Sicherheit: Mehrere Probleme im Kernel

Lesezeichen hinzufügen

SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2012:1391-1
Rating: important
References: #674284 #703156 #734056 #738400 #738528 #747576
#755546 #758985 #760974 #762581 #763526 #765102
#765320 #767277 #767504 #767766 #767939 #769784
#770507 #770697 #772409 #773272 #773831 #776888
#777575 #783058
Cross-References: CVE-2011-1044 CVE-2011-4110 CVE-2012-2136
CVE-2012-2663 CVE-2012-2744 CVE-2012-3510

Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 20 fixes is
now available.

Description:

This Linux kernel update fixes various security issues and
bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed:

*

CVE-2011-2494: kernel/taskstats.c in the Linux kernel
allowed local users to obtain sensitive I/O statistics by
sending taskstats commands to a netlink socket, as
demonstrated by discovering the length of another users
password (a side channel attack).

*

CVE-2012-2744:
net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux
kernel, when the nf_conntrack_ipv6 module is enabled,
allowed remote attackers to cause a denial of service (NULL
pointer dereference and system crash) via certain types of
fragmented IPv6 packets.

*

CVE-2012-3510: Use-after-free vulnerability in the
xacct_add_tsk function in kernel/tsacct.c in the Linux
kernel allowed local users to obtain potentially sensitive
information from kernel memory or cause a denial of service
(system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
command.

*

CVE-2011-4110: The user_update function in
security/keys/user_defined.c in the Linux kernel 2.6
allowed local users to cause a denial of service (NULL
pointer dereference and kernel oops) via vectors related to
a user-defined key and updating a negative key into a fully
instantiated key.

*

CVE-2011-1044: The ib_uverbs_poll_cq function in
drivers/infiniband/core/uverbs_cmd.c in the Linux kernel
did not initialize a certain response buffer, which allowed
local users to obtain potentially sensitive information
from kernel memory via vectors that cause this buffer to be
only partially filled, a different vulnerability than
CVE-2010-4649.

*

CVE-2012-3400: Heap-based buffer overflow in the
udf_load_logicalvol function in fs/udf/super.c in the Linux
kernel allowed remote attackers to cause a denial of
service (system crash) or possibly have unspecified other
impact via a crafted UDF filesystem.

*

CVE-2012-2136: The sock_alloc_send_pskb function in
net/core/sock.c in the Linux kernel did not properly
validate a certain length value, which allowed local users
to cause a denial of service (heap-based buffer overflow
and system crash) or possibly gain privileges by leveraging
access to a TUN/TAP device.

*

CVE-2012-2663: A small denial of service leak in
dropping syn+fin messages was fixed.

The following non-security issues have been fixed:

Packaging:

* kbuild: Fix gcc -x syntax (bnc#773831).

NFS:

* knfsd: An assortment of little fixes to the sunrpc
cache code (bnc#767766).
* knfsd: Unexport cache_fresh and fix a small race
(bnc#767766).
* knfsd: nfsd: do not drop silently on upcall deferral
(bnc#767766).
* knfsd: svcrpc: remove another silent drop from
deferral code (bnc#767766).
* sunrpc/cache: simplify cache_fresh_locked and
cache_fresh_unlocked (bnc#767766).
* sunrpc/cache: recheck cache validity after
cache_defer_req (bnc#767766).
* sunrpc/cache: use list_del_init for the list_head
entries in cache_deferred_req (bnc#767766).
* sunrpc/cache: avoid variable over-loading in
cache_defer_req (bnc#767766).
* sunrpc/cache: allow thread to block while waiting for
cache update (bnc#767766).
* sunrpc/cache: Fix race in sunrpc/cache introduced by
patch to allow thread to block while waiting for cache
update (bnc#767766).
* sunrpc/cache: Another fix for race problem with
sunrpc cache deferal (bnc#767766).
* knfsd: nfsd: make all exp_finding functions return
-errnos on err (bnc#767766).
* Fix kabi breakage in previous nfsd patch series
(bnc#767766).
* nfsd: Work around incorrect return type for
wait_for_completion_interruptible_timeout (bnc#767766).
* nfs: Fix a potential file corruption issue when
writing (bnc#773272).
* nfs: Allow sync writes to be multiple pages
(bnc#763526).
* nfs: fix reference counting for NFSv4 callback thread
(bnc#767504).
* nfs: flush signals before taking down callback thread
(bnc#767504).
* nfsv4: Ensure nfs_callback_down() calls svc_destroy()
(bnc#767504).

SCSI:

* SCSI/ch: Check NULL for kmalloc() return (bnc#783058).
*

drivers/scsi/aic94xx/aic94xx_init.c: correct the size
argument to kmalloc (bnc#783058).

