SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2012:1391-1)

High Nessus Plugin ID 83563

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed :

CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password (a side channel attack).

CVE-2012-2744: net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel, when the nf_conntrack_ipv6 module is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.

CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.

CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and updating a negative key into a fully instantiated key.

CVE-2011-1044: The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel did not initialize a certain response buffer, which allowed local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.

CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.

CVE-2012-2136: The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.

CVE-2012-2663: A small denial of service leak in dropping syn+fin messages was fixed.

The following non-security issues have been fixed :

Packaging :

- kbuild: Fix gcc -x syntax (bnc#773831).

NFS :

- knfsd: An assortment of little fixes to the sunrpc cache code (bnc#767766).

- knfsd: Unexport cache_fresh and fix a small race (bnc#767766).

- knfsd: nfsd: do not drop silently on upcall deferral (bnc#767766).

- knfsd: svcrpc: remove another silent drop from deferral code (bnc#767766).

- sunrpc/cache: simplify cache_fresh_locked and cache_fresh_unlocked (bnc#767766).

- sunrpc/cache: recheck cache validity after cache_defer_req (bnc#767766).

- sunrpc/cache: use list_del_init for the list_head entries in cache_deferred_req (bnc#767766).

- sunrpc/cache: avoid variable over-loading in cache_defer_req (bnc#767766).

- sunrpc/cache: allow thread to block while waiting for cache update (bnc#767766).

- sunrpc/cache: Fix race in sunrpc/cache introduced by patch to allow thread to block while waiting for cache update (bnc#767766).

- sunrpc/cache: Another fix for race problem with sunrpc cache deferal (bnc#767766).

- knfsd: nfsd: make all exp_finding functions return

-errnos on err (bnc#767766).

- Fix kabi breakage in previous nfsd patch series (bnc#767766).

- nfsd: Work around incorrect return type for wait_for_completion_interruptible_timeout (bnc#767766).

- nfs: Fix a potential file corruption issue when writing (bnc#773272).

- nfs: Allow sync writes to be multiple pages (bnc#763526).

- nfs: fix reference counting for NFSv4 callback thread (bnc#767504).

- nfs: flush signals before taking down callback thread (bnc#767504).

- nfsv4: Ensure nfs_callback_down() calls svc_destroy() (bnc#767504).

SCSI :

- SCSI/ch: Check NULL for kmalloc() return (bnc#783058).
drivers/scsi/aic94xx/aic94xx_init.c: correct the size argument to kmalloc (bnc#783058).

block: fail SCSI passthrough ioctls on partition devices (bnc#738400).

dm: do not forward ioctls from logical volumes to the underlying device (bnc#738400).

vmware: Fix VMware hypervisor detection (bnc#777575, bnc#770507).

S/390 :

- lgr: Make lgr_page static (bnc#772409,LTC#83520).

- zfcp: Fix oops in _blk_add_trace() (bnc#772409,LTC#83510). kernel: Add z/VM LGR detection (bnc#767277,LTC#RAS1203).

be2net: Fix EEH error reset before a flash dump completes (bnc#755546).

- mptfusion: fix msgContext in mptctl_hp_hostinfo (bnc#767939).

- PCI: Fix bus resource assignment on 32 bits with 64b resources. (bnc#762581)

- PCI: fix up setup-bus.c #ifdef. (bnc#762581) x86:
powernow-k8: Fix indexing issue (bnc#758985).

net: Fix race condition about network device name allocation (bnc#747576).

XEN :

- smpboot: adjust ordering of operations.

- xen/x86-64: provide a memset() that can deal with 4Gb or above at a time (bnc#738528).

- xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53 (bnc#760974).

- xen/gntdev: fix multi-page slot allocation (bnc#760974).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected kernel packages

See Also

http://www.nessus.org/u?78b77189

http://www.nessus.org/u?de8841aa

http://www.nessus.org/u?b107d19c

http://www.nessus.org/u?96b149b9

http://www.nessus.org/u?662e8c98

http://support.novell.com/security/cve/CVE-2011-1044.html

http://support.novell.com/security/cve/CVE-2011-4110.html

http://support.novell.com/security/cve/CVE-2012-2136.html

http://support.novell.com/security/cve/CVE-2012-2663.html

http://support.novell.com/security/cve/CVE-2012-2744.html

http://support.novell.com/security/cve/CVE-2012-3510.html

https://bugzilla.novell.com/674284

https://bugzilla.novell.com/703156

https://bugzilla.novell.com/734056

https://bugzilla.novell.com/738400

https://bugzilla.novell.com/738528

https://bugzilla.novell.com/747576

https://bugzilla.novell.com/755546

https://bugzilla.novell.com/758985

https://bugzilla.novell.com/760974

https://bugzilla.novell.com/762581

https://bugzilla.novell.com/763526

https://bugzilla.novell.com/765102

https://bugzilla.novell.com/765320

https://bugzilla.novell.com/767277

https://bugzilla.novell.com/767504

https://bugzilla.novell.com/767766

https://bugzilla.novell.com/767939

https://bugzilla.novell.com/769784

https://bugzilla.novell.com/770507

https://bugzilla.novell.com/770697

https://bugzilla.novell.com/772409

https://bugzilla.novell.com/773272

https://bugzilla.novell.com/773831

https://bugzilla.novell.com/776888

https://bugzilla.novell.com/777575

https://bugzilla.novell.com/783058

http://www.nessus.org/u?a7170536

Plugin Details

Severity: High

ID: 83563

File Name: suse_SU-2012-1391-1.nasl

Version: 2.3

Type: local

Agent: unix

Published: 2015/05/20

Updated: 2018/07/31

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-bigsmp, p-cpe:/a:novell:suse_linux:kernel-debug, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-kdump, p-cpe:/a:novell:suse_linux:kernel-kdumppae, p-cpe:/a:novell:suse_linux:kernel-smp, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-vmi, p-cpe:/a:novell:suse_linux:kernel-vmipae, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xenpae, cpe:/o:novell:suse_linux:10

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/10/23

Reference Information

CVE: CVE-2010-4649, CVE-2011-1044, CVE-2011-2494, CVE-2011-4110, CVE-2012-2136, CVE-2012-2663, CVE-2012-2744, CVE-2012-3400, CVE-2012-3510

BID: 46073, 46488, 50314, 50755, 53721, 53733, 54279, 54367, 55144