Detections
Analytics

SuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 8509 / 8516 / 8518)

medium Nessus Plugin ID 71033

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to version 3.0.101 and also includes various other bug and security fixes.

The following features have been added :

 - Drivers: hv: Support handling multiple VMBUS versions (FATE#314665).

 - Drivers: hv: Save and export negotiated vmbus version (FATE#314665).

 - Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed :

 - The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102). (CVE-2013-2206)

The following non-security bugs have been fixed :

 - kernel: sclp console hangs (bnc#841498, LTC#95711).

 - intel-iommu: Fix leaks in pagetable freeing.
 (bnc#841402)

 - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets. (bnc#844513)

 - x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset. (bnc#844513)

 - iommu/vt-d: Only warn about broken interrupt remapping.
 (bnc#844513)

 - iommu: Remove stack trace from broken irq remapping warning. (bnc#844513)

 - softirq: reduce latencies. (bnc#797526)

 - Fix lockup related to stop_machine being stuck in
 __do_softirq. (bnc#797526)

 - splice: fix racy pipe->buffers uses. (bnc#827246)

 - blktrace: fix race with open trace files and directory removal. (bnc#832292)

 - mm: Do not walk all of system memory during show_mem (Reduce tasklist_lock hold times (bnc#821259)).

 - mm: Bounce memory pool initialisation. (bnc#836347)

 - mm, memcg: introduce own oom handler to iterate only over its own threads.

 - mm, memcg: move all oom handling to memcontrol.c.

 - mm, oom: avoid looping when chosen thread detaches its mm.

 - mm, oom: fold oom_kill_task() into oom_kill_process().

 - mm, oom: introduce helper function to process threads during scan.

 - mm, oom: reduce dependency on tasklist_lock.

 - ipv6: do not call fib6_run_gc() until routing is ready.
 (bnc#836218)

 - ipv6: prevent fib6_run_gc() contention. (bnc#797526)

 - ipv6: update ip6_rt_last_gc every time GC is run.
 (bnc#797526)

 - net/mlx4_en: Fix BlueFlame race. (bnc#835684)

 - netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853).

 - netfilter: prevent race condition breaking net reference counting. (bnc#835094)

 - net: remove skb_orphan_try(). (bnc#834600)

 - bonding: check bond->vlgrp in bond_vlan_rx_kill_vid().
 (bnc#834905)

 - sctp: deal with multiple COOKIE_ECHO chunks.
 (bnc#826102)

 - SUNRPC: close a rare race in xs_tcp_setup_socket.
 (bnc#794824)

 - NFS: make nfs_flush_incompatible more generous.
 (bnc#816099)

 - NFS: do not try to use lock state when we hold a delegation. (bnc#831029)

 - nfs_lookup_revalidate(): fix a leak. (bnc#828894)

 - xfs: growfs: use uncached buffers for new headers.
 (bnc#842604)

 - xfs: Check the return value of xfs_buf_get().
 (bnc#842604)

 - xfs: avoid double-free in xfs_attr_node_addname.

 - do_add_mount()/umount -l races. (bnc#836801)

 - cifs: Fix TRANS2_QUERY_FILE_INFO ByteCount fields.
 (bnc#804950)

 - cifs: Fix EREMOTE errors encountered on DFS links.
 (bnc#831143)

 - reiserfs: fix race with flush_used_journal_lists and flush_journal_list. (bnc#837803)

 - reiserfs: remove useless flush_old_journal_lists.

 - fs: writeback: Do not sync data dirtied after sync start. (bnc#833820)

 - rcu: Do not trigger false positive RCU stall detection.
 (bnc#834204)

 - lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt. (bnc#763463)

 - bnx2x: Change to D3hot only on removal. (bnc#838448)

 - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev. (bnc#833321)

 - Drivers: hv: Support handling multiple VMBUS versions (fate#314665).

 - Drivers: hv: Save and export negotiated vmbus version (fate#314665).

 - Drivers: hv: Move vmbus version definitions to hyperv.h (fate#314665).

