SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing
a lot of bugs and security issues.

The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs
not listed here.

The following security issues have been fixed :

- Local attackers could trigger an overflow in
sock_alloc_send_pksb(), potentially crashing the machine
or escalate privileges. (CVE-2012-2136)

- A memory leak in transparent hugepages on mmap failure
could be used by local attacker to run the machine out
of memory (local denial of service). (CVE-2012-2390)

- A malicious guest driver could overflow the host stack
by passing a long descriptor, so potentially crashing
the host system or escalating privileges on the host.

- Malicious NFS server could crash the clients when more
than 2 GETATTR bitmap words are returned in response to
the FATTR4_ACL attribute requests, only incompletely
fixed by CVE-2011-4131. (CVE-2012-2375)

The following non-security bugs have been fixed :

Hyper-V :

- storvsc: Properly handle errors from the host.

- HID: hid-hyperv: Do not use hid_parse_report() directly.

- HID: hyperv: Set the hid drvdata correctly.

- drivers/hv: Get rid of an unnecessary check in

- drivers/hv: util: Properly handle version negotiations.

- hv: fix return type of hv_post_message().

- net/hyperv: Add flow control based on hi/low watermark.

- usb/net: rndis: break out <1/rndis.h> defines. only
net/hyperv part

- usb/net: rndis: remove ambiguous status codes. only
net/hyperv part

- usb/net: rndis: merge command codes. only net/hyperv

- net/hyperv: Adding cancellation to ensure rndis filter
is closed.

- update hv drivers to 3.4-rc1, requires new
hv_kvp_daemon :

- drivers: hv: kvp: Add/cleanup connector defines.

- drivers: hv: kvp: Move the contents of hv_kvp.h to

- net/hyperv: Convert camel cased variables in
rndis_filter.c to lower cases.

- net/hyperv: Correct the assignment in

- net/hyperv: Remove the unnecessary memset in

- drivers: hv: Cleanup the kvp related state in hyperv.h.

- tools: hv: Use hyperv.h to get the KVP definitions.

- drivers: hv: kvp: Cleanup the kernel/user protocol.

- drivers: hv: Increase the number of VCPUs supported in
the guest.

- net/hyperv: Fix data corruption in

- net/hyperv: Add support for vlan trunking from guests.

- Drivers: hv: Add new message types to enhance KVP.

- Drivers: hv: Support the newly introduced KVP messages
in the driver.

- Tools: hv: Fully support the new KVP verbs in the user
level daemon.

- Tools: hv: Support enumeration from all the pools.

- net/hyperv: Fix the code handling tx busy.

- patches.suse/suse-hv-pata_piix-ignore-disks.patch
replace our version of this patch with upstream variant:
ata_piix: defer disks to the Hyper-V drivers by default
libata: add a host flag to ignore detected ATA devices.

Btrfs :

- btrfs: more module message prefixes.

- vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and
rename them

- btrfs: flush all the dirty pages if
try_to_writeback_inodes_sb_nr() fails

- vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and
rename them

- btrfs: fix locking in btrfs_destroy_delayed_refs

- btrfs: wake up transaction waiters when aborting a

- btrfs: abort the transaction if the commit fails

- btrfs: fix btrfs_destroy_marked_extents

- btrfs: unlock everything properly in the error case for

- btrfs: fix return code in drop_objectid_items

- btrfs: check to see if the inode is in the log before

- btrfs: pass locked_page into
extent_clear_unlock_delalloc if theres an error

- btrfs: check the return code of btrfs_save_ino_cache

- btrfs: do not update atime for RO snapshots

- btrfs: convert the inode bit field to use the actual bit

- btrfs: fix deadlock when the process of delayed refs

- btrfs: stop defrag the files automatically when doin
readonly remount or umount

- btrfs: avoid memory leak of extent state in error
handling routine

- btrfs: make sure that we have made everything in pinned
tree clean

- btrfs: destroy the items of the delayed inodes in error
handling routine

- btrfs: ulist realloc bugfix

- btrfs: bugfix in btrfs_find_parent_nodes

- btrfs: bugfix: ignore the wrong key for indirect tree
block backrefs

- btrfs: avoid buffer overrun in btrfs_printk

- btrfs: fall back to non-inline if we do not have enough

- btrfs: NUL-terminate path buffer in DEV_INFO ioctl

- btrfs: avoid buffer overrun in mount option handling

- btrfs: do not do balance in readonly mode

- btrfs: fix the same inode id problem when doing auto

- btrfs: fix wrong error returned by adding a device

- btrfs: use fastpath in extent state ops as much as
possible Misc :

- tcp: drop SYN+FIN messages. (bnc#765102)

- mm: avoid swapping out with swappiness==0 (swappiness).

