Lucene search

K
suseSuseSUSE-SU-2011:1319-2
HistoryDec 14, 2011 - 8:08 a.m.

Security update for Linux kernel (important)

2011-12-1408:08:27
lists.opensuse.org
15

0.016 Low

EPSS

Percentile

85.8%

The SUSE Linux Enterprise 11 Service Pack 1 kernel has been
updated to version 2.6.32.49 and fixes various bugs and
security issues.

  • CVE-2011-3188: The TCP/IP initial sequence number
    generation effectively only used 24 bits of 32 to generate
    randomness, making a brute force man-in-the-middle attack
    on TCP/IP connections feasible. The generator was changed
    to use full 32bit randomness.
  • CVE-2011-2699: Fernando Gont discovered that the IPv6
    stack used predictable fragment identification numbers. A
    remote attacker could exploit this to exhaust network
    resources, leading to a denial of service.
  • CVE-2011-2203: A NULL ptr dereference on mounting
    corrupt hfs filesystems was fixed which could be used by
    local attackers to crash the kernel.
  • CVE-2011-1833: Added a kernel option to ensure
    ecryptfs is mounting only on paths belonging to the current
    ui, which would have allowed local attackers to potentially
    gain privileges via symlink attacks.
  • CVE-2011-1576: The Generic Receive Offload (GRO)
    implementation in the Linux kernel allowed remote attackers
    to cause a denial of service via crafted VLAN packets that
    are processed by the napi_reuse_skb function, leading to
    (1) a memory leak or (2) memory corruption, a different
    vulnerability than CVE-2011-1478.
  • CVE-2011-4330: A name overflow in the hfs filesystem
    was fixed, where mounting a corrupted hfs filesystem could
    lead to a stack overflow and code execution in the kernel.
    This requires a local attacker to be able to mount hfs
    filesystems.
  • CVE-2011-4326: A bug was found in the way headroom
    check was performed in udp6_ufo_fragment() function. A
    remote attacker could use this flaw to crash the system.

The following non-security bugs have been fixed:

  • ALSA: hda - Fix S3/S4 problem on machines with
    VREF-pin mute-LED (bnc#732535).
  • patches.xen/xen-pcpu-hotplug: Fix a double kfree().
  • ixgbe: fix bug with vlan strip in promsic mode
    (bnc#687049, fate#311821).
  • ixgbe: fix panic when shutting down system with WoL
    enabled.
  • fnic: Allow users to modify dev_loss_tmo setting
    (bnc#719786).
  • x86, intel: Do not mark sched_clock() as stable
    (bnc#725709).
  • ALSA: hda - Keep vref-LED during power-saving on IDT
    codecs (bnc#731981).
  • cifs: Assume passwords are encoded according to
    iocharset (bnc#731035).
  • scsi_dh: Check queuedata pointer before proceeding
    (bnc#714744).
  • netback: use correct index for invalidation in
    netbk_tx_check_mop().
  • ACPI video: introduce module parameter
    video.use_bios_initial_backlight (bnc#731229).
  • SUNRPC: prevent task_cleanup running on freed xprt
    (bnc#709671).
  • add device entry for Broadcom Valentine combo card
    (bnc#722429).
  • quota: Fix WARN_ON in lookup_one_len (bnc#728626).
  • Update Xen patches to 2.6.32.48.
  • pv-on-hvm/kexec: add xs_reset_watches to shutdown
    watches from old kernel (bnc#694863).
  • x86: undo_limit_pages() must reset page count.
  • mm/vmstat.c: cache align vm_stat (bnc#729721).
  • s390/ccwgroup: fix uevent vs dev attrs race
    (bnc#659101,LTC#69028).
  • Warn on pagecache limit usage (FATE309111).
  • SCSI: st: fix race in st_scsi_execute_end
    (bnc#720536).
  • ACPI: introduce "acpi_rsdp=" parameter for kdump
    (bnc#717263).
  • elousb: Limit the workaround warning to one per
    error, control workaround activity (bnc#719916).
  • SCSI: libiscsi: reset cmd timer if cmds are making
    progress (bnc#691440).
  • SCSI: fix crash in scsi_dispatch_cmd() (bnc#724989).
  • NFS/sunrpc: do not use a credential with extra groups
    (bnc#725878).
  • s390/qdio: EQBS retry after CCQ 96
    (bnc#725453,LTC#76117).
  • fcoe: Reduce max_sectors to 1024 (bnc#695898).
  • apparmor: return -ENOENT when there is no profile for
    a hat (bnc#725502).
  • sched, cgroups: disallow attaching kthreadd
    (bnc#721840).
  • nfs: Check validity of cl_rpcclient in
    nfs_server_list_show (bnc#717884).
  • x86, vt-d: enable x2apic opt out (disabling x2apic
    through BIOS flag) (bnc#701183, fate#311989).
  • block: Free queue resources at blk_release_queue()
    (bnc#723815).
  • ALSA: hda - Add post_suspend patch ops (bnc#724800).
  • ALSA: hda - Allow codec-specific set_power_state ops
    (bnc#724800).
  • ALSA: hda - Add support for vref-out based mute LED
    control on IDT codecs (bnc#724800).
  • scsi_dh_rdac : Add definitions for different RDAC
    operating modes (bnc#724365).
  • scsi_dh_rdac : Detect the different RDAC operating
    modes (bnc#724365).
  • scsi_dh_rdac : decide whether to send mode select
    based on operating mode (bnc#724365).
  • scsi_dh_rdac: Use WWID from C8 page instead of
    Subsystem id from C4 page to identify storage (bnc#724365).
  • vlan: Match underlying dev carrier on vlan add
    (bnc#722504).
  • scsi_lib: pause between error retries (bnc#675127).
  • xfs: use KM_NOFS for allocations during attribute
    list operations (bnc#721830).
  • bootsplash: Do not crash when no fb is set
    (bnc#723542).
  • cifs: do not allow cifs_iget to match inodes of the
    wrong type (bnc#711501).
  • cifs: fix noserverino handling when 1 extensions are
    enabled (bnc#711501).
  • cifs: reduce false positives with inode aliasing
    serverino autodisable (bnc#711501).
  • parport_pc: release IO region properly if unsupported
    ITE887x card is found (bnc#721464).
  • writeback: avoid unnecessary calculation of bdi dirty
    thresholds (bnc#721299).
  • 1: Fix bogus it_blocksize in VIO iommu code
    (bnc#717690).
  • ext4: Fix max file size and logical block counting of
    extent format file (bnc#706374).
  • novfs: Unable to change password in the Novell Client
    for Linux (bnc#713229).
  • xfs: add more ilock tracing.
  • sched: move wakeup tracepoint above out_running
    (bnc#712002).
  • config.conf: Build KMPs for the -trace flavor as well
    (fate#312759, bnc#712404, bnc#712405, bnc#721337).
  • memsw: remove noswapaccount kernel parameter
    (bnc#719450).

References

0.016 Low

EPSS

Percentile

85.8%

Related for SUSE-SU-2011:1319-2