New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
The remote openSUSE host is missing a security update.
Description
This kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues.
Following issues were fixed :
- tcp: drop SYN+FIN messages (bnc#765102).
- net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).
- fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123).
- macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119).
- hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020).
- xfrm: take net hdr len into account for esp payload size calculation (bnc#759545).
- ext4: fix undefined behavior in ext4_fill_flex_info() (bnc#757278).
- igb: fix rtnl race in PM resume path (bnc#748859).
- ixgbe: add missing rtnl_lock in PM resume path (bnc#748859).
- b43: allocate receive buffers big enough for max frame len + offset (bnc#717749).
- xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX.
- xenbus_dev: add missing error checks to watch handling.
- hwmon: (coretemp-xen) Fix TjMax detection for older CPUs.
- hwmon: (coretemp-xen) Relax target temperature range check.
- Refresh other Xen patches.
- tlan: add cast needed for proper 64 bit operation (bnc#756840).
- dl2k: Tighten ioctl permissions (bnc#758813).
- [media] cx22702: Fix signal strength.
- fs: cachefiles: Add support for large files in filesystem caching (bnc#747038).
- bridge: correct IPv6 checksum after pull (bnc#738644).
- bridge: fix a possible use after free (bnc#738644).
- bridge: Pseudo-header required for the checksum of ICMPv6 (bnc#738644).
- bridge: mcast snooping, fix length check of snooped MLDv1/2 (bnc#738644).
- PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455).
- ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203).
- drm/i915/crt: Remove 0xa0 probe for VGA.
- tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366).
- drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908).
- dlm: Do not allocate a fd for peeloff (bnc#729247).
- sctp: Export sctp_do_peeloff (bnc#729247).
- i2c-algo-bit: Fix spurious SCL timeouts under heavy load.
- patches.fixes/epoll-dont-limit-non-nested.patch: Don't limit non-nested epoll paths (bnc#676204).
- Update patches.suse/sd_init.mark_majors_busy.patch (bnc#744658).
- igb: Fix for Alt MAC Address feature on 82580 and later devices (bnc#746980).
- mark busy sd majors as allocated (bug#744658).
- regset: Return -EFAULT, not -EIO, on host-side memory fault (bnc# 750079 CVE-2012-1097).
- regset: Prevent NULL pointer reference on readonly regsets (bnc#750079 CVE-2012-1097).
- mm: memcg: Correct unregistring of events attached to the same eventfd (CVE-2012-1146 bnc#750959).
- befs: Validate length of long symbolic links (CVE-2011-2928 bnc#713430).
- si4713-i2c: avoid potential buffer overflow on si4713 (CVE-2011-2700 bnc#707332).
- staging: comedi: fix infoleak to userspace (CVE-2011-2909 bnc#711941).
- hfs: add sanity check for file name length (CVE-2011-4330 bnc#731673).
- cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 bnc#749569).
- drm: integer overflow in drm_mode_dirtyfb_ioctl() (CVE-2012-0044 bnc#740745).
- xfs: fix acl count validation in xfs_acl_from_disk() (CVE-2012-0038 bnc#740703).
- xfs: validate acl count (CVE-2012-0038 bnc#740703).
- patches.fixes/xfs-fix-possible-memory-corruption-in-xfs_ readlink: Work around missing xfs_alert().
- xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() (CVE-2011-4077 bnc#726600).
- xfs: Fix possible memory corruption in xfs_readlink (CVE-2011-4077 bnc#726600).
- ext4: make ext4_split_extent() handle error correctly.
- ext4: ext4_ext_convert_to_initialized bug found in extended FSX testing.
- ext4: add ext4_split_extent_at() and ext4_split_extent().
- ext4: reimplement convert and split_unwritten (CVE-2011-3638 bnc#726045).
- patches.fixes/epoll-limit-paths.patch: epoll: limit paths (bnc#676204 CVE-2011-1083).
- patches.kabi/epoll-kabi-fix.patch: epoll: hide kabi change in struct file (bnc#676204 CVE-2011-1083).
- NAT/FTP: Fix broken conntrack (bnc#681639 bnc#466279 bnc#747660).
- igmp: Avoid zero delay when receiving odd mixture of IGMP queries (bnc#740448 CVE-2012-0207).
- jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (bnc#745832 CVE-2011-4086).
- AppArmor: fix oops in apparmor_setprocattr (bnc#717209 CVE-2011-3619).
- Refresh patches.suse/SoN-22-netvm.patch. Clean and
*working* patches.
- Refresh patches.suse/SoN-22-netvm.patch. (bnc#683671) Fix an rcu locking imbalance in the receive path triggered when using vlans.
- Fix mangled patch (invalid date) Although accepted by `patch`, this is rejected by `git apply`
- Fix mangled diff lines (leading space tab vs tab) Although accepted by `patch`, these are rejected by `git apply`
- jbd/jbd2: validate sb->s_first in journal_get_superblock() (bnc#730118).
- fsnotify: don't BUG in fsnotify_destroy_mark() (bnc#689860).
- Fix patches.fixes/x25-Handle-undersized-fragmented-skbs.patc h (CVE-2010-3873 bnc#651219).
- Fix patches.fixes/x25-Prevent-skb-overreads-when-checking-ca ll-user-da.patch (CVE-2010-3873 bnc#651219).
- Fix patches.fixes/x25-Validate-incoming-call-user-data-lengt hs.patch (CVE-2010-3873 bnc#651219).
- Fix patches.fixes/x25-possible-skb-leak-on-bad-facilities.pa tch (CVE-2010-3873 bnc#651219 CVE-2010-4164 bnc#653260).
- Update patches.fixes/econet-4-byte-infoleak-to-the-network.patc h (bnc#681186 CVE-2011-1173). Fix reference.
- hwmon: (w83627ehf) Properly report thermal diode sensors.
- nl80211: fix overflow in ssid_len (bnc#703410 CVE-2011-2517).
- nl80211: fix check for valid SSID size in scan operations (bnc#703410 CVE-2011-2517).
- x25: Prevent skb overreads when checking call user data (CVE-2010-3873 bnc#737624).
- x25: Handle undersized/fragmented skbs (CVE-2010-3873 bnc#737624).
- x25: Validate incoming call user data lengths (CVE-2010-3873 bnc#737624).
- x25: possible skb leak on bad facilities (CVE-2010-3873 bnc#737624).
- net: Add a flow_cache_flush_deferred function (bnc#737624).
- xfrm: avoid possible oopse in xfrm_alloc_dst (bnc#737624).
- scm: lower SCM_MAX_FD (bnc#655696 CVE-2010-4249).
Solution
Update the affected Kernel packages.