SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 6227 / 6229 / 6230)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 SP1 kernel has been updated to the stable release to fix a lot of bugs and security issues.

The following security issues have been fixed :

- A use after free bug in hugetlb support could be used by
local attackers to crash the system. (CVE-2012-2133)

- A NULL pointer dereference bug in the regsets proc file
could be used by local attackers to perhaps crash the
system. With mmap_min_addr is set and enabled,
exploitation is unlikely. (CVE-2012-1097)

- A reference counting issue in CLONE_IO could be used by
local attackers to cause a denial of service (out of
memory). (CVE-2012-0879)

- A file handle leak in CIFS code could be used by local
attackers to crash the system. (CVE-2012-1090)

- Large nested epoll chains could be used by local
attackers to cause a denial of service (excessive CPU
consumption). (CVE-2011-1083)

- When using KVM, programming a PIT timer without a
irqchip configuration, can be used to crash the kvm
guest. This likely can be done only by a privileged
guest user. (CVE-2011-4622)

- A KVM 32bit guest crash in 'syscall' opcode handling was
fixed that could be caused by local attackers.

- Fixed a oops in jbd/jbd2 that could be caused by
specific filesystem access patterns. The following
non-security issues have been fixed:. (CVE-2011-4086)

X86 :

- x86: fix the initialization of physnode_map.

- x86: Allow bootmem reserves at greater than 8G node
offset within a node. (bnc#740895)

- x86, tsc: Fix SMI induced variation in
quick_pit_calibrate(). (bnc#751322)

- x86, efi: Work around broken firmware. (bnc#714507)

- bonding: update speed/duplex for NETDEV_CHANGE.

- bonding: comparing a u8 with -1 is always false.

- bonding: start slaves with link down for ARP monitor.

- bonding: send gratuitous ARP for all addresses
(bnc#752491). XFS :

- xfs: Fix excessive inode syncing when project quota is
exceeded. (bnc#756448)

- xfs: Fix oops on IO error during
xlog_recover_process_iunlinks() (bnc#716850). SCSI :

- scsi/ses: Handle non-unique element descriptors.
(bnc#749342, bnc#617344)

- scsi/sd: mark busy sd majors as allocated (bug#744658).

- scsi: Check for invalid sdev in scsi_prep_state_check()
(bnc#734300). MD/RAID :

- md: fix possible corruption of array metadata on

- md: ensure changes to write-mostly are reflected in
metadata. (bnc#755178)

- md: do not set md arrays to readonly on shutdown
(bnc#740180, bnc#713148, bnc#734900). XEN :

- smpboot: adjust ordering of operations.

- x86-64: provide a memset() that can deal with 4Gb or
above at a time. (bnc#738528)

- blkfront: properly fail packet requests. (bnc#745929)

- Update Xen patches to

- xenbus: Reject replies with payload >

- xenbus_dev: add missing error checks to watch handling.

- Refresh other Xen patches. (bnc#652942, bnc#668194,

- fix Xen-specific kABI issue in Linux 2.6.19. NFS :

- NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and
MKDIR. (bnc#751880)

- nfs: Include SYNC flag when comparing mount options with
NOAC flag. (bnc#745422)

- NFS returns EIO for EDQUOT and others. (bnc#747028)

- lockd: fix arg parsing for grace_period and timeout.

- nfs: allow nfs4leasetime to be set before starting
servers. (bnc#733761)

- nfs: handle d_revalidate of dot correctly (bnc#731809).
S/390 :

- ctcmpc: use correct idal word list for ctcmpc

- qeth: synchronize discipline module loading

- qdio: avoid race leading to stall when tolerating CQ

- kernel: no storage key operations for invalid page table
entries (bnc#737326,LTC#77697). OTHER :

- tlan: add cast needed for proper 64 bit operation.

- dl2k: Tighten ioctl permissions. (bnc#758813)

- tg3: Fix RSS ring refill race condition. (bnc#757917)

- usbhid: fix error handling of not enough bandwidth.

- pagecache limit: Fix the shmem deadlock. (bnc#755537)

- tty_audit: fix tty_audit_add_data live lock on audit
disabled. (bnc#721366)

- ixgbe: driver sets all WOL flags upon initialization so
that machine is powered on as soon at it is switched
off. (bnc#693639)

- PCI: Set device power state to PCI_D0 for device without
native PM support. (bnc#752972)

- dlm: Do not allocate a fd for peeloff. (bnc#729247)

- sctp: Export sctp_do_peeloff. (bnc#729247)

- epoll: Do not limit non-nested epoll paths. (bnc#676204)

- mlx4: Limit MSI-X vector allocation. (bnc#624072)

- mlx4: Changing interrupt scheme. (bnc#624072)

- mlx4_en: Assigning TX irq per ring. (bnc#624072)

- mlx4_en: Restoring RX buffer pointer in case of failure.

- mlx4_en: using new mlx4 interrupt scheme. (bnc#624072)

- igb: Fix for Alt MAC Address feature on 82580 and later
devices. (bnc#746980)

- igb: Power down link when interface is down.

- igb: use correct bits to identify if managability is
enabled. (bnc#743209)

- intel_agp: Do not oops with zero stolen memory.

- agp: fix scratch page cleanup. (bnc#738679)

- hugetlb: add generic definition of NUMA_NO_NODE.

- sched: Fix proc_sched_set_task(). (bnc#717994)

- PM: Print a warning if firmware is requested when tasks
are frozen. (bnc#749886)

- PM / Sleep: Fix freezer failures due to racy
usermodehelper_is_disabled(). (bnc#749886)

- PM / Sleep: Fix read_unlock_usermodehelper() call.

- firmware loader: allow builtin firmware load even if
usermodehelper is disabled. (bnc#749886)

- PM / Hibernate: Enable usermodehelpers in
software_resume() error path. (bnc#744163)

- ipv6: Allow inet6_dump_addr() to handle more than 64
addresses. (bnc#748279)

- ipv6: fix refcnt problem related to POSTDAD state.

- be2net: change to show correct physical link status.

- be2net: changes to properly provide phy details.

- aio: fix race between io_destroy() and io_submit().
(bnc#747445 / bnc#611264)

- intel-iommu: Check for identity mapping candidate using
system dma mask. (bnc#700449)

- intel-iommu: Dont cache iova above 32bit. (bnc#700449)

- intel-iommu: Add domain check in
domain_remove_one_dev_info. (bnc#700449)

- intel-iommu: Provide option to enable 64-bit IOMMU pass
through mode. (bnc#700449)

- intel-iommu: Remove Host Bridge devices from identity
mapping. (bnc#700449)

- intel-iommu: Speed up processing of the identity_mapping
function. (bnc#700449)

- intel-iommu: Use coherent DMA mask when requested.

- 1: Fix accounting of softirq time when idle.

- driver-core: fix race between device_register and
driver_register. (bnc#742358)

- dcache: patches.fixes/large-hash-dcache_init-fix.patch:
Fix oops when initializing large hash on > 16TB machine.

- kdump: Save PG_compound or PG_head value in VMCOREINFO.

- Update config files: disable NET_9P_RDMA. (bnc#720374)

- cdc-wdm: fix race leading leading to memory corruption.

See also :

Solution :

Apply SAT patch number 6227 / 6229 / 6230 as appropriate.

Risk factor :

High / CVSS Base Score : 7.2

Family: SuSE Local Security Checks

Nessus Plugin ID: 64173 ()

Bugtraq ID:

CVE ID: CVE-2011-1083

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now