SynopsisThe remote SuSE 11 host is missing one or more security updates.
DescriptionThe SUSE Linux Enterprise 11 Service Pack 1 kernel has been updated to
version 126.96.36.199 and fixes various bugs and security issues.
- The TCP/IP initial sequence number generation
effectively only used 24 bits of 32 to generate
randomness, making a brute-force man-in-the-middle
attack on TCP/IP connections feasible. The generator was
changed to use full 32bit randomness. (CVE-2011-3188)
- Fernando Gont discovered that the IPv6 stack used
predictable fragment identification numbers. A remote
attacker could exploit this to exhaust network
resources, leading to a denial of service.
- A NULL ptr dereference on mounting corrupt hfs
filesystems was fixed which could be used by local
attackers to crash the kernel. (CVE-2011-2203)
- Added a kernel option to ensure ecryptfs is mounting
only on paths belonging to the current ui, which would
have allowed local attackers to potentially gain
privileges via symlink attacks. (CVE-2011-1833)
- The Generic Receive Offload (GRO) implementation in the
Linux kernel allowed remote attackers to cause a denial
of service via crafted VLAN packets that are processed
by the napi_reuse_skb function, leading to (1) a memory
leak or (2) memory corruption, a different vulnerability
than CVE-2011-1478. (CVE-2011-1576)
- A name overflow in the hfs filesystem was fixed, where
mounting a corrupted hfs filesystem could lead to a
stack overflow and code execution in the kernel. This
requires a local attacker to be able to mount hfs
- A bug was found in the way headroom check was performed
in udp6_ufo_fragment() function. A remote attacker could
use this flaw to crash the system. (CVE-2011-4326)
The following non-security bugs have been fixed :
- ALSA: hda - Fix S3/S4 problem on machines with VREF-pin
- patches.xen/xen-pcpu-hotplug: Fix a double kfree().
- ixgbe: fix bug with vlan strip in promsic mode
- ixgbe: fix panic when shutting down system with WoL
- fnic: Allow users to modify dev_loss_tmo setting.
- x86, intel: Do not mark sched_clock() as stable.
- ALSA: hda - Keep vref-LED during power-saving on IDT
- cifs: Assume passwords are encoded according to
- scsi_dh: Check queuedata pointer before proceeding.
- netback: use correct index for invalidation in
- ACPI video: introduce module parameter
- SUNRPC: prevent task_cleanup running on freed xprt.
- add device entry for Broadcom Valentine combo card.
- quota: Fix WARN_ON in lookup_one_len. (bnc#728626)
- Update Xen patches to 188.8.131.52.
- pv-on-hvm/kexec: add xs_reset_watches to shutdown
watches from old kernel. (bnc#694863)
- x86: undo_limit_pages() must reset page count.
- mm/vmstat.c: cache align vm_stat. (bnc#729721)
- s390/ccwgroup: fix uevent vs dev attrs race
- Warn on pagecache limit usage (FATE309111).
- SCSI: st: fix race in st_scsi_execute_end. (bnc#720536)
- ACPI: introduce 'acpi_rsdp=' parameter for kdump.
- elousb: Limit the workaround warning to one per error,
control workaround activity. (bnc#719916)
- SCSI: libiscsi: reset cmd timer if cmds are making
- SCSI: fix crash in scsi_dispatch_cmd(). (bnc#724989)
- NFS/sunrpc: do not use a credential with extra groups.
- s390/qdio: EQBS retry after CCQ 96
- fcoe: Reduce max_sectors to 1024. (bnc#695898)
- apparmor: return -ENOENT when there is no profile for a
- sched, cgroups: disallow attaching kthreadd.
- nfs: Check validity of cl_rpcclient in
- x86, vt-d: enable x2apic opt out (disabling x2apic
through BIOS flag) (bnc#701183, fate#311989).
- block: Free queue resources at blk_release_queue().
- ALSA: hda - Add post_suspend patch ops. (bnc#724800)
- ALSA: hda - Allow codec-specific set_power_state ops.
- ALSA: hda - Add support for vref-out based mute LED
control on IDT codecs. (bnc#724800)
- scsi_dh_rdac : Add definitions for different RDAC
operating modes. (bnc#724365)
- scsi_dh_rdac : Detect the different RDAC operating
- scsi_dh_rdac : decide whether to send mode select based
on operating mode. (bnc#724365)
- scsi_dh_rdac: Use WWID from C8 page instead of Subsystem
id from C4 page to identify storage. (bnc#724365)
- vlan: Match underlying dev carrier on vlan add.
- scsi_lib: pause between error retries. (bnc#675127)
- xfs: use KM_NOFS for allocations during attribute list
- bootsplash: Do not crash when no fb is set. (bnc#723542)
- cifs: do not allow cifs_iget to match inodes of the
wrong type. (bnc#711501)
- cifs: fix noserverino handling when 1 extensions are
- cifs: reduce false positives with inode aliasing
serverino autodisable. (bnc#711501)
- parport_pc: release IO region properly if unsupported
ITE887x card is found. (bnc#721464)
- writeback: avoid unnecessary calculation of bdi dirty
- 1: Fix bogus it_blocksize in VIO iommu code.
- ext4: Fix max file size and logical block counting of
extent format file. (bnc#706374)
- novfs: Unable to change password in the Novell Client
for Linux. (bnc#713229)
- xfs: add more ilock tracing.
- sched: move wakeup tracepoint above out_running.
- config.conf: Build KMPs for the -trace flavor as well
(fate#312759, bnc#712404, bnc#712405, bnc#721337).
- memsw: remove noswapaccount kernel parameter.
SolutionApply SAT patch number 5493 / 5510 / 5511 as appropriate.