SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5493 / 5510 / 5511)

High Nessus Plugin ID 57297

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Service Pack 1 kernel has been updated to version 2.6.32.49 and fixes various bugs and security issues.

- The TCP/IP initial sequence number generation effectively only used 24 bits of 32 to generate randomness, making a brute-force man-in-the-middle attack on TCP/IP connections feasible. The generator was changed to use full 32bit randomness. (CVE-2011-3188)

- Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.
(CVE-2011-2699)

- A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. (CVE-2011-2203)

- Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. (CVE-2011-1833)

- The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576)

- A name overflow in the hfs filesystem was fixed, where mounting a corrupted hfs filesystem could lead to a stack overflow and code execution in the kernel. This requires a local attacker to be able to mount hfs filesystems. (CVE-2011-4330)

- A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)

The following non-security bugs have been fixed :

- ALSA: hda - Fix S3/S4 problem on machines with VREF-pin mute-LED. (bnc#732535)

- patches.xen/xen-pcpu-hotplug: Fix a double kfree().

- ixgbe: fix bug with vlan strip in promsic mode (bnc#687049, fate#311821).

- ixgbe: fix panic when shutting down system with WoL enabled.

- fnic: Allow users to modify dev_loss_tmo setting.
(bnc#719786)

- x86, intel: Do not mark sched_clock() as stable.
(bnc#725709)

- ALSA: hda - Keep vref-LED during power-saving on IDT codecs. (bnc#731981)

- cifs: Assume passwords are encoded according to iocharset. (bnc#731035)

- scsi_dh: Check queuedata pointer before proceeding.
(bnc#714744)

- netback: use correct index for invalidation in netbk_tx_check_mop().

- ACPI video: introduce module parameter video.use_bios_initial_backlight. (bnc#731229)

- SUNRPC: prevent task_cleanup running on freed xprt.
(bnc#709671)

- add device entry for Broadcom Valentine combo card.
(bnc#722429)

- quota: Fix WARN_ON in lookup_one_len. (bnc#728626)

- Update Xen patches to 2.6.32.48.

- pv-on-hvm/kexec: add xs_reset_watches to shutdown watches from old kernel. (bnc#694863)

- x86: undo_limit_pages() must reset page count.

- mm/vmstat.c: cache align vm_stat. (bnc#729721)

- s390/ccwgroup: fix uevent vs dev attrs race (bnc#659101,LTC#69028).

- Warn on pagecache limit usage (FATE309111).

- SCSI: st: fix race in st_scsi_execute_end. (bnc#720536)

- ACPI: introduce 'acpi_rsdp=' parameter for kdump.
(bnc#717263)

- elousb: Limit the workaround warning to one per error, control workaround activity. (bnc#719916)

- SCSI: libiscsi: reset cmd timer if cmds are making progress. (bnc#691440)

- SCSI: fix crash in scsi_dispatch_cmd(). (bnc#724989)

- NFS/sunrpc: do not use a credential with extra groups.
(bnc#725878)

- s390/qdio: EQBS retry after CCQ 96 (bnc#725453,LTC#76117).

- fcoe: Reduce max_sectors to 1024. (bnc#695898)

- apparmor: return -ENOENT when there is no profile for a hat. (bnc#725502)

- sched, cgroups: disallow attaching kthreadd.
(bnc#721840)

- nfs: Check validity of cl_rpcclient in nfs_server_list_show. (bnc#717884)

- x86, vt-d: enable x2apic opt out (disabling x2apic through BIOS flag) (bnc#701183, fate#311989).

- block: Free queue resources at blk_release_queue().
(bnc#723815)

- ALSA: hda - Add post_suspend patch ops. (bnc#724800)

- ALSA: hda - Allow codec-specific set_power_state ops.
(bnc#724800)

- ALSA: hda - Add support for vref-out based mute LED control on IDT codecs. (bnc#724800)

- scsi_dh_rdac : Add definitions for different RDAC operating modes. (bnc#724365)

- scsi_dh_rdac : Detect the different RDAC operating modes. (bnc#724365)

- scsi_dh_rdac : decide whether to send mode select based on operating mode. (bnc#724365)

- scsi_dh_rdac: Use WWID from C8 page instead of Subsystem id from C4 page to identify storage. (bnc#724365)

- vlan: Match underlying dev carrier on vlan add.
(bnc#722504)

- scsi_lib: pause between error retries. (bnc#675127)

- xfs: use KM_NOFS for allocations during attribute list operations. (bnc#721830)

- bootsplash: Do not crash when no fb is set. (bnc#723542)

- cifs: do not allow cifs_iget to match inodes of the wrong type. (bnc#711501)

- cifs: fix noserverino handling when 1 extensions are enabled. (bnc#711501)

- cifs: reduce false positives with inode aliasing serverino autodisable. (bnc#711501)

- parport_pc: release IO region properly if unsupported ITE887x card is found. (bnc#721464)

- writeback: avoid unnecessary calculation of bdi dirty thresholds. (bnc#721299)

- 1: Fix bogus it_blocksize in VIO iommu code.
(bnc#717690)

- ext4: Fix max file size and logical block counting of extent format file. (bnc#706374)

- novfs: Unable to change password in the Novell Client for Linux. (bnc#713229)

- xfs: add more ilock tracing.

