SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457)

High Nessus Plugin ID 64176


The remote SuSE 11 host is missing one or more security updates.


The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues.

The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here.

The following security issues have been fixed :

- Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136)

- A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390)

- A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host.

- Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375)

The following non-security bugs have been fixed :

Hyper-V :

- storvsc: Properly handle errors from the host.

- HID: hid-hyperv: Do not use hid_parse_report() directly.

- HID: hyperv: Set the hid drvdata correctly.

- drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp().

- drivers/hv: util: Properly handle version negotiations.

- hv: fix return type of hv_post_message().

- net/hyperv: Add flow control based on hi/low watermark.

- usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part

- usb/net: rndis: remove ambiguous status codes. only net/hyperv part

- usb/net: rndis: merge command codes. only net/hyperv part

- net/hyperv: Adding cancellation to ensure rndis filter is closed.

- update hv drivers to 3.4-rc1, requires new hv_kvp_daemon :

- drivers: hv: kvp: Add/cleanup connector defines.

- drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h.

- net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases.

- net/hyperv: Correct the assignment in netvsc_recv_callback().

- net/hyperv: Remove the unnecessary memset in rndis_filter_send().

- drivers: hv: Cleanup the kvp related state in hyperv.h.

- tools: hv: Use hyperv.h to get the KVP definitions.

- drivers: hv: kvp: Cleanup the kernel/user protocol.

- drivers: hv: Increase the number of VCPUs supported in the guest.

- net/hyperv: Fix data corruption in rndis_filter_receive().

- net/hyperv: Add support for vlan trunking from guests.

- Drivers: hv: Add new message types to enhance KVP.

- Drivers: hv: Support the newly introduced KVP messages in the driver.

- Tools: hv: Fully support the new KVP verbs in the user level daemon.

- Tools: hv: Support enumeration from all the pools.

- net/hyperv: Fix the code handling tx busy.

- patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant:
ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices.

Btrfs :

- btrfs: more module message prefixes.

- vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them

- btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails

- vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them

- btrfs: fix locking in btrfs_destroy_delayed_refs

- btrfs: wake up transaction waiters when aborting a transaction

- btrfs: abort the transaction if the commit fails

- btrfs: fix btrfs_destroy_marked_extents

- btrfs: unlock everything properly in the error case for nocow

- btrfs: fix return code in drop_objectid_items

- btrfs: check to see if the inode is in the log before fsyncing

- btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error

- btrfs: check the return code of btrfs_save_ino_cache

- btrfs: do not update atime for RO snapshots (FATE#306586).

- btrfs: convert the inode bit field to use the actual bit operations

- btrfs: fix deadlock when the process of delayed refs fails

- btrfs: stop defrag the files automatically when doin readonly remount or umount

- btrfs: avoid memory leak of extent state in error handling routine

- btrfs: make sure that we have made everything in pinned tree clean

- btrfs: destroy the items of the delayed inodes in error handling routine

- btrfs: ulist realloc bugfix

- btrfs: bugfix in btrfs_find_parent_nodes

- btrfs: bugfix: ignore the wrong key for indirect tree block backrefs

- btrfs: avoid buffer overrun in btrfs_printk

- btrfs: fall back to non-inline if we do not have enough space

- btrfs: NUL-terminate path buffer in DEV_INFO ioctl result

- btrfs: avoid buffer overrun in mount option handling

- btrfs: do not do balance in readonly mode

- btrfs: fix the same inode id problem when doing auto defragment

- btrfs: fix wrong error returned by adding a device

- btrfs: use fastpath in extent state ops as much as possible Misc :

- tcp: drop SYN+FIN messages. (bnc#765102)

- mm: avoid swapping out with swappiness==0 (swappiness).

- thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991)

- paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453).

- paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU

- parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453).

- tmpfs: implement NUMA node interleaving. (bnc#764209)

- synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524)

- supported.conf: mark xt_AUDIT as supported. (bnc#765253)

- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373)

- xhci: Do not free endpoints in xhci_mem_cleanup().

- xhci: Fix invalid loop check in xhci_free_tt_info().

- drm: Skip too big EDID extensions. (bnc#764900)

- drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717)

- hwmon: (fam15h_power) Increase output resolution.

- hwmon: (k10temp) Add support for AMD Trinity CPUs.

- rpm/ Own the right -kdump initrd.

- memcg: prevent from OOM with too many dirty pages.

- dasd: re-prioritize partition detection message (bnc#764091,LTC#81617).

- kernel: pfault task state race (bnc#764091,LTC#81724).

- kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933).

- USB: fix bug of device descriptor got from superspeed device. (bnc#761087)

- xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545)

- st: clean up dev cleanup in st_probe. (bnc#760806)

- st: clean up device file creation and removal.

- st: get rid of scsi_tapes array. (bnc#760806)

- st: raise device limit. (bnc#760806)

- st: Use static class attributes. (bnc#760806)

- mm: Optimize put_mems_allowed() usage (VM performance).

- cifs: fix oops while traversing open file list (try #4).

- scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485)

- dasd: process all requests in the device tasklet.

- rt2x00:Add RT539b chipset support. (bnc#760237)

- kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules.

- rt2800: radio 3xxx: reprogram only lower bits of RF_R3.

- rt2800: radio 3xxx: program RF_R1 during channel switch.

- rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805)

- rt2x00: Avoid unnecessary uncached. (bnc#759805)

- rt2x00: Introduce sta_add/remove callbacks. (bnc#759805)

- rt2x00: Add WCID to crypto struct. (bnc#759805)

- rt2x00: Add WCID to HT TX descriptor. (bnc#759805)

- rt2x00: Move bssidx calculation into its own function.

- rt2x00: Make use of sta_add/remove callbacks in rt2800.

- rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805)

- rt2x00: handle spurious pci interrupts. (bnc#759805)

- rt2800: disable DMA after firmware load.

- rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805)

- rpm/ Obsolete ath3k, as it is now in the tree.

- floppy: remove floppy-specific O_EXCL handling.

- floppy: convert to delayed work and single-thread wq.


Apply SAT patch number 6453 / 6457 as appropriate.

See Also

Plugin Details

Severity: High

ID: 64176

File Name: suse_11_kernel-120621.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2013/01/25

Modified: 2014/10/28

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-trace-extra, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2012/06/21

Reference Information

CVE: CVE-2011-4131, CVE-2012-2119, CVE-2012-2136, CVE-2012-2373, CVE-2012-2375, CVE-2012-2390