|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2012:1679-1)|
|Summary:||The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2012:1679-1 advisory.|
The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2012:1679-1 advisory.
The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.51 which fixes various bugs and security issues.
It contains the following feature enhancements:
* The cachefiles framework is now supported
(FATE#312793, bnc#782369). The userland utilities were published seperately to support this feature.
* The ipset netfilter modules are now supported
(FATE#313309) The ipset userland utility will be published seperately to support this feature.
* The tipc kernel module is now externally supported
* Hyper-V KVP IP injection was implemented
(FATE#314441). A seperate hyper-v package will be published to support this feature.
* Intel Lynx Point PCH chipset support was added.
Enable various md/raid10 and DASD enhancements.
(FATE#311379) These make it possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array.
Also added support for reshaping of RAID10 arrays.
mdadm changes will be published to support this feature.
The following security issues have been fixed:
* CVE-2012-5517: A race condition on hot adding memory could be used by local attackers to crash the system during hot adding new memory.
* CVE-2012-4461: A flaw has been found in the way Linux kernels KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could have used this flaw to crash the system.
* CVE-2012-1601: The KVM implementation in the Linux kernel allowed host OS users to cause a denial of service
(NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
* CVE-2012-2372: Attempting an rds connection from the IP address of an IPoIB interface to itself causes a kernel panic due to a BUG_ON() being triggered. Making the test less strict allows rds-ping to work without crashing the machine. A local unprivileged user could use this flaw to crash the system.
* CVE-2012-4508: Dimitry Monakhov, one of the ext4 developers, has discovered a race involving asynchronous I/O and fallocate which can lead to the exposure of stale data --- that is, an extent which should have had the
'uninitialized' bit set indicating that its blocks have not yet been written and thus contain data from a deleted file will get exposed to anyone with read access to the file.
* CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.
* CVE-2012-3412: The sfc (aka Solarflare Solarstorm)
driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controlle... [Please see the references for more information on the vulnerabilities]
'Linux kernel' package(s) on SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise High Availability Extension 11 SP2, SUSE Linux Enterprise Desktop 11 SP2, SLE 11
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2012-1601|
Debian Security Information: DSA-2469 (Google Search)
RedHat Security Advisories: RHSA-2012:0571
RedHat Security Advisories: RHSA-2012:0676
SuSE Security Announcement: SUSE-SU-2012:1679 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-2372
BugTraq ID: 54062
HPdes Security Advisory: HPSBGN02970
RedHat Security Advisories: RHSA-2012:0743
RedHat Security Advisories: RHSA-2012:1540
Common Vulnerability Exposure (CVE) ID: CVE-2012-3412
RedHat Security Advisories: RHSA-2012:1323
RedHat Security Advisories: RHSA-2012:1324
RedHat Security Advisories: RHSA-2012:1347
RedHat Security Advisories: RHSA-2012:1375
RedHat Security Advisories: RHSA-2012:1401
RedHat Security Advisories: RHSA-2012:1430
SuSE Security Announcement: openSUSE-SU-2012:1330 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-3430
Common Vulnerability Exposure (CVE) ID: CVE-2012-4461
BugTraq ID: 56414
RedHat Security Advisories: RHSA-2013:0223
RedHat Security Advisories: RHSA-2013:0882
Common Vulnerability Exposure (CVE) ID: CVE-2012-4508
RedHat Security Advisories: RHSA-2013:0496
RedHat Security Advisories: RHSA-2013:1519
RedHat Security Advisories: RHSA-2013:1783
Common Vulnerability Exposure (CVE) ID: CVE-2012-5517
BugTraq ID: 56527
RedHat Security Advisories: RHSA-2012:1580
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.