Security update for Linux kernel (important)

This Linux kernel update fixes various security issues and
bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed:

• CVE-2009-4067: A USB string descriptor overflow in
  the auerwald USB driver was fixed, which could be used by
  physically proximate attackers to cause a kernel crash.
• CVE-2011-3363: Always check the path in CIFS mounts
  to avoid interesting filesystem path interaction issues and
  potential crashes.
• CVE-2011-3191: A malicious CIFS server could cause a
  integer overflow on the local machine on directory index
  operations, in turn causing memory corruption.
• CVE-2011-1776: The is_gpt_valid function in
  fs/partitions/efi.c in the Linux kernel did not check the
  size of an Extensible Firmware Interface (EFI) GUID
  Partition Table (GPT) entry, which allowed physically
  proximate attackers to cause a denial of service
  (heap-based buffer overflow and OOPS) or obtain sensitive
  information from kernel heap memory by connecting a crafted
  GPT storage device, a different vulnerability than
  CVE-2011-1577.

The following non-security issues have been fixed:

• md: fix deadlock in md/raid1 and md/raid10 when
  handling a read error (bnc#628343).
• md: fix possible raid1/raid10 deadlock on read error
  during resync (bnc#628343).
• Add timeo parameter to /proc/mounts for nfs
  filesystems (bnc#616256).
• virtio: indirect ring entries
  (VIRTIO_RING_F_INDIRECT_DESC) (bnc#713876).
• virtio: teach virtio_has_feature() about transport
  features (bnc#713876).
• nf_nat: do not add NAT extension for confirmed
  conntracks (bnc#709213).
• 8250: Oxford Semiconductor Devices (bnc#717126).
• 8250_pci: Add support for the Digi/IBM PCIe 2-port
  Adapter (bnc#717126).
• 8250: Fix capabilities when changing the port type
  (bnc#717126).
• 8250: Add EEH support (bnc#717126).
• xfs: fix memory reclaim recursion deadlock on locked
  inode buffer (bnc#699355 bnc#699354 bnc#721830).
• ipmi: do not grab locks in run-to-completion mode
  (bnc#717421).
• cifs: add fallback in is_path_accessible for old
  servers (bnc#718028).
• cciss: do not attempt to read from a write-only
  register (bnc#683101).
• s390: kernel: System hang if hangcheck timer expires
  (bnc#712009,LTC#74157).
• s390: kernel: NSS creation with initrd fails
  (bnc#712009,LTC#74207).
• s390: kernel: remove code to handle topology
  interrupts (bnc#712009,LTC#74440).
• xen: Added 1083-kbdfront-absolute-coordinates.patch
  (bnc#717585).
• acpi: Use a spinlock instead of mutex to guard
  gbl_lock access (bnc#707439).
• Allow balance_dirty_pages to help other filesystems
  (bnc#709369).
• nfs: fix congestion control (bnc#709369).
• NFS: Separate metadata and page cache revalidation
  mechanisms (bnc#709369).
• jbd: Fix oops in journal_remove_journal_head()
  (bnc#694315).
• xen/blkfront: avoid NULL de-reference in CDROM ioctl
  handling (bnc#701355).
• xen/x86: replace order-based range checking of M2P
  table by linear one.
• xen/x86: use dynamically adjusted upper bound for
  contiguous regions (bnc#635880).
• Fix type in
  patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
  ing-progress.
• s390: cio: Add timeouts for internal IO
  (bnc#701550,LTC#72691).
• s390: kernel: first time swap use results in heavy
  swapping (bnc#701550,LTC#73132).
• s390: qeth: wrong number of output queues for
  HiperSockets (bnc#701550,LTC#73814).