SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:1319-2 Rating: important References: #659101 #675127 #687049 #691440 #694863 #695898 #698450 #699709 #701183 #702013 #706374 #707288 #709671 #711501 #711539 #712002 #712404 #712405 #713229 #713650 #714744 #717263 #717690 #717884 #719450 #719786 #719916 #720536 #721299 #721337 #721464 #721830 #721840 #722429 #722504 #723542 #723815 #724365 #724800 #724989 #725453 #725502 #725709 #725878 #728626 #729111 #729721 #731035 #731229 #731673 #731981 #732021 #732535 Cross-References: CVE-2011-1576 CVE-2011-1833 CVE-2011-2203 CVE-2011-2699 CVE-2011-3188 CVE-2011-4326 CVE-2011-4330 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise High Availability Extension 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 46 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 1 kernel has been updated to version 2.6.32.49 and fixes various bugs and security issues. * CVE-2011-3188: The TCP/IP initial sequence number generation effectively only used 24 bits of 32 to generate randomness, making a brute force man-in-the-middle attack on TCP/IP connections feasible. The generator was changed to use full 32bit randomness. * CVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. * CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. * CVE-2011-1833: Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. * CVE-2011-1576: The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. * CVE-2011-4330: A name overflow in the hfs filesystem was fixed, where mounting a corrupted hfs filesystem could lead to a stack overflow and code execution in the kernel. This requires a local attacker to be able to mount hfs filesystems. * CVE-2011-4326: A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. The following non-security bugs have been fixed: * ALSA: hda - Fix S3/S4 problem on machines with VREF-pin mute-LED (bnc#732535). * patches.xen/xen-pcpu-hotplug: Fix a double kfree(). * ixgbe: fix bug with vlan strip in promsic mode (bnc#687049, fate#311821). * ixgbe: fix panic when shutting down system with WoL enabled. * fnic: Allow users to modify dev_loss_tmo setting (bnc#719786). * x86, intel: Do not mark sched_clock() as stable (bnc#725709). * ALSA: hda - Keep vref-LED during power-saving on IDT codecs (bnc#731981). * cifs: Assume passwords are encoded according to iocharset (bnc#731035). * scsi_dh: Check queuedata pointer before proceeding (bnc#714744). * netback: use correct index for invalidation in netbk_tx_check_mop(). * ACPI video: introduce module parameter video.use_bios_initial_backlight (bnc#731229). * SUNRPC: prevent task_cleanup running on freed xprt (bnc#709671). * add device entry for Broadcom Valentine combo card (bnc#722429). * quota: Fix WARN_ON in lookup_one_len (bnc#728626). * Update Xen patches to 2.6.32.48. * pv-on-hvm/kexec: add xs_reset_watches to shutdown watches from old kernel (bnc#694863). * x86: undo_limit_pages() must reset page count. * mm/vmstat.c: cache align vm_stat (bnc#729721). * s390/ccwgroup: fix uevent vs dev attrs race (bnc#659101,LTC#69028). * Warn on pagecache limit usage (FATE309111). * SCSI: st: fix race in st_scsi_execute_end (bnc#720536). * ACPI: introduce "acpi_rsdp=" parameter for kdump (bnc#717263). * elousb: Limit the workaround warning to one per error, control workaround activity (bnc#719916). * SCSI: libiscsi: reset cmd timer if cmds are making progress (bnc#691440). * SCSI: fix crash in scsi_dispatch_cmd() (bnc#724989). * NFS/sunrpc: do not use a credential with extra groups (bnc#725878). * s390/qdio: EQBS retry after CCQ 96 (bnc#725453,LTC#76117). * fcoe: Reduce max_sectors to 1024 (bnc#695898). * apparmor: return -ENOENT when there is no profile for a hat (bnc#725502). * sched, cgroups: disallow attaching kthreadd (bnc#721840). * nfs: Check validity of cl_rpcclient in nfs_server_list_show (bnc#717884). * x86, vt-d: enable x2apic opt out (disabling x2apic through BIOS flag) (bnc#701183, fate#311989). * block: Free queue resources at blk_release_queue() (bnc#723815). * ALSA: hda - Add post_suspend patch ops (bnc#724800). * ALSA: hda - Allow codec-specific set_power_state ops (bnc#724800). * ALSA: hda - Add support for vref-out based mute LED control on IDT codecs (bnc#724800). * scsi_dh_rdac : Add definitions for different RDAC operating modes (bnc#724365). * scsi_dh_rdac : Detect the different RDAC operating modes (bnc#724365). * scsi_dh_rdac : decide whether to send mode select based on operating mode (bnc#724365). * scsi_dh_rdac: Use WWID from C8 page instead of Subsystem id from C4 page to identify storage (bnc#724365). * vlan: Match underlying dev carrier on vlan add (bnc#722504). * scsi_lib: pause between error retries (bnc#675127). * xfs: use KM_NOFS for allocations during attribute list operations (bnc#721830). * bootsplash: Do not crash when no fb is set (bnc#723542). * cifs: do not allow cifs_iget to match inodes of the wrong type (bnc#711501). * cifs: fix noserverino handling when 1 extensions are enabled (bnc#711501). * cifs: reduce false positives with inode aliasing serverino autodisable (bnc#711501). * parport_pc: release IO region properly if unsupported ITE887x card is found (bnc#721464). * writeback: avoid unnecessary calculation of bdi dirty thresholds (bnc#721299). * 1: Fix bogus it_blocksize in VIO iommu code (bnc#717690). * ext4: Fix max file size and logical block counting of extent format file (bnc#706374). * novfs: Unable to change password in the Novell Client for Linux (bnc#713229). * xfs: add more ilock tracing. * sched: move wakeup tracepoint above out_running (bnc#712002). * config.conf: Build KMPs for the -trace flavor as well (fate#312759, bnc#712404, bnc#712405, bnc#721337). * memsw: remove noswapaccount kernel parameter (bnc#719450). Security Issue references: * CVE-2011-3188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3188
* CVE-2011-2699 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699
* CVE-2011-2203 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2203
* CVE-2011-1833 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1833
* CVE-2011-1576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576
* CVE-2011-4330 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4330
* CVE-2011-4326 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4326
Indications: Everyone using the Linux Kernel on s390x architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-kernel-5510 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-kernel-5493 slessp1-kernel-5510 - SUSE Linux Enterprise High Availability Extension 11 SP1: zypper in -t patch sleshasp1-kernel-5493 sleshasp1-kernel-5510 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-kernel-5510 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.49]: btrfs-kmp-default-0_2.6.32.49_0.3-0.3.66 btrfs-kmp-pae-0_2.6.32.49_0.3-0.3.66 ext4dev-kmp-default-0_2.6.32.49_0.3-7.9.33 ext4dev-kmp-pae-0_2.6.32.49_0.3-7.9.33 hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17 hyper-v-kmp-pae-0_2.6.32.49_0.3-0.14.17 kernel-default-2.6.32.49-0.3.1 kernel-default-base-2.6.32.49-0.3.1 kernel-default-devel-2.6.32.49-0.3.1 kernel-pae-2.6.32.49-0.3.1 kernel-pae-base-2.6.32.49-0.3.1 kernel-pae-devel-2.6.32.49-0.3.1 kernel-source-2.6.32.49-0.3.1 kernel-syms-2.6.32.49-0.3.1 kernel-trace-2.6.32.49-0.3.1 kernel-trace-base-2.6.32.49-0.3.1 kernel-trace-devel-2.6.32.49-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 s390x) [New Version: 2.6.32.49]: btrfs-kmp-default-0_2.6.32.49_0.3-0.3.66 ext4dev-kmp-default-0_2.6.32.49_0.3-7.9.33 ext4dev-kmp-trace-0_2.6.32.49_0.3-7.9.33 kernel-default-2.6.32.49-0.3.1 kernel-default-base-2.6.32.49-0.3.1 kernel-default-devel-2.6.32.49-0.3.1 kernel-source-2.6.32.49-0.3.1 kernel-syms-2.6.32.49-0.3.1 kernel-trace-2.6.32.49-0.3.1 kernel-trace-base-2.6.32.49-0.3.1 kernel-trace-devel-2.6.32.49-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.49]: kernel-default-man-2.6.32.49-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.49]: btrfs-kmp-pae-0_2.6.32.49_0.3-0.3.66 btrfs-kmp-xen-0_2.6.32.49_0.3-0.3.66 ext4dev-kmp-pae-0_2.6.32.49_0.3-7.9.33 ext4dev-kmp-xen-0_2.6.32.49_0.3-7.9.33 hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17 hyper-v-kmp-pae-0_2.6.32.49_0.3-0.14.17 hyper-v-kmp-trace-0_2.6.32.49_0.3-0.18.1 kernel-ec2-2.6.32.49-0.3.1 