SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8524 / 8525 / 8528)

medium Nessus Plugin ID 71034
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote SuSE 11 host is missing one or more security updates.


The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to version 3.0.101 and also includes various other bug and security fixes.

The following features have been added :

- Drivers: hv: Support handling multiple VMBUS versions (FATE#314665).

- Drivers: hv: Save and export negotiated vmbus version (FATE#314665).

- Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed :

- The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102). (CVE-2013-2206)

The following non-security bugs have been fixed :

- mm, memcg: introduce own oom handler to iterate only over its own threads.

- mm, memcg: move all oom handling to memcontrol.c.

- mm, oom: avoid looping when chosen thread detaches its mm.

- mm, oom: fold oom_kill_task() into oom_kill_process().

- mm, oom: introduce helper function to process threads during scan.

- mm, oom: reduce dependency on tasklist_lock (Reduce tasklist_lock hold times). (bnc#821259)

- mm: do not walk all of system memory during show_mem (Reduce tasklist_lock hold times). (bnc#821259)

- iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets. (bnc#844513)

- x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset. (bnc#844513)

- iommu/vt-d: Only warn about broken interrupt remapping.

- iommu: Remove stack trace from broken irq remapping warning. (bnc#844513)

- intel-iommu: Fix leaks in pagetable freeing.

- Revert aer_recover_queue() __GENKSYMS__ hack, add a fake symset with the previous value instead. (bnc#847721)

- i2c: ismt: initialize DMA buffer. (bnc#843753)

- powerpc/irq: Run softirqs off the top of the irq stack.

- quirks: add touchscreen that is dazzeled by remote wakeup. (bnc#835930)

- kernel: sclp console hangs (bnc#841498, LTC#95711).

- tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973,LTC#97595).

- tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973,LTC#97595).

- softirq: reduce latencies. (bnc#797526)

- X.509: Remove certificate date checks. (bnc#841656)

- config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG.

- splice: fix racy pipe->buffers uses. (bnc#827246)

- blktrace: fix race with open trace files and directory removal. (bnc#832292)

- rcu: Do not trigger false positive RCU stall detection.

- kernel: allow program interruption filtering in user space (bnc#837596, LTC#97332).

- Audit: do not print error when LSMs disabled.

- SUNRPC: close a rare race in xs_tcp_setup_socket.

- Btrfs: fix negative qgroup tracking from owner accounting. (bnc#821948)

- cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields.

- NFS: make nfs_flush_incompatible more generous.

- xfs: growfs: use uncached buffers for new headers.

- NFS: do not try to use lock state when we hold a delegation. (bnc#831029)

- NFS: nfs_lookup_revalidate(): fix a leak. (bnc#828894)

- fs: do_add_mount()/umount -l races. (bnc#836801)

- xfs: avoid double-free in xfs_attr_node_addname.

- xfs: Check the return value of xfs_buf_get().

- iscsi: do not hang in endless loop if no targets present. (bnc#841094)

- scsi_dh_alua: Allow get_alua_data() to return NULL.

- cifs: revalidate directories instiantiated via FIND_ in order to handle DFS referrals. (bnc#831143)

- cifs: do not instantiate new dentries in readdir for inodes that need to be revalidated immediately.

- cifs: rename cifs_readdir_lookup to cifs_prime_dcache and make it void return. (bnc#831143)

- cifs: get rid of blind d_drop() in readdir. (bnc#831143)

- cifs: cleanup cifs_filldir. (bnc#831143)

- cifs: on send failure, readjust server sequence number downward. (bnc#827966)

- cifs: adjust sequence number downward after signing NT_CANCEL request. (bnc#827966)

- cifs: on send failure, readjust server sequence number downward. (bnc#827966)

- cifs: adjust sequence number downward after signing NT_CANCEL request. (bnc#827966)

- reiserfs: fix race with flush_used_journal_lists and flush_journal_list. (bnc#837803)

- reiserfs: remove useless flush_old_journal_lists.

- lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt. (bnc#763463)

- md: Throttle number of pending write requests in md/raid10. (bnc#833858)

- dm: ignore merge_bvec for snapshots when safe.

- ata: Set proper SK when CK_COND is set. (bnc#833588)

- Btrfs: abort unlink trans in missed error case.

