-1.13.1 kernel-vanilla-debuginfo-3.1.10-1.13.1 kernel-vanilla-debugsource-3.1.10-1.13.1 kernel-vanilla-devel-3.1.10-1.13.1 kernel-vanilla-devel-debuginfo-3.1.10-1.13.1 kernel-xen-3.1.10-1.13.1 kernel-xen-base-3.1.10-1.13.1 kernel-xen-base-debuginfo-3.1.10-1.13.1 kernel-xen-debuginfo-3.1.10-1.13.1 kernel-xen-debugsource-3.1.10-1.13.1 kernel-xen-devel-3.1.10-1.13.1 kernel-xen-devel-debuginfo-3.1.10-1.13.1 - openSUSE 12.1 (noarch): kernel-devel-3.1.10-1.13.1 kernel-docs-3.1.10-1.13.2 kernel-source-3.1.10-1.13.1 kernel-source-vanilla-3.1.10-1.13.1 - openSUSE 12.1 (i586): kernel-pae-3.1.10-1.13.1 kernel-pae-base-3.1.10-1.13.1 kernel-pae-base-debuginfo-3.1.10-1.13.1 kernel-pae-debuginfo-3.1.10-1.13.1 kernel-pae-debugsource-3.1.10-1.13.1 kernel-pae-devel-3.1.10-1.13.1 kernel-pae-devel-debuginfo-3.1.10-1.13.1 References: http://support.novell.com/security/cve/CVE-2009-4020.html http://support.novell.com/security/cve/CVE-2011-3347.html http://support.novell.com/security/cve/CVE-2012-2119.html http://support.novell.com/security/cve/CVE-2012-2123.html http://support.novell.com/security/cve/CVE-2012-2136.html http://support.novell.com/security/cve/CVE-2012-2373.html http://support.novell.com/security/cve/CVE-2012-2663.html https://bugzilla.novell.com/700174 https://bugzilla.novell.com/716996 https://bugzilla.novell.com/731720 https://bugzilla.novell.com/732006 https://bugzilla.novell.com/735362 https://bugzilla.novell.com/736268 https://bugzilla.novell.com/745929 https://bugzilla.novell.com/747038 https://bugzilla.novell.com/747404 https://bugzilla.novell.com/748463 https://bugzilla.novell.com/748859 https://bugzilla.novell.com/752460 https://bugzilla.novell.com/754186 https://bugzilla.novell.com/756840 https://bugzilla.novell.com/757783 https://bugzilla.novell.com/757789 https://bugzilla.novell.com/758243 https://bugzilla.novell.com/758260 https://bugzilla.novell.com/758813 https://bugzilla.novell.com/759545 https://bugzilla.novell.com/759554 https://bugzilla.novell.com/760077 https://bugzilla.novell.com/760279 https://bugzilla.novell.com/760860 https://bugzilla.novell.com/760902 https://bugzilla.novell.com/761681 https://bugzilla.novell.com/762991 https://bugzilla.novell.com/762992 https://bugzilla.novell.com/765102 https://bugzilla.novell.com/765320