Bugzilla – Bug 730118
VUL-1: CVE-2011-4132: kernel: jbd/jbd2: oops
Last modified: 2015-04-30 19:07:47 UTC
Via oss-sec: ----------------------------------------------------------------------- A flaw was found in the way Linux kernel's Journaling Block Device (JBD) handled invalid log first block value. An attacker able to mount malicious ext3 or ext4 image could use this flaw to crash the system. Upstream commit: 8762202dd0d6e46854f786bdb6fb3780a1625efe Reference: https://bugzilla.redhat.com/show_bug.cgi?id=753341 -----------------------------------------------------------------------
Hmm the patch seem to apply even to sles9 (except jbd2 is not necessary). But I cannot tell whether the patch is actually needed. Jack, could you double check, please?
Yes, the vulnerability is in all our shipped kernels.
is in patches.kernel.org/patch-2.6.32.50-51 for sle11-sp1.
OK, I'll push it...
Pushed to openSUSE 11.4, SLES10_SP4_BRANCH, and SLES9_SP4_BRANCH. openSUSE 12.1 has the fix from -stable (as well as SLE11-SP1 as you wrote). SLE11-SP2 will get the fix from -stable as soon as GM phase is over and we start updating things... I'm leaving the bug open as a reminder because of SLE11-SP2 and I'll close it when I verify SLE11-SP2 got the fix.
Update released for: kernel-default-extra Products: SLE-SERVER 11-EXTRA (s390x)
Update released for: kernel-default-extra, kernel-ppc64-extra Products: SLE-SERVER 11-EXTRA (ppc64)
Update released for: kernel-default-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (x86_64)
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (i386)
Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-devel, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-pae, kernel-pae-base, kernel-pae-devel, kernel-pae-extra, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-devel, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen Products: SLE-DEBUGINFO 11-SP1 (i386) SLE-DESKTOP 11-SP1 (i386) SLE-HAE 11-SP1 (i386) SLE-SERVER 11-SP1 (i386) SLES4VMWARE 11-SP1 (i386)
Update released for: kernel-default-extra Products: SLE-SERVER 11-EXTRA (ia64)
Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, ocfs2-kmp-default, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP1 (ia64) SLE-HAE 11-SP1 (ia64) SLE-SERVER 11-SP1 (ia64)
Update released for: btrfs-kmp-default, btrfs-kmp-ppc64, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-ppc64, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP1 (ppc64) SLE-HAE 11-SP1 (ppc64) SLE-SERVER 11-SP1 (ppc64)
Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP1 (s390x) SLE-HAE 11-SP1 (s390x) SLE-SERVER 11-SP1 (s390x)
A kernel update for SUSE Linux Enterprise 11 SP1 was just released that fixes/mentions this bug. The released version is 2.6.32.54-0.3.1.
Update released for: btrfs-kmp-default, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen Products: SLE-DEBUGINFO 11-SP1 (x86_64) SLE-DESKTOP 11-SP1 (x86_64) SLE-HAE 11-SP1 (x86_64) SLE-SERVER 11-SP1 (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (x86_64)
Pushed to SLE11-SP2. Closing the bug.
we missed slert11 sp1... Michael? also possibly slert10 sp3.
Pushed to SLE11-SP1-RT and SLERT10_SP3.
Thanks Michael. Closing again.
We have just released a kernel update for SUSE Linux Enterprise 11 SP2 that mentions/fixes this bug. The released version is 3.0.26-0.7.6.
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP2 (s390x) SLE-HAE 11-SP2 (s390x) SLE-SERVER 11-SP2 (s390x)
Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP2 (ppc64) SLE-HAE 11-SP2 (ppc64) SLE-SERVER 11-SP2 (ppc64)
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP2 (ia64) SLE-HAE 11-SP2 (ia64) SLE-SERVER 11-SP2 (ia64)
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-devel, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-devel, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen Products: SLE-DEBUGINFO 11-SP2 (i386) SLE-DESKTOP 11-SP2 (i386) SLE-HAE 11-SP2 (i386) SLE-SERVER 11-SP2 (i386) SLES4VMWARE 11-SP2 (i386)
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-ppc64, kernel-default-extra, kernel-ppc64-extra Products: SLE-SERVER 11-EXTRA (ppc64)
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-pae, ext4-writeable-kmp-xen, kernel-default-extra, kernel-pae-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (i386)
Update released for: ext4-writeable-kmp-default, kernel-default-extra Products: SLE-SERVER 11-EXTRA (ia64)
We have just released a SUSE Linux Enterprise 10 SP4 kernel update that fixes/mentions this bug. The released version was 2.6.16.60-0.97.1.
Update released for: kernel-bigsmp, kernel-bigsmp-debuginfo, kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-kdumppae, kernel-