openSUSE Security Update: Kernel update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0799-1 Rating: moderate References: #466279 #651219 #653260 #655696 #676204 #681186 #681639 #683671 #689860 #703410 #707332 #711941 #713430 #714455 #717209 #717749 #721366 #726045 #726600 #729247 #730118 #731673 #732908 #737624 #738644 #740448 #740703 #740745 #744658 #745832 #746980 #747038 #747660 #748859 #749569 #750079 #750959 #756203 #756840 #757278 #758243 #758260 #758813 #759545 #760902 #765102 #765320 Cross-References: CVE-2009-4020 CVE-2010-3873 CVE-2010-4164 CVE-2010-4249 CVE-2011-1083 CVE-2011-1173 CVE-2011-2517 CVE-2011-2700 CVE-2011-2909 CVE-2011-2928 CVE-2011-3619 CVE-2011-3638 CVE-2011-4077 CVE-2011-4086 CVE-2011-4330 CVE-2012-0038 CVE-2012-0044 CVE-2012-0207 CVE-2012-1090 CVE-2012-1097 CVE-2012-1146 CVE-2012-2119 CVE-2012-2123 CVE-2012-2136 CVE-2012-2663 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has 22 fixes is now available. Description: This kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues. Following issues were fixed: - tcp: drop SYN+FIN messages (bnc#765102). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - ext4: fix undefined behavior in ext4_fill_flex_info() (bnc#757278). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - b43: allocate receive buffers big enough for max frame len + offset (bnc#717749). - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus_dev: add missing error checks to watch handling. - hwmon: (coretemp-xen) Fix TjMax detection for older CPUs. - hwmon: (coretemp-xen) Relax target temperature range check. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - bridge: correct IPv6 checksum after pull (bnc#738644). - bridge: fix a possible use after free (bnc#738644). - bridge: Pseudo-header required for the checksum of ICMPv6 (bnc#738644). - bridge: mcast snooping, fix length check of snooped MLDv1/2 (bnc#738644). - PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455). - ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203). - drm/i915/crt: Remove 0xa0 probe for VGA. - tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366). - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). - dlm: Do not allocate a fd for peeloff (bnc#729247). - sctp: Export sctp_do_peeloff (bnc#729247). - i2c-algo-bit: Fix spurious SCL timeouts under heavy load. - patches.fixes/epoll-dont-limit-non-nested.patch: Don't limit non-nested epoll paths (bnc#676204). - Update patches.suse/sd_init.mark_majors_busy.patch (bnc#744658). - igb: Fix for Alt MAC Address feature on 82580 and later devices (bnc#746980). - mark busy sd majors as allocated (bug#744658). - regset: Return -EFAULT, not -EIO, on host-side memory fault (bnc# 750079 CVE-2012-1097). - regset: Prevent null pointer reference on readonly regsets (bnc#750079 CVE-2012-1097). - mm: memcg: Correct unregistring of events attached to the same eventfd (CVE-2012-1146 bnc#750959). - befs: Validate length of long symbolic links (CVE-2011-2928 bnc#713430). - si4713-i2c: avoid potential buffer overflow on si4713 (CVE-2011-2700 bnc#707332). - staging: comedi: fix infoleak to userspace (CVE-2011-2909 bnc#711941). - hfs: add sanity check for file name length (CVE-2011-4330 bnc#731673). - cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 bnc#749569). - drm: integer overflow in drm_mode_dirtyfb_ioctl() (CVE-2012-0044 bnc#740745). - xfs: fix acl count validation in xfs_acl_from_disk() (CVE-2012-0038 bnc#740703). - xfs: validate acl count (CVE-2012-0038 bnc#740703). - patches.fixes/xfs-fix-possible-memory-corruption-in-xfs_read link: Work around missing xfs_alert(). - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() (CVE-2011-4077 bnc#726600). - xfs: Fix possible memory corruption in xfs_readlink (CVE-2011-4077 bnc#726600). - ext4: make ext4_split_extent() handle error correctly. - ext4: ext4_ext_convert_to_initialized bug found in extended FSX testing. - ext4: add ext4_split_extent_at() and ext4_split_extent(). - ext4: reimplement convert and split_unwritten (CVE-2011-3638 bnc#726045). - patches.fixes/epoll-limit-paths.patch: epoll: limit paths (bnc#676204 CVE-2011-1083). - patches.kabi/epoll-kabi-fix.patch: epoll: hide kabi change in struct file (bnc#676204 CVE-2011-1083). - NAT/FTP: Fix broken conntrack (bnc#681639 bnc#466279 bnc#747660). - igmp: Avoid zero delay when receiving odd mixture of IGMP queries (bnc#740448 CVE-2012-0207). - jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (bnc#745832 CVE-2011-4086). - AppArmor: fix oops in apparmor_setprocattr (bnc#717209 CVE-2011-3619). - Refresh patches.suse/SoN-22-netvm.patch. Clean and *working* patches. - Refresh patches.suse/SoN-22-netvm.patch. (bnc#683671) Fix an rcu locking imbalance in the receive path triggered when using vlans. - Fix mangled patch (invalid date) Although accepted by `patch`, this is rejected by `git apply` - Fix mangled diff lines (leading space tab vs tab) Although accepted by `patch`, these are rejected by `git apply` - jbd/jbd2: validate sb->s_first in journal_get_superblock() (bnc#730118). - fsnotify: don't BUG in fsnotify_destroy_mark() (bnc#689860). - Fix patches.fixes/x25-Handle-undersized-fragmented-skbs.patch (CVE-2010-3873 bnc#651219). - Fix patches.fixes/x25-Prevent-skb-overreads-when-checking-call-u ser-da.patch (CVE-2010-3873 bnc#651219). - Fix patches.fixes/x25-Validate-incoming-call-user-data-lengths.p atch (CVE-2010-3873 bnc#651219). - Fix patches.fixes/x25-possible-skb-leak-on-bad-facilities.patch (CVE-2010-3873 bnc#651219 CVE-2010-4164 bnc#653260). - Update patches.fixes/econet-4-byte-infoleak-to-the-network.patch (bnc#681186 CVE-2011-1173). Fix reference. - hwmon: (w83627ehf) Properly report thermal diode sensors. - nl80211: fix overflow in ssid_len (bnc#703410 CVE-2011-2517). - nl80211: fix check for valid SSID size in scan operations (bnc#703410 CVE-2011-2517). - x25: Prevent skb overreads when checking call user data (CVE-2010-3873 bnc#737624). - x25: Handle undersized/fragmented skbs (CVE-2010-3873 bnc#737624). - x25: Validate incoming call user data lengths (CVE-2010-3873 bnc#737624). - x25: possible skb leak on bad facilities (CVE-2010-3873 bnc#737624). - net: Add a flow_cache_flush_deferred function (bnc#737624). - xfrm: avoid possible oopse in xfrm_alloc_dst (bnc#737624). - scm: lower SCM_MAX_FD (bnc#655696 CVE-2010-4249). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch openSUSE-2012-342 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): kernel-debug-2.6.37.6-0.20.1 kernel-debug-base-2.6.37.6-0.20.1 kernel-debug-base-debuginfo-2.6.37.6-0.20.1 kernel-debug-debuginfo-2.6.37.6-0.20.1 kernel-debug-debugsource-2.6.37.6-0.20.1 kernel-debug-devel-2.6.37.6-0.20.1 kernel-debug-devel-debuginfo-2.6.37.6-0.20.1 kernel-default-2.6.37.6-0.20.1 kernel-default-base-2.6.37.6-0.20.1 kernel-default-base-debuginfo-2.6.37.6-0.20.1 kernel-default-debuginfo-2.6.37.6-0.20.1 kernel-default-debugsource-2.6.37.6-0.20.1 kernel-default-devel-2.6.37.6-0.20.1 kernel-default-devel-debuginfo-2.6.37.6-0.20.1 kernel-desktop-2.6.37.6-0.20.1 kernel-desktop-base-2.6.37.6-0.20.1 kernel-desktop-base-debuginfo-2.6.37.6-0.20.1 kernel-desktop-debuginfo-2.6.37.6-0.20.1 kernel-desktop-debugsource-2.6.37.6-0.20.1 kernel-desktop-devel-2.6.37.6-0.20.1 kernel-desktop-devel-debuginfo-2.6.37.6-0.20.1 kernel-ec2-2.6.37.6-0.20.1 kernel-ec2-base-2.6.37.6-0.20.1 kernel-ec2-base-debuginfo-2.6.37.6-0.20.1 kernel-ec2-debuginfo-2.6.37.6-0.20.1 kernel-ec2-debugsource-2.6.37.6-0.20.1 kernel-ec2-devel-2.6.37.6-0.20.1 kernel-ec2-devel-debuginfo-2.6.37.6-0.20.1 kernel-ec2-extra-2.6.37.6-0.20.1 kernel-ec2-extra-debuginfo-2.6.37.6-0.20.1 kernel-syms-2.6.37.6-0.20.1 kernel-trace-2.6.37.6-0.20.1 kernel-trace-base-2.6.37.6-0.20.1 kernel-trace-base-debuginfo-2.6.37.6-0.20.1 kernel-trace-debuginfo-2.6.37.6-0.20.1 kernel-trace-debugsource-2.6.37.6-0.20.1 kernel-trace-devel-2.6.37.6-0.20.1 kernel-trace-devel-debuginfo-2.6.37.6-0.20.1 kernel-vanilla-2.6.37.6-0.20.1 kernel-vanilla-base-2.6.37.6-0.20.1 kernel-vanilla-base-debuginfo-2.6.37.6-0.20.1 kernel-vanilla-debuginfo-2.6.37.6-0.20.1 kernel-vanilla-debugsource-2.6.37.6-0.20.1 kernel-vanilla-devel-2.6.37.6-0.20.1 kernel-vanilla-devel-debuginfo-2.6.37.6-0.20.1 kernel-xen-2.6.37.6-0.20.1 kernel-xen-base-2.6.37.6-0.20.1 kernel-xen-base-debuginfo-2.6.37.6-0.20.1 kernel-xen-debuginfo-2.6.37.6-0.20.1 kernel-xen-debugsource-2.6.37.6-0.20.1 kernel-xen-devel-2.6.37.6-0.20.1 kernel-xen-devel-debuginfo-2.6.37.6-0.20.1 preload-1.2-6.17.1 preload-debuginfo-1.2-6.17.1 preload-debugsource-1.2-6.17.1 preload-kmp-default-1.2_k2.6.37.6_0.20-6.17.1 preload-kmp-default-debuginfo-1.2_k2.6.37.6_0.20-6.17.1 preload-kmp-desktop-1.2_k2.6.37.6_0.20-6.17.1 preload-kmp-desktop-debuginfo-1.2_k2.6.37.6_0.20-6.17.1 - openSUSE 11.4 (noarch): kernel-devel-2.6.37.6-0.20.1 kernel-docs-2.6.37.6-0.20.2 kernel-source-2.6.37.6-0.20.1 kernel-source-vanilla-2.6.37.6-0.20.1 - openSUSE 11.4 (i586): kernel-pae-2.6.37.6-0.20.1 kernel-pae-base-2.6.37.6-0.20.1 kernel-pae-base-debuginfo-2.6.37.6-0.20.1 kernel-pae-debuginfo-2.6.37.6-0.20.1 kernel-pae-debugsource-2.6.37.6-0.20.1 kernel-pae-devel-2.6.37.6-0.20.1 kernel-pae-devel-debuginfo-2.6.37.6-0.20.1 kernel-vmi-2.6.37.6-0.20.1 kernel-vmi-base-2.6.37.6-0.20.1 kernel-vmi-base-debuginfo-2.6.37.6-0.20.1 kernel-vmi-debuginfo-2.6.37.6-0.20.1 kernel-vmi-debugsource-2.6.37.6-0.20.1 kernel-vmi-devel-2.6.37.6-0.20.1 