Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

SUSE: 2011:1195-1 Important: Kernel Update for Four Security Issues

suse
Calendar Grey October 28, 2011
Dist Suse Esm H88
SUSE Security Update: Security update for Linux kernel _____________________________________________
An update that solves four vulnerabilities and has 19 fixes An update that solves four vulnerabilities and has 19 fixes An update that solves four vulnerabilities and has 19 fixes ...

Summary


Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/107166_1edcd913e2b52798c5b9126b8927230e on line 19

   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1195-1
Rating:             important
References:         #616256 #628343 #635880 #683101 #692784 #694315 
                    #699354 #699355 #701355 #701550 #706375 #707439 
                    #709213 #709369 #712009 #713876 #714001 #717126 
                    #717421 #717585 #718028 #721830 #724947 
Cross-References:   CVE-2009-4067 CVE-2011-1776 CVE-2011-3191
                    CVE-2011-3363
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves four vulnerabilities and has 19 fixes
   is now available.

Description:


   This Linux kernel update fixes various security issues and
   bugs in the SUSE  Linux Enterprise 10 SP4 kernel.

   The following security issues have been fixed:

   * CVE-2009-4067: A USB string descriptor overflow in
   the auerwald USB driver was fixed, which could be used by
   physically proximate attackers to cause a kernel crash.
   * CVE-2011-3363: Always check the path in CIFS mounts
   to avoid interesting filesystem path interaction issues and
   potential crashes.
   * CVE-2011-3191: A malicious CIFS server could cause a
   integer overflow on the local machine on directory index
   operations, in turn causing memory corruption.
   * CVE-2011-1776: The is_gpt_valid function in
   fs/partitions/efi.c in the Linux kernel did not check the
   size of an Extensible Firmware Interface (EFI) GUID
   Partition Table (GPT) entry, which allowed physically
   proximate attackers to cause a denial of service
   (heap-based buffer overflow and OOPS) or obtain sensitive
   information from kernel heap memory by connecting a crafted
   GPT storage device, a different vulnerability than
   CVE-2011-1577.

   The following non-security issues have been fixed:

   * md: fix deadlock in md/raid1 and md/raid10 when
   handling a read error (bnc#628343).
   * md: fix possible raid1/raid10 deadlock on read error
   during resync (bnc#628343).
   * Add timeo parameter to /proc/mounts for nfs
   filesystems (bnc#616256).
   * virtio: indirect ring entries
   (VIRTIO_RING_F_INDIRECT_DESC) (bnc#713876).
   * virtio: teach virtio_has_feature() about transport
   features (bnc#713876).
   * nf_nat: do not add NAT extension for confirmed
   conntracks (bnc#709213).
   * 8250: Oxford Semiconductor Devices (bnc#717126).
   * 8250_pci: Add support for the Digi/IBM PCIe 2-port
   Adapter (bnc#717126).
   * 8250: Fix capabilities when changing the port type
   (bnc#717126).
   * 8250: Add EEH support (bnc#717126).
   * xfs: fix memory reclaim recursion deadlock on locked
   inode buffer (bnc#699355 bnc#699354 bnc#721830).
   * ipmi: do not grab locks in run-to-completion mode
   (bnc#717421).
   * cifs: add fallback in is_path_accessible for old
   servers (bnc#718028).
   * cciss: do not attempt to read from a write-only
   register (bnc#683101).
   * s390: kernel: System hang if hangcheck timer expires
   (bnc#712009,LTC#74157).
   * s390: kernel: NSS creation with initrd fails
   (bnc#712009,LTC#74207).
   * s390: kernel: remove code to handle topology
   interrupts (bnc#712009,LTC#74440).
   * xen: Added 1083-kbdfront-absolute-coordinates.patch
   (bnc#717585).
   * acpi: Use a spinlock instead of mutex to guard
   gbl_lock access (bnc#707439).
   * Allow balance_dirty_pages to help other filesystems
   (bnc#709369).
   * nfs: fix congestion control (bnc#709369).
   * NFS: Separate metadata and page cache revalidation
   mechanisms (bnc#709369).
   * jbd: Fix oops in journal_remove_journal_head()
   (bnc#694315).
   * xen/blkfront: avoid NULL de-reference in CDROM ioctl
   handling (bnc#701355).
   * xen/x86: replace order-based range checking of M2P
   table by linear one.
   * xen/x86: use dynamically adjusted upper bound for
   contiguous regions (bnc#635880).
   * Fix type in
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress.
   * s390: cio: Add timeouts for internal IO
   (bnc#701550,LTC#72691).
   * s390: kernel: first time swap use results in heavy
   swapping (bnc#701550,LTC#73132).
   * s390: qeth: wrong number of output queues for
   HiperSockets (bnc#701550,LTC#73814).

   Security Issue references:

   * CVE-2009-4067
   
   * CVE-2011-3363
   
   * CVE-2011-3191
   
   * CVE-2011-1776
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-kdumppae-2.6.16.60-0.91.1
      kernel-vmi-2.6.16.60-0.91.1
      kernel-vmipae-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.91.1
      kernel-ppc64-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.91.1
      kernel-smp-2.6.16.60-0.91.1
      kernel-source-2.6.16.60-0.91.1
      kernel-syms-2.6.16.60-0.91.1
      kernel-xen-2.6.16.60-0.91.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.91.1
      kernel-xenpae-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.91.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.91.1


References:

   https://www.suse.com/security/cve/CVE-2009-4067.html
   https://www.suse.com/security/cve/CVE-2011-1776.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://www.suse.com/security/cve/CVE-2011-3363.html

Topics%20covered

Topics Covered

security advisory security issue buffer overflow kernel update important SUSE Linux CIFSvulnerability

References

Severity
important
Lowest
Low
Medium
High
Critical


Warning: Undefined array key "block1" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/107166_c1d2d4f425d79c8c327f2b8603847ec6 on line 11

Topics%20covered

Topics Covered

security advisory security issue buffer overflow kernel update important SUSE Linux CIFSvulnerability

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here