Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2012:7123

Overview

Id SUSE-2012:7123
Name Novell SUSE 2012:7123 kernel security update for SLE 11 SP2 i586
Vendor Name novell
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 03 Dec 2012 12:00:00

SUSE-2012:7123

Novell SUSE 2012:7123 kernel security update for SLE 11 SP2 i586

Vendor Name

novell

Product

None

Released On

03 Dec 2012 12:00:00

Url

http://www.novell.com/support/search.do?usemicrosite=true&searchString=86bed550f5d8ade87da027c780377d92

Description

LSAC(v2)
The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.51 which fixes various bugs and security issues. It contains the following feature enhancements: * The cachefiles framework is now supported (FATE#312793, bnc#782369). The userland utilities were published seperately to support this feature. * The ipset netfilter modules are now supported (FATE#313309) The ipset userland utility will be published seperately to support this feature. * The tipc kernel module is now externally supported (FATE#305033). * Hyper-V KVP IP injection was implemented (FATE#314441). A seperate hyper-v package will be published to support this feature. * Intel Lynx Point PCH chipset support was added. (FATE#313409) * Enable various md/raid10 and DASD enhancements. (FATE#311379) These make it possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. Also added support for reshaping of RAID10 arrays. mdadm changes will be published to support this feature. The following security issues have been fixed: * CVE-2012-5517: A race condition on hot adding memory could be used by local attackers to crash the system during hot adding new memory. * CVE-2012-4461: A flaw has been found in the way Linux kernels KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could have used this flaw to crash the system. * CVE-2012-1601: The KVM implementation in the Linux kernel allowed host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. * CVE-2012-2372: Attempting an rds connection from the IP address of an IPoIB interface to itself causes a kernel panic due to a BUG_ON() being triggered. Making the test less strict allows rds-ping to work without crashing the machine. A local unprivileged user could use this flaw to crash the sytem. * CVE-2012-4508: Dimitry Monakhov, one of the ext4 developers, has discovered a race involving asynchronous I/O and fallocate which can lead to the exposure of stale data --- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file will get exposed to anyone with read access to the file. * CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. * CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. The following non-security issues have been fixed: BTRFS: * btrfs: fix double mntput() in mount_subvol(). * btrfs: use common work instead of delayed work * btrfs: limit fallocate extent reservation to 256MB * btrfs: fix a

Related Resources

Related Vulnerabilities

CVE-2012-3430   CVE-2012-1601   CVE-2012-2372   CVE-2012-3412   CVE-2012-4461   CVE-2012-5517   CVE-2012-4508  

Related Patches

None

Superseded Patches


Last Updated: 27 May 2016 11:15:58