Articles / SuSE: New Linux kernel pack…

SuSE: New Linux kernel packages fix remote denial of service

The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.46 and fixes various bugs and security issues. A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. The befs_follow_link function in did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1100-1
Rating:             important
References:         #588458 #603804 #632870 #642896 #649625 #650309 
                   #667386 #669378 #688859 #694670 #699354 #699355 
                   #699357 #701443 #701686 #704347 #706557 #707096 
                   #707125 #707737 #708675 #708877 #709412 #711203 
                   #711969 #712456 #712929 #713138 #713430 #714001 
                   #714966 #715235 #715763 #716901 #719117 #719450 

Cross-References:   CVE-2011-2928 CVE-2011-3191 CVE-2011-3353

Affected Products:
                   SUSE Linux Enterprise Server 11 SP1 for VMware
                   SUSE Linux Enterprise Server 11 SP1
                   SUSE Linux Enterprise High Availability Extension 11 SP1
                   SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

  An update that solves three vulnerabilities and has 33
  fixes is now available. It includes one version update.

Description:


  The SUSE Linux Enterprise 11 Service Pack 1 kernel was
  updated to 2.6.32.46  and fixes various bugs and security
  issues.

  Following security issues were fixed: CVE-2011-3191: A
  signedness issue in  CIFS could possibly have lead to to
  memory corruption, if a malicious  server could send
  crafted replies to the host.

  CVE-2011-3353: In the fuse filesystem,
  FUSE_NOTIFY_INVAL_ENTRY did not  check the length of the
  write so the message processing could overrun and  result
  in a BUG_ON() in fuse_copy_fill(). This flaw could be used
  by local  users able to mount FUSE filesystems to crash the
  system.

  CVE-2011-2928: The befs_follow_link function in
  fs/befs/linuxvfs.c in the  Linux kernel did not validate
  the length attribute of long symlinks, which  allowed local
  users to cause a denial of service (incorrect pointer
  dereference and OOPS) by accessing a long symlink on a
  malformed Be  filesystem.

  Also the following non security bugs were fixed: -
  CONFIG_CGROUP_MEM_RES_CTLR_SWAP enabled -
  CONFIG_CGROUP_MEM_RES_CTLR_SWAP_ENABLED disabled by
  default. Swap  accounting can be turned on by swapaccount=1
  kernel command line parameter  (bnc#719450) - Make swap
  accounting default behavior configurable  (bnc#719450,
  bnc#650309, fate#310471).

  *

  Added a missing reset for ioc_reset_in_progress in
  SoftReset in the mtpsas driver (bnc#711969).

  *

  Add support for the Digi/IBM PCIe 2-port Adapter
  (bnc#708675).

  *

  Always enable MSI-X on 5709 (bnc#707737).

  *

  sched: fix broken SCHED_RESET_ON_FORK handling
  (bnc#708877).

  *

  sched: Fix rt_rq runtime leakage bug (bnc#707096).

  *

  ACPI: allow passing down C1 information if no other
  C-states exist.

  *

  KDB: turn off kdb usb support by default (bnc#694670
  bnc#603804).

  *

  xfs: Added event tracing support.

  *

  xfs: fix xfs_fsblock_t tracing.

  *

  igb: extend maximum frame size to receive VLAN tagged
  frames (bnc#688859).

  *

  cfq: Do not allow queue merges for queues that have
  no process references (bnc#712929).

  * cfq: break apart merged cfqqs if they stop
  cooperating (bnc#712929).
  * cfq: calculate the seek_mean per cfq_queue not per
  cfq_io_context (bnc#712929).
  * cfq: change the meaning of the cfqq_coop flag
  (bnc#712929).
  * cfq-iosched: get rid of the coop_preempt flag
  (bnc#712929).
  *

  cfq: merge cooperating cfq_queues (bnc#712929).

  *

  Fix FDDI and TR config checks in ipv4 arp and LLC
  (bnc#715235).

  *

  writeback: do uninterruptible sleep in
  balance_dirty_pages() (bnc#699354 bnc#699357).

  * xfs: fix memory reclaim recursion deadlock on locked
  inode buffer (bnc#699355 bnc#699354).
  *

  xfs: use GFP_NOFS for page cache allocation
  (bnc#699355 bnc#699354).

  *

  virtio-net: init link state correctly (bnc#714966).

  *

  cpufreq: pcc-cpufreq: sanity check to prevent a NULL
  pointer dereference (bnc#709412).

  *

  x86: ucode-amd: Do not warn when no ucode is
  available for a CPU

  *

  patches.arch/x86_64-unwind-annotations: Refresh
  (bnc#588458).

  *

  patches.suse/stack-unwind: Refresh (bnc#588458).

  *

  splice: direct_splice_actor() should not use pos in
  sd (bnc#715763).

  *

  qdio: 2nd stage retry on SIGA-W busy conditions
  (bnc#713138,LTC#74402).

  *

  TTY: pty, fix pty counting (bnc#711203).

  *

  Avoid deadlock in GFP_IO/GFP_FS allocation
  (bnc#632870).

  *

  novfs: fix some DirCache locking issues (bnc#669378).

  * novfs: fix some kmalloc/kfree issues (bnc#669378).
  * novfs: fix off-by-one allocation error (bnc#669378).
  * novfs: unlink directory after unmap (bnc#649625).
  *

  novfs: last modification time not reliable
  (bnc#642896).

  *

  x86 / IO APIC: Reset IRR in clear_IO_APIC_pin()
  (bnc#701686, bnc#667386).

  *

  mptfusion : Added check for SILI bit in READ_6 CDB
  for DATA UNDERRUN ERRATA (bnc #712456).

  *

  xfs: serialise unaligned direct IOs (bnc#707125).

  *

  NFS: Ensure that we handle NFS4ERR_STALE_STATEID
  correctly (bnc#701443).

  * NFSv4: Do not call nfs4_state_mark_reclaim_reboot()
  from error handlers (bnc#701443).
  * NFSv4: Fix open recovery (bnc#701443).
  * NFSv4.1: Do not call nfs4_schedule_state_recovery()
  unnecessarily (bnc#701443).

  Security Issues:

  * CVE-2011-3191
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191

  * CVE-2011-3353
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353

  * CVE-2011-2928
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928


Indications:

  Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

  Please reboot the system after installing this update.

Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Server 11 SP1 for VMware:

     zypper in -t patch slessp1-kernel-5219 slessp1-kernel-5223

  - SUSE Linux Enterprise Server 11 SP1:

     zypper in -t patch slessp1-kernel-5219 slessp1-kernel-5220 slessp1-kernel-5221 slessp1-kernel-5222 slessp1-kernel-5223

  - SUSE Linux Enterprise High Availability Extension 11 SP1:

     zypper in -t patch sleshasp1-kernel-5219 sleshasp1-kernel-5220 sleshasp1-kernel-5221 sleshasp1-kernel-5222 sleshasp1-kernel-5223

  - SUSE Linux Enterprise Desktop 11 SP1:

     zypper in -t patch sledsp1-kernel-5219 sledsp1-kernel-5223

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.32.46]:

     btrfs-kmp-default-0_2.6.32.46_0.3-0.3.57
     ext4dev-kmp-default-0_2.6.32.46_0.3-7.9.24
     hyper-v-kmp-default-0_2.6.32.46_0.3-0.14.11
     kernel-default-2.6.32.46-0.3.1
     kernel-default-base-2.6.32.46-0.3.1
     kernel-default-devel-2.6.32.46-0.3.1
     kernel-source-2.6.32.46-0.3.1
     kernel-syms-2.6.32.46-0.3.1
     kernel-trace-2.6.32.46-0.3.1
     kernel-trace-base-2.6.32.46-0.3.1
     kernel-trace-devel-2.6.32.46-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.46]:

     btrfs-kmp-pae-0_2.6.32.46_0.3-0.3.57
     ext4dev-kmp-pae-0_2.6.32.46_0.3-7.9.24
     hyper-v-kmp-pae-0_2.6.32.46_0.3-0.14.11
     kernel-pae-2.6.32.46-0.3.1
     kernel-pae-base-2.6.32.46-0.3.1
     kernel-pae-devel-2.6.32.46-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.32.46]:

     btrfs-kmp-default-0_2.6.32.46_0.3-0.3.57
     ext4dev-kmp-default-0_2.6.32.46_0.3-7.9.24
     kernel-default-2.6.32.46-0.3.1
     kernel-default-base-2.6.32.46-0.3.1
     kernel-default-devel-2.6.32.46-0.3.1
     kernel-source-2.6.32.46-0.3.1
     kernel-syms-2.6.32.46-0.3.1
     kernel-trace-2.6.32.46-0.3.1
     kernel-trace-base-2.6.32.46-0.3.1
     kernel-trace-devel-2.6.32.46-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 2.6.32.46]:

     btrfs-kmp-xen-0_2.6.32.46_0.3-0.3.57
     ext4dev-kmp-xen-0_2.6.32.46_0.3-7.9.24
     hyper-v-kmp-default-0_2.6.32.46_0.3-0.14.11
     kernel-ec2-2.6.32.46-0.3.1
     kernel-ec2-base-2.6.32.46-0.3.1
     kernel-xen-2.6.32.46-0.3.1
     kernel-xen-base-2.6.32.46-0.3.1
     kernel-xen-devel-2.6.32.46-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.46]:

     kernel-default-man-2.6.32.46-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.46]:

     ext4dev-kmp-ppc64-0_2.6.32.46_0.3-7.9.24
     kernel-ppc64-2.6.32.46-0.3.1
     kernel-ppc64-base-2.6.32.46-0.3.1
     kernel-ppc64-devel-2.6.32.46-0.3.1

  - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.46]:

     btrfs-kmp-pae-0_2.6.32.46_0.3-0.3.57
     ext4dev-kmp-pae-0_2.6.32.46_0.3-7.9.24
     hyper-v-kmp-pae-0_2.6.32.46_0.3-0.14.11
     kernel-pae-2.6.32.46-0.3.1
     kernel-pae-base-2.6.32.46-0.3.1
     kernel-pae-devel-2.6.32.46-0.3.1

  - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x x86_64):

     cluster-network-kmp-default-1.4_2.6.32.46_0.3-2.5.9
     gfs2-kmp-default-2_2.6.32.46_0.3-0.2.56
     ocfs2-kmp-default-1.6_2.6.32.46_0.3-0.4.2.9

  - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 x86_64):

     cluster-network-kmp-xen-1.4_2.6.32.46_0.3-2.5.9
     gfs2-kmp-xen-2_2.6.32.46_0.3-0.2.56
     ocfs2-kmp-xen-1.6_2.6.32.46_0.3-0.4.2.9

  - SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64):

     cluster-network-kmp-ppc64-1.4_2.6.32.46_0.3-2.5.9
     gfs2-kmp-ppc64-2_2.6.32.46_0.3-0.2.56
     ocfs2-kmp-ppc64-1.6_2.6.32.46_0.3-0.4.2.9

  - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586):

     cluster-network-kmp-pae-1.4_2.6.32.46_0.3-2.5.9
     gfs2-kmp-pae-2_2.6.32.46_0.3-0.2.56
     ocfs2-kmp-pae-1.6_2.6.32.46_0.3-0.4.2.9

  - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 2.6.32.46]:

     btrfs-kmp-default-0_2.6.32.46_0.3-0.3.57
     btrfs-kmp-xen-0_2.6.32.46_0.3-0.3.57
     hyper-v-kmp-default-0_2.6.32.46_0.3-0.14.11
     kernel-default-2.6.32.46-0.3.1
     kernel-default-base-2.6.32.46-0.3.1
     kernel-default-devel-2.6.32.46-0.3.1
     kernel-default-extra-2.6.32.46-0.3.1
     kernel-desktop-devel-2.6.32.46-0.3.1
     kernel-source-2.6.32.46-0.3.1
     kernel-syms-2.6.32.46-0.3.1
     kernel-xen-2.6.32.46-0.3.1
     kernel-xen-base-2.6.32.46-0.3.1
     kernel-xen-devel-2.6.32.46-0.3.1
     kernel-xen-extra-2.6.32.46-0.3.1

  - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.46]:

     btrfs-kmp-pae-0_2.6.32.46_0.3-0.3.57
     hyper-v-kmp-pae-0_2.6.32.46_0.3-0.14.11
     kernel-pae-2.6.32.46-0.3.1
     kernel-pae-base-2.6.32.46-0.3.1
     kernel-pae-devel-2.6.32.46-0.3.1
     kernel-pae-extra-2.6.32.46-0.3.1


References:

  http://support.novell.com/security/cve/CVE-2011-2928.html
  http://support.novell.com/security/cve/CVE-2011-3191.html
  http://support.novell.com/security/cve/CVE-2011-3353.html
  https://bugzilla.novell.com/588458
  https://bugzilla.novell.com/603804
  https://bugzilla.novell.com/632870
  https://bugzilla.novell.com/642896
  https://bugzilla.novell.com/649625
  https://bugzilla.novell.com/650309
  https://bugzilla.novell.com/667386
  https://bugzilla.novell.com/669378
  https://bugzilla.novell.com/688859
  https://bugzilla.novell.com/694670
  https://bugzilla.novell.com/699354
  https://bugzilla.novell.com/699355
  https://bugzilla.novell.com/699357
  https://bugzilla.novell.com/701443
  https://bugzilla.novell.com/701686
  https://bugzilla.novell.com/704347
  https://bugzilla.novell.com/706557
  https://bugzilla.novell.com/707096
  https://bugzilla.novell.com/707125
  https://bugzilla.novell.com/707737
  https://bugzilla.novell.com/708675
  https://bugzilla.novell.com/708877
  https://bugzilla.novell.com/709412
  https://bugzilla.novell.com/711203
  https://bugzilla.novell.com/711969
  https://bugzilla.novell.com/712456
  https://bugzilla.novell.com/712929
  https://bugzilla.novell.com/713138
  https://bugzilla.novell.com/713430
  https://bugzilla.novell.com/714001
  https://bugzilla.novell.com/714966
  https://bugzilla.novell.com/715235
  https://bugzilla.novell.com/715763
  https://bugzilla.novell.com/716901
  https://bugzilla.novell.com/719117
  https://bugzilla.novell.com/719450
  http://download.novell.com/patch/finder/?keywords=20cb09e23614f5f5085f698cc5bf2e4f
  http://download.novell.com/patch/finder/?keywords=56d0712d83970cf6fe7492bf3330ee2a
  http://download.novell.com/patch/finder/?keywords=94fa14c210d027059a56ea1e31e280c7
  http://download.novell.com/patch/finder/?keywords=959314df0926c9887f7057c56f1d07c1
  http://download.novell.com/patch/finder/?keywords=9a7f6196af0af6d69bc4d0f12e07e44d
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.