- thp: avoid atomic64_read in pmd_read_atomic for 32bit
PAE. (bnc#762991)

- paravirt: Split paravirt MMU ops (bnc#556135,
bnc#754690, FATE#306453).

- paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU

- parvirt: Stub support KABI for KVM_MMU (bnc#556135,
bnc#754690, FATE#306453).

- tmpfs: implement NUMA node interleaving. (bnc#764209)

- synaptics-hp-clickpad: Fix the detection of LED on the
recent HP laptops. (bnc#765524)

- supported.conf: mark xt_AUDIT as supported. (bnc#765253)

- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs
pmd_populate SMP race condition. (bnc#762991 /

- xhci: Do not free endpoints in xhci_mem_cleanup().

- xhci: Fix invalid loop check in xhci_free_tt_info().

- drm: Skip too big EDID extensions. (bnc#764900)

- drm/i915: Add HP EliteBook to LVDS-temporary-disable
list. (bnc#763717)

- hwmon: (fam15h_power) Increase output resolution.

- hwmon: (k10temp) Add support for AMD Trinity CPUs.

- rpm/ Own the right -kdump initrd.

- memcg: prevent from OOM with too many dirty pages.

- dasd: re-prioritize partition detection message

- kernel: pfault task state race (bnc#764091,LTC#81724).

- kernel: clear page table for sw large page emulation

- USB: fix bug of device descriptor got from superspeed
device. (bnc#761087)

- xfrm: take net hdr len into account for esp payload size
calculation. (bnc#759545)

- st: clean up dev cleanup in st_probe. (bnc#760806)

- st: clean up device file creation and removal.

- st: get rid of scsi_tapes array. (bnc#760806)

- st: raise device limit. (bnc#760806)

- st: Use static class attributes. (bnc#760806)

- mm: Optimize put_mems_allowed() usage (VM performance).

- cifs: fix oops while traversing open file list (try #4).

- scsi: Fix dm-multipath starvation when scsi host is
busy. (bnc#763485)

- dasd: process all requests in the device tasklet.

- rt2x00:Add RT539b chipset support. (bnc#760237)

- kabi/severities: Ignore changes in
drivers/net/wireless/rt2x00, these are just exports used
among the rt2x00 modules.

- rt2800: radio 3xxx: reprogram only lower bits of RF_R3.

- rt2800: radio 3xxx: program RF_R1 during channel switch.

- rt2800: radio 3xxxx: channel switch RX/TX calibration
fixes. (bnc#759805)

- rt2x00: Avoid unnecessary uncached. (bnc#759805)

- rt2x00: Introduce sta_add/remove callbacks. (bnc#759805)

- rt2x00: Add WCID to crypto struct. (bnc#759805)

- rt2x00: Add WCID to HT TX descriptor. (bnc#759805)

- rt2x00: Move bssidx calculation into its own function.

- rt2x00: Make use of sta_add/remove callbacks in rt2800.

- rt2x00: Forbid aggregation for STAs not programmed into
the hw. (bnc#759805)

- rt2x00: handle spurious pci interrupts. (bnc#759805)

- rt2800: disable DMA after firmware load.

- rt2800: radio 3xxx: add channel switch calibration
routines. (bnc#759805)

- rpm/ Obsolete ath3k, as it is now
in the tree.

- floppy: remove floppy-specific O_EXCL handling.

- floppy: convert to delayed work and single-thread wq.

See also :

Solution :

Apply SAT patch number 6463.

Risk factor :

High / CVSS Base Score : 7.2

Family: SuSE Local Security Checks

Nessus Plugin ID: 64175 ()

Bugtraq ID:

CVE ID: CVE-2011-4131

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now