kernel-ec2-base-2.6.32.49-0.3.1 kernel-pae-2.6.32.49-0.3.1 kernel-pae-base-2.6.32.49-0.3.1 kernel-pae-devel-2.6.32.49-0.3.1 kernel-xen-2.6.32.49-0.3.1 kernel-xen-base-2.6.32.49-0.3.1 kernel-xen-devel-2.6.32.49-0.3.1 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 s390x): cluster-network-kmp-default-1.4_2.6.32.49_0.3-2.5.18 cluster-network-kmp-trace-1.4_2.6.32.49_0.3-2.5.18 gfs2-kmp-default-2_2.6.32.49_0.3-0.2.65 gfs2-kmp-trace-2_2.6.32.49_0.3-0.2.65 ocfs2-kmp-default-1.6_2.6.32.49_0.3-0.4.2.18 ocfs2-kmp-trace-1.6_2.6.32.49_0.3-0.4.2.18 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586): cluster-network-kmp-pae-1.4_2.6.32.49_0.3-2.5.18 cluster-network-kmp-xen-1.4_2.6.32.49_0.3-2.5.18 gfs2-kmp-pae-2_2.6.32.49_0.3-0.2.65 gfs2-kmp-xen-2_2.6.32.49_0.3-0.2.65 ocfs2-kmp-pae-1.6_2.6.32.49_0.3-0.4.2.18 ocfs2-kmp-xen-1.6_2.6.32.49_0.3-0.4.2.18 - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.49]: btrfs-kmp-default-0_2.6.32.49_0.3-0.3.66 btrfs-kmp-pae-0_2.6.32.49_0.3-0.3.66 btrfs-kmp-xen-0_2.6.32.49_0.3-0.3.66 hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17 hyper-v-kmp-pae-0_2.6.32.49_0.3-0.14.17 kernel-default-2.6.32.49-0.3.1 kernel-default-base-2.6.32.49-0.3.1 kernel-default-devel-2.6.32.49-0.3.1 kernel-default-extra-2.6.32.49-0.3.1 kernel-desktop-devel-2.6.32.49-0.3.1 kernel-pae-2.6.32.49-0.3.1 kernel-pae-base-2.6.32.49-0.3.1 kernel-pae-devel-2.6.32.49-0.3.1 kernel-pae-extra-2.6.32.49-0.3.1 kernel-source-2.6.32.49-0.3.1 kernel-syms-2.6.32.49-0.3.1 kernel-trace-devel-2.6.32.49-0.3.1 kernel-xen-2.6.32.49-0.3.1 kernel-xen-base-2.6.32.49-0.3.1 kernel-xen-devel-2.6.32.49-0.3.1 kernel-xen-extra-2.6.32.49-0.3.1 References: http://support.novell.com/security/cve/CVE-2011-1576.html http://support.novell.com/security/cve/CVE-2011-1833.html http://support.novell.com/security/cve/CVE-2011-2203.html http://support.novell.com/security/cve/CVE-2011-2699.html http://support.novell.com/security/cve/CVE-2011-3188.html http://support.novell.com/security/cve/CVE-2011-4326.html http://support.novell.com/security/cve/CVE-2011-4330.html https://bugzilla.novell.com/659101 https://bugzilla.novell.com/675127 https://bugzilla.novell.com/687049 https://bugzilla.novell.com/691440 https://bugzilla.novell.com/694863 https://bugzilla.novell.com/695898 https://bugzilla.novell.com/698450 https://bugzilla.novell.com/699709 https://bugzilla.novell.com/701183 https://bugzilla.novell.com/702013 https://bugzilla.novell.com/706374 https://bugzilla.novell.com/707288 https://bugzilla.novell.com/709671 https://bugzilla.novell.com/711501 https://bugzilla.novell.com/711539 https://bugzilla.novell.com/712002 https://bugzilla.novell.com/712404 https://bugzilla.novell.com/712405 https://bugzilla.novell.com/713229 https://bugzilla.novell.com/713650 https://bugzilla.novell.com/714744 https://bugzilla.novell.com/717263 https://bugzilla.novell.com/717690 https://bugzilla.novell.com/717884 https://bugzilla.novell.com/719450 https://bugzilla.novell.com/719786 https://bugzilla.novell.com/719916 https://bugzilla.novell.com/720536 https://bugzilla.novell.com/721299 https://bugzilla.novell.com/721337 https://bugzilla.novell.com/721464 https://bugzilla.novell.com/721830 https://bugzilla.novell.com/721840 https://bugzilla.novell.com/722429 https://bugzilla.novell.com/722504 https://bugzilla.novell.com/723542 https://bugzilla.novell.com/723815 https://bugzilla.novell.com/724365 https://bugzilla.novell.com/724800 https://bugzilla.novell.com/724989 https://bugzilla.novell.com/725453 https://bugzilla.novell.com/725502 https://bugzilla.novell.com/725709 https://bugzilla.novell.com/725878 https://bugzilla.novell.com/728626 https://bugzilla.novell.com/729111 https://bugzilla.novell.com/729721 https://bugzilla.novell.com/731035 https://bugzilla.novell.com/731229 https://bugzilla.novell.com/731673 https://bugzilla.novell.com/731981 https://bugzilla.novell.com/732021 https://bugzilla.novell.com/732535 http://download.novell.com/patch/finder/?keywords=9b0aea51d7510d41288711e510... http://download.novell.com/patch/finder/?keywords=f2bc63a432cbfc30adf058c055... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org