kernel-vmi-devel-debuginfo-2.6.37.6-0.20.1 References: http://support.novell.com/security/cve/CVE-2009-4020.html http://support.novell.com/security/cve/CVE-2010-3873.html http://support.novell.com/security/cve/CVE-2010-4164.html http://support.novell.com/security/cve/CVE-2010-4249.html http://support.novell.com/security/cve/CVE-2011-1083.html http://support.novell.com/security/cve/CVE-2011-1173.html http://support.novell.com/security/cve/CVE-2011-2517.html http://support.novell.com/security/cve/CVE-2011-2700.html http://support.novell.com/security/cve/CVE-2011-2909.html http://support.novell.com/security/cve/CVE-2011-2928.html http://support.novell.com/security/cve/CVE-2011-3619.html http://support.novell.com/security/cve/CVE-2011-3638.html http://support.novell.com/security/cve/CVE-2011-4077.html http://support.novell.com/security/cve/CVE-2011-4086.html http://support.novell.com/security/cve/CVE-2011-4330.html http://support.novell.com/security/cve/CVE-2012-0038.html http://support.novell.com/security/cve/CVE-2012-0044.html http://support.novell.com/security/cve/CVE-2012-0207.html http://support.novell.com/security/cve/CVE-2012-1090.html http://support.novell.com/security/cve/CVE-2012-1097.html http://support.novell.com/security/cve/CVE-2012-1146.html http://support.novell.com/security/cve/CVE-2012-2119.html http://support.novell.com/security/cve/CVE-2012-2123.html http://support.novell.com/security/cve/CVE-2012-2136.html http://support.novell.com/security/cve/CVE-2012-2663.html https://bugzilla.novell.com/466279 https://bugzilla.novell.com/651219 https://bugzilla.novell.com/653260 https://bugzilla.novell.com/655696 https://bugzilla.novell.com/676204 https://bugzilla.novell.com/681186 https://bugzilla.novell.com/681639 https://bugzilla.novell.com/683671 https://bugzilla.novell.com/689860 https://bugzilla.novell.com/703410 https://bugzilla.novell.com/707332 https://bugzilla.novell.com/711941 https://bugzilla.novell.com/713430 https://bugzilla.novell.com/714455 https://bugzilla.novell.com/717209 https://bugzilla.novell.com/717749 https://bugzilla.novell.com/721366 https://bugzilla.novell.com/726045 https://bugzilla.novell.com/726600 https://bugzilla.novell.com/729247 https://bugzilla.novell.com/730118 https://bugzilla.novell.com/731673 https://bugzilla.novell.com/732908 https://bugzilla.novell.com/737624 https://bugzilla.novell.com/738644 https://bugzilla.novell.com/740448 https://bugzilla.novell.com/740703 https://bugzilla.novell.com/740745 https://bugzilla.novell.com/744658 https://bugzilla.novell.com/745832 https://bugzilla.novell.com/746980 https://bugzilla.novell.com/747038 https://bugzilla.novell.com/747660 https://bugzilla.novell.com/748859 https://bugzilla.novell.com/749569 https://bugzilla.novell.com/750079 https://bugzilla.novell.com/750959 https://bugzilla.novell.com/756203 https://bugzilla.novell.com/756840 https://bugzilla.novell.com/757278 https://bugzilla.novell.com/758243 https://bugzilla.novell.com/758260 https://bugzilla.novell.com/758813 https://bugzilla.novell.com/759545 https://bugzilla.novell.com/760902 https://bugzilla.novell.com/765102 https://bugzilla.novell.com/765320