Articles / SuSE: New Linux kernel pack…

SuSE: New Linux kernel packages fix security vulnerabilities

The SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54, fixing numerous bugs and security issues. A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. Fixed a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel.

Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. An overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted.

Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g. guessing passwords by typing speed). When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. When using X.25 communication a malicious sender could make the machine leak memory, causing crashes.

A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed.

Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0153-1
Rating:             important
References:         #651219 #653260 #668872 #671479 #688996 #694945 
                   #697920 #703156 #706973 #707288 #708625 #711378 
                   #716023 #722910 #724734 #725709 #726600 #726788 
                   #728339 #728626 #729854 #730118 #731004 #731770 
                   #732296 #732677 #733146 #733863 #734056 #735216 
                   #735446 #735453 #735635 #736018 #738400 #740535 
                   #740703 #740867 #742270 
Cross-References:   CVE-2010-3873 CVE-2010-4164 CVE-2011-2494
                   CVE-2011-2699 CVE-2011-4077 CVE-2011-4081
                   CVE-2011-4110 CVE-2011-4127 CVE-2011-4132
                   CVE-2012-0038
Affected Products:
                   SUSE Linux Enterprise Server 11 SP1 for VMware
                   SUSE Linux Enterprise Server 11 SP1
                   SUSE Linux Enterprise High Availability Extension 11 SP1
                   SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

  An update that solves 10 vulnerabilities and has 29 fixes
  is now available. It includes one version update.

Description:


  The SUSE Linux Enterprise 11 SP1 kernel has been updated to
  2.6.32.54,  fixing numerous bugs and security issues.

  The following security issues have been fixed:

  * A potential hypervisor escape by issuing SG_IO
  commands to partitiondevices was fixed by restricting
  access to these commands. ( CVE-2011-4127
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4127
)
  * KEYS: Fix a NULL pointer deref in the user-defined
  key type, which allowed local attackers to Oops the kernel.
  (CVE-2011-4110
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110
)
  * Avoid potential NULL pointer deref in ghash, which
  allowed local attackers to Oops the kernel. (CVE-2011-4081
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4081
)
  * Fixed a memory corruption possibility in xfs
  readlink, which could be used by local attackers to crash
  the system or potentially execute code by mounting a
  prepared xfs filesystem image. (CVE-2011-4077
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077
)
  * A overflow in the xfs acl handling was fixed that
  could be used by local attackers to crash the system or
  potentially execute code by mounting a prepared xfs
  filesystem image. (CVE-2012-0038
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0038
)
  * A flaw in the ext3/ext4 filesystem allowed a local
  attacker to crash the kernel by getting a prepared
  ext3/ext4 filesystem mounted. ( CVE-2011-4132
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132
)
  * Access to the taskstats /proc file was restricted to
  avoid local attackers gaining knowledge of IO of other
  users (and so effecting side-channel attacks for e.g.
  guessing passwords by typing speed). ( CVE-2011-2494
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494
)
  * When using X.25 communication a malicious sender
  could corrupt data structures, causing crashes or potential
  code execution. Please note that X.25 needs to be setup to
  make this effective, which these days is usually not the
  case. (CVE-2010-3873
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3873
)
  * When using X.25 communication a malicious sender
  could make the machine leak memory, causing crashes. Please
  note that X.25 needs to be setup to make this effective,
  which these days is usually not the case. (CVE-2010-4164
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4164
)
  * A remote denial of service due to a NULL pointer
  dereference by using IPv6 fragments was fixed.
  (CVE-2011-2699
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699
)

  The following non-security issues have been fixed (excerpt
  from changelog):

  * elousb: Fixed bug in USB core API usage, code cleanup.
  * cifs: overhaul cifs_revalidate and rename to
  cifs_revalidate_dentry.
  * cifs: set server_eof in cifs_fattr_to_inode.
  * xfs: Fix missing xfs_iunlock() on error recovery path
  in xfs_readlink().
  * Silence some warnings about ioctls on partitions.
  * netxen: Remove all references to unified firmware
  file.
  * bonding: send out gratuitous arps even with no
  address configured.
  * patches.fixes/ocfs2-serialize_unaligned_aio.patch:
  ocfs2: serialize unaligned aio.
  *
  patches.fixes/bonding-check-if-clients-MAC-addr-has-changed.
  patch: Update references.
  * xfs: Fix wait calculations on lock acquisition and
  use milliseconds instead of jiffies to print the wait time.
  * ipmi: reduce polling when interrupts are available.
  * ipmi: reduce polling.
  * export shrink_dcache_for_umount_subtree.
  * patches.suse/stack-unwind: Fix more 2.6.29 merge
  problems plus a glue code problem.
  * PM / Sleep: Fix race between CPU hotplug and freezer.
  * jbd: Issue cache flush after checkpointing.
  * lpfc: make sure job exists when processing BSG.
  * blktap: fix locking (again).
  * xen: Update Xen patches to 2.6.32.52.
  * reiserfs: Lock buffers unconditionally in
  reiserfs_write_full_page().
  * writeback: Include all dirty inodes in background
  writeback.
  * reiserfs: Fix quota mount option parsing.
  * bonding: check if clients MAC addr has changed.
  * rpc client can not deal with ENOSOCK, so translate it
  into ENOCONN.
  * st: modify tape driver to allow writing immediate
  filemarks.
  * xfs: fix for xfssyncd failure to wake.
  * ipmi: Fix deadlock in start_next_msg().
  * net: bind() fix error return on wrong address family.
  * net: ipv4: relax AF_INET check in bind().
  * net/ipv6: check for mistakenly passed in non-AF_INET6
  sockaddrs.
  * Bluetooth: Fixed Atheros AR3012 Maryann PID/VID
  supported.
  * percpu: fix chunk range calculation.
  * x86, UV: Fix kdump reboot.
  * dm: Use done_bytes for io_completion.
  * Bluetooth: Add Atheros AR3012 Maryann PID/VID
  supported.
  * Bluetooth: Add Atheros AR3012 one PID/VID supported.
  * fix missing hunk in oplock break patch.
  * patches.arch/s390-34-01-pfault-cpu-hotplug.patch:
  Refresh.
  * Surrounded s390x lowcore change with __GENKSYMS__
  * patches.xen/xen3-patch-2.6.30: Refresh.
  * sched, x86: Avoid unnecessary overflow in sched_clock.
  * ACPI thermal: Do not invalidate thermal zone if
  critical trip point is bad.

Indications:

  Everyone using the Linux Kernel on x86 (32 bit) architecture should update.

Special Instructions and Notes:

  Please reboot the system after installing this update.

Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Server 11 SP1 for VMware:

     zypper in -t patch slessp1-kernel-5723

  - SUSE Linux Enterprise Server 11 SP1:

     zypper in -t patch slessp1-kernel-5723 slessp1-kernel-5724 slessp1-kernel-5725 slessp1-kernel-5729

  - SUSE Linux Enterprise High Availability Extension 11 SP1:

     zypper in -t patch sleshasp1-kernel-5723 sleshasp1-kernel-5724 sleshasp1-kernel-5725 sleshasp1-kernel-5729

  - SUSE Linux Enterprise Desktop 11 SP1:

     zypper in -t patch sledsp1-kernel-5723

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.54]:

     btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73
     btrfs-kmp-pae-0_2.6.32.54_0.3-0.3.73
     ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40
     ext4dev-kmp-pae-0_2.6.32.54_0.3-7.9.40
     ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40
     hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3
     hyper-v-kmp-pae-0_2.6.32.54_0.3-0.18.3
     hyper-v-kmp-trace-0_2.6.32.54_0.3-0.18.3
     kernel-default-2.6.32.54-0.3.1
     kernel-default-base-2.6.32.54-0.3.1
     kernel-default-devel-2.6.32.54-0.3.1
     kernel-pae-2.6.32.54-0.3.1
     kernel-pae-base-2.6.32.54-0.3.1
     kernel-pae-devel-2.6.32.54-0.3.1
     kernel-source-2.6.32.54-0.3.1
     kernel-syms-2.6.32.54-0.3.1
     kernel-trace-2.6.32.54-0.3.1
     kernel-trace-base-2.6.32.54-0.3.1
     kernel-trace-devel-2.6.32.54-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x) [New Version: 2.6.32.54]:

     btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73
     ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40
     ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40
     kernel-default-2.6.32.54-0.3.1
     kernel-default-base-2.6.32.54-0.3.1
     kernel-default-devel-2.6.32.54-0.3.1
     kernel-source-2.6.32.54-0.3.1
     kernel-syms-2.6.32.54-0.3.1
     kernel-trace-2.6.32.54-0.3.1
     kernel-trace-base-2.6.32.54-0.3.1
     kernel-trace-devel-2.6.32.54-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.54]:

     kernel-default-man-2.6.32.54-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.54]:

     ext4dev-kmp-ppc64-0_2.6.32.54_0.3-7.9.40
     kernel-ppc64-2.6.32.54-0.3.1
     kernel-ppc64-base-2.6.32.54-0.3.1
     kernel-ppc64-devel-2.6.32.54-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.54]:

     btrfs-kmp-pae-0_2.6.32.54_0.3-0.3.73
     btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73
     ext4dev-kmp-pae-0_2.6.32.54_0.3-7.9.40
     ext4dev-kmp-xen-0_2.6.32.54_0.3-7.9.40
     hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3
     hyper-v-kmp-pae-0_2.6.32.54_0.3-0.18.3
     hyper-v-kmp-trace-0_2.6.32.54_0.3-0.18.3
     kernel-ec2-2.6.32.54-0.3.1
     kernel-ec2-base-2.6.32.54-0.3.1
     kernel-pae-2.6.32.54-0.3.1
     kernel-pae-base-2.6.32.54-0.3.1
     kernel-pae-devel-2.6.32.54-0.3.1
     kernel-xen-2.6.32.54-0.3.1
     kernel-xen-base-2.6.32.54-0.3.1
     kernel-xen-devel-2.6.32.54-0.3.1

  - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x):

     cluster-network-kmp-default-1.4_2.6.32.54_0.3-2.5.25
     cluster-network-kmp-trace-1.4_2.6.32.54_0.3-2.5.25
     gfs2-kmp-default-2_2.6.32.54_0.3-0.2.72
     gfs2-kmp-trace-2_2.6.32.54_0.3-0.2.72
     ocfs2-kmp-default-1.6_2.6.32.54_0.3-0.4.2.25
     ocfs2-kmp-trace-1.6_2.6.32.54_0.3-0.4.2.25

  - SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64):

     cluster-network-kmp-ppc64-1.4_2.6.32.54_0.3-2.5.25
     gfs2-kmp-ppc64-2_2.6.32.54_0.3-0.2.72
     ocfs2-kmp-ppc64-1.6_2.6.32.54_0.3-0.4.2.25

  - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586):

     cluster-network-kmp-pae-1.4_2.6.32.54_0.3-2.5.25
     cluster-network-kmp-xen-1.4_2.6.32.54_0.3-2.5.25
     gfs2-kmp-pae-2_2.6.32.54_0.3-0.2.72
     gfs2-kmp-xen-2_2.6.32.54_0.3-0.2.72
     ocfs2-kmp-pae-1.6_2.6.32.54_0.3-0.4.2.25
     ocfs2-kmp-xen-1.6_2.6.32.54_0.3-0.4.2.25

  - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.54]:

     btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73
     btrfs-kmp-pae-0_2.6.32.54_0.3-0.3.73
     btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73
     hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3
     hyper-v-kmp-pae-0_2.6.32.54_0.3-0.18.3
     kernel-default-2.6.32.54-0.3.1
     kernel-default-base-2.6.32.54-0.3.1
     kernel-default-devel-2.6.32.54-0.3.1
     kernel-default-extra-2.6.32.54-0.3.1
     kernel-desktop-devel-2.6.32.54-0.3.1
     kernel-pae-2.6.32.54-0.3.1
     kernel-pae-base-2.6.32.54-0.3.1
     kernel-pae-devel-2.6.32.54-0.3.1
     kernel-pae-extra-2.6.32.54-0.3.1
     kernel-source-2.6.32.54-0.3.1
     kernel-syms-2.6.32.54-0.3.1
     kernel-trace-devel-2.6.32.54-0.3.1
     kernel-xen-2.6.32.54-0.3.1
     kernel-xen-base-2.6.32.54-0.3.1
     kernel-xen-devel-2.6.32.54-0.3.1
     kernel-xen-extra-2.6.32.54-0.3.1


References:

  http://support.novell.com/security/cve/CVE-2010-3873.html
  http://support.novell.com/security/cve/CVE-2010-4164.html
  http://support.novell.com/security/cve/CVE-2011-2494.html
  http://support.novell.com/security/cve/CVE-2011-2699.html
  http://support.novell.com/security/cve/CVE-2011-4077.html
  http://support.novell.com/security/cve/CVE-2011-4081.html
  http://support.novell.com/security/cve/CVE-2011-4110.html
  http://support.novell.com/security/cve/CVE-2011-4127.html
  http://support.novell.com/security/cve/CVE-2011-4132.html
  http://support.novell.com/security/cve/CVE-2012-0038.html
  https://bugzilla.novell.com/651219
  https://bugzilla.novell.com/653260
  https://bugzilla.novell.com/668872
  https://bugzilla.novell.com/671479
  https://bugzilla.novell.com/688996
  https://bugzilla.novell.com/694945
  https://bugzilla.novell.com/697920
  https://bugzilla.novell.com/703156
  https://bugzilla.novell.com/706973
  https://bugzilla.novell.com/707288
  https://bugzilla.novell.com/708625
  https://bugzilla.novell.com/711378
  https://bugzilla.novell.com/716023
  https://bugzilla.novell.com/722910
  https://bugzilla.novell.com/724734
  https://bugzilla.novell.com/725709
  https://bugzilla.novell.com/726600
  https://bugzilla.novell.com/726788
  https://bugzilla.novell.com/728339
  https://bugzilla.novell.com/728626
  https://bugzilla.novell.com/729854
  https://bugzilla.novell.com/730118
  https://bugzilla.novell.com/731004
  https://bugzilla.novell.com/731770
  https://bugzilla.novell.com/732296
  https://bugzilla.novell.com/732677
  https://bugzilla.novell.com/733146
  https://bugzilla.novell.com/733863
  https://bugzilla.novell.com/734056
  https://bugzilla.novell.com/735216
  https://bugzilla.novell.com/735446
  https://bugzilla.novell.com/735453
  https://bugzilla.novell.com/735635
  https://bugzilla.novell.com/736018
  https://bugzilla.novell.com/738400
  https://bugzilla.novell.com/740535
  https://bugzilla.novell.com/740703
  https://bugzilla.novell.com/740867
  https://bugzilla.novell.com/742270
  http://download.novell.com/patch/finder/?keywords=5246b1b1109a84332cefb2393523f790
  http://download.novell.com/patch/finder/?keywords=63890e46f07aad0805351305ccf8a5f0
  http://download.novell.com/patch/finder/?keywords=71cd114b345abf41eee10c920381e544
  http://download.novell.com/patch/finder/?keywords=7560cd30aac0aa208a5dfb2a11c17d45
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.