Articles / SuSE: New Linux kernel pack…

SuSE: New Linux kernel packages fix security vulnerabilities

The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host.

Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests.

Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0789-1
Rating:             important
References:         #556135 #735909 #743579 #744404 #747404 #754690 
                   #756050 #757315 #758243 #759336 #759545 #759805 
                   #760237 #760806 #761087 #761245 #762991 #762992 
                   #763267 #763307 #763485 #763717 #764091 #764150 
                   #764209 #764500 #764900 #765102 #765253 #765320 
                   #765524 
Cross-References:   CVE-2012-2119 CVE-2012-2136 CVE-2012-2373
                   CVE-2012-2375 CVE-2012-2390
Affected Products:
                   SUSE Linux Enterprise Server 11 SP2 for VMware
                   SUSE Linux Enterprise Server 11 SP2
                   SUSE Linux Enterprise High Availability Extension 11 SP2
                   SUSE Linux Enterprise Desktop 11 SP2
                   SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

  An update that solves 5 vulnerabilities and has 26 fixes is
  now available. It includes one version update.

Description:


  The SUSE Linux Enterprise 11 SP2 kernel was updated to
  3.0.34, fixing a lot  of bugs and security issues.

  The update from Linux kernel 3.0.31 to 3.0.34 also fixes
  various bugs not  listed here.

  The following security issues have been fixed:

  *

  CVE-2012-2136: Local attackers could trigger an
  overflow in sock_alloc_send_pksb(), potentially crashing
  the machine or escalate privileges.

  *

  CVE-2012-2390: A memory leak in transparent hugepages
  on mmap failure could be used by local attacker to run the
  machine out of memory (local denial of service).

  *

  CVE-2012-2119: A malicious guest driver could
  overflow the host stack by passing a long descriptor, so
  potentially crashing the host system or escalating
  privileges on the host.

  *

  CVE-2012-2375: Malicious NFS server could crash the
  clients when more than 2 GETATTR bitmap words are returned
  in response to the FATTR4_ACL attribute requests, only
  incompletely fixed by CVE-2011-4131.

  The following non-security bugs have been fixed:


  Hyper-V:

  * storvsc: Properly handle errors from the host
  (bnc#747404).
  * HID: hid-hyperv: Do not use hid_parse_report()
  directly.
  * HID: hyperv: Set the hid drvdata correctly.
  * drivers/hv: Get rid of an unnecessary check in
  vmbus_prep_negotiate_resp().
  * drivers/hv: util: Properly handle version
  negotiations.
  * hv: fix return type of hv_post_message().
  * net/hyperv: Add flow control based on hi/low
  watermark.
  * usb/net: rndis: break out <1/rndis.h> defines. only
  net/hyperv part
  * usb/net: rndis: remove ambigous status codes. only
  net/hyperv part
  * usb/net: rndis: merge command codes. only net/hyperv
  part
  * net/hyperv: Adding cancellation to ensure rndis
  filter is closed.
  * update hv drivers to 3.4-rc1, requires new
  hv_kvp_daemon:
  * drivers: hv: kvp: Add/cleanup connector defines.
  * drivers: hv: kvp: Move the contents of hv_kvp.h to
  hyperv.h.
  * net/hyperv: Convert camel cased variables in
  rndis_filter.c to lower cases.
  * net/hyperv: Correct the assignment in
  netvsc_recv_callback().
  * net/hyperv: Remove the unnecessary memset in
  rndis_filter_send().
  * drivers: hv: Cleanup the kvp related state in
  hyperv.h.
  * tools: hv: Use hyperv.h to get the KVP definitions.
  * drivers: hv: kvp: Cleanup the kernel/user protocol.
  * drivers: hv: Increase the number of VCPUs supported
  in the guest.
  * net/hyperv: Fix data corruption in
  rndis_filter_receive().
  * net/hyperv: Add support for vlan trunking from guests.
  * Drivers: hv: Add new message types to enhance KVP.
  * Drivers: hv: Support the newly introduced KVP
  messages in the driver.
  * Tools: hv: Fully support the new KVP verbs in the
  user level daemon.
  * Tools: hv: Support enumeration from all the pools.
  * net/hyperv: Fix the code handling tx busy.
  * patches.suse/suse-hv-pata_piix-ignore-disks.patch
  replace our version of this patch with upstream variant:
  ata_piix: defer disks to the Hyper-V drivers by default
  libata: add a host flag to ignore detected ATA devices.


  Btrfs:

  * btrfs: more module message prefixes.
  * vfs: re-implement writeback_inodes_sb(_nr)_if_idle()
  and rename them
  * btrfs: flush all the dirty pages if
  try_to_writeback_inodes_sb_nr() fails
  * vfs: re-implement writeback_inodes_sb(_nr)_if_idle()
  and rename them
  * btrfs: fix locking in btrfs_destroy_delayed_refs
  * btrfs: wake up transaction waiters when aborting a
  transaction
  * btrfs: abort the transaction if the commit fails
  * btrfs: fix btrfs_destroy_marked_extents
  * btrfs: unlock everything properly in the error case
  for nocow
  * btrfs: fix return code in drop_objectid_items
  * btrfs: check to see if the inode is in the log before
  fsyncing
  * btrfs: pass locked_page into
  extent_clear_unlock_delalloc if theres an error
  * btrfs: check the return code of btrfs_save_ino_cache
  * btrfs: do not update atime for RO snapshots
  (FATE#306586).
  * btrfs: convert the inode bit field to use the actual
  bit operations
  * btrfs: fix deadlock when the process of delayed refs
  fails
  * btrfs: stop defrag the files automatically when doin
  readonly remount or umount
  * btrfs: avoid memory leak of extent state in error
  handling routine
  * btrfs: make sure that we have made everything in
  pinned tree clean
  * btrfs: destroy the items of the delayed inodes in
  error handling routine
  * btrfs: ulist realloc bugfix
  * btrfs: bugfix in btrfs_find_parent_nodes
  * btrfs: bugfix: ignore the wrong key for indirect tree
  block backrefs
  * btrfs: avoid buffer overrun in btrfs_printk
  * btrfs: fall back to non-inline if we do not have
  enough space
  * btrfs: NUL-terminate path buffer in DEV_INFO ioctl
  result
  * btrfs: avoid buffer overrun in mount option handling
  * btrfs: do not do balance in readonly mode
  * btrfs: fix the same inode id problem when doing auto
  defragment
  * btrfs: fix wrong error returned by adding a device
  * btrfs: use fastpath in extent state ops as much as
  possible


  Misc:

  * tcp: drop SYN+FIN messages (bnc#765102).
  * mm: avoid swapping out with swappiness==0
  (swappiness).
  * thp: avoid atomic64_read in pmd_read_atomic for 32bit
  PAE (bnc#762991).
  * paravirt: Split paravirt MMU ops (bnc#556135,
  bnc#754690, FATE#306453).
  * paravirt: Only export pv_mmu_ops symbol if
  PARAVIRT_MMU
  * parvirt: Stub support KABI for KVM_MMU (bnc#556135,
  bnc#754690, FATE#306453).
  * tmpfs: implement NUMA node interleaving (bnc#764209).
  * synaptics-hp-clickpad: Fix the detection of LED on
  the recent HP laptops (bnc#765524)
  * supported.conf: mark xt_AUDIT as supported
  (bnc#765253)
  * mm: pmd_read_atomic: fix 32bit PAE pmd walk vs
  pmd_populate SMP race condition (bnc#762991 CVE-2012-2373).
  * xhci: Do not free endpoints in xhci_mem_cleanup()
  (bnc#763307).
  * xhci: Fix invalid loop check in xhci_free_tt_info()
  (bnc#763307).
  * drm: Skip too big EDID extensions (bnc#764900).
  * drm/i915: Add HP EliteBook to LVDS-temporary-disable
  list (bnc#763717).
  * hwmon: (fam15h_power) Increase output resolution
  (bnc#759336).
  * hwmon: (k10temp) Add support for AMD Trinity CPUs
  (bnc#759336).
  * rpm/kernel-binary.spec.in: Own the right -kdump
  initrd (bnc#764500)
  * memcg: prevent from OOM with too many dirty pages.
  * dasd: re-prioritize partition detection message
  (bnc#764091,LTC#81617).
  * kernel: pfault task state race (bnc#764091,LTC#81724).
  * kernel: clear page table for sw large page emulation
  (bnc#764091,LTC#81933).
  * USB: fix bug of device descriptor got from superspeed
  device (bnc#761087).
  * xfrm: take net hdr len into account for esp payload
  size calculation (bnc#759545).
  * st: clean up dev cleanup in st_probe (bnc#760806).
  * st: clean up device file creation and removal
  (bnc#760806).
  * st: get rid of scsi_tapes array (bnc#760806).
  * st: raise device limit (bnc#760806).
  * st: Use static class attributes (bnc#760806).
  * mm: Optimize put_mems_allowed() usage (VM
  performance).
  * cifs: fix oops while traversing open file list (try
  #4) (bnc#756050).
  * scsi: Fix dm-multipath starvation when scsi host is
  busy (bnc#763485).
  * dasd: process all requests in the device tasklet
  (bnc#763267).
  * rt2x00:Add RT539b chipset support (bnc#760237).
  * kabi/severities: Ignore changes in
  drivers/net/wireless/rt2x00, these are just exports used
  among the rt2x00 modules.
  * rt2800: radio 3xxx: reprogram only lower bits of
  RF_R3 (bnc#759805).
  * rt2800: radio 3xxx: program RF_R1 during channel
  switch (bnc#759805).
  * rt2800: radio 3xxxx: channel switch RX/TX calibration
  fixes (bnc#759805).
  * rt2x00: Avoid unnecessary uncached (bnc#759805).
  * rt2x00: Introduce sta_add/remove callbacks
  (bnc#759805).
  * rt2x00: Add WCID to crypto struct (bnc#759805).
  * rt2x00: Add WCID to HT TX descriptor (bnc#759805).
  * rt2x00: Move bssidx calculation into its own function
  (bnc#759805).
  * rt2x00: Make use of sta_add/remove callbacks in
  rt2800 (bnc#759805).
  * rt2x00: Forbid aggregation for STAs not programmed
  into the hw (bnc#759805).
  * rt2x00: handle spurious pci interrupts (bnc#759805).
  * rt2800: disable DMA after firmware load.
  * rt2800: radio 3xxx: add channel switch calibration
  routines (bnc#759805).
  * rpm/kernel-binary.spec.in: Obsolete ath3k, as it is
  now in the tree.
  * floppy: remove floppy-specific O_EXCL handling
  (bnc#757315).
  * floppy: convert to delayed work and single-thread wq
  (bnc#761245).

  Security Issue references:

  * CVE-2012-2119
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2119

  * CVE-2012-2136
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136

  * CVE-2012-2373
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2373

  * CVE-2012-2390
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2390

  * CVE-2012-2375
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2375


Indications:

  Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

  Please reboot the system after installing this update.

Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Server 11 SP2 for VMware:

     zypper in -t patch slessp2-kernel-6457 slessp2-kernel-6463

  - SUSE Linux Enterprise Server 11 SP2:

     zypper in -t patch slessp2-kernel-6453 slessp2-kernel-6457 slessp2-kernel-6458 slessp2-kernel-6463 slessp2-kernel-6467

  - SUSE Linux Enterprise High Availability Extension 11 SP2:

     zypper in -t patch sleshasp2-kernel-6453 sleshasp2-kernel-6457 sleshasp2-kernel-6458 sleshasp2-kernel-6463 sleshasp2-kernel-6467

  - SUSE Linux Enterprise Desktop 11 SP2:

     zypper in -t patch sledsp2-kernel-6457 sledsp2-kernel-6463

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.34]:

     kernel-default-3.0.34-0.7.9
     kernel-default-base-3.0.34-0.7.9
     kernel-default-devel-3.0.34-0.7.9
     kernel-source-3.0.34-0.7.9
     kernel-syms-3.0.34-0.7.9
     kernel-trace-3.0.34-0.7.9
     kernel-trace-base-3.0.34-0.7.9
     kernel-trace-devel-3.0.34-0.7.9
     kernel-xen-devel-3.0.34-0.7.9

  - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.34]:

     kernel-pae-3.0.34-0.7.9
     kernel-pae-base-3.0.34-0.7.9
     kernel-pae-devel-3.0.34-0.7.9

  - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.34]:

     kernel-default-3.0.34-0.7.9
     kernel-default-base-3.0.34-0.7.9
     kernel-default-devel-3.0.34-0.7.9
     kernel-source-3.0.34-0.7.9
     kernel-syms-3.0.34-0.7.9
     kernel-trace-3.0.34-0.7.9
     kernel-trace-base-3.0.34-0.7.9
     kernel-trace-devel-3.0.34-0.7.9

  - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.34]:

     kernel-ec2-3.0.34-0.7.9
     kernel-ec2-base-3.0.34-0.7.9
     kernel-ec2-devel-3.0.34-0.7.9
     kernel-xen-3.0.34-0.7.9
     kernel-xen-base-3.0.34-0.7.9
     kernel-xen-devel-3.0.34-0.7.9

  - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.34]:

     kernel-default-man-3.0.34-0.7.9

  - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.34]:

     kernel-ppc64-3.0.34-0.7.9
     kernel-ppc64-base-3.0.34-0.7.9
     kernel-ppc64-devel-3.0.34-0.7.9

  - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.34]:

     kernel-pae-3.0.34-0.7.9
     kernel-pae-base-3.0.34-0.7.9
     kernel-pae-devel-3.0.34-0.7.9

  - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):

     cluster-network-kmp-default-1.4_3.0.34_0.7-2.10.30
     cluster-network-kmp-trace-1.4_3.0.34_0.7-2.10.30
     gfs2-kmp-default-2_3.0.34_0.7-0.7.30
     gfs2-kmp-trace-2_3.0.34_0.7-0.7.30
     ocfs2-kmp-default-1.6_3.0.34_0.7-0.7.30
     ocfs2-kmp-trace-1.6_3.0.34_0.7-0.7.30

  - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):

     cluster-network-kmp-xen-1.4_3.0.34_0.7-2.10.30
     gfs2-kmp-xen-2_3.0.34_0.7-0.7.30
     ocfs2-kmp-xen-1.6_3.0.34_0.7-0.7.30

  - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):

     cluster-network-kmp-ppc64-1.4_3.0.34_0.7-2.10.30
     gfs2-kmp-ppc64-2_3.0.34_0.7-0.7.30
     ocfs2-kmp-ppc64-1.6_3.0.34_0.7-0.7.30

  - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):

     cluster-network-kmp-pae-1.4_3.0.34_0.7-2.10.30
     gfs2-kmp-pae-2_3.0.34_0.7-0.7.30
     ocfs2-kmp-pae-1.6_3.0.34_0.7-0.7.30

  - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.34]:

     kernel-default-3.0.34-0.7.9
     kernel-default-base-3.0.34-0.7.9
     kernel-default-devel-3.0.34-0.7.9
     kernel-default-extra-3.0.34-0.7.9
     kernel-source-3.0.34-0.7.9
     kernel-syms-3.0.34-0.7.9
     kernel-trace-3.0.34-0.7.9
     kernel-trace-base-3.0.34-0.7.9
     kernel-trace-devel-3.0.34-0.7.9
     kernel-trace-extra-3.0.34-0.7.9
     kernel-xen-3.0.34-0.7.9
     kernel-xen-base-3.0.34-0.7.9
     kernel-xen-devel-3.0.34-0.7.9
     kernel-xen-extra-3.0.34-0.7.9

  - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.34]:

     kernel-pae-3.0.34-0.7.9
     kernel-pae-base-3.0.34-0.7.9
     kernel-pae-devel-3.0.34-0.7.9
     kernel-pae-extra-3.0.34-0.7.9

  - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

     ext4-writeable-kmp-default-0_3.0.34_0.7-0.14.11
     kernel-default-extra-3.0.34-0.7.9

  - SLE 11 SERVER Unsupported Extras (i586 x86_64):

     ext4-writeable-kmp-xen-0_3.0.34_0.7-0.14.11
     kernel-xen-extra-3.0.34-0.7.9

  - SLE 11 SERVER Unsupported Extras (ppc64):

     ext4-writeable-kmp-ppc64-0_3.0.34_0.7-0.14.11
     kernel-ppc64-extra-3.0.34-0.7.9

  - SLE 11 SERVER Unsupported Extras (i586):

     ext4-writeable-kmp-pae-0_3.0.34_0.7-0.14.11
     kernel-pae-extra-3.0.34-0.7.9


References:

  http://support.novell.com/security/cve/CVE-2012-2119.html
  http://support.novell.com/security/cve/CVE-2012-2136.html
  http://support.novell.com/security/cve/CVE-2012-2373.html
  http://support.novell.com/security/cve/CVE-2012-2375.html
  http://support.novell.com/security/cve/CVE-2012-2390.html
  https://bugzilla.novell.com/556135
  https://bugzilla.novell.com/735909
  https://bugzilla.novell.com/743579
  https://bugzilla.novell.com/744404
  https://bugzilla.novell.com/747404
  https://bugzilla.novell.com/754690
  https://bugzilla.novell.com/756050
  https://bugzilla.novell.com/757315
  https://bugzilla.novell.com/758243
  https://bugzilla.novell.com/759336
  https://bugzilla.novell.com/759545
  https://bugzilla.novell.com/759805
  https://bugzilla.novell.com/760237
  https://bugzilla.novell.com/760806
  https://bugzilla.novell.com/761087
  https://bugzilla.novell.com/761245
  https://bugzilla.novell.com/762991
  https://bugzilla.novell.com/762992
  https://bugzilla.novell.com/763267
  https://bugzilla.novell.com/763307
  https://bugzilla.novell.com/763485
  https://bugzilla.novell.com/763717
  https://bugzilla.novell.com/764091
  https://bugzilla.novell.com/764150
  https://bugzilla.novell.com/764209
  https://bugzilla.novell.com/764500
  https://bugzilla.novell.com/764900
  https://bugzilla.novell.com/765102
  https://bugzilla.novell.com/765253
  https://bugzilla.novell.com/765320
  https://bugzilla.novell.com/765524
  http://download.novell.com/patch/finder/?keywords=1a7682fe55225a6d2fb7535ed5b3a6f0
  http://download.novell.com/patch/finder/?keywords=31fea157a35016e51d4182b32fcb4191
  http://download.novell.com/patch/finder/?keywords=4011009aab039f02db913a7bce208f8f
  http://download.novell.com/patch/finder/?keywords=5a7bc846608efdf1aca0d4f66ea9c9bb
  http://download.novell.com/patch/finder/?keywords=643ef9cef491ee6820b78654f2716745
  http://download.novell.com/patch/finder/?keywords=681e25e2cce92c21c5a62ccbf5cc5678
  http://download.novell.com/patch/finder/?keywords=8d123a34ca9f20522bea6195c39428aa
  http://download.novell.com/patch/finder/?keywords=970acd862c76b234643d06e43d4048ed
  http://download.novell.com/patch/finder/?keywords=e33c406efece164f0fd3b33e3b387568
  http://download.novell.com/patch/finder/?keywords=f2bfce4b05959a193517d5099e8b3451
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.