- Btrfs: add all ioctl checks before user change for quota operations.

- Btrfs: add a rb_tree to improve performance of ulist search.

- Btrfs: add btrfs_fs_incompat helper.

- Btrfs: add ioctl to wait for qgroup rescan completion.

- Btrfs: add log message stubs.

- Btrfs: add missing error checks to add_data_references.

- Btrfs: add missing error code to BTRFS_IOC_INO_LOOKUP handler.

- Btrfs: add missing error handling to read_tree_block.

- Btrfs: add missing mounting options in btrfs_show_options().

- Btrfs: add sanity checks regarding to parsing mount options.

- Btrfs: add some missing iput()s in btrfs_orphan_cleanup.

- Btrfs: add tree block level sanity check.

- Btrfs: allocate new chunks if the space is not enough for global rsv.

- Btrfs: allow file data clone within a file.

- Btrfs: allow superblock mismatch from older mkfs.

- Btrfs: annotate quota tree for lockdep.

- Btrfs: automatic rescan after 'quota enable' command (FATE#312751).

- Btrfs: change how we queue blocks for backref checking.

- Btrfs: check if leafs parent exists before pushing items around.

- Btrfs: check if we can nocow if we do not have data space.

- Btrfs: check return value of commit when recovering log.

- Btrfs: clean snapshots one by one.

- Btrfs: cleanup destroy_marked_extents.

- Btrfs: cleanup fs roots if we fail to mount.

- Btrfs: cleanup orphaned root orphan item.

- Btrfs: cleanup reloc roots properly on error.

- Btrfs: Cleanup some redundant codes in btrfs_lookup_csums_range().

- Btrfs: clean up transaction abort messages.

- Btrfs: cleanup unused arguments of btrfs_csum_data.

- Btrfs: clear received_uuid field for new writable snapshots.

- Btrfs: compare relevant parts of delayed tree refs.

- Btrfs: cover more error codes in btrfs_decode_error.

- Btrfs: creating the subvolume qgroup automatically when enabling quota.

- Btrfs: deal with bad mappings in btrfs_map_block.

- Btrfs: deal with errors in write_dev_supers.

- Btrfs: deal with free space cache errors while replaying log.

- Btrfs: deprecate subvolrootid mount option.

- Btrfs: do away with non-whole_page extent I/O.

- Btrfs: do delay iput in sync_fs.

- Btrfs: do not clear our orphan item runtime flag on eexist.

- Btrfs: do not continue if out of memory happens.

- Btrfs: do not offset physical if we are compressed.

- Btrfs: do not pin while under spin lock.

- Btrfs: do not abort the current transaction if there is no enough space for inode cache.

- Btrfs: do not allow a subvol to be deleted if it is the default subovl.

- Btrfs: do not BUG_ON() in btrfs_num_copies.

- Btrfs: do not bug_on when we fail when cleaning up transactions.

- Btrfs: do not call readahead hook until we have read the entire eb.

- Btrfs: do not delete fs_roots until after we cleanup the transaction.

- Btrfs: dont do log_removal in insert_new_root.

- Btrfs: do not force pages under writeback to finish when aborting.

- Btrfs: do not ignore errors from btrfs_run_delayed_items.

- Btrfs: do not invoke btrfs_invalidate_inodes() in the spin lock context.

- Btrfs: do not miss inode ref items in BTRFS_IOC_INO_LOOKUP.

- Btrfs: do not NULL pointer deref on abort.

- Btrfs: do not panic if we are trying to drop too many refs.

- Btrfs: do not steal the reserved space from the global reserve if their space type is different.

- Btrfs: do not stop searching after encountering the wrong item.

- Btrfs: do not try and free ebs twice in log replay.

- Btrfs: do not use global block reservation for inode cache truncation.

- Btrfs: do not wait on ordered extents if we have a trans open.

- Btrfs: Drop inode if inode root is NULL.

- Btrfs: enhance superblock checks.

- Btrfs: exclude logged extents before replying when we are mixed.

- Btrfs: explicitly use global_block_rsv for quota_tree.

- Btrfs: fall back to global reservation when removing subvolumes.

- Btrfs: fix a bug of snapshot-aware defrag to make it work on partial extents.

