Detections
Analytics
SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457)
high Nessus Plugin ID 64176
Language:
Synopsis
The remote SuSE 11 host is missing one or more security updates.Description
The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues.The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here.
The following security issues have been fixed :
- Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136)
- A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390)
- A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host.
(CVE-2012-2119)
- Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375)
The following non-security bugs have been fixed :
Hyper-V :
- storvsc: Properly handle errors from the host.
(bnc#747404)
- HID: hid-hyperv: Do not use hid_parse_report() directly.
- HID: hyperv: Set the hid drvdata correctly.
- drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp().
- drivers/hv: util: Properly handle version negotiations.
- hv: fix return type of hv_post_message().
- net/hyperv: Add flow control based on hi/low watermark.
- usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part
- usb/net: rndis: remove ambiguous status codes. only net/hyperv part
- usb/net: rndis: merge command codes. only net/hyperv part
- net/hyperv: Adding cancellation to ensure rndis filter is closed.
- update hv drivers to 3.4-rc1, requires new hv_kvp_daemon :
- drivers: hv: kvp: Add/cleanup connector defines.
- drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h.
- net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases.
- net/hyperv: Correct the assignment in netvsc_recv_callback().
- net/hyperv: Remove the unnecessary memset in rndis_filter_send().
- drivers: hv: Cleanup the kvp related state in hyperv.h.
- tools: hv: Use hyperv.h to get the KVP definitions.
- drivers: hv: kvp: Cleanup the kernel/user protocol.
- drivers: hv: Increase the number of VCPUs supported in the guest.
- net/hyperv: Fix data corruption in rndis_filter_receive().
- net/hyperv: Add support for vlan trunking from guests.
- Drivers: hv: Add new message types to enhance KVP.
- Drivers: hv: Support the newly introduced KVP messages in the driver.
- Tools: hv: Fully support the new KVP verbs in the user level daemon.
- Tools: hv: Support enumeration from all the pools.
- net/hyperv: Fix the code handling tx busy.
- patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant:
ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices.
Btrfs :
- btrfs: more module message prefixes.
- vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them
- btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails
- vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them
- btrfs: fix locking in btrfs_destroy_delayed_refs
- btrfs: wake up transaction waiters when aborting a transaction
- btrfs: abort the transaction if the commit fails
- btrfs: fix btrfs_destroy_marked_extents
- btrfs: unlock everything properly in the error case for nocow
- btrfs: fix return code in drop_objectid_items
- btrfs: check to see if the inode is in the log before fsyncing
- btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error
- btrfs: check the return code of btrfs_save_ino_cache
- btrfs: do not update atime for RO snapshots (FATE#306586).
- btrfs: convert the inode bit field to use the actual bit operations
- btrfs: fix deadlock when the process of delayed refs fails
- btrfs: stop defrag the files automatically when doin readonly remount or umount
- btrfs: avoid memory leak of extent state in error handling routine
- btrfs: make sure that we have made everything in pinned tree clean
- btrfs: destroy the items of the delayed inodes in error handling routine
- btrfs: ulist realloc bugfix
- btrfs: bugfix in btrfs_find_parent_nodes
- btrfs: bugfix: ignore the wrong key for indirect tree block backrefs
- btrfs: avoid buffer overrun in btrfs_printk
- btrfs: fall back to non-inline if we do not have enough space
- btrfs: NUL-terminate path buffer in DEV_INFO ioctl result
- btrfs: avoid buffer overrun in mount option handling
- btrfs: do not do balance in readonly mode
- btrfs: fix the same inode id problem when doing auto defragment
- btrfs: fix wrong error returned by adding a device
- btrfs: use fastpath in extent state ops as much as possible Misc :
- tcp: drop SYN+FIN messages. (bnc#765102)
- mm: avoid swapping out with swappiness==0 (swappiness).
- thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991)
- paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453).
- paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU
- parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453).
- tmpfs: implement NUMA node interleaving. (bnc#764209)
- synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524)
- supported.conf: mark xt_AUDIT as supported. (bnc#765253)
- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373)
- xhci: Do not free endpoints in xhci_mem_cleanup().
(bnc#763307)
- xhci: Fix invalid loop check in xhci_free_tt_info().
(bnc#763307)
- drm: Skip too big EDID extensions. (bnc#764900)
- drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717)
- hwmon: (fam15h_power) Increase output resolution.
(bnc#759336)
- hwmon: (k10temp) Add support for AMD Trinity CPUs.
(bnc#759336)
- rpm/kernel-binary.spec.in: Own the right -kdump initrd.
(bnc#764500)
- memcg: prevent from OOM with too many dirty pages.
