openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Kernel update

This kernel update of the openSUSE 12.1 kernel fixes
lots of bugs and security issues.

Following issues were fixed:

- tcp: drop SYN+FIN messages (bnc#765102).
- net: sock: validate data_len before allocating skb in
sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).

- fcaps: clear the same personality flags as suid when fcaps
are used (bnc#758260 CVE-2012-2123).

- macvtap: zerocopy: validate vectors before building skb
(bnc#758243 CVE-2012-2119).

- hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020).

- xfrm: take net hdr len into account for esp payload size
calculation (bnc#759545).

- ext4: fix undefined behavior in ext4_fill_flex_info()
(bnc#757278).

- igb: fix rtnl race in PM resume path (bnc#748859).
- ixgbe: add missing rtnl_lock in PM resume path (bnc#748859).

- b43: allocate receive buffers big enough for max frame len +
offset (bnc#717749).

- xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX.
- xenbus_dev: add missing error checks to watch handling.
- hwmon: (coretemp-xen) Fix TjMax detection for older CPUs.
- hwmon: (coretemp-xen) Relax target temperature range check.
- Refresh other Xen patches.

- tlan: add cast needed for proper 64 bit operation (bnc#756840).

- dl2k: Tighten ioctl permissions (bnc#758813).

- [media] cx22702: Fix signal strength.

- fs: cachefiles: Add support for large files in filesystem
caching (bnc#747038).

- bridge: correct IPv6 checksum after pull (bnc#738644).
- bridge: fix a possible use after free (bnc#738644).
- bridge: Pseudo-header required for the checksum of ICMPv6
(bnc#738644).
- bridge: mcast snooping, fix length check of snooped MLDv1/2
(bnc#738644).

- PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455).

- ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203).

- drm/i915/crt: Remove 0xa0 probe for VGA.

- tty_audit: fix tty_audit_add_data live lock on audit disabled
(bnc#721366).

- drm/i915: suspend fbdev device around suspend/hibernate
(bnc#732908).

- dlm: Do not allocate a fd for peeloff (bnc#729247).
- sctp: Export sctp_do_peeloff (bnc#729247).

- i2c-algo-bit: Fix spurious SCL timeouts under heavy load.

- patches.fixes/epoll-dont-limit-non-nested.patch: Don't limit
non-nested epoll paths (bnc#676204).

- Update patches.suse/sd_init.mark_majors_busy.patch (bnc#744658).

- igb: Fix for Alt MAC Address feature on 82580 and later devices
(bnc#746980).

- mark busy sd majors as allocated (bug#744658).

- regset: Return -EFAULT, not -EIO, on host-side memory fault
(bnc# 750079 CVE-2012-1097).
- regset: Prevent null pointer reference on readonly regsets
(bnc#750079 CVE-2012-1097).

- mm: memcg: Correct unregistring of events attached to the same
eventfd (CVE-2012-1146 bnc#750959).

- befs: Validate length of long symbolic links (CVE-2011-2928
bnc#713430).

- si4713-i2c: avoid potential buffer overflow on si4713
(CVE-2011-2700 bnc#707332).

- staging: comedi: fix infoleak to userspace (CVE-2011-2909
bnc#711941).

- hfs: add sanity check for file name length (CVE-2011-4330
bnc#731673).

- cifs: fix dentry refcount leak when opening a FIFO on lookup
(CVE-2012-1090 bnc#749569).

- drm: integer overflow in drm_mode_dirtyfb_ioctl() (CVE-2012-0044
bnc#740745).

- xfs: fix acl count validation in xfs_acl_from_disk()
(CVE-2012-0038 bnc#740703).
- xfs: validate acl count (CVE-2012-0038 bnc#740703).

- patches.fixes/xfs-fix-possible-memory-corruption-in-xfs_readlink: Work around missing xfs_alert().

- xfs: Fix missing xfs_iunlock() on error recovery path in
xfs_readlink() (CVE-2011-4077 bnc#726600).
- xfs: Fix possible memory corruption in xfs_readlink
(CVE-2011-4077 bnc#726600).

- ext4: make ext4_split_extent() handle error correctly.
- ext4: ext4_ext_convert_to_initialized bug found in extended
FSX testing.
- ext4: add ext4_split_extent_at() and ext4_split_extent().

