Security update for Linux kernel (important)

This Linux kernel update fixes various security issues and
bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed:

CVE-2011-2494: kernel/taskstats.c in the Linux kernel
allowed local users to obtain sensitive I/O statistics by
sending taskstats commands to a netlink socket, as
demonstrated by discovering the length of another users
password (a side channel attack).

CVE-2012-2744:
net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux
kernel, when the nf_conntrack_ipv6 module is enabled,
allowed remote attackers to cause a denial of service (NULL
pointer dereference and system crash) via certain types of
fragmented IPv6 packets.

CVE-2012-3510: Use-after-free vulnerability in the
xacct_add_tsk function in kernel/tsacct.c in the Linux
kernel allowed local users to obtain potentially sensitive
information from kernel memory or cause a denial of service
(system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
command.

CVE-2011-4110: The user_update function in
security/keys/user_defined.c in the Linux kernel 2.6
allowed local users to cause a denial of service (NULL
pointer dereference and kernel oops) via vectors related to
a user-defined key and updating a negative key into a fully
instantiated key.

CVE-2011-1044: The ib_uverbs_poll_cq function in
drivers/infiniband/core/uverbs_cmd.c in the Linux kernel
did not initialize a certain response buffer, which allowed
local users to obtain potentially sensitive information
from kernel memory via vectors that cause this buffer to be
only partially filled, a different vulnerability than
CVE-2010-4649.

CVE-2012-3400: Heap-based buffer overflow in the
udf_load_logicalvol function in fs/udf/super.c in the Linux
kernel allowed remote attackers to cause a denial of
service (system crash) or possibly have unspecified other
impact via a crafted UDF filesystem.

CVE-2012-2136: The sock_alloc_send_pskb function in
net/core/sock.c in the Linux kernel did not properly
validate a certain length value, which allowed local users
to cause a denial of service (heap-based buffer overflow
and system crash) or possibly gain privileges by leveraging
access to a TUN/TAP device.

CVE-2012-2663: A small denial of service leak in
dropping syn+fin messages was fixed.

The following non-security issues have been fixed:

Packaging:

• kbuild: Fix gcc -x syntax (bnc#773831).

NFS:

• knfsd: An assortment of little fixes to the sunrpc
  cache code (bnc#767766).
• knfsd: Unexport cache_fresh and fix a small race
  (bnc#767766).
• knfsd: nfsd: do not drop silently on upcall deferral
  (bnc#767766).
• knfsd: svcrpc: remove another silent drop from
  deferral code (bnc#767766).
• sunrpc/cache: simplify cache_fresh_locked and
  cache_fresh_unlocked (bnc#767766).
• sunrpc/cache: recheck cache validity after
  cache_defer_req (bnc#767766).
• sunrpc/cache: use list_del_init for the list_head
  entries in cache_deferred_req (bnc#767766).
• sunrpc/cache: avoid variable over-loading in
  cache_defer_req (bnc#767766).
• sunrpc/cache: allow thread to block while waiting for
  cache update (bnc#767766).
• sunrpc/cache: Fix race in sunrpc/cache introduced by
  patch to allow thread to block while waiting for cache
  update (bnc#767766).
• sunrpc/cache: Another fix for race problem with
  sunrpc cache deferal (bnc#767766).
• knfsd: nfsd: make all exp_finding functions return
  -errnos on err (bnc#767766).
• Fix kabi breakage in previous nfsd patch series
  (bnc#767766).
• nfsd: Work around incorrect return type for
  wait_for_completion_interruptible_timeout (bnc#767766).
• nfs: Fix a potential file corruption issue when
  writing (bnc#773272).
• nfs: Allow sync writes to be multiple pages
  (bnc#763526).
• nfs: fix reference counting for NFSv4 callback thread
  (bnc#767504).
• nfs: flush signals before taking down callback thread
  (bnc#767504).
• nfsv4: Ensure nfs_callback_down() calls svc_destroy()
  (bnc#767504).

SCSI:

• SCSI/ch: Check NULL for kmalloc() return (bnc#783058).

drivers/scsi/aic94xx/aic94xx_init.c: correct the size
argument to kmalloc (bnc#783058).

block: fail SCSI passthrough ioctls on partition
devices (bnc#738400).

dm: do not forward ioctls from logical volumes to the
underlying device (bnc#738400).

vmware: Fix VMware hypervisor detection (bnc#777575,
bnc#770507).

S/390:

• lgr: Make lgr_page static (bnc#772409,LTC#83520).
• zfcp: Fix oops in _blk_add_trace()
  (bnc#772409,LTC#83510).

kernel: Add z/VM LGR detection
(bnc#767277,LTC#RAS1203).

be2net: Fix EEH error reset before a flash dump
completes (bnc#755546).

• mptfusion: fix msgContext in mptctl_hp_hostinfo
  (bnc#767939).
• PCI: Fix bus resource assignment on 32 bits with 64b
  resources. (bnc#762581)
• PCI: fix up setup-bus.c #ifdef. (bnc#762581)

x86: powernow-k8: Fix indexing issue (bnc#758985).

net: Fix race condition about network device name
allocation (bnc#747576).

XEN:

• smpboot: adjust ordering of operations.
• xen/x86-64: provide a memset() that can deal with 4Gb
  or above at a time (bnc#738528).
• xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53
  (bnc#760974).
• xen/gntdev: fix multi-page slot allocation
  (bnc#760974).

Security Issues:

• CVE-2011-1044
  <<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044</a>
  >
• CVE-2011-4110
  <<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110</a>
  >
• CVE-2012-2136
  <<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136</a>
  >
• CVE-2012-2663
  <<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663</a>
  >
• CVE-2012-2744
  <<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2744”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2744</a>
  >
• CVE-2012-3510
  <<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510</a>
  >