- dasd: re-prioritize partition detection message (bnc#764091,LTC#81617).
- kernel: pfault task state race (bnc#764091,LTC#81724).
- kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933).
- USB: fix bug of device descriptor got from superspeed device. (bnc#761087)
- xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545)
- st: clean up dev cleanup in st_probe. (bnc#760806)
- st: clean up device file creation and removal.
(bnc#760806)
- st: get rid of scsi_tapes array. (bnc#760806)
- st: raise device limit. (bnc#760806)
- st: Use static class attributes. (bnc#760806)
- mm: Optimize put_mems_allowed() usage (VM performance).
- cifs: fix oops while traversing open file list (try #4).
(bnc#756050)
- scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485)
- dasd: process all requests in the device tasklet.
(bnc#763267)
- rt2x00:Add RT539b chipset support. (bnc#760237)
- kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules.
- rt2800: radio 3xxx: reprogram only lower bits of RF_R3.
(bnc#759805)
- rt2800: radio 3xxx: program RF_R1 during channel switch.
(bnc#759805)
- rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805)
- rt2x00: Avoid unnecessary uncached. (bnc#759805)
- rt2x00: Introduce sta_add/remove callbacks. (bnc#759805)
- rt2x00: Add WCID to crypto struct. (bnc#759805)
- rt2x00: Add WCID to HT TX descriptor. (bnc#759805)
- rt2x00: Move bssidx calculation into its own function.
(bnc#759805)
- rt2x00: Make use of sta_add/remove callbacks in rt2800.
(bnc#759805)
- rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805)
- rt2x00: handle spurious pci interrupts. (bnc#759805)
- rt2800: disable DMA after firmware load.
- rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805)
- rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree.
- floppy: remove floppy-specific O_EXCL handling.
(bnc#757315)
- floppy: convert to delayed work and single-thread wq.
(bnc#761245)
Solution
Apply SAT patch number 6453 / 6457 as appropriate.See Also
https://bugzilla.novell.com/show_bug.cgi?id=556135
https://bugzilla.novell.com/show_bug.cgi?id=735909
https://bugzilla.novell.com/show_bug.cgi?id=743579
https://bugzilla.novell.com/show_bug.cgi?id=744404
https://bugzilla.novell.com/show_bug.cgi?id=747404
https://bugzilla.novell.com/show_bug.cgi?id=754690
https://bugzilla.novell.com/show_bug.cgi?id=756050
https://bugzilla.novell.com/show_bug.cgi?id=757315
https://bugzilla.novell.com/show_bug.cgi?id=758243
https://bugzilla.novell.com/show_bug.cgi?id=759336
https://bugzilla.novell.com/show_bug.cgi?id=759545
https://bugzilla.novell.com/show_bug.cgi?id=759805
https://bugzilla.novell.com/show_bug.cgi?id=760237
https://bugzilla.novell.com/show_bug.cgi?id=760806
https://bugzilla.novell.com/show_bug.cgi?id=761087
https://bugzilla.novell.com/show_bug.cgi?id=761245
https://bugzilla.novell.com/show_bug.cgi?id=762991
https://bugzilla.novell.com/show_bug.cgi?id=762992
https://bugzilla.novell.com/show_bug.cgi?id=763267
https://bugzilla.novell.com/show_bug.cgi?id=763307
https://bugzilla.novell.com/show_bug.cgi?id=763485
https://bugzilla.novell.com/show_bug.cgi?id=763717
https://bugzilla.novell.com/show_bug.cgi?id=764091
https://bugzilla.novell.com/show_bug.cgi?id=764150
https://bugzilla.novell.com/show_bug.cgi?id=764209
https://bugzilla.novell.com/show_bug.cgi?id=764500
https://bugzilla.novell.com/show_bug.cgi?id=764900
https://bugzilla.novell.com/show_bug.cgi?id=765102
https://bugzilla.novell.com/show_bug.cgi?id=765253
https://bugzilla.novell.com/show_bug.cgi?id=765320
https://bugzilla.novell.com/show_bug.cgi?id=765524
http://support.novell.com/security/cve/CVE-2011-4131.html
http://support.novell.com/security/cve/CVE-2012-2119.html
http://support.novell.com/security/cve/CVE-2012-2136.html
http://support.novell.com/security/cve/CVE-2012-2373.html
Plugin Details
Severity: High
ID: 64176
File Name: suse_11_kernel-120621.nasl
Version: 1.5
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 1/25/2013
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-trace-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-default
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 6/21/2012
Reference Information
CVE: CVE-2011-4131, CVE-2012-2119, CVE-2012-2136, CVE-2012-2373, CVE-2012-2375, CVE-2012-2390