SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1391-1 Rating: important References: #674284 #703156 #734056 #738400 #738528 #747576 #755546 #758985 #760974 #762581 #763526 #765102 #765320 #767277 #767504 #767766 #767939 #769784 #770507 #770697 #772409 #773272 #773831 #776888 #777575 #783058 Cross-References: CVE-2011-1044 CVE-2011-4110 CVE-2012-2136 CVE-2012-2663 CVE-2012-2744 CVE-2012-3510 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 20 fixes is now available. Description: This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed: * CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password (a side channel attack). * CVE-2012-2744: net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel, when the nf_conntrack_ipv6 module is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. * CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. * CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and updating a negative key into a fully instantiated key. * CVE-2011-1044: The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel did not initialize a certain response buffer, which allowed local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. * CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. * CVE-2012-2136: The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. * CVE-2012-2663: A small denial of service leak in dropping syn+fin messages was fixed. The following non-security issues have been fixed: Packaging: * kbuild: Fix gcc -x syntax (bnc#773831). NFS: * knfsd: An assortment of little fixes to the sunrpc cache code (bnc#767766). * knfsd: Unexport cache_fresh and fix a small race (bnc#767766). * knfsd: nfsd: do not drop silently on upcall deferral (bnc#767766). * knfsd: svcrpc: remove another silent drop from deferral code (bnc#767766). * sunrpc/cache: simplify cache_fresh_locked and cache_fresh_unlocked (bnc#767766). * sunrpc/cache: recheck cache validity after cache_defer_req (bnc#767766). * sunrpc/cache: use list_del_init for the list_head entries in cache_deferred_req (bnc#767766). * sunrpc/cache: avoid variable over-loading in cache_defer_req (bnc#767766). * sunrpc/cache: allow thread to block while waiting for cache update (bnc#767766). * sunrpc/cache: Fix race in sunrpc/cache introduced by patch to allow thread to block while waiting for cache update (bnc#767766). * sunrpc/cache: Another fix for race problem with sunrpc cache deferal (bnc#767766). * knfsd: nfsd: make all exp_finding functions return -errnos on err (bnc#767766). * Fix kabi breakage in previous nfsd patch series (bnc#767766). * nfsd: Work around incorrect return type for wait_for_completion_interruptible_timeout (bnc#767766). * nfs: Fix a potential file corruption issue when writing (bnc#773272). * nfs: Allow sync writes to be multiple pages (bnc#763526). * nfs: fix reference counting for NFSv4 callback thread (bnc#767504). * nfs: flush signals before taking down callback thread (bnc#767504). * nfsv4: Ensure nfs_callback_down() calls svc_destroy() (bnc#767504). SCSI: * SCSI/ch: Check NULL for kmalloc() return (bnc#783058). * drivers/scsi/aic94xx/aic94xx_init.c: correct the size argument to kmalloc (bnc#783058). * block: fail SCSI passthrough ioctls on partition devices (bnc#738400). * dm: do not forward ioctls from logical volumes to the underlying device (bnc#738400). * vmware: Fix VMware hypervisor detection (bnc#777575, bnc#770507). S/390: * lgr: Make lgr_page static (bnc#772409,LTC#83520). * zfcp: Fix oops in _blk_add_trace() (bnc#772409,LTC#83510). * kernel: Add z/VM LGR detection (bnc#767277,LTC#RAS1203). * be2net: Fix EEH error reset before a flash dump completes (bnc#755546). * mptfusion: fix msgContext in mptctl_hp_hostinfo (bnc#767939). * PCI: Fix bus resource assignment on 32 bits with 64b resources. (bnc#762581) * PCI: fix up setup-bus.c #ifdef. (bnc#762581) * x86: powernow-k8: Fix indexing issue (bnc#758985). * net: Fix race condition about network device name allocation (bnc#747576). XEN: * smpboot: adjust ordering of operations. * xen/x86-64: provide a memset() that can deal with 4Gb or above at a time (bnc#738528). * xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53 (bnc#760974). * xen/gntdev: fix multi-page slot allocation (bnc#760974). Security Issues: * CVE-2011-1044 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044

* CVE-2011-4110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110

* CVE-2012-2136 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136

* CVE-2012-2663 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663

* CVE-2012-2744 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2744

* CVE-2012-3510 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510

Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): kernel-default-2.6.16.60-0.99.1 kernel-source-2.6.16.60-0.99.1 kernel-syms-2.6.16.60-0.99.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.99.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.99.1 - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): kernel-smp-2.6.16.60-0.99.1 kernel-xen-2.6.16.60-0.99.1 - SUSE Linux Enterprise Server 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.99.1 kernel-kdumppae-2.6.16.60-0.99.1 kernel-vmi-2.6.16.60-0.99.1 kernel-vmipae-2.6.16.60-0.99.1 kernel-xenpae-2.6.16.60-0.99.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): kernel-iseries64-2.6.16.60-0.99.1 kernel-ppc64-2.6.16.60-0.99.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): kernel-default-2.6.16.60-0.99.1 kernel-smp-2.6.16.60-0.99.1 kernel-source-2.6.16.60-0.99.1 kernel-syms-2.6.16.60-0.99.1 kernel-xen-2.6.16.60-0.99.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.99.1 kernel-xenpae-2.6.16.60-0.99.1 - SLE SDK 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.99.1 - SLE SDK 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.99.1 - SLE SDK 10 SP4 (i586 x86_64): kernel-xen-2.6.16.60-0.99.1 - SLE SDK 10 SP4 (i586): kernel-xenpae-2.6.16.60-0.99.1 References: http://support.novell.com/security/cve/CVE-2011-1044.html http://support.novell.com/security/cve/CVE-2011-4110.html http://support.novell.com/security/cve/CVE-2012-2136.html http://support.novell.com/security/cve/CVE-2012-2663.html http://support.novell.com/security/cve/CVE-2012-2744.html http://support.novell.com/security/cve/CVE-2012-3510.html https://bugzilla.novell.com/674284 https://bugzilla.novell.com/703156 https://bugzilla.novell.com/734056 https://bugzilla.novell.com/738400 https://bugzilla.novell.com/738528 https://bugzilla.novell.com/747576 https://bugzilla.novell.com/755546 https://bugzilla.novell.com/758985 https://bugzilla.novell.com/760974 https://bugzilla.novell.com/762581 https://bugzilla.novell.com/763526 https://bugzilla.novell.com/765102 https://bugzilla.novell.com/765320 https://bugzilla.novell.com/767277 https://bugzilla.novell.com/767504 https://bugzilla.novell.com/767766 https://bugzilla.novell.com/767939 https://bugzilla.novell.com/769784 https://bugzilla.novell.com/770507 https://bugzilla.novell.com/770697 https://bugzilla.novell.com/772409 https://bugzilla.novell.com/773272 https://bugzilla.novell.com/773831 https://bugzilla.novell.com/776888 https://bugzilla.novell.com/777575 https://bugzilla.novell.com/783058 http://download.novell.com/patch/finder/?keywords=118cf41af33f48911c473f3bd8... http://download.novell.com/patch/finder/?keywords=1d5bd8295622191606c935851b... http://download.novell.com/patch/finder/?keywords=3b3320a96f49fe4615b35ba22b... http://download.novell.com/patch/finder/?keywords=9dc087603b172b449aa9a07b54... http://download.novell.com/patch/finder/?keywords=c77cfcc87d8e54df006cb42c12... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org