- ext4: reimplement convert and split_unwritten (CVE-2011-3638
bnc#726045).

- patches.fixes/epoll-limit-paths.patch: epoll: limit paths
(bnc#676204 CVE-2011-1083).
- patches.kabi/epoll-kabi-fix.patch: epoll: hide kabi change in
struct file (bnc#676204 CVE-2011-1083).

- NAT/FTP: Fix broken conntrack (bnc#681639 bnc#466279 bnc#747660).

- igmp: Avoid zero delay when receiving odd mixture of IGMP
queries (bnc#740448 CVE-2012-0207).

- jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer
(bnc#745832 CVE-2011-4086).

- AppArmor: fix oops in apparmor_setprocattr (bnc#717209
CVE-2011-3619).

- Refresh patches.suse/SoN-22-netvm.patch.
Clean and *working* patches.

- Refresh patches.suse/SoN-22-netvm.patch. (bnc#683671)
Fix an rcu locking imbalance in the receive path triggered when using vlans.

- Fix mangled patch (invalid date)
Although accepted by `patch`, this is rejected by `git apply`

- Fix mangled diff lines (leading space tab vs tab)
Although accepted by `patch`, these are rejected by `git apply`

- jbd/jbd2: validate sb->s_first in journal_get_superblock()
(bnc#730118).

- fsnotify: don't BUG in fsnotify_destroy_mark() (bnc#689860).

- Fix patches.fixes/x25-Handle-undersized-fragmented-skbs.patch
(CVE-2010-3873 bnc#651219).
- Fix
patches.fixes/x25-Prevent-skb-overreads-when-checking-call-user-da.patch
(CVE-2010-3873 bnc#651219).
- Fix
patches.fixes/x25-Validate-incoming-call-user-data-lengths.patch
(CVE-2010-3873 bnc#651219).
- Fix
patches.fixes/x25-possible-skb-leak-on-bad-facilities.patch
(CVE-2010-3873 bnc#651219 CVE-2010-4164 bnc#653260).

- Update patches.fixes/econet-4-byte-infoleak-to-the-network.patch
(bnc#681186 CVE-2011-1173).
Fix reference.

- hwmon: (w83627ehf) Properly report thermal diode sensors.

- nl80211: fix overflow in ssid_len (bnc#703410 CVE-2011-2517).
- nl80211: fix check for valid SSID size in scan operations
(bnc#703410 CVE-2011-2517).

- x25: Prevent skb overreads when checking call user data
(CVE-2010-3873 bnc#737624).
- x25: Handle undersized/fragmented skbs (CVE-2010-3873
bnc#737624).
- x25: Validate incoming call user data lengths (CVE-2010-3873
bnc#737624).
- x25: possible skb leak on bad facilities (CVE-2010-3873
bnc#737624).

- net: Add a flow_cache_flush_deferred function (bnc#737624).
- xfrm: avoid possible oopse in xfrm_alloc_dst (bnc#737624).

- scm: lower SCM_MAX_FD (bnc#655696 CVE-2010-4249).

Submitted by Jeff Mahoney (jeff_mahoney)
Reboot is suggested

Fixed bugs

bnc#717749

VUL-1: CVE-2011-3359: kernel: b43 allocates receive buffers big enough for max frame len + offset

CVE-CVE-2010-4249

The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via craf

CVE-CVE-2012-2123

CVE-CVE-2012-2136

bnc#653260

VUL-1: kernel: remote DoS in X.25

CVE-CVE-2012-2663

bnc#758260

VUL-1: CVE-2012-2123: kernel: fcaps: clear the same personality flags as suid when fcaps are used

bnc#765102

VUL-1: CVE-2012-6638: kernel: denial of service via specially forged TCP packets (SYN+FIN)

bnc#765320

VUL-1: CVE-2012-2136: kernel: data_len not validated before allocating skb in sock_alloc_send_pskb()

