SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5493 / 5510 / 5511)

high Nessus Plugin ID 57297

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Service Pack 1 kernel has been updated to version 2.6.32.49 and fixes various bugs and security issues.

- The TCP/IP initial sequence number generation effectively only used 24 bits of 32 to generate randomness, making a brute-force man-in-the-middle attack on TCP/IP connections feasible. The generator was changed to use full 32bit randomness. (CVE-2011-3188)

- Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.
(CVE-2011-2699)

- A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. (CVE-2011-2203)

- Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. (CVE-2011-1833)

- The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576)

- A name overflow in the hfs filesystem was fixed, where mounting a corrupted hfs filesystem could lead to a stack overflow and code execution in the kernel. This requires a local attacker to be able to mount hfs filesystems. (CVE-2011-4330)

- A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)

The following non-security bugs have been fixed :

- ALSA: hda - Fix S3/S4 problem on machines with VREF-pin mute-LED. (bnc#732535)

- patches.xen/xen-pcpu-hotplug: Fix a double kfree().

- ixgbe: fix bug with vlan strip in promsic mode (bnc#687049, fate#311821).

- ixgbe: fix panic when shutting down system with WoL enabled.

- fnic: Allow users to modify dev_loss_tmo setting.
(bnc#719786)

- x86, intel: Do not mark sched_clock() as stable.
(bnc#725709)

- ALSA: hda - Keep vref-LED during power-saving on IDT codecs. (bnc#731981)

- cifs: Assume passwords are encoded according to iocharset. (bnc#731035)

- scsi_dh: Check queuedata pointer before proceeding.
(bnc#714744)

- netback: use correct index for invalidation in netbk_tx_check_mop().

- ACPI video: introduce module parameter video.use_bios_initial_backlight. (bnc#731229)

- SUNRPC: prevent task_cleanup running on freed xprt.
(bnc#709671)

- add device entry for Broadcom Valentine combo card.
(bnc#722429)

- quota: Fix WARN_ON in lookup_one_len. (bnc#728626)

- Update Xen patches to 2.6.32.48.

- pv-on-hvm/kexec: add xs_reset_watches to shutdown watches from old kernel. (bnc#694863)

- x86: undo_limit_pages() must reset page count.

- mm/vmstat.c: cache align vm_stat. (bnc#729721)

- s390/ccwgroup: fix uevent vs dev attrs race (bnc#659101,LTC#69028).

- Warn on pagecache limit usage (FATE309111).

- SCSI: st: fix race in st_scsi_execute_end. (bnc#720536)

- ACPI: introduce 'acpi_rsdp=' parameter for kdump.
(bnc#717263)

- elousb: Limit the workaround warning to one per error, control workaround activity. (bnc#719916)

- SCSI: libiscsi: reset cmd timer if cmds are making progress. (bnc#691440)

- SCSI: fix crash in scsi_dispatch_cmd(). (bnc#724989)

- NFS/sunrpc: do not use a credential with extra groups.
(bnc#725878)

- s390/qdio: EQBS retry after CCQ 96 (bnc#725453,LTC#76117).

- fcoe: Reduce max_sectors to 1024. (bnc#695898)

- apparmor: return -ENOENT when there is no profile for a hat. (bnc#725502)

- sched, cgroups: disallow attaching kthreadd.
(bnc#721840)

- nfs: Check validity of cl_rpcclient in nfs_server_list_show. (bnc#717884)

- x86, vt-d: enable x2apic opt out (disabling x2apic through BIOS flag) (bnc#701183, fate#311989).

- block: Free queue resources at blk_release_queue().
(bnc#723815)

- ALSA: hda - Add post_suspend patch ops. (bnc#724800)

- ALSA: hda - Allow codec-specific set_power_state ops.
(bnc#724800)

- ALSA: hda - Add support for vref-out based mute LED control on IDT codecs. (bnc#724800)

- scsi_dh_rdac : Add definitions for different RDAC operating modes. (bnc#724365)

- scsi_dh_rdac : Detect the different RDAC operating modes. (bnc#724365)

- scsi_dh_rdac : decide whether to send mode select based on operating mode. (bnc#724365)

- scsi_dh_rdac: Use WWID from C8 page instead of Subsystem id from C4 page to identify storage. (bnc#724365)

- vlan: Match underlying dev carrier on vlan add.
(bnc#722504)

- scsi_lib: pause between error retries. (bnc#675127)

- xfs: use KM_NOFS for allocations during attribute list operations. (bnc#721830)

- bootsplash: Do not crash when no fb is set. (bnc#723542)

- cifs: do not allow cifs_iget to match inodes of the wrong type. (bnc#711501)

- cifs: fix noserverino handling when 1 extensions are enabled. (bnc#711501)

- cifs: reduce false positives with inode aliasing serverino autodisable. (bnc#711501)

- parport_pc: release IO region properly if unsupported ITE887x card is found. (bnc#721464)

- writeback: avoid unnecessary calculation of bdi dirty thresholds. (bnc#721299)

- 1: Fix bogus it_blocksize in VIO iommu code.
(bnc#717690)

- ext4: Fix max file size and logical block counting of extent format file. (bnc#706374)

- novfs: Unable to change password in the Novell Client for Linux. (bnc#713229)

- xfs: add more ilock tracing.

