This Linux kernel update fixes various security issues and
bugs in the SUSE Linux Enterprise 10 SP4 kernel.
The following security issues have been fixed:
- CVE-2009-4067: A USB string descriptor overflow in
the auerwald USB driver was fixed, which could be used by
physically proximate attackers to cause a kernel crash.
- CVE-2011-3363: Always check the path in CIFS mounts
to avoid interesting filesystem path interaction issues and
potential crashes.
- CVE-2011-3191: A malicious CIFS server could cause a
integer overflow on the local machine on directory index
operations, in turn causing memory corruption.
- CVE-2011-1776: The is_gpt_valid function in
fs/partitions/efi.c in the Linux kernel did not check the
size of an Extensible Firmware Interface (EFI) GUID
Partition Table (GPT) entry, which allowed physically
proximate attackers to cause a denial of service
(heap-based buffer overflow and OOPS) or obtain sensitive
information from kernel heap memory by connecting a crafted
GPT storage device, a different vulnerability than
CVE-2011-1577.
The following non-security issues have been fixed:
- md: fix deadlock in md/raid1 and md/raid10 when
handling a read error (bnc#628343).
- md: fix possible raid1/raid10 deadlock on read error
during resync (bnc#628343).
- Add timeo parameter to /proc/mounts for nfs
filesystems (bnc#616256).
- virtio: indirect ring entries
(VIRTIO_RING_F_INDIRECT_DESC) (bnc#713876).
- virtio: teach virtio_has_feature() about transport
features (bnc#713876).
- nf_nat: do not add NAT extension for confirmed
conntracks (bnc#709213).
- 8250: Oxford Semiconductor Devices (bnc#717126).
- 8250_pci: Add support for the Digi/IBM PCIe 2-port
Adapter (bnc#717126).
- 8250: Fix capabilities when changing the port type
(bnc#717126).
- 8250: Add EEH support (bnc#717126).
- xfs: fix memory reclaim recursion deadlock on locked
inode buffer (bnc#699355 bnc#699354 bnc#721830).
- ipmi: do not grab locks in run-to-completion mode
(bnc#717421).
- cifs: add fallback in is_path_accessible for old
servers (bnc#718028).
- cciss: do not attempt to read from a write-only
register (bnc#683101).
- s390: kernel: System hang if hangcheck timer expires
(bnc#712009,LTC#74157).
- s390: kernel: NSS creation with initrd fails
(bnc#712009,LTC#74207).
- s390: kernel: remove code to handle topology
interrupts (bnc#712009,LTC#74440).
- xen: Added 1083-kbdfront-absolute-coordinates.patch
(bnc#717585).
- acpi: Use a spinlock instead of mutex to guard
gbl_lock access (bnc#707439).
- Allow balance_dirty_pages to help other filesystems
(bnc#709369).
- nfs: fix congestion control (bnc#709369).
- NFS: Separate metadata and page cache revalidation
mechanisms (bnc#709369).
- jbd: Fix oops in journal_remove_journal_head()
(bnc#694315).
- xen/blkfront: avoid NULL de-reference in CDROM ioctl
handling (bnc#701355).
- xen/x86: replace order-based range checking of M2P
table by linear one.
- xen/x86: use dynamically adjusted upper bound for
contiguous regions (bnc#635880).
- Fix type in
patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
ing-progress.
- s390: cio: Add timeouts for internal IO
(bnc#701550,LTC#72691).
- s390: kernel: first time swap use results in heavy
swapping (bnc#701550,LTC#73132).
- s390: qeth: wrong number of output queues for
HiperSockets (bnc#701550,LTC#73814).