 - Drivers: hv: util: Fix a bug in version negotiation code for util services. (bnc#828714)

 - Drivers: hv: util: Correctly support ws2008R2 and earlier. (bnc#838346)

 - Drivers: hv: util: Fix a bug in util version negotiation code. (bnc#838346)

 - iscsi: do not hang in endless loop if no targets present. (bnc#841094)

 - ata: Set proper SK when CK_COND is set. (bnc#833588)

 - md: Throttle number of pending write requests in md/raid10. (bnc#833858)

 - dm: ignore merge_bvec for snapshots when safe.
 (bnc#820848)

 - elousb: some systems cannot stomach work around.
 (bnc#840830)

 - bio-integrity: track owner of integrity payload.
 (bnc#831380)

 - quirks: add touchscreen that is dazzeled by remote wakeup. (bnc#835930)

 - Fixed Xen guest freezes. (bnc#829682, bnc#842063)

 - config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG.
 (bnc#837372)

 - series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem. (bnc#833635)

 - rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors. (bnc#821465)

 - rpm/kernel-binary.spec.in: Move the xenpae obsolete to the old-flavors file.

 - rpm/old-flavors: Convert the old-packages.conf file to a flat list.

 - rpm/old-packages.conf: Drop bogus obsoletes for 'smp'.
 (bnc#821465)

 - rpm/kernel-binary.spec.in: Make sure that all KMP obsoletes are versioned. (bnc#821465)

 - rpm/kernel-binary.spec.in: Remove unversioned provides/obsoletes for packages that were only seen in openSUSE releases up to 11.0. . (bnc#821465)

Solution

Apply SAT patch number 8509 / 8516 / 8518 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=763463

https://bugzilla.novell.com/show_bug.cgi?id=794824

https://bugzilla.novell.com/show_bug.cgi?id=797526

https://bugzilla.novell.com/show_bug.cgi?id=804950

https://bugzilla.novell.com/show_bug.cgi?id=816099

https://bugzilla.novell.com/show_bug.cgi?id=820848

https://bugzilla.novell.com/show_bug.cgi?id=821259

https://bugzilla.novell.com/show_bug.cgi?id=821465

https://bugzilla.novell.com/show_bug.cgi?id=826102

https://bugzilla.novell.com/show_bug.cgi?id=827246

https://bugzilla.novell.com/show_bug.cgi?id=827416

https://bugzilla.novell.com/show_bug.cgi?id=828714

https://bugzilla.novell.com/show_bug.cgi?id=828894

https://bugzilla.novell.com/show_bug.cgi?id=829682

https://bugzilla.novell.com/show_bug.cgi?id=831029

https://bugzilla.novell.com/show_bug.cgi?id=831143

https://bugzilla.novell.com/show_bug.cgi?id=831380

https://bugzilla.novell.com/show_bug.cgi?id=832292

https://bugzilla.novell.com/show_bug.cgi?id=833321

https://bugzilla.novell.com/show_bug.cgi?id=835094

https://bugzilla.novell.com/show_bug.cgi?id=835684

https://bugzilla.novell.com/show_bug.cgi?id=835930

https://bugzilla.novell.com/show_bug.cgi?id=836218

https://bugzilla.novell.com/show_bug.cgi?id=836347

https://bugzilla.novell.com/show_bug.cgi?id=836801

https://bugzilla.novell.com/show_bug.cgi?id=837372

https://bugzilla.novell.com/show_bug.cgi?id=837803

https://bugzilla.novell.com/show_bug.cgi?id=838346

https://bugzilla.novell.com/show_bug.cgi?id=838448

https://bugzilla.novell.com/show_bug.cgi?id=840830

https://bugzilla.novell.com/show_bug.cgi?id=841094

https://bugzilla.novell.com/show_bug.cgi?id=841402

https://bugzilla.novell.com/show_bug.cgi?id=841498

https://bugzilla.novell.com/show_bug.cgi?id=842063

https://bugzilla.novell.com/show_bug.cgi?id=842604

https://bugzilla.novell.com/show_bug.cgi?id=844513

http://support.novell.com/security/cve/CVE-2013-2206.html

https://bugzilla.novell.com/show_bug.cgi?id=833588

https://bugzilla.novell.com/show_bug.cgi?id=833635

https://bugzilla.novell.com/show_bug.cgi?id=833820

https://bugzilla.novell.com/show_bug.cgi?id=833858

https://bugzilla.novell.com/show_bug.cgi?id=834204

https://bugzilla.novell.com/show_bug.cgi?id=834600

https://bugzilla.novell.com/show_bug.cgi?id=834905

Plugin Details

Severity: Medium

ID: 71033

File Name: suse_11_kernel-131106.nasl

Version: 1.3

Type: local

Agent: unix

Published: 11/22/2013

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-trace-extra, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:xen-kmp-pae, p-cpe:/a:novell:suse_linux:11:xen-kmp-trace, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/6/2013

Reference Information

CVE: CVE-2013-2206