SynopsisThe remote SuSE 11 host is missing one or more security updates.
DescriptionThe SUSE Linux Enterprise 11 SP1 kernel has been updated to the 220.127.116.11 stable release to fix a lot of bugs and security issues.
The following security issues have been fixed :
- A use after free bug in hugetlb support could be used by local attackers to crash the system. (CVE-2012-2133)
- A NULL pointer dereference bug in the regsets proc file could be used by local attackers to perhaps crash the system. With mmap_min_addr is set and enabled, exploitation is unlikely. (CVE-2012-1097)
- A reference counting issue in CLONE_IO could be used by local attackers to cause a denial of service (out of memory). (CVE-2012-0879)
- A file handle leak in CIFS code could be used by local attackers to crash the system. (CVE-2012-1090)
- Large nested epoll chains could be used by local attackers to cause a denial of service (excessive CPU consumption). (CVE-2011-1083)
- When using KVM, programming a PIT timer without a irqchip configuration, can be used to crash the kvm guest. This likely can be done only by a privileged guest user. (CVE-2011-4622)
- A KVM 32bit guest crash in 'syscall' opcode handling was fixed that could be caused by local attackers.
- Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns. The following non-security issues have been fixed:. (CVE-2011-4086)
- x86: fix the initialization of physnode_map.
- x86: Allow bootmem reserves at greater than 8G node offset within a node. (bnc#740895)
- x86, tsc: Fix SMI induced variation in quick_pit_calibrate(). (bnc#751322)
- x86, efi: Work around broken firmware. (bnc#714507) BONDING :
- bonding: update speed/duplex for NETDEV_CHANGE.
- bonding: comparing a u8 with -1 is always false.
- bonding: start slaves with link down for ARP monitor.
- bonding: send gratuitous ARP for all addresses (bnc#752491). XFS :
- xfs: Fix excessive inode syncing when project quota is exceeded. (bnc#756448)
- xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#716850). SCSI :
- scsi/ses: Handle non-unique element descriptors.
- scsi/sd: mark busy sd majors as allocated (bug#744658).
- scsi: Check for invalid sdev in scsi_prep_state_check() (bnc#734300). MD/RAID :
- md: fix possible corruption of array metadata on shutdown.
- md: ensure changes to write-mostly are reflected in metadata. (bnc#755178)
- md: do not set md arrays to readonly on shutdown (bnc#740180, bnc#713148, bnc#734900). XEN :
- smpboot: adjust ordering of operations.
- x86-64: provide a memset() that can deal with 4Gb or above at a time. (bnc#738528)
- blkfront: properly fail packet requests. (bnc#745929)
- Update Xen patches to 18.104.22.168.
- xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX.
- xenbus_dev: add missing error checks to watch handling.
- Refresh other Xen patches. (bnc#652942, bnc#668194, bnc#688079)
- fix Xen-specific kABI issue in Linux 2.6.19. NFS :
- NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and MKDIR. (bnc#751880)
- nfs: Include SYNC flag when comparing mount options with NOAC flag. (bnc#745422)
- NFS returns EIO for EDQUOT and others. (bnc#747028)
- lockd: fix arg parsing for grace_period and timeout.
- nfs: allow nfs4leasetime to be set before starting servers. (bnc#733761)
- nfs: handle d_revalidate of dot correctly (bnc#731809).
- ctcmpc: use correct idal word list for ctcmpc (bnc#750171,LTC#79264).
- qeth: synchronize discipline module loading (bnc#747430,LTC#78788).
- qdio: avoid race leading to stall when tolerating CQ (bnc#737326,LTC#76599).
- kernel: no storage key operations for invalid page table entries (bnc#737326,LTC#77697). OTHER :
- tlan: add cast needed for proper 64 bit operation.
- dl2k: Tighten ioctl permissions. (bnc#758813)
- tg3: Fix RSS ring refill race condition. (bnc#757917)
- usbhid: fix error handling of not enough bandwidth.
- pagecache limit: Fix the shmem deadlock. (bnc#755537)
- tty_audit: fix tty_audit_add_data live lock on audit disabled. (bnc#721366)
- ixgbe: driver sets all WOL flags upon initialization so that machine is powered on as soon at it is switched off. (bnc#693639)
- PCI: Set device power state to PCI_D0 for device without native PM support. (bnc#752972)
- dlm: Do not allocate a fd for peeloff. (bnc#729247)
- sctp: Export sctp_do_peeloff. (bnc#729247)
- epoll: Do not limit non-nested epoll paths. (bnc#676204)
- mlx4: Limit MSI-X vector allocation. (bnc#624072)
- mlx4: Changing interrupt scheme. (bnc#624072)
- mlx4_en: Assigning TX irq per ring. (bnc#624072)
- mlx4_en: Restoring RX buffer pointer in case of failure.
- mlx4_en: using new mlx4 interrupt scheme. (bnc#624072)
- igb: Fix for Alt MAC Address feature on 82580 and later devices. (bnc#746980)
- igb: Power down link when interface is down.
- igb: use correct bits to identify if managability is enabled. (bnc#743209)
- intel_agp: Do not oops with zero stolen memory.
- agp: fix scratch page cleanup. (bnc#738679)
- hugetlb: add generic definition of NUMA_NO_NODE.
- sched: Fix proc_sched_set_task(). (bnc#717994)
- PM: Print a warning if firmware is requested when tasks are frozen. (bnc#749886)
- PM / Sleep: Fix freezer failures due to racy usermodehelper_is_disabled(). (bnc#749886)
- PM / Sleep: Fix read_unlock_usermodehelper() call.
- firmware loader: allow builtin firmware load even if usermodehelper is disabled. (bnc#749886)
- PM / Hibernate: Enable usermodehelpers in software_resume() error path. (bnc#744163)
- ipv6: Allow inet6_dump_addr() to handle more than 64 addresses. (bnc#748279)
- ipv6: fix refcnt problem related to POSTDAD state.
- be2net: change to show correct physical link status.
- be2net: changes to properly provide phy details.
- aio: fix race between io_destroy() and io_submit().
(bnc#747445 / bnc#611264)
- intel-iommu: Check for identity mapping candidate using system dma mask. (bnc#700449)
- intel-iommu: Dont cache iova above 32bit. (bnc#700449)
- intel-iommu: Add domain check in domain_remove_one_dev_info. (bnc#700449)
- intel-iommu: Provide option to enable 64-bit IOMMU pass through mode. (bnc#700449)
- intel-iommu: Remove Host Bridge devices from identity mapping. (bnc#700449)
- intel-iommu: Speed up processing of the identity_mapping function. (bnc#700449)
- intel-iommu: Use coherent DMA mask when requested.
- 1: Fix accounting of softirq time when idle.
- driver-core: fix race between device_register and driver_register. (bnc#742358)
- dcache: patches.fixes/large-hash-dcache_init-fix.patch:
Fix oops when initializing large hash on > 16TB machine.
- kdump: Save PG_compound or PG_head value in VMCOREINFO.
- Update config files: disable NET_9P_RDMA. (bnc#720374)
- cdc-wdm: fix race leading leading to memory corruption.
SolutionApply SAT patch number 6227 / 6229 / 6230 as appropriate.