SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5219 / 5222 / 5223)

critical Nessus Plugin ID 57111
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote SuSE 11 host is missing one or more security updates.


The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to and fixes various bugs and security issues.

The following security issues have been fixed :

- A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. (CVE-2011-3191)

- In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system.

- The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. (CVE-2011-2928)

Also the following non security bugs have been fixed :


- CONFIG_CGROUP_MEM_RES_CTLR_SWAP_ENABLED disabled by default. Swap accounting can be turned on by swapaccount=1 kernel command line parameter.

- Make swap accounting default behavior configurable (bnc#719450, bnc#650309, fate#310471).

- Added a missing reset for ioc_reset_in_progress in SoftReset in the mtpsas driver. (bnc#711969)

- Add support for the Digi/IBM PCIe 2-port Adapter.

- Always enable MSI-X on 5709. (bnc#707737)

- sched: fix broken SCHED_RESET_ON_FORK handling.

- sched: Fix rt_rq runtime leakage bug. (bnc#707096)

- ACPI: allow passing down C1 information if no other C-states exist.

- KDB: turn off kdb usb support by default. (bnc#694670 / bnc#603804)

- xfs: Added event tracing support.

- xfs: fix xfs_fsblock_t tracing.

- igb: extend maximum frame size to receive VLAN tagged frames. (bnc#688859)

- cfq: Do not allow queue merges for queues that have no process references. (bnc#712929)

- cfq: break apart merged cfqqs if they stop cooperating.

- cfq: calculate the seek_mean per cfq_queue not per cfq_io_context. (bnc#712929)

- cfq: change the meaning of the cfqq_coop flag.

- cfq-iosched: get rid of the coop_preempt flag.

- cfq: merge cooperating cfq_queues. (bnc#712929)

- Fix FDDI and TR config checks in ipv4 arp and LLC.

- writeback: do uninterruptible sleep in balance_dirty_pages(). (bnc#699354 / bnc#699357)

- xfs: fix memory reclaim recursion deadlock on locked inode buffer. (bnc#699355 / bnc#699354)

- xfs: use GFP_NOFS for page cache allocation. (bnc#699355 / bnc#699354)

- virtio-net: init link state correctly. (bnc#714966)

- cpufreq: pcc-cpufreq: sanity check to prevent a NULL pointer dereference. (bnc#709412)

- x86: ucode-amd: Do not warn when no ucode is available for a CPU

- patches.arch/x86_64-unwind-annotations: Refresh.

- patches.suse/stack-unwind: Refresh. (bnc#588458)

- splice: direct_splice_actor() should not use pos in sd.

- qdio: 2nd stage retry on SIGA-W busy conditions (bnc#713138,LTC#74402).

- TTY: pty, fix pty counting. (bnc#711203)

- Avoid deadlock in GFP_IO/GFP_FS allocation. (bnc#632870)

- novfs: fix some DirCache locking issues. (bnc#669378)

- novfs: fix some kmalloc/kfree issues. (bnc#669378)

- novfs: fix off-by-one allocation error. (bnc#669378)

- novfs: unlink directory after unmap. (bnc#649625)

- novfs: last modification time not reliable. (bnc#642896)

- x86 / IO APIC: Reset IRR in clear_IO_APIC_pin().
(bnc#701686, bnc#667386)

- mptfusion : Added check for SILI bit in READ_6 CDB for DATA UNDERRUN ERRATA. (bnc#712456)

- xfs: serialise unaligned direct IOs. (bnc#707125)

- NFS: Ensure that we handle NFS4ERR_STALE_STATEID correctly. (bnc#701443)

- NFSv4: Do not call nfs4_state_mark_reclaim_reboot() from error handlers. (bnc#701443)

- NFSv4: Fix open recovery. (bnc#701443)

- NFSv4.1: Do not call nfs4_schedule_state_recovery() unnecessarily. (bnc#701443)


Apply SAT patch number 5219 / 5222 / 5223 as appropriate.

See Also

Plugin Details

Severity: Critical

ID: 57111

File Name: suse_11_kernel-110930.nasl

Version: 1.6

Type: local

Agent: unix

Published: 12/13/2011

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/30/2011

Reference Information

CVE: CVE-2011-2928, CVE-2011-3191, CVE-2011-3353