Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2012.0153.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:0153-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2012:0153-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2012:0153-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54, fixing numerous bugs and security issues.

The following security issues have been fixed:

* A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. ( CVE-2011-4127
> )
* KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel.
(CVE-2011-4110
> )
* Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. (CVE-2011-4081
> )
* Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077
> )
* A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038
> )
* A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. ( CVE-2011-4132
> )
* Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g.
guessing passwords by typing speed). ( CVE-2011-2494
> )
* When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873
> )
* When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective,
which these days is usually not the case. (CVE-2010-4164
> )
* A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed.
(CVE-2011-2699
> )

The following non-security issues have been fixed (excerpt from changelog):

* elousb: Fixed bug in USB core API usage, code cleanup.
* cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry.
* cifs: set server_eof in cifs_fattr_to_inode.
* xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink().
* Silence some warnings about ioctls on partitions.
* netxen: Remove all references to unified firmware file.
* bonding: send out gratuitous arps even with no address configured.
* patches.fixes/ocfs2-serialize_unaligned_aio.patch:
ocfs2: serialize unaligned aio.
*
patches.fixes/bonding-check-if-clients-MAC-addr-has-changed.
patch: Update references.
* xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time.
* ipmi: reduce polling when interrupts are available.
* ipmi: reduce polling.
* export shrink_dcache_for_umount_subtree.
* patches.suse/stack-unwind: Fix more 2.6.29 merg... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise High Availability Extension 11 SP1, SUSE Linux Enterprise Desktop 11 SP1

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3873
Debian Security Information: DSA-2126 (Google Search)
http://www.debian.org/security/2010/dsa-2126
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
http://www.spinics.net/lists/netdev/msg145786.html
http://www.spinics.net/lists/netdev/msg145873.html
http://openwall.com/lists/oss-security/2010/11/03/2
http://openwall.com/lists/oss-security/2010/11/04/3
http://secunia.com/advisories/43291
SuSE Security Announcement: SUSE-SA:2011:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
http://www.vupen.com/english/advisories/2011/0375
Common Vulnerability Exposure (CVE) ID: CVE-2010-4164
BugTraq ID: 45055
http://www.securityfocus.com/bid/45055
http://marc.info/?l=linux-netdev&m=128951543005554&w=2
http://openwall.com/lists/oss-security/2010/11/11/2
http://openwall.com/lists/oss-security/2010/11/12/3
http://secunia.com/advisories/42778
http://secunia.com/advisories/42801
http://secunia.com/advisories/42932
SuSE Security Announcement: SUSE-SA:2010:060 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
SuSE Security Announcement: SUSE-SA:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html
SuSE Security Announcement: SUSE-SA:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html
SuSE Security Announcement: SUSE-SA:2011:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.vupen.com/english/advisories/2011/0012
http://www.vupen.com/english/advisories/2011/0124
http://www.vupen.com/english/advisories/2011/0298
Common Vulnerability Exposure (CVE) ID: CVE-2011-2494
http://www.openwall.com/lists/oss-security/2011/06/27/1
http://secunia.com/advisories/48898
SuSE Security Announcement: SUSE-SU-2012:0554 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2699
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.openwall.com/lists/oss-security/2011/07/20/5
http://www.securitytracker.com/id?1027274
Common Vulnerability Exposure (CVE) ID: CVE-2011-4077
HPdes Security Advisory: HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://xorl.wordpress.com/2011/12/07/cve-2011-4077-linux-kernel-xfs-readlink-memory-corruption/
http://www.openwall.com/lists/oss-security/2011/10/26/1
http://www.openwall.com/lists/oss-security/2011/10/26/3
http://oss.sgi.com/archives/xfs/2011-10/msg00345.html
http://secunia.com/advisories/48964
Common Vulnerability Exposure (CVE) ID: CVE-2011-4081
http://www.openwall.com/lists/oss-security/2011/10/27/2
Common Vulnerability Exposure (CVE) ID: CVE-2011-4110
BugTraq ID: 50755
http://www.securityfocus.com/bid/50755
https://lkml.org/lkml/2011/11/15/363
http://www.openwall.com/lists/oss-security/2011/11/21/19
http://www.openwall.com/lists/oss-security/2011/11/22/6
http://www.openwall.com/lists/oss-security/2011/11/22/5
http://secunia.com/advisories/47754
http://www.ubuntu.com/usn/USN-1324-1
http://www.ubuntu.com/usn/USN-1328-1
http://www.ubuntu.com/usn/USN-1344-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-4127
http://www.openwall.com/lists/oss-security/2011/12/22/5
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-4132
BugTraq ID: 50663
http://www.securityfocus.com/bid/50663
http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/
http://www.openwall.com/lists/oss-security/2011/11/11/6
http://www.openwall.com/lists/oss-security/2011/11/13/4
http://securitytracker.com/id?1026325
Common Vulnerability Exposure (CVE) ID: CVE-2012-0038
http://www.openwall.com/lists/oss-security/2012/01/10/11
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.