Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2012:6172

Overview

Id SUSE-2012:6172
Name Novell SUSE 2012:6172 kernel security update for SLE 11 SP2 i586
Vendor Name novell
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 17 Apr 2012 12:00:00

SUSE-2012:6172

Novell SUSE 2012:6172 kernel security update for SLE 11 SP2 i586

Vendor Name

novell

Product

None

Released On

17 Apr 2012 12:00:00

Url

http://www.novell.com/support/search.do?usemicrosite=true&searchString=c376b59b3b132786ff345a43f594d3dd

Description

LSAC(v2)
The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. The following security issues have been fixed: * CVE-2012-1179: A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a privileged guest user could crash the kvm host system. * CVE-2011-4127: A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. * CVE-2012-1146: A local attacker could oops the kernel using memory control groups and eventfds. * CVE-2011-1083: Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. * CVE-2012-1097: The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. * CVE-2011-2494: Access to the /proc/pid/taskstats file requires root access to avoid side channel (timing keypresses etc.) attacks on other users. * CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns. * CVE-2011-4131: A malicious NFSv4 server could have caused a oops in the nfsv4 acl handling. * CVE-2011-4132: Fixed a oops in jbd/jbd2 that could be caused by mounting a malicious prepared filesystem. (Also included are all fixes from the 3.0.14 -> 3.0.25 stable kernel updates.) The following non-security issues have been fixed: EFI: * efivars: add missing parameter to efi_pstore_read(). BTRFS: * add a few error cleanups. * btrfs: handle errors when excluding super extents (FATE#306586 bnc#751015). * btrfs: Fix missing goto in btrfs_ioctl_clone. * btrfs: Fixed mishandled -EAGAIN error case from btrfs_split_item (bnc#750459). * btrfs: disallow unequal data/metadata blocksize for mixed block groups (FATE#306586). * btrfs: enhance superblock sanity checks (FATE#306586 bnc#749651). * btrfs: update message levels (FATE#306586). * btrfs 3.3-rc6 updates: o avoid setting ->d_op twice (FATE#306586 bnc#731387). o btrfs: fix wrong information of the directory in the snapshot (FATE#306586). o btrfs: fix race in reada (FATE#306586). o btrfs: do not add both copies of DUP to reada extent tree (FATE#306586). o btrfs: stop silently switching single chunks to raid0 on balance (FATE#306586). o btrfs: fix locking issues in find_parent_nodes() (FATE#306586). o btrfs: fix casting error in scrub reada code (FATE#306586). * btrfs sync with upstream up to 3.3-rc5 (FATE#306586) * btrfs: Sector Size check during Mount * btrfs: avoid positive number with ERR_PTR * btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. * btrfs: fix trim 0 bytes after a device delete * btrfs: do not check DUP chunks twice * btrfs: fix memory leak in load_free_space_cache() * btrfs: delalloc for page dirtied out-of-band in fixup worker * btrfs: fix structs where bitfields and spinlock/atomic share 8B word. * btrfs: silence warning in raid arr

Related Resources

Related Vulnerabilities

CVE-2011-2494   CVE-2011-4127   CVE-2011-4132   CVE-2011-1083   CVE-2011-4086   CVE-2011-4131   CVE-2012-1097   CVE-2012-1146   CVE-2012-1179   CVE-2012-1090  

Related Patches

None

Superseded Patches

None


Last Updated: 27 May 2016 11:13:37