Mailinglist Archive: opensuse-security-announce (15 mails)

< Previous Next >
[security-announce] SUSE-SU-2011:1100-1: important: Security update for Linux kernel
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2011:1100-1
Rating: important
References: #588458 #603804 #632870 #642896 #649625 #650309
#667386 #669378 #688859 #694670 #699354 #699355
#699357 #701443 #701686 #704347 #706557 #707096
#707125 #707737 #708675 #708877 #709412 #711203
#711969 #712456 #712929 #713138 #713430 #714001
#714966 #715235 #715763 #716901 #719117 #719450

Cross-References: CVE-2011-2928 CVE-2011-3191 CVE-2011-3353

Affected Products:
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise High Availability Extension 11 SP1
SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

An update that solves three vulnerabilities and has 33
fixes is now available. It includes one version update.

Description:


The SUSE Linux Enterprise 11 Service Pack 1 kernel was
updated to 2.6.32.46 and fixes various bugs and security
issues.

Following security issues were fixed: CVE-2011-3191: A
signedness issue in CIFS could possibly have lead to to
memory corruption, if a malicious server could send
crafted replies to the host.

CVE-2011-3353: In the fuse filesystem,
FUSE_NOTIFY_INVAL_ENTRY did not check the length of the
write so the message processing could overrun and result
in a BUG_ON() in fuse_copy_fill(). This flaw could be used
by local users able to mount FUSE filesystems to crash the
system.

CVE-2011-2928: The befs_follow_link function in
fs/befs/linuxvfs.c in the Linux kernel did not validate
the length attribute of long symlinks, which allowed local
users to cause a denial of service (incorrect pointer
dereference and OOPS) by accessing a long symlink on a
malformed Be filesystem.

Also the following non security bugs were fixed: -
CONFIG_CGROUP_MEM_RES_CTLR_SWAP enabled -
CONFIG_CGROUP_MEM_RES_CTLR_SWAP_ENABLED disabled by
default. Swap accounting can be turned on by swapaccount=1
kernel command line parameter (bnc#719450) - Make swap
accounting default behavior configurable (bnc#719450,
bnc#650309, fate#310471).

*

Added a missing reset for ioc_reset_in_progress in
SoftReset in the mtpsas driver (bnc#711969).

*

Add support for the Digi/IBM PCIe 2-port Adapter
(bnc#708675).

*

Always enable MSI-X on 5709 (bnc#707737).

*

sched: fix broken SCHED_RESET_ON_FORK handling
(bnc#708877).

*

sched: Fix rt_rq runtime leakage bug (bnc#707096).

*

ACPI: allow passing down C1 information if no other
C-states exist.

*

KDB: turn off kdb usb support by default (bnc#694670
bnc#603804).

*

xfs: Added event tracing support.

*

xfs: fix xfs_fsblock_t tracing.

*

igb: extend maximum frame size to receive VLAN tagged
frames (bnc#688859).

*

cfq: Do not allow queue merges for queues that have
no process references (bnc#712929).

* cfq: break apart merged cfqqs if they stop
cooperating (bnc#712929).
* cfq: calculate the seek_mean per cfq_queue not per
cfq_io_context (bnc#712929).
* cfq: change the meaning of the cfqq_coop flag
(bnc#712929).
* cfq-iosched: get rid of the coop_preempt flag
(bnc#712929).
*

cfq: merge cooperating cfq_queues (bnc#712929).

*

Fix FDDI and TR config checks in ipv4 arp and LLC
(bnc#715235).

*

writeback: do uninterruptible sleep in
balance_dirty_pages() (bnc#699354 bnc#699357).

* xfs: fix memory reclaim recursion deadlock on locked
inode buffer (bnc#699355 bnc#699354).
*

xfs: use GFP_NOFS for page cache allocation
(bnc#699355 bnc#699354).

*

virtio-net: init link state correctly (bnc#714966).

*

cpufreq: pcc-cpufreq: sanity check to prevent a NULL
pointer dereference (bnc#709412).

*

x86: ucode-amd: Do not warn when no ucode is
available for a CPU

*

patches.arch/x86_64-unwind-annotations: Refresh
(bnc#588458).

*

patches.suse/stack-unwind: Refresh (bnc#588458).

*

splice: direct_splice_actor() should not use pos in
sd (bnc#715763).

*

qdio: 2nd stage retry on SIGA-W busy conditions
(bnc#713138,LTC#74402).

*

TTY: pty, fix pty counting (bnc#711203).

*

Avoid deadlock in GFP_IO/GFP_FS allocation
(bnc#632870).

*

novfs: fix some DirCache locking issues (bnc#669378).

* novfs: fix some kmalloc/kfree issues (bnc#669378).
* novfs: fix off-by-one allocation error (bnc#669378).
* novfs: unlink directory after unmap (bnc#649625).
*

novfs: last modification time not reliable
(bnc#642896).