CVE-CVE-2012-1090

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

bnc#749569

VUL-1: CVE-2012-1090: kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount

bnc#681639

nat ftp broken in latest maintenance kernel

CVE-CVE-2011-2700

Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a

CVE-CVE-2011-2909

bnc#756840

BUG: unable to handle kernel paging request at 000000003b91bbac

CVE-CVE-2011-2928

The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a l

CVE-CVE-2012-0044

bnc#707332

VUL-1: kernel: si4713-i2c: avoid potential buffer overflow on si4713

bnc#756203

unable to handle kernel paging request (task_rq_lock)

bnc#711941

VUL-1: kernel: staging: comedi: fix infoleak to userspace

bnc#713430

VUL-1: CVE-2011-2928: kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS

bnc#740745

VUL-0: CVE-2012-0044: kernel: integer overflow in drm_mode_dirtyfb_ioctl()

CVE-CVE-2011-2517

bnc#760902

VUL-1: CVE-2012-2319: kernel: hfsplus: mounting crafted filesystem can cause code execution

bnc#689860

kernel BUG at linux-2.6.37/fs/notify/mark.c:140

bnc#703410

VUL-1: kernel: nl80211: missing check for valid SSID size in scan operations

CVE-CVE-2012-1097

bnc#750079

VUL-0: CVE-2012-1097: kernel: null pointer dereference on readonly regsets

bnc#747038

fscache 2 GB file size limitation

bnc#737624

If the number of ipsec policies exceeds the xfrm6 GC threshold (ipv6) the kernel crashes (panic).

bnc#726600

VUL-1: kernel: xfs: potential buffer overflow in xfs_readlink()

bnc#655696

VUL-1: kernel: unix socket local dos

bnc#730118

VUL-1: CVE-2011-4132: kernel: jbd/jbd2: oops

bnc#757278

VUL-1: CVE-2012-2100: kernel: ext4: fix undefined behaviour in ext4_fill_flex_info()

CVE-CVE-2011-4077

Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via

bnc#466279

/net/netfilter/nf_conntrack_ftp.c ignores RFC 1123 regarding parentheses in FTP passive mode message 227

CVE-CVE-2010-4164

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B

bnc#759545

esp hangs on some MTUs if pmtu is enabled

CVE-CVE-2009-4020

Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.

bnc#740448

VUL-1: kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries

bnc#740703

VUL-0: kernel: xfs heap overflow

bnc#738644

SKY2 driver reporting checksum problems

bnc#714455

Opensuse 11.4 64b Kernel 2.6.37.6-0.7 bug : kworker thread at 90%

CVE-CVE-2011-1173

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an

CVE-CVE-2010-3873

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_F

bnc#683671

vlans cause softirq overload

CVE-CVE-2011-4086

bnc#745832

VUL-1: CVE-2011-4086: kernel: jbd2: unmapped buffer with _Unwritten or _Delay flags set can lead to DoS

bnc#721366

failed to use pam_tty_audit

CVE-CVE-2011-3619

bnc#717209

VUL-1: kernel: /proc/[PID]/attr/current overwrite Null pointer dereference

CVE-CVE-2011-1083

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and ep

bnc#729247

kernel oops from drbd

bnc#676204

VUL-1: kernel: epoll DoS via large nested struct

CVE-CVE-2011-3638

bnc#726045

VUL-1: kernel: ext4_ext_insert_extent() kernel oops

bnc#746980

[Intel BUG] igb: Fix for Alt MAC Address feature on 82580 and later devices

bnc#758813

VUL-1: kernel: unfiltered netdev rio_ioctl access by users

CVE-CVE-2011-4330

Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.

bnc#731673

VUL-1: CVE-2011-4330: kernel: hfs: wrong ->len field can cause overflow on a corrupted fs

CVE-CVE-2012-0038

bnc#732908

Access to hd or filesystem broken after suspend2disk / resume

bnc#681186

VUL-0: kernel: econet: 4 byte infoleak to the network

CVE-CVE-2012-2119

bnc#758243

VUL-1: CVE-2012-2119: kernel: macvtap: zerocopy: vector length is not validated before pinning user pages

CVE-CVE-2012-0207

bnc#747660

FTP passive mode fails

bnc#744658

kernel BUG at /usr/src/packages/BUILD/kernel-xen-3.0.13/linux-3.0/fs/sysfs/group.c:65!

CVE-CVE-2012-1146

bnc#750959

VUL-0: kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops

bnc#651219

VUL-0: kernel: X.25 remote DoS

bnc#748859

During wake-up from standby mode call traces happen for the driver igb and ixgbe of SLES 11 SP2 GMC3.

Places

Fixed bugs

Selected Binaries

Places