- sched: move wakeup tracepoint above out_running.
(bnc#712002)

- config.conf: Build KMPs for the -trace flavor as well (fate#312759, bnc#712404, bnc#712405, bnc#721337).

- memsw: remove noswapaccount kernel parameter.
(bnc#719450)

Solution

Apply SAT patch number 5493 / 5510 / 5511 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=659101

https://bugzilla.novell.com/show_bug.cgi?id=675127

https://bugzilla.novell.com/show_bug.cgi?id=687049

https://bugzilla.novell.com/show_bug.cgi?id=691440

https://bugzilla.novell.com/show_bug.cgi?id=694863

https://bugzilla.novell.com/show_bug.cgi?id=695898

https://bugzilla.novell.com/show_bug.cgi?id=698450

https://bugzilla.novell.com/show_bug.cgi?id=699709

https://bugzilla.novell.com/show_bug.cgi?id=701183

https://bugzilla.novell.com/show_bug.cgi?id=702013

https://bugzilla.novell.com/show_bug.cgi?id=706374

https://bugzilla.novell.com/show_bug.cgi?id=707288

https://bugzilla.novell.com/show_bug.cgi?id=709671

https://bugzilla.novell.com/show_bug.cgi?id=711501

https://bugzilla.novell.com/show_bug.cgi?id=711539

https://bugzilla.novell.com/show_bug.cgi?id=712002

https://bugzilla.novell.com/show_bug.cgi?id=712404

https://bugzilla.novell.com/show_bug.cgi?id=712405

https://bugzilla.novell.com/show_bug.cgi?id=713229

https://bugzilla.novell.com/show_bug.cgi?id=713650

https://bugzilla.novell.com/show_bug.cgi?id=714744

https://bugzilla.novell.com/show_bug.cgi?id=717263

https://bugzilla.novell.com/show_bug.cgi?id=717690

https://bugzilla.novell.com/show_bug.cgi?id=717884

https://bugzilla.novell.com/show_bug.cgi?id=719450

https://bugzilla.novell.com/show_bug.cgi?id=719786

https://bugzilla.novell.com/show_bug.cgi?id=719916

https://bugzilla.novell.com/show_bug.cgi?id=720536

https://bugzilla.novell.com/show_bug.cgi?id=721299

https://bugzilla.novell.com/show_bug.cgi?id=721337

https://bugzilla.novell.com/show_bug.cgi?id=721464

https://bugzilla.novell.com/show_bug.cgi?id=721830

https://bugzilla.novell.com/show_bug.cgi?id=721840

https://bugzilla.novell.com/show_bug.cgi?id=722429

https://bugzilla.novell.com/show_bug.cgi?id=722504

https://bugzilla.novell.com/show_bug.cgi?id=723542

https://bugzilla.novell.com/show_bug.cgi?id=723815

https://bugzilla.novell.com/show_bug.cgi?id=724365

https://bugzilla.novell.com/show_bug.cgi?id=724800

https://bugzilla.novell.com/show_bug.cgi?id=724989

https://bugzilla.novell.com/show_bug.cgi?id=725453

https://bugzilla.novell.com/show_bug.cgi?id=725502

https://bugzilla.novell.com/show_bug.cgi?id=725709

https://bugzilla.novell.com/show_bug.cgi?id=725878

https://bugzilla.novell.com/show_bug.cgi?id=728626

https://bugzilla.novell.com/show_bug.cgi?id=729111

https://bugzilla.novell.com/show_bug.cgi?id=729721

https://bugzilla.novell.com/show_bug.cgi?id=731035

https://bugzilla.novell.com/show_bug.cgi?id=731229

https://bugzilla.novell.com/show_bug.cgi?id=731673

https://bugzilla.novell.com/show_bug.cgi?id=731981

https://bugzilla.novell.com/show_bug.cgi?id=732021

https://bugzilla.novell.com/show_bug.cgi?id=732535

http://support.novell.com/security/cve/CVE-2011-1478.html

http://support.novell.com/security/cve/CVE-2011-1576.html

http://support.novell.com/security/cve/CVE-2011-1833.html

http://support.novell.com/security/cve/CVE-2011-2203.html

http://support.novell.com/security/cve/CVE-2011-2699.html

http://support.novell.com/security/cve/CVE-2011-3188.html

http://support.novell.com/security/cve/CVE-2011-4326.html

http://support.novell.com/security/cve/CVE-2011-4330.html

Plugin Details

Severity: High

ID: 57297

File Name: suse_11_kernel-111202.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2011/12/14

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2011/12/02

Reference Information

CVE: CVE-2011-1478, CVE-2011-1576, CVE-2011-1833, CVE-2011-2203, CVE-2011-2699, CVE-2011-3188, CVE-2011-4326, CVE-2011-4330