SuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 7273 / 7276 / 7277)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.58, fixing
various bugs and security issues.

The updates contains the following feature enhancement :

- Enable various md/raid10 and DASD enhancements.

- Make is possible for RAID10 to cope with DASD devices
being slow for various reasons - the affected device
will be temporarily removed from the array.

- Added support for reshaping of RAID10 arrays, mdadm
changes will be published to support the changes. The
following security issues were fixed :

- A division by zero in the TCP Illinois algorithm.

- The uname26 personality leaked kernel memory
information. (CVE-2012-0957)

- Kernel stack content disclosure via binfmt_script
load_script(). (CVE-2012-4530) The following
non-security issues were fixed :


- btrfs: reset path lock state to zero.

- btrfs: fix off-by-one in lseek.

- btrfs: fix btrfs_cont_expand() freeing IS_ERR em.

- btrfs: update timestamps on truncate().

- btrfs: put csums on the right ordered extent.

- btrfs: use existing align macros in btrfs_allocate()

- btrfs: fix off-by-one error of the reserved size of

- btrfs: add fiemaps flag check

- btrfs: fix permissions of empty files not affected by

- btrfs: do not auto defrag a file when doing directIO

- btrfs: fix wrong return value of btrfs_truncate_page()

- btrfs: Notify udev when removing device

- btrfs: fix permissions of empty files not affected by

- btrfs: fix hash overflow handling

- btrfs: do not delete a subvolume which is in a R/O

- btrfs: remove call to btrfs_wait_ordered_extents to
avoid potential deadlock.

- btrfs: update the checks for mixed block groups with big
metadata blocks

- btrfs: Fix use-after-free in __btrfs_end_transaction

- btrfs: use commit root when loading free space cache.

- btrfs: avoid setting ->d_op twice (FATE#306586

- btrfs: fix race in reada (FATE#306586).

- btrfs: do not add both copies of DUP to reada extent

- btrfs: do not mount when we have a sectorsize unequal to

- btrfs: add missing unlocks to transaction abort paths

- btrfs: avoid sleeping in verify_parent_transid while

- btrfs: disallow unequal data/metadata blocksize for
mixed block groups

- btrfs: enhance superblock sanity checks. (bnc#749651)

- btrfs: sanitizing ->fs_info, parts 1-5.

- btrfs: make open_ctree() return int.

- btrfs: kill pointless reassignment of ->s_fs_info in

- btrfs: merge free_fs_info() calls on fill_super

- btrfs: make free_fs_info() call ->kill_sb()

- btrfs: consolidate failure exits in btrfs_mount() a bit.

- btrfs: let ->s_fs_info point to fs_info, not root...

- btrfs: take allocation of ->tree_root into open_ctree().

- Update DASD blk_timeout patches after review by IBM :

- dasd: Abort all requests from ioctl

- dasd: Disable block timeouts per default

- dasd: Reduce amount of messages for specific errors

- dasd: Rename ioctls

- dasd: check blk_noretry_request in dasd_times_out()

- dasd: lock ccw queue in dasd_times_out()

- dasd: make DASD_FLAG_TIMEOUT setting more robust

- dasd: rename flag to abortall

- LPFC :

- Update lpfc version for driver release.

- lpfc 8.3.32: Correct successful aborts returning error

- lpfc 8.3.34: Correct lock handling to eliminate reset
escalation on I/O abort.

- lpfc 8.3.34: Streamline fcp underrun message printing.

- DRM/i915 :

- drm/i915: EBUSY status handling added to

- drm/i915: Only clear the GPU domains upon a successful

- drm/i915: always use RPNSWREQ for turbo change requests.

- drm/i915: do not call modeset_init_hw in i915_reset.

- drm/i915: do not hang userspace when the gpu reset is

- drm/i915: do not trylock in the gpu reset code.

- drm/i915: re-init modeset hw state after gpu reset.

- HyperV :

- x86: Hyper-V: register clocksource only if its

- Other :

- xfrm: fix freed block size calculation in

- bonding: in balance-rr mode, set curr_active_slave only
if it is up.

- kernel: broken interrupt statistics (LTC#87893).

- kernel: sched_clock() overflow (LTC#87978).

- mm: call sleep_on_page_killable from

- TTY: do not reset masters packet mode.

- patches.suse/kbuild-record-built-in-o: Avoid using
printf(1) in

- rpm/ Do not rely on the *.parts file
to be newline-separated.

- NFS: Allow sec=none mounts in certain cases.

- NFS: fix recent breakage to NFS error handling.

- bridge: Pull ip header into skb->data before looking
into ip header.

- dm mpath: allow ioctls to trigger pg init.

- dm mpath: only retry ioctl when no paths if
queue_if_no_path set.

- radix-tree: fix preload vector size.

- sched, rt: Unthrottle rt runqueues in

- sched/rt: Fix SCHED_RR across cgroups.

- sched/rt: Do not throttle when PI boosting.

- sched/rt: Keep period timer ticking when rt throttling
is active.

- sched/rt: Prevent idle task boosting.

- mm: limit mmu_gather batching to fix soft lockups on

- kabi fixup for mm: limit mmu_gather batching to fix soft
lockups on !CONFIG_PREEMPT.

- Refresh Xen patches after update to 3.0.57.

- aio: make kiocb->private NUll in init_sync_kiocb().

- qeth: Fix retry logic in hardsetup. (LTC#87080)

- netiucv: reinsert dev_alloc_name for device naming.

- qeth: set new mac even if old mac is gone (2).

- ocfs2: use spinlock irqsave for downconvert lock.patch.

- af_netlink: force credentials passing.

- af_unix: dont send SCM_CREDENTIALS by default.

- sunrpc: increase maximum slots to use.

- bio: bio allocation failure due to bio_get_nr_vecs().

- bio: do not overflow in bio_get_nr_vecs().

- md: close race between removing and adding a device.

- thp, memcg: split hugepage for memcg oom on cow.

- bonding: delete migrated IP addresses from the rlb hash

- xfs: Fix re-use of EWOULDBLOCK during read on dm-mirror.

- qla2xxx: Determine the number of outstanding commands
based on available resources.

- qla2xxx: Ramp down queue depth for attached SCSI

- autofs4: fix lockdep splat in autofs.

- ipv6: tcp: fix panic in SYN processing.

- add splash=black option to bootsplash code, to keep a
black background, useful for remote access to VMs.

See also :

Solution :

Apply SAT patch number 7273 / 7276 / 7277 as appropriate.

Risk factor :

Medium / CVSS Base Score : 4.9

Family: SuSE Local Security Checks

Nessus Plugin ID: 64500 ()

Bugtraq ID:

CVE ID: CVE-2012-0957

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now