*

block: fail SCSI passthrough ioctls on partition
devices (bnc#738400).

*

dm: do not forward ioctls from logical volumes to the
underlying device (bnc#738400).

*

vmware: Fix VMware hypervisor detection (bnc#777575,
bnc#770507).

S/390:

* lgr: Make lgr_page static (bnc#772409,LTC#83520).
* zfcp: Fix oops in _blk_add_trace()
(bnc#772409,LTC#83510).
*

kernel: Add z/VM LGR detection
(bnc#767277,LTC#RAS1203).

*

be2net: Fix EEH error reset before a flash dump
completes (bnc#755546).

* mptfusion: fix msgContext in mptctl_hp_hostinfo
(bnc#767939).
* PCI: Fix bus resource assignment on 32 bits with 64b
resources. (bnc#762581)
* PCI: fix up setup-bus.c #ifdef. (bnc#762581)
*

x86: powernow-k8: Fix indexing issue (bnc#758985).

*

net: Fix race condition about network device name
allocation (bnc#747576).

XEN:

* smpboot: adjust ordering of operations.
* xen/x86-64: provide a memset() that can deal with 4Gb
or above at a time (bnc#738528).
* xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53
(bnc#760974).
* xen/gntdev: fix multi-page slot allocation
(bnc#760974).

Security Issues:

* CVE-2011-1044
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044
>
* CVE-2011-4110
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110
>
* CVE-2012-2136
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136
>
* CVE-2012-2663
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663
>
* CVE-2012-2744
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2744
>
* CVE-2012-3510
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510
>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Package List:

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

kernel-default-2.6.16.60-0.99.1
kernel-source-2.6.16.60-0.99.1
kernel-syms-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

kernel-smp-2.6.16.60-0.99.1
kernel-xen-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.99.1
kernel-kdumppae-2.6.16.60-0.99.1
kernel-vmi-2.6.16.60-0.99.1
kernel-vmipae-2.6.16.60-0.99.1
kernel-xenpae-2.6.16.60-0.99.1

- SUSE Linux Enterprise Server 10 SP4 (ppc):

kernel-iseries64-2.6.16.60-0.99.1
kernel-ppc64-2.6.16.60-0.99.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

kernel-default-2.6.16.60-0.99.1
kernel-smp-2.6.16.60-0.99.1
kernel-source-2.6.16.60-0.99.1
kernel-syms-2.6.16.60-0.99.1
kernel-xen-2.6.16.60-0.99.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.99.1
kernel-xenpae-2.6.16.60-0.99.1

- SLE SDK 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.99.1

- SLE SDK 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.99.1

- SLE SDK 10 SP4 (i586 x86_64):

kernel-xen-2.6.16.60-0.99.1

- SLE SDK 10 SP4 (i586):

kernel-xenpae-2.6.16.60-0.99.1

References:

http://support.novell.com/security/cve/CVE-2011-1044.html
http://support.novell.com/security/cve/CVE-2011-4110.html
http://support.novell.com/security/cve/CVE-2012-2136.html
http://support.novell.com/security/cve/CVE-2012-2663.html
http://support.novell.com/security/cve/CVE-2012-2744.html
http://support.novell.com/security/cve/CVE-2012-3510.html
https://bugzilla.novell.com/674284
https://bugzilla.novell.com/703156
https://bugzilla.novell.com/734056
https://bugzilla.novell.com/738400
https://bugzilla.novell.com/738528
https://bugzilla.novell.com/747576
https://bugzilla.novell.com/755546
https://bugzilla.novell.com/758985
https://bugzilla.novell.com/760974
https://bugzilla.novell.com/762581
https://bugzilla.novell.com/763526
https://bugzilla.novell.com/765102
https://bugzilla.novell.com/765320
https://bugzilla.novell.com/767277
https://bugzilla.novell.com/767504
https://bugzilla.novell.com/767766
https://bugzilla.novell.com/767939
https://bugzilla.novell.com/769784
https://bugzilla.novell.com/770507
https://bugzilla.novell.com/770697
https://bugzilla.novell.com/772409
https://bugzilla.novell.com/773272
https://bugzilla.novell.com/773831
https://bugzilla.novell.com/776888
https://bugzilla.novell.com/777575
https://bugzilla.novell.com/783058
?keywords=118cf41af33f48911c473f3bd88c74a8
?keywords=1d5bd8295622191606c935851bd82ff9
?keywords=3b3320a96f49fe4615b35ba22bb6cbf3
?keywords=9dc087603b172b449aa9a07b548bf3cf
?keywords=c77cfcc87d8e54df006cb42c12c2fadb

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org