SUSE: 2011:1101-1 Important: Kernel Memory Corruption and DoS Fix

Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3997455_1edcd913e2b52798c5b9126b8927230e on line 19

   SUSE Security Update: kernel update for SLE11 SP1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1101-1
Rating:             important
References:         #588458 #603804 #632870 #642896 #649625 #667386 
                    #669378 #688859 #694670 #699354 #699357 #701443 
                    #701686 #704347 #706557 #707096 #707125 #707737 
                    #708675 #708877 #709412 #711203 #711969 #712456 
                    #712929 #713138 #713430 #714001 #714966 #715235 
                    #715763 #716901 #719117 
Cross-References:   CVE-2011-2928 CVE-2011-3191 CVE-2011-3353
                   
Affected Products:
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves three vulnerabilities and has 30
   fixes is now available.

Description:

   The SUSE Linux Enterprise 11 Service Pack 1 kernel was
   updated to 2.6.32.46 and fixes various bugs and security
   issues.

   Following security issues were fixed: CVE-2011-3191: A
   signedness issue in CIFS could possibly have lead to to
   memory corruption, if a malicious server could send crafted
   replies to the host.

   CVE-2011-3353: In the fuse filesystem,
   FUSE_NOTIFY_INVAL_ENTRY did not check the length of the
   write so the message processing could overrun and result in
   a BUG_ON() in fuse_copy_fill(). This flaw could be used by
   local users able to mount FUSE filesystems to crash the
   system.

   CVE-2011-2928: The befs_follow_link function in
   fs/befs/linuxvfs.c in the Linux kernel did not validate the
   length attribute of long symlinks, which allowed local
   users to cause a denial of service (incorrect pointer
   dereference and OOPS) by accessing a long symlink on a
   malformed Be filesystem.


   Also the following non security bugs were fixed:
   - Added a missing reset for ioc_reset_in_progress in
   SoftReset in the mtpsas driver (bnc#711969).

   - Add support for the Digi/IBM PCIe 2-port Adapter
   (bnc#708675).

   - Always enable MSI-X on 5709 (bnc#707737).

   - sched: fix broken SCHED_RESET_ON_FORK handling
   (bnc#708877).

   - sched: Fix rt_rq runtime leakage bug (bnc#707096).

   - ACPI: allow passing down C1 information if no other
   C-states exist.

   - KDB: turn off kdb usb support by default (bnc#694670
   bnc#603804).

   - xfs: Added event tracing support.
   - xfs: fix xfs_fsblock_t tracing.

   - igb: extend maximum frame size to receive VLAN tagged
   frames (bnc#688859).

   - cfq: Do not allow queue merges for queues that have no
   process references (bnc#712929).
   - cfq: break apart merged cfqqs if they stop cooperating
   (bnc#712929).
   - cfq: calculate the seek_mean per cfq_queue not per
   cfq_io_context (bnc#712929).
   - cfq: change the meaning of the cfqq_coop flag
   (bnc#712929).
   - cfq-iosched: get rid of the coop_preempt flag
   (bnc#712929).
   - cfq: merge cooperating cfq_queues (bnc#712929).

   - Fix FDDI and TR config checks in ipv4 arp and LLC
   (bnc#715235).

   - writeback: do uninterruptible sleep in
   balance_dirty_pages() (bnc#699354 bnc#699357).
   - xfs: fix memory reclaim recursion deadlock on locked
   inode buffer (bnc#699355 bnc#699354).
   - xfs: use GFP_NOFS for page cache allocation (bnc#699355
   bnc#699354).

   - virtio-net: init link state correctly (bnc#714966).

   - cpufreq: pcc-cpufreq: sanity check to prevent a NULL
   pointer dereference (bnc#709412).

   - x86: ucode-amd: Do not warn when no ucode is available
   for a CPU

   - patches.arch/x86_64-unwind-annotations: Refresh
   (bnc#588458).
   - patches.suse/stack-unwind: Refresh (bnc#588458).

   - splice: direct_splice_actor() should not use pos in sd
   (bnc#715763).

   - qdio: 2nd stage retry on SIGA-W busy conditions
   (bnc#713138,LTC#74402).

   - TTY: pty, fix pty counting (bnc#711203).

   - Avoid deadlock in GFP_IO/GFP_FS allocation (bnc#632870).

   - novfs: fix some DirCache locking issues (bnc#669378).
   - novfs: fix some kmalloc/kfree issues (bnc#669378).
   - novfs: fix off-by-one allocation error (bnc#669378).
   - novfs: unlink directory after unmap (bnc#649625).
   - novfs: last modification time not reliable (bnc#642896).

   - x86 / IO APIC: Reset IRR in clear_IO_APIC_pin()
   (bnc#701686, bnc#667386).

   - mptfusion : Added check for SILI bit in READ_6 CDB for
   DATA UNDERRUN ERRATA (bnc #712456).

   - xfs: serialise unaligned direct IOs (bnc#707125).

   - NFS: Ensure that we handle NFS4ERR_STALE_STATEID
   correctly (bnc#701443).
   - NFSv4: Do not call nfs4_state_mark_reclaim_reboot() from
   error handlers (bnc#701443).
   - NFSv4: Fix open recovery (bnc#701443).
   - NFSv4.1: Do not call nfs4_schedule_state_recovery()
   unnecessarily (bnc#701443).


Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-2.6.32.46-0.3.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-2.6.32.46-0.3.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      kernel-ppc64-extra-2.6.32.46-0.3.1

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-2.6.32.46-0.3.1


References:

   https://www.suse.com/security/cve/CVE-2011-2928.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://www.suse.com/security/cve/CVE-2011-3353.html