- Btrfs: fix accessing a freed tree root.

- Btrfs: fix accessing the root pointer in tree mod log functions.

- Btrfs: fix all callers of read_tree_block.

- Btrfs: fix a warning when disabling quota.

- Btrfs: fix a warning when updating qgroup limit.

- Btrfs: fix backref walking when we hit a compressed extent.

- Btrfs: fix bad extent logging.

- Btrfs: fix broken nocow after balance.

- Btrfs: fix confusing edquot happening case.

- Btrfs: fix double free in the iterate_extent_inodes().

- Btrfs: fix error handling in btrfs_ioctl_send().

- Btrfs: fix error handling in make/read block group.

- Btrfs: fix estale with btrfs send.

- Btrfs: fix extent buffer leak after backref walking.

- Btrfs: fix extent logging with O_DIRECT into prealloc.

- Btrfs: fix file truncation if FALLOC_FL_KEEP_SIZE is specified.

- Btrfs: fix get set label blocking against balance.

- Btrfs: fix infinite loop when we abort on mount.

- Btrfs: fix inode leak on kmalloc failure in tree-log.c.

- Btrfs: fix lockdep warning.

- Btrfs: fix lock leak when resuming snapshot deletion.

- Btrfs: fix memory leak of orphan block rsv.

- Btrfs: fix missing check about ulist_add() in qgroup.c.

- Btrfs: fix missing check before creating a qgroup relation.

- Btrfs: fix missing check in the btrfs_qgroup_inherit().

- Btrfs: fix off-by-one in fiemap.

- Btrfs: fix oops when writing dirty qgroups to disk.

- Btrfs: fix possible infinite loop in slow caching.

- Btrfs: fix possible memory leak in replace_path().

- Btrfs: fix possible memory leak in the find_parent_nodes().

- Btrfs: fix printing of non NULL terminated string.

- Btrfs: fix qgroup rescan resume on mount.

- Btrfs: fix reada debug code compilation.

- Btrfs: fix the error handling wrt orphan items.

- Btrfs: fix transaction throttling for delayed refs.

- Btrfs: fix tree mod log regression on root split operations.

- Btrfs: fix unblocked autodefraggers when remount.

- Btrfs: fix unlock after free on rewinded tree blocks.

- Btrfs: fix unprotected root node of the subvolumes inode rb-tree.

- Btrfs: fix use-after-free bug during umount.

- Btrfs: free csums when we are done scrubbing an extent.

- Btrfs: handle errors returned from get_tree_block_key.

- Btrfs: handle errors when doing slow caching.

- Btrfs: hold the tree mod lock in __tree_mod_log_rewind.

- Btrfs: ignore device open failures in

- Btrfs: improve the loop of scrub_stripe.

- Btrfs: improve the performance of the csums lookup.

- Btrfs: init relocate extent_io_tree with a mapping.

- Btrfs: introduce a mutex lock for btrfs quota operations.

- Btrfs: kill some BUG_ONs() in the find_parent_nodes().

- Btrfs: log ram bytes properly.

- Btrfs: make __merge_refs() return type be void.

- Btrfs: make orphan cleanup less verbose.

- Btrfs: make static code static & remove dead code.

- Btrfs: make subvol creation/deletion killable in the early stages.

- Btrfs: make sure roots are assigned before freeing their nodes.

- Btrfs: make sure the backref walker catches all refs to our extent.

- Btrfs: make the cleaner complete early when the fs is going to be umounted.

- Btrfs: make the snap/subv deletion end more early when the fs is R/O.

- Btrfs: merge save_error_info helpers into one.

- Btrfs: move the R/O check out of btrfs_clean_one_deleted_snapshot().

- Btrfs: only do the tree_mod_log_free_eb if this is our last ref.

- Btrfs: only exclude supers in the range of our block group.

- Btrfs: optimize key searches in btrfs_search_slot.

- Btrfs: optimize the error handle of use_block_rsv().

- Btrfs: pause the space balance when remounting to R/O.

- Btrfs: put our inode if orphan cleanup fails.

- Btrfs: re-add root to dead root list if we stop dropping it.

- Btrfs: read entire device info under lock.

- Btrfs: release both paths before logging dir/changed extents.

