SUSE Security Update: Security update for Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0364-1 Rating: important References: #590980 #591293 #651219 #653260 #698450 #699709 #707096 #707288 #708877 #711203 #711539 #712366 #714001 #716901 #722406 #726788 #732021 #734056 #745881 Cross-References: CVE-2010-3873 CVE-2011-1576 CVE-2011-1577 CVE-2011-1833 CVE-2011-2203 CVE-2011-2918 CVE-2011-2928 CVE-2011-3191 CVE-2011-3353 CVE-2011-4081 CVE-2011-4110 CVE-2011-4326 Affected Products: SUSE Linux Enterprise Real Time 11 SP1 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 7 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise Server 11 SP1 Realtime kernel was updated to 2.6.33.20 to fix various bugs and security issues. The following security issues have been fixed: * CVE-2011-4110: KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. * CVE-2011-4081: Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. * CVE-2010-3873: When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. * CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. * CVE-2011-3191: A malicious CIFS server could cause a integer overflow on the local machine on directory index operations, in turn causing memory corruption. * CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. * CVE-2011-4326: A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. * CVE-2011-1576: The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. * CVE-2011-1833: Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. * CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer. Included in Linux 2.6.32.19 stable update: * CVE-2011-2928: The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. * CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. * CVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. The following non security bugs have been fixed: * Fix DL980G7 numa enumeration problem. HP bios SRAT table contains more entries (256) than SLERT NR_CPUS (128). Pull in mainline fixes to always parse the entire table, regardless of configured NR_CPUS. * x86, acpi: Parse all SRAT cpu entries even above the cpu number limitation (bnc#745881). * x86, ia64, acpi: Clean up x86-ism in drivers/acpi/numa.c (bnc#745881). * rt, timerfd: fix timerfd_settime() livelock. * Fix build failure on 12.1 systems. CONFIG_BUILD_DOCSRC builds Documentation/video4linux but without reference to local includes, thus build only succeeds on older SUSE releases where linux-glibc-devel provides (obsolete) videodev.h. Add upstream patch which drops support for v4lgrab.c which is safe as sample executable is not packaged in any released rpm. * Add missing references symset for the rt flavor (bnc#722406#c69). * Pick up SP1 82576 ET2 Quad Port driver addon. Pick up I350 as well, since it's just recognition of a follow-on part for 82580. * igb: Add support for 82576 ET2 Quad Port Server Adapter (bnc#591293, bnc#722406). * igb: add support for Intel I350 Gigabit Network Connection (bnc#590980). * Fix regression introduced by backport of mainline commit 43fa5460 * sched/rt: Migrate equal priority tasks to available CPUs. * sched: fix broken SCHED_RESET_ON_FORK handling (bnc#708877). * sched: Fix rt_rq runtime leakage bug (bnc#707096). Security Issue references: * CVE-2011-4110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110

* CVE-2011-4081 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4081

* CVE-2010-3873 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3873

* CVE-2011-2203 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2203

* CVE-2011-3191 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191

* CVE-2011-3353 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353

* CVE-2011-4326 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4326

* CVE-2011-1576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576

* CVE-2011-1833 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1833

* CVE-2011-2918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2918

* CVE-2011-2928 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928

* CVE-2011-3353 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353

* CVE-2011-1577 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577

Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP1: zypper in -t patch slertesp1-kernel-5802 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP1 (x86_64) [New Version: 2.6.33.20]: brocade-bna-kmp-rt-2.1.0.0_2.6.33.20_rt31_0.3-0.2.34 cluster-network-kmp-rt-1.4_2.6.33.20_rt31_0.3-2.5.28 cluster-network-kmp-rt_trace-1.4_2.6.33.20_rt31_0.3-2.5.28 drbd-kmp-rt-8.3.11_2.6.33.20_rt31_0.3-0.3.28 drbd-kmp-rt_trace-8.3.11_2.6.33.20_rt31_0.3-0.3.28 iscsitarget-kmp-rt-1.4.19_2.6.33.20_rt31_0.3-0.9.11.2 kernel-rt-2.6.33.20-0.3.1 kernel-rt-base-2.6.33.20-0.3.1 kernel-rt-devel-2.6.33.20-0.3.1 kernel-rt_trace-2.6.33.20-0.3.1 kernel-rt_trace-base-2.6.33.20-0.3.1 kernel-rt_trace-devel-2.6.33.20-0.3.1 kernel-source-rt-2.6.33.20-0.3.1 kernel-syms-rt-2.6.33.20-0.3.1 ocfs2-kmp-rt-1.6_2.6.33.20_rt31_0.3-0.4.2.28 ocfs2-kmp-rt_trace-1.6_2.6.33.20_rt31_0.3-0.4.2.28 ofed-kmp-rt-1.5.2_2.6.33.20_rt31_0.3-0.9.13.15 References: http://support.novell.com/security/cve/CVE-2010-3873.html http://support.novell.com/security/cve/CVE-2011-1576.html http://support.novell.com/security/cve/CVE-2011-1577.html http://support.novell.com/security/cve/CVE-2011-1833.html http://support.novell.com/security/cve/CVE-2011-2203.html http://support.novell.com/security/cve/CVE-2011-2918.html http://support.novell.com/security/cve/CVE-2011-2928.html http://support.novell.com/security/cve/CVE-2011-3191.html http://support.novell.com/security/cve/CVE-2011-3353.html http://support.novell.com/security/cve/CVE-2011-4081.html http://support.novell.com/security/cve/CVE-2011-4110.html http://support.novell.com/security/cve/CVE-2011-4326.html https://bugzilla.novell.com/590980 https://bugzilla.novell.com/591293 https://bugzilla.novell.com/651219 https://bugzilla.novell.com/653260 https://bugzilla.novell.com/698450 https://bugzilla.novell.com/699709 https://bugzilla.novell.com/707096 https://bugzilla.novell.com/707288 https://bugzilla.novell.com/708877 https://bugzilla.novell.com/711203 https://bugzilla.novell.com/711539 https://bugzilla.novell.com/712366 https://bugzilla.novell.com/714001 https://bugzilla.novell.com/716901 https://bugzilla.novell.com/722406 https://bugzilla.novell.com/726788 https://bugzilla.novell.com/732021 https://bugzilla.novell.com/734056 https://bugzilla.novell.com/745881 http://download.novell.com/patch/finder/?keywords=2e813f9c7b45c2dd561fb51cf3... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org