The SUSE Linux Enterprise Server 11 SP1 Realtime kernel has been updated to fix various bugs and security issues.
The following security issues have been fixed:
* CVE-2012-3375: Fixed a denial of service condition in the epoll loop detection. *
CVE-2012-2390: Memory leaks in the hugetlbfs map reservation code have been fixed that could be used by local attackers to exhaust machine memory.
*
CVE-2012-2133: A fix use after free bug in 'quota' handling of hugepages has been fixed that could cause a local denial of service.
*
CVE-2012-2384: A integer overflow in i915_gem_do_execbuffer() has been fixed that might be used by local attackers to crash the kernel or potentially execute code.
*
CVE-2012-2383: A integer overflow in i915_gem_execbuffer2() has been fixed that might be used by local attackers to crash the kernel or potentially execute code.
*
CVE-2012-2123: The filesystem cabability handling was not fully correct, allowing local users to bypass fscaps related restrictions to disable e.g. address space randomization.
*
CVE-2009-4020: Fixed a potential buffer overflow in hfsplus that could have been used to crash the kernel by supplying a bad hfsplus image for mounting.
*
CVE-2011-4330: Mounting a corrupted hfs filesystem could have lead to a buffer overflow.
*
CVE-2012-1097: The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible.
*
CVE-2011-1083: Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time.
*
CVE-2012-1090: Fixed a dentry refcount leak when opening a FIFO on lookup in cifs that could have been used to crash the kernel.
*
CVE-2012-0810: A stack reusage bug has been fixed which could be used by local attackers to crash the kernel in some circumstances. As this only affects x86 32bit, it does not affect x86_64 at all.
*
CVE-2012-0044: A integer overflow in drm_mode_dirtyfb_ioctl() has been fixed that might be used by local attackers to crash the kernel or execute code.
*
CVE-2011-4077: A possible memory corruption in xfs_readlink has been fixed that could be used by local users able to mount xfs images to crash the kernel.
*
CVE-2011-4132: Fixed a oops in jbd/jbd2 that could have been caused by mounting a malicious prepared filesystem.
*
CVE-2011-4086: Fixed a oops in jbd/jbd2 that could have been caused by specific filesystem access patterns.
Also the following non security bugs have been fixed:
openSUSE Leap 42.3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Real Time Extension 11 SP1 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SUSE Linux Enterprise Server for SAP Applications 11 SP1-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP1-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3-CLIENT-TOOLS SUSE Linux Enterprise Server for SAP Applications 11 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 11-SECURITY SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 12-LTSS SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8