- Btrfs: Release uuid_mutex for shrink during device delete.

- Btrfs: remove almost all of the BUG()s from tree-log.c.

- Btrfs: remove BUG_ON() in btrfs_read_fs_tree_no_radix().

- Btrfs: remove ourselves from the cluster list under lock.

- Btrfs: remove some BUG_ONs() when walking backref tree.

- Btrfs: remove some unnecessary spin_lock usages.

- Btrfs: remove unnecessary ->s_umount in cleaner_kthread().

- Btrfs: remove unused argument of fixup_low_keys().

- Btrfs: remove unused gfp mask parameter from release_extent_buffer callchain.

- Btrfs: remove useless copy in quota_ctl.

- Btrfs: remove warn on in free space cache writeout.

- Btrfs: rescan for qgroups (FATE#312751).

- Btrfs: reset ret in record_one_backref.

- Btrfs: return ENOSPC when target space is full.

- Btrfs: return errno if possible when we fail to allocate memory.

- Btrfs: return error code in btrfs_check_trunc_cache_free_space().

- Btrfs: return error when we specify wrong start to defrag.

- Btrfs: return free space in cow error path.

- Btrfs: separate sequence numbers for delayed ref tracking and tree mod log.

- Btrfs: set UUID in root_item for created trees.

- Btrfs: share stop worker code.

- Btrfs: simplify unlink reservations.

- Btrfs: split btrfs_qgroup_account_ref into four functions.

- Btrfs: stop all workers before cleaning up roots.

- Btrfs: stop using try_to_writeback_inodes_sb_nr to flush delalloc.

- Btrfs: stop waiting on current trans if we aborted.

- Btrfs: unlock extent range on enospc in compressed submit.

- Btrfs: update drop progress before stopping snapshot dropping.

- Btrfs: update fixups from 3.11

- Btrfs: update the global reserve if it is empty.

- Btrfs: use helper to cleanup tree roots.

- Btrfs: use REQ_META for all metadata IO.

- Btrfs: use tree_root to avoid edquot when disabling quota.

- Btrfs: use u64 for subvolid when parsing mount options.

- Btrfs: use unsigned long type for extent state bits.

- Btrfs: various abort cleanups.

- Btrfs: wait ordered range before doing direct io.

- Btrfs: wake up delayed ref flushing waiters on abort.

- net/mlx4_en: Fix BlueFlame race. (bnc#835684)

- ipv6: do not call fib6_run_gc() until routing is ready.

- ipv6: prevent fib6_run_gc() contention. (bnc#797526)

- ipv6: update ip6_rt_last_gc every time GC is run.

- netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853).

- netfilter: prevent race condition breaking net reference counting. (bnc#835094)

- net: remove skb_orphan_try(). (bnc#834600)

- bonding: check bond->vlgrp in bond_vlan_rx_kill_vid().

- sctp: deal with multiple COOKIE_ECHO chunks.

- mlx4: allow IB_QP_CREATE_USE_GFP_NOFS in mlx4_ib_create_qp(). (bnc#822433)

- drm/i915: disable sound first on intel_disable_ddi.

- drm/i915: HDMI/DP - ELD info refresh support for Haswell. (bnc#833151)

- drm/cirrus: This is a cirrus version of Egbert Eichs patch for mgag200. (bnc#808079)

- drm/i915: Disable GGTT PTEs on GEN6+ suspend.

- drm/i915/hsw: Disable L3 caching of atomic memory operations. (bnc#800875)

- ALSA: hda - Re-setup HDMI pin and audio infoframe on stream switches. (bnc#833151)

- vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev. (bnc#833321)

- mvsas: add support for 9480 device id. (bnc#843950)

- r8169: fix argument in rtl_hw_init_8168g.

- r8169: support RTL8168G. (bnc#845352,bnc#842820)

- r8169: abstract out loop conditions.

- r8169: mdio_ops signature change.

- thp: reduce khugepaged freezing latency (khugepaged blocking suspend-to-ram (bnc#825291)).

- bnx2x: Change to D3hot only on removal. (bnc#838448)

- megaraid_sas: Disable controller reset for ppc.