- sched: move wakeup tracepoint above out_running.
(bnc#712002)

- config.conf: Build KMPs for the -trace flavor as well (fate#312759, bnc#712404, bnc#712405, bnc#721337).

- memsw: remove noswapaccount kernel parameter.
(bnc#719450)

Solution

Apply SAT patch number 5493 / 5510 / 5511 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=659101

https://bugzilla.novell.com/show_bug.cgi?id=709671

https://bugzilla.novell.com/show_bug.cgi?id=711501

https://bugzilla.novell.com/show_bug.cgi?id=711539

https://bugzilla.novell.com/show_bug.cgi?id=712002

https://bugzilla.novell.com/show_bug.cgi?id=712404

https://bugzilla.novell.com/show_bug.cgi?id=712405

https://bugzilla.novell.com/show_bug.cgi?id=713229

https://bugzilla.novell.com/show_bug.cgi?id=713650

https://bugzilla.novell.com/show_bug.cgi?id=714744

https://bugzilla.novell.com/show_bug.cgi?id=717263

https://bugzilla.novell.com/show_bug.cgi?id=717690

https://bugzilla.novell.com/show_bug.cgi?id=717884

https://bugzilla.novell.com/show_bug.cgi?id=719450

https://bugzilla.novell.com/show_bug.cgi?id=719786

https://bugzilla.novell.com/show_bug.cgi?id=719916

https://bugzilla.novell.com/show_bug.cgi?id=720536

https://bugzilla.novell.com/show_bug.cgi?id=721299

https://bugzilla.novell.com/show_bug.cgi?id=721337

https://bugzilla.novell.com/show_bug.cgi?id=721464

https://bugzilla.novell.com/show_bug.cgi?id=721830

https://bugzilla.novell.com/show_bug.cgi?id=721840

https://bugzilla.novell.com/show_bug.cgi?id=722429

https://bugzilla.novell.com/show_bug.cgi?id=722504

https://bugzilla.novell.com/show_bug.cgi?id=723542

https://bugzilla.novell.com/show_bug.cgi?id=723815

https://bugzilla.novell.com/show_bug.cgi?id=724365

https://bugzilla.novell.com/show_bug.cgi?id=724800

https://bugzilla.novell.com/show_bug.cgi?id=724989

https://bugzilla.novell.com/show_bug.cgi?id=725453

https://bugzilla.novell.com/show_bug.cgi?id=725502

https://bugzilla.novell.com/show_bug.cgi?id=725709

https://bugzilla.novell.com/show_bug.cgi?id=725878

https://bugzilla.novell.com/show_bug.cgi?id=728626

https://bugzilla.novell.com/show_bug.cgi?id=729111

https://bugzilla.novell.com/show_bug.cgi?id=729721

https://bugzilla.novell.com/show_bug.cgi?id=731035

https://bugzilla.novell.com/show_bug.cgi?id=731229

https://bugzilla.novell.com/show_bug.cgi?id=731673

https://bugzilla.novell.com/show_bug.cgi?id=731981

https://bugzilla.novell.com/show_bug.cgi?id=732021

https://bugzilla.novell.com/show_bug.cgi?id=732535

https://bugzilla.novell.com/show_bug.cgi?id=675127

https://bugzilla.novell.com/show_bug.cgi?id=687049

https://bugzilla.novell.com/show_bug.cgi?id=691440

https://bugzilla.novell.com/show_bug.cgi?id=694863

https://bugzilla.novell.com/show_bug.cgi?id=695898

https://bugzilla.novell.com/show_bug.cgi?id=698450

https://bugzilla.novell.com/show_bug.cgi?id=699709

https://bugzilla.novell.com/show_bug.cgi?id=701183

https://bugzilla.novell.com/show_bug.cgi?id=702013

https://bugzilla.novell.com/show_bug.cgi?id=706374

https://bugzilla.novell.com/show_bug.cgi?id=707288

http://support.novell.com/security/cve/CVE-2011-1478.html

http://support.novell.com/security/cve/CVE-2011-1576.html

http://support.novell.com/security/cve/CVE-2011-1833.html

http://support.novell.com/security/cve/CVE-2011-2203.html

http://support.novell.com/security/cve/CVE-2011-2699.html

http://support.novell.com/security/cve/CVE-2011-3188.html

http://support.novell.com/security/cve/CVE-2011-4326.html

http://support.novell.com/security/cve/CVE-2011-4330.html

Plugin Details

Severity: High

ID: 57297

File Name: suse_11_kernel-111202.nasl

Version: 1.10

Type: local

Agent: unix

Published: 12/14/2011

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/2/2011

Reference Information

CVE: CVE-2011-1478, CVE-2011-1576, CVE-2011-1833, CVE-2011-2203, CVE-2011-2699, CVE-2011-3188, CVE-2011-4326, CVE-2011-4330