SuSE 11.1 Security Update : Linux Kernel (SAT Patch Numbers 5723 / 5725)

high Nessus Plugin ID 57853

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54, fixing numerous bugs and security issues.

The following security issues have been fixed :

- A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127)

- KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel.
(CVE-2011-4110)

- Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel.
(CVE-2011-4081)

- Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077)

- A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038)

- A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132)

- Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g.
guessing passwords by typing speed). (CVE-2011-2494)

- When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873)

- When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case.
(CVE-2010-4164)

- A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed.
(CVE-2011-2699) The following non-security issues have been fixed (excerpt from changelog) :

- elousb: Fixed bug in USB core API usage, code cleanup.

- cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry.

- cifs: set server_eof in cifs_fattr_to_inode.

- xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink().

- Silence some warnings about ioctls on partitions.

- netxen: Remove all references to unified firmware file.

- bonding: send out gratuitous arps even with no address configured.

- patches.fixes/ocfs2-serialize_unaligned_aio.patch:
ocfs2: serialize unaligned aio.

- patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references.

- xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time.

- ipmi: reduce polling when interrupts are available.

- ipmi: reduce polling.

- export shrink_dcache_for_umount_subtree.

- patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem.

- PM / Sleep: Fix race between CPU hotplug and freezer.

- jbd: Issue cache flush after checkpointing.

- lpfc: make sure job exists when processing BSG.

- blktap: fix locking (again).

- xen: Update Xen patches to 2.6.32.52.

- reiserfs: Lock buffers unconditionally in reiserfs_write_full_page().

- writeback: Include all dirty inodes in background writeback.

- reiserfs: Fix quota mount option parsing.

- bonding: check if clients MAC addr has changed.

- rpc client can not deal with ENOSOCK, so translate it into ENOCONN.

- st: modify tape driver to allow writing immediate filemarks.

- xfs: fix for xfssyncd failure to wake.

- ipmi: Fix deadlock in start_next_msg().

- net: bind() fix error return on wrong address family.

- net: ipv4: relax AF_INET check in bind().

- net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs.

- Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported.

- percpu: fix chunk range calculation.

- x86, UV: Fix kdump reboot.

- dm: Use done_bytes for io_completion.

- Bluetooth: Add Atheros AR3012 Maryann PID/VID supported.

- Bluetooth: Add Atheros AR3012 one PID/VID supported.

- fix missing hunk in oplock break patch.

- patches.arch/s390-34-01-pfault-cpu-hotplug.patch:
Refresh.

- Surrounded s390x lowcore change with __GENKSYMS__

- patches.xen/xen3-patch-2.6.30: Refresh.

- sched, x86: Avoid unnecessary overflow in sched_clock.

- ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.

Solution

Apply SAT patch number 5723 / 5725 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=651219

https://bugzilla.novell.com/show_bug.cgi?id=653260

https://bugzilla.novell.com/show_bug.cgi?id=668872

https://bugzilla.novell.com/show_bug.cgi?id=671479

https://bugzilla.novell.com/show_bug.cgi?id=688996

https://bugzilla.novell.com/show_bug.cgi?id=694945

https://bugzilla.novell.com/show_bug.cgi?id=697920

https://bugzilla.novell.com/show_bug.cgi?id=703156

https://bugzilla.novell.com/show_bug.cgi?id=706973

https://bugzilla.novell.com/show_bug.cgi?id=707288

https://bugzilla.novell.com/show_bug.cgi?id=708625

https://bugzilla.novell.com/show_bug.cgi?id=711378

https://bugzilla.novell.com/show_bug.cgi?id=716023

https://bugzilla.novell.com/show_bug.cgi?id=722910

https://bugzilla.novell.com/show_bug.cgi?id=724734

https://bugzilla.novell.com/show_bug.cgi?id=725709

https://bugzilla.novell.com/show_bug.cgi?id=726600

https://bugzilla.novell.com/show_bug.cgi?id=726788

https://bugzilla.novell.com/show_bug.cgi?id=728339

https://bugzilla.novell.com/show_bug.cgi?id=728626

https://bugzilla.novell.com/show_bug.cgi?id=729854

https://bugzilla.novell.com/show_bug.cgi?id=730118

https://bugzilla.novell.com/show_bug.cgi?id=731004

https://bugzilla.novell.com/show_bug.cgi?id=731770

https://bugzilla.novell.com/show_bug.cgi?id=732296

https://bugzilla.novell.com/show_bug.cgi?id=732677

https://bugzilla.novell.com/show_bug.cgi?id=733146

https://bugzilla.novell.com/show_bug.cgi?id=733863

https://bugzilla.novell.com/show_bug.cgi?id=734056

https://bugzilla.novell.com/show_bug.cgi?id=735216

https://bugzilla.novell.com/show_bug.cgi?id=735446

https://bugzilla.novell.com/show_bug.cgi?id=735453

https://bugzilla.novell.com/show_bug.cgi?id=735635

https://bugzilla.novell.com/show_bug.cgi?id=736018

https://bugzilla.novell.com/show_bug.cgi?id=738400

https://bugzilla.novell.com/show_bug.cgi?id=740535

https://bugzilla.novell.com/show_bug.cgi?id=740703

https://bugzilla.novell.com/show_bug.cgi?id=740867

https://bugzilla.novell.com/show_bug.cgi?id=742270

http://support.novell.com/security/cve/CVE-2010-3873.html

http://support.novell.com/security/cve/CVE-2010-4164.html

http://support.novell.com/security/cve/CVE-2011-2494.html

http://support.novell.com/security/cve/CVE-2011-2699.html

http://support.novell.com/security/cve/CVE-2011-4077.html

http://support.novell.com/security/cve/CVE-2011-4081.html

http://support.novell.com/security/cve/CVE-2011-4110.html

http://support.novell.com/security/cve/CVE-2011-4127.html

http://support.novell.com/security/cve/CVE-2011-4132.html

http://support.novell.com/security/cve/CVE-2012-0038.html

Plugin Details

Severity: High

ID: 57853

File Name: suse_11_kernel-120129.nasl

Version: 1.7

Type: local

Agent: unix

Published: 2/7/2012

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/29/2012

Reference Information

CVE: CVE-2010-3873, CVE-2010-4164, CVE-2011-2494, CVE-2011-2699, CVE-2011-4077, CVE-2011-4081, CVE-2011-4110, CVE-2011-4127, CVE-2011-4132, CVE-2012-0038