- scsi_dh_alua: simplify alua_check_sense(). (bnc#843642)

- scsi_dh_alua: Fix missing close brace in alua_check_sense. (bnc#843642)

- scsi_dh_alua: retry command on 'mode parameter changed' sense code. (bnc#843645)

- scsi_dh_alua: invalid state information for 'optimized' paths. (bnc#843445)

- scsi_dh_alua: reattaching device handler fails with 'Error 15'. (bnc#843429)

- Drivers: hv: util: Fix a bug in version negotiation code for util services. (bnc#828714)

- Drivers: hv: util: Correctly support ws2008R2 and earlier. (bnc#838346)

- Drivers: hv: vmbus: Do not attempt to negoatiate a new version prematurely.

- Drivers: hv: util: Correctly support ws2008R2 and earlier. (bnc#838346)

- Drivers: hv: vmbus: Terminate vmbus version negotiation on timeout.

- Drivers: hv: vmbus: Fix a bug in the handling of channel offers.

- Drivers: hv: util: Fix a bug in version negotiation code for util services. (bnc#828714)

- Drivers: hv: balloon: Initialize the transaction ID just before sending the packet.

- Drivers: hv: util: Fix a bug in util version negotiation code. (bnc#838346)

- be2net: Check for POST state in suspend-resume sequence.

- be2net: bug fix on returning an invalid nic descriptor.

- be2net: provision VF resources before enabling SR-IOV.

- be2net: Fix firmware download for Lancer. (bnc#835189)

- be2net: Fix to use version 2 of cq_create for SkyHawk-R devices. (bnc#835189)

- be2net: Use GET_FUNCTION_CONFIG V1 cmd. (bnc#835189)

- be2net: Avoid flashing BE3 UFI on BE3-R chip.

- be2net: Use TXQ_CREATE_V2 cmd. (bnc#835189)

- writeback: Do not sync data dirtied after sync start.

- elousb: some systems cannot stomach work around.

- bounce: allow use of bounce pool via config option (Bounce memory pool initialisation (bnc#836347)).

- block: initialize the bounce pool if high memory may be added later (Bounce memory pool initialisation (bnc#836347)).

- bio-integrity: track owner of integrity payload.

- xhci: Fix spurious wakeups after S5 on Haswell.

- s390/cio: handle unknown pgroup state (bnc#837741,LTC#97048).

- s390/cio: export vpm via sysfs (bnc#837741,LTC#97048).

- s390/cio: skip broken paths (bnc#837741,LTC#97048).

- s390/cio: dont abort verification after missing irq (bnc#837741,LTC#97048).

- cio: add message for timeouts on internal I/O (bnc#837741,LTC#97048).

- series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem. (bnc#833635)

- Update EC2 config files (STRICT_DEVMEM off, bnc#843732).

- Fixed Xen guest freezes. (bnc#829682, bnc#842063)

- tools: hv: Improve error logging in VSS daemon.

- tools: hv: Check return value of poll call.

- tools: hv: Check return value of setsockopt call.

- Tools: hv: fix send/recv buffer allocation.

- Tools: hv: check return value of daemon to fix compiler warning.

- Tools: hv: in kvp_set_ip_info free mac_addr right after usage.

- Tools: hv: check return value of system in hv_kvp_daemon.

- Tools: hv: correct payload size in netlink_send.

- Tools: hv: use full nlmsghdr in netlink_send.

- rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors. (bnc#821465)

- rpm/ Move the xenpae obsolete to the old-flavors file.

- rpm/old-flavors: Convert the old-packages.conf file to a flat list.

- rpm/mkspec: Adjust.

- rpm/old-packages.conf: Delete.

- rpm/old-packages.conf: Drop bogus obsoletes for 'smp'.

- rpm/ Make sure that all KMP obsoletes are versioned. (bnc#821465)

- rpm/ Remove unversioned provides/obsoletes for packages that were only seen in openSUSE releases up to 11.0. . (bnc#821465)


Apply SAT patch number 8524 / 8525 / 8528 as appropriate.

See Also

Plugin Details

Severity: Medium

ID: 71034

File Name: suse_11_kernel-131107.nasl

Version: 1.4

Type: local

Agent: unix

Published: 11/22/2013

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 5.4

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:xen-kmp-pae, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/7/2013

Reference Information

CVE: CVE-2013-2206