SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8324)
High Nessus Plugin ID 62675
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis Linux kernel update fixes various security issues and bugs in the
SUSE Linux Enterprise 10 SP4 kernel.
The following security issues have been fixed :
- kernel/taskstats.c in the Linux kernel allowed local
users to obtain sensitive I/O statistics by sending
taskstats commands to a netlink socket, as demonstrated
by discovering the length of another users password (a
side channel attack). (CVE-2011-2494)
- net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux
kernel, when the nf_conntrack_ipv6 module is enabled,
allowed remote attackers to cause a denial of service
(NULL pointer dereference and system crash) via certain
types of fragmented IPv6 packets. (CVE-2012-2744)
- Use-after-free vulnerability in the xacct_add_tsk
function in kernel/tsacct.c in the Linux kernel allowed
local users to obtain potentially sensitive information
from kernel memory or cause a denial of service (system
crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.
- The user_update function in security/keys/user_defined.c
in the Linux kernel 2.6 allowed local users to cause a
denial of service (NULL pointer dereference and kernel
oops) via vectors related to a user-defined key and
updating a negative key into a fully instantiated key.
- The ib_uverbs_poll_cq function in
drivers/infiniband/core/uverbs_cmd.c in the Linux kernel
did not initialize a certain response buffer, which
allowed local users to obtain potentially sensitive
information from kernel memory via vectors that cause
this buffer to be only partially filled, a different
vulnerability than CVE-2010-4649. (CVE-2011-1044)
- Heap-based buffer overflow in the udf_load_logicalvol
function in fs/udf/super.c in the Linux kernel allowed
remote attackers to cause a denial of service (system
crash) or possibly have unspecified other impact via a
crafted UDF filesystem. (CVE-2012-3400)
- The sock_alloc_send_pskb function in net/core/sock.c in
the Linux kernel did not properly validate a certain
length value, which allowed local users to cause a
denial of service (heap-based buffer overflow and system
crash) or possibly gain privileges by leveraging access
to a TUN/TAP device. (CVE-2012-2136)
- A small denial of service leak in dropping syn+fin
messages was fixed. (CVE-2012-2663)
The following non-security issues have been fixed :
- kbuild: Fix gcc -x syntax (bnc#773831). NFS :
- knfsd: An assortment of little fixes to the sunrpc cache
- knfsd: Unexport cache_fresh and fix a small race.
- knfsd: nfsd: do not drop silently on upcall deferral.
- knfsd: svcrpc: remove another silent drop from deferral
- sunrpc/cache: simplify cache_fresh_locked and
- sunrpc/cache: recheck cache validity after
- sunrpc/cache: use list_del_init for the list_head
entries in cache_deferred_req. (bnc#767766)
- sunrpc/cache: avoid variable over-loading in
- sunrpc/cache: allow thread to block while waiting for
cache update. (bnc#767766)
- sunrpc/cache: Fix race in sunrpc/cache introduced by
patch to allow thread to block while waiting for cache
- sunrpc/cache: Another fix for race problem with sunrpc
cache deferal. (bnc#767766)
- knfsd: nfsd: make all exp_finding functions return
-errnos on err. (bnc#767766)
- Fix kabi breakage in previous nfsd patch series.
- nfsd: Work around incorrect return type for
- nfs: Fix a potential file corruption issue when writing.
- nfs: Allow sync writes to be multiple pages.
- nfs: fix reference counting for NFSv4 callback thread.
- nfs: flush signals before taking down callback thread.
- nfsv4: Ensure nfs_callback_down() calls svc_destroy()
(bnc#767504). SCSI :
- SCSI/ch: Check NULL for kmalloc() return. (bnc#783058)
- drivers/scsi/aic94xx/aic94xx_init.c: correct the size
argument to kmalloc. (bnc#783058)
- block: fail SCSI passthrough ioctls on partition
- dm: do not forward ioctls from logical volumes to the
underlying device. (bnc#738400)
- vmware: Fix VMware hypervisor detection (bnc#777575,
bnc#770507). S/390 :
- lgr: Make lgr_page static (bnc#772409,LTC#83520).
- zfcp: Fix oops in _blk_add_trace()
- kernel: Add z/VM LGR detection (bnc#767277,LTC#RAS1203).
- be2net: Fix EEH error reset before a flash dump
- mptfusion: fix msgContext in mptctl_hp_hostinfo.
- PCI: Fix bus resource assignment on 32 bits with 64b
resources. . (bnc#762581)
- PCI: fix up setup-bus.c #ifdef. (bnc#762581)
- x86: powernow-k8: Fix indexing issue. (bnc#758985)
- net: Fix race condition about network device name
- smpboot: adjust ordering of operations.
- xen/x86-64: provide a memset() that can deal with 4Gb or
above at a time. (bnc#738528)
- xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53.
- xen/gntdev: fix multi-page slot allocation. (bnc#760974)
SolutionApply ZYPP patch number 8324.