SUSE-SU-2015:0652-1

The SUSE Linux Enterprise 11 SP1 Teradata kernel was updated to fix bugs and security issues.

Following security issues were fixed:

CVE-2011-1083: Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time.

CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns.

CVE-2011-4622: KVM: Prevent starting PIT timers in the absence of irqchip support.

CVE-2012-0045: KVM: Extend 'struct x86emulateops' with 'get_cpuid' and fix missing checks in syscall emulation.

CVE-2012-0879: Fix iocontext leak after clone with CLONEIO.

CVE-2012-1090: Fixed a dentry refcount leak in the CIFS file system that could lead to a crash on unmount.

CVE-2012-1097: The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible.

Following non-security issues were fixed:

* SCSI inquiry doesn't return data on SLES 11-SP1 Xen VMs (bnc#745929).
* FC transport driver killing off the timers/work queues (bnc#734300).
* The driver ixgbevf doesn't work on newer SLES 11-SP1 kernels
  (bnc#752972).
* Pack sparsemem memmap sections closer together and in higher zones
  (bnc#743870).

Following feature was implemented:

* The megaraid_sas driver update to version 5.40-LSI (bnc#736813).

Security Issues:

* CVE-2011-1083
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1083>
* CVE-2011-4086
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4086>
* CVE-2011-4622
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4622>
* CVE-2012-0045
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0045>
* CVE-2012-0879
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0879>
* CVE-2012-1090
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1090>
* CVE-2012-1097
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1097>