Lucene search

K
suseSuseSUSE-SU-2012:0364-1
HistoryMar 14, 2012 - 12:08 a.m.

Security update for Real Time Linux Kernel (important)

2012-03-1400:08:32
lists.opensuse.org
27

0.063 Low

EPSS

Percentile

92.9%

The SUSE Linux Enterprise Server 11 SP1 Realtime kernel was
updated to 2.6.33.20 to fix various bugs and security
issues.

The following security issues have been fixed:

  • CVE-2011-4110: KEYS: Fix a NULL pointer deref in the
    user-defined key type, which allowed local attackers to
    Oops the kernel.
  • CVE-2011-4081: Avoid potential NULL pointer deref in
    ghash, which allowed local attackers to Oops the kernel.
  • CVE-2010-3873: When using X.25 communication a
    malicious sender could corrupt data structures, causing
    crashes or potential code execution. Please note that X.25
    needs to be setup to make this effective, which these days
    is usually not the case.
  • CVE-2011-2203: A NULL ptr dereference on mounting
    corrupt hfs filesystems was fixed which could be used by
    local attackers to crash the kernel.
  • CVE-2011-3191: A malicious CIFS server could cause a
    integer overflow on the local machine on directory index
    operations, in turn causing memory corruption.
  • CVE-2011-3353: In the fuse filesystem,
    FUSE_NOTIFY_INVAL_ENTRY did not check the length of the
    write so the message processing could overrun and result in
    a BUG_ON() in fuse_copy_fill(). This flaw could be used by
    local users able to mount FUSE filesystems to crash the
    system.
  • CVE-2011-4326: A bug was found in the way headroom
    check was performed in udp6_ufo_fragment() function. A
    remote attacker could use this flaw to crash the system.
  • CVE-2011-1576: The Generic Receive Offload (GRO)
    implementation in the Linux kernel allowed remote attackers
    to cause a denial of service via crafted VLAN packets that
    are processed by the napi_reuse_skb function, leading to
    (1) a memory leak or (2) memory corruption, a different
    vulnerability than CVE-2011-1478.
  • CVE-2011-1833: Added a kernel option to ensure
    ecryptfs is mounting only on paths belonging to the current
    ui, which would have allowed local attackers to potentially
    gain privileges via symlink attacks.
  • CVE-2011-2918: In the perf framework software event
    overflows could deadlock or delete an uninitialized timer.

Included in Linux 2.6.32.19 stable update:

  • CVE-2011-2928: The befs_follow_link function in
    fs/befs/linuxvfs.c in the Linux kernel did not validate the
    length attribute of long symlinks, which allowed local
    users to cause a denial of service (incorrect pointer
    dereference and OOPS) by accessing a long symlink on a
    malformed Be filesystem.
  • CVE-2011-3353: In the fuse filesystem,
    FUSE_NOTIFY_INVAL_ENTRY did not check the length of the
    write so the message processing could overrun and result in
    a BUG_ON() in fuse_copy_fill(). This flaw could be used by
    local users able to mount FUSE filesystems to crash the
    system.
  • CVE-2011-1577: The Linux kernel automatically
    evaluated partition tables of storage devices. The code for
    evaluating EFI GUID partitions (in fs/partitions/efi.c)
    contained a bug that causes a kernel oops on certain
    corrupted GUID partition tables, which might be used by
    local attackers to crash the kernel or potentially execute
    code.

The following non security bugs have been fixed:

  • Fix DL980G7 numa enumeration problem. HP bios SRAT
    table contains more entries (256) than SLERT NR_CPUS (128).
    Pull in mainline fixes to always parse the entire table,
    regardless of configured NR_CPUS.
  • x86, acpi: Parse all SRAT cpu entries even above the
    cpu number limitation (bnc#745881).
  • x86, ia64, acpi: Clean up x86-ism in
    drivers/acpi/numa.c (bnc#745881).
  • rt, timerfd: fix timerfd_settime() livelock.
  • Fix build failure on 12.1 systems.
    CONFIG_BUILD_DOCSRC builds Documentation/video4linux but
    without reference to local includes, thus build only
    succeeds on older SUSE releases where linux-glibc-devel
    provides (obsolete) videodev.h. Add upstream patch which
    drops support for v4lgrab.c which is safe as sample
    executable is not packaged in any released rpm.
  • Add missing references symset for the rt flavor
    (bnc#722406#c69).
  • Pick up SP1 82576 ET2 Quad Port driver addon. Pick up
    I350 as well, since it’s just recognition of a follow-on
    part for 82580.
  • igb: Add support for 82576 ET2 Quad Port Server
    Adapter (bnc#591293, bnc#722406).
  • igb: add support for Intel I350 Gigabit Network
    Connection (bnc#590980).
  • Fix regression introduced by backport of mainline
    commit 43fa5460
  • sched/rt: Migrate equal priority tasks to available
    CPUs.
  • sched: fix broken SCHED_RESET_ON_FORK handling
    (bnc#708877).
  • sched: Fix rt_rq runtime leakage bug (bnc#707096).

0.063 Low

EPSS

Percentile

92.9%

Related for SUSE-SU-2012:0364-1