*

x86 / IO APIC: Reset IRR in clear_IO_APIC_pin()
(bnc#701686, bnc#667386).

*

mptfusion : Added check for SILI bit in READ_6 CDB
for DATA UNDERRUN ERRATA (bnc #712456).

*

xfs: serialise unaligned direct IOs (bnc#707125).

*

NFS: Ensure that we handle NFS4ERR_STALE_STATEID
correctly (bnc#701443).

* NFSv4: Do not call nfs4_state_mark_reclaim_reboot()
from error handlers (bnc#701443).
* NFSv4: Fix open recovery (bnc#701443).
* NFSv4.1: Do not call nfs4_schedule_state_recovery()
unnecessarily (bnc#701443).

Security Issues:

* CVE-2011-3191
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191
>
* CVE-2011-3353
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353
>
* CVE-2011-2928
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928
>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server 11 SP1 for VMware:

zypper in -t patch slessp1-kernel-5219 slessp1-kernel-5223

- SUSE Linux Enterprise Server 11 SP1:

zypper in -t patch slessp1-kernel-5219 slessp1-kernel-5220
slessp1-kernel-5221 slessp1-kernel-5222 slessp1-kernel-5223

- SUSE Linux Enterprise High Availability Extension 11 SP1:

zypper in -t patch sleshasp1-kernel-5219 sleshasp1-kernel-5220
sleshasp1-kernel-5221 sleshasp1-kernel-5222 sleshasp1-kernel-5223

- SUSE Linux Enterprise Desktop 11 SP1:

zypper in -t patch sledsp1-kernel-5219 sledsp1-kernel-5223

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version:
2.6.32.46]:

btrfs-kmp-default-0_2.6.32.46_0.3-0.3.57
ext4dev-kmp-default-0_2.6.32.46_0.3-7.9.24
hyper-v-kmp-default-0_2.6.32.46_0.3-0.14.11
kernel-default-2.6.32.46-0.3.1
kernel-default-base-2.6.32.46-0.3.1
kernel-default-devel-2.6.32.46-0.3.1
kernel-source-2.6.32.46-0.3.1
kernel-syms-2.6.32.46-0.3.1
kernel-trace-2.6.32.46-0.3.1
kernel-trace-base-2.6.32.46-0.3.1
kernel-trace-devel-2.6.32.46-0.3.1

- SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version:
2.6.32.46]:

btrfs-kmp-pae-0_2.6.32.46_0.3-0.3.57
ext4dev-kmp-pae-0_2.6.32.46_0.3-7.9.24
hyper-v-kmp-pae-0_2.6.32.46_0.3-0.14.11
kernel-pae-2.6.32.46-0.3.1
kernel-pae-base-2.6.32.46-0.3.1
kernel-pae-devel-2.6.32.46-0.3.1

- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New
Version: 2.6.32.46]:

btrfs-kmp-default-0_2.6.32.46_0.3-0.3.57
ext4dev-kmp-default-0_2.6.32.46_0.3-7.9.24
kernel-default-2.6.32.46-0.3.1
kernel-default-base-2.6.32.46-0.3.1
kernel-default-devel-2.6.32.46-0.3.1
kernel-source-2.6.32.46-0.3.1
kernel-syms-2.6.32.46-0.3.1
kernel-trace-2.6.32.46-0.3.1
kernel-trace-base-2.6.32.46-0.3.1
kernel-trace-devel-2.6.32.46-0.3.1

- SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 2.6.32.46]:

btrfs-kmp-xen-0_2.6.32.46_0.3-0.3.57
ext4dev-kmp-xen-0_2.6.32.46_0.3-7.9.24
hyper-v-kmp-default-0_2.6.32.46_0.3-0.14.11
kernel-ec2-2.6.32.46-0.3.1
kernel-ec2-base-2.6.32.46-0.3.1
kernel-xen-2.6.32.46-0.3.1
kernel-xen-base-2.6.32.46-0.3.1
kernel-xen-devel-2.6.32.46-0.3.1

- SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.46]:

kernel-default-man-2.6.32.46-0.3.1

- SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.46]:

ext4dev-kmp-ppc64-0_2.6.32.46_0.3-7.9.24
kernel-ppc64-2.6.32.46-0.3.1
kernel-ppc64-base-2.6.32.46-0.3.1
kernel-ppc64-devel-2.6.32.46-0.3.1

- SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.46]:

btrfs-kmp-pae-0_2.6.32.46_0.3-0.3.57
ext4dev-kmp-pae-0_2.6.32.46_0.3-7.9.24
hyper-v-kmp-pae-0_2.6.32.46_0.3-0.14.11
kernel-pae-2.6.32.46-0.3.1
kernel-pae-base-2.6.32.46-0.3.1
kernel-pae-devel-2.6.32.46-0.3.1

- SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64
s390x x86_64):

cluster-network-kmp-default-1.4_2.6.32.46_0.3-2.5.9
gfs2-kmp-default-2_2.6.32.46_0.3-0.2.56
ocfs2-kmp-default-1.6_2.6.32.46_0.3-0.4.2.9

- SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 x86_64):

cluster-network-kmp-xen-1.4_2.6.32.46_0.3-2.5.9
gfs2-kmp-xen-2_2.6.32.46_0.3-0.2.56
ocfs2-kmp-xen-1.6_2.6.32.46_0.3-0.4.2.9

- SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64):

cluster-network-kmp-ppc64-1.4_2.6.32.46_0.3-2.5.9
gfs2-kmp-ppc64-2_2.6.32.46_0.3-0.2.56
ocfs2-kmp-ppc64-1.6_2.6.32.46_0.3-0.4.2.9

- SUSE Linux Enterprise High Availability Extension 11 SP1 (i586):

cluster-network-kmp-pae-1.4_2.6.32.46_0.3-2.5.9
gfs2-kmp-pae-2_2.6.32.46_0.3-0.2.56
ocfs2-kmp-pae-1.6_2.6.32.46_0.3-0.4.2.9

- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version:
2.6.32.46]:

btrfs-kmp-default-0_2.6.32.46_0.3-0.3.57
btrfs-kmp-xen-0_2.6.32.46_0.3-0.3.57
hyper-v-kmp-default-0_2.6.32.46_0.3-0.14.11
kernel-default-2.6.32.46-0.3.1
kernel-default-base-2.6.32.46-0.3.1
kernel-default-devel-2.6.32.46-0.3.1
kernel-default-extra-2.6.32.46-0.3.1
kernel-desktop-devel-2.6.32.46-0.3.1
kernel-source-2.6.32.46-0.3.1
kernel-syms-2.6.32.46-0.3.1
kernel-xen-2.6.32.46-0.3.1
kernel-xen-base-2.6.32.46-0.3.1
kernel-xen-devel-2.6.32.46-0.3.1
kernel-xen-extra-2.6.32.46-0.3.1

- SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.46]:

btrfs-kmp-pae-0_2.6.32.46_0.3-0.3.57
hyper-v-kmp-pae-0_2.6.32.46_0.3-0.14.11
kernel-pae-2.6.32.46-0.3.1
kernel-pae-base-2.6.32.46-0.3.1
kernel-pae-devel-2.6.32.46-0.3.1
kernel-pae-extra-2.6.32.46-0.3.1


References:

http://support.novell.com/security/cve/CVE-2011-2928.html
http://support.novell.com/security/cve/CVE-2011-3191.html
http://support.novell.com/security/cve/CVE-2011-3353.html
https://bugzilla.novell.com/588458
https://bugzilla.novell.com/603804
https://bugzilla.novell.com/632870
https://bugzilla.novell.com/642896
https://bugzilla.novell.com/649625
https://bugzilla.novell.com/650309
https://bugzilla.novell.com/667386
https://bugzilla.novell.com/669378
https://bugzilla.novell.com/688859
https://bugzilla.novell.com/694670
https://bugzilla.novell.com/699354
https://bugzilla.novell.com/699355
https://bugzilla.novell.com/699357
https://bugzilla.novell.com/701443
https://bugzilla.novell.com/701686
https://bugzilla.novell.com/704347
https://bugzilla.novell.com/706557
https://bugzilla.novell.com/707096
https://bugzilla.novell.com/707125
https://bugzilla.novell.com/707737
https://bugzilla.novell.com/708675
https://bugzilla.novell.com/708877
https://bugzilla.novell.com/709412
https://bugzilla.novell.com/711203
https://bugzilla.novell.com/711969
https://bugzilla.novell.com/712456
https://bugzilla.novell.com/712929
https://bugzilla.novell.com/713138
https://bugzilla.novell.com/713430
https://bugzilla.novell.com/714001
https://bugzilla.novell.com/714966
https://bugzilla.novell.com/715235
https://bugzilla.novell.com/715763
https://bugzilla.novell.com/716901
https://bugzilla.novell.com/719117
https://bugzilla.novell.com/719450

http://download.novell.com/patch/finder/?keywords=20cb09e23614f5f5085f698cc5bf2e4f

http://download.novell.com/patch/finder/?keywords=56d0712d83970cf6fe7492bf3330ee2a

http://download.novell.com/patch/finder/?keywords=94fa14c210d027059a56ea1e31e280c7

http://download.novell.com/patch/finder/?keywords=959314df0926c9887f7057c56f1d07c1

http://download.novell.com/patch/finder/?keywords=9a7f6196af0af6d69bc4d0f12e07e44d

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages