Security update for Linux kernel (important)

The SUSE Linux Enterprise 11 Service Pack 1 kernel was
updated to 2.6.32.46 and fixes various bugs and security
issues.

Following security issues were fixed: CVE-2011-3191: A
signedness issue in CIFS could possibly have lead to to
memory corruption, if a malicious server could send
crafted replies to the host.

CVE-2011-3353: In the fuse filesystem,
FUSE_NOTIFY_INVAL_ENTRY did not check the length of the
write so the message processing could overrun and result
in a BUG_ON() in fuse_copy_fill(). This flaw could be used
by local users able to mount FUSE filesystems to crash the
system.

CVE-2011-2928: The befs_follow_link function in
fs/befs/linuxvfs.c in the Linux kernel did not validate
the length attribute of long symlinks, which allowed local
users to cause a denial of service (incorrect pointer
dereference and OOPS) by accessing a long symlink on a
malformed Be filesystem.

Also the following non security bugs were fixed: -
CONFIG_CGROUP_MEM_RES_CTLR_SWAP enabled -
CONFIG_CGROUP_MEM_RES_CTLR_SWAP_ENABLED disabled by
default. Swap accounting can be turned on by swapaccount=1
kernel command line parameter (bnc#719450) - Make swap
accounting default behavior configurable (bnc#719450,
bnc#650309, fate#310471).

Added a missing reset for ioc_reset_in_progress in
SoftReset in the mtpsas driver (bnc#711969).

Add support for the Digi/IBM PCIe 2-port Adapter
(bnc#708675).

Always enable MSI-X on 5709 (bnc#707737).

sched: fix broken SCHED_RESET_ON_FORK handling
(bnc#708877).

sched: Fix rt_rq runtime leakage bug (bnc#707096).

ACPI: allow passing down C1 information if no other
C-states exist.

KDB: turn off kdb usb support by default (bnc#694670
bnc#603804).

xfs: Added event tracing support.

xfs: fix xfs_fsblock_t tracing.

igb: extend maximum frame size to receive VLAN tagged
frames (bnc#688859).

cfq: Do not allow queue merges for queues that have
no process references (bnc#712929).

• cfq: break apart merged cfqqs if they stop
  cooperating (bnc#712929).
• cfq: calculate the seek_mean per cfq_queue not per
  cfq_io_context (bnc#712929).
• cfq: change the meaning of the cfqq_coop flag
  (bnc#712929).
• cfq-iosched: get rid of the coop_preempt flag
  (bnc#712929).

cfq: merge cooperating cfq_queues (bnc#712929).

Fix FDDI and TR config checks in ipv4 arp and LLC
(bnc#715235).

writeback: do uninterruptible sleep in
balance_dirty_pages() (bnc#699354 bnc#699357).

• xfs: fix memory reclaim recursion deadlock on locked
  inode buffer (bnc#699355 bnc#699354).

xfs: use GFP_NOFS for page cache allocation
(bnc#699355 bnc#699354).

virtio-net: init link state correctly (bnc#714966).

cpufreq: pcc-cpufreq: sanity check to prevent a NULL
pointer dereference (bnc#709412).

x86: ucode-amd: Do not warn when no ucode is
available for a CPU

patches.arch/x86_64-unwind-annotations: Refresh
(bnc#588458).

patches.suse/stack-unwind: Refresh (bnc#588458).

splice: direct_splice_actor() should not use pos in
sd (bnc#715763).

qdio: 2nd stage retry on SIGA-W busy conditions
(bnc#713138,LTC#74402).

TTY: pty, fix pty counting (bnc#711203).

Avoid deadlock in GFP_IO/GFP_FS allocation
(bnc#632870).

novfs: fix some DirCache locking issues (bnc#669378).

• novfs: fix some kmalloc/kfree issues (bnc#669378).
• novfs: fix off-by-one allocation error (bnc#669378).
• novfs: unlink directory after unmap (bnc#649625).

novfs: last modification time not reliable
(bnc#642896).

x86 / IO APIC: Reset IRR in clear_IO_APIC_pin()
(bnc#701686, bnc#667386).

mptfusion : Added check for SILI bit in READ_6 CDB
for DATA UNDERRUN ERRATA (bnc #712456).

xfs: serialise unaligned direct IOs (bnc#707125).

NFS: Ensure that we handle NFS4ERR_STALE_STATEID
correctly (bnc#701443).

• NFSv4: Do not call nfs4_state_mark_reclaim_reboot()
  from error handlers (bnc#701443).
• NFSv4: Fix open recovery (bnc#701443).
• NFSv4.1: Do not call nfs4_schedule_state_recovery()
  unnecessarily (bnc#701443).

Security Issues:

• CVE-2011-3191
  <<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191</a>
  >
• CVE-2011-3353
  <<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353</a>
  >
• CVE-2011-2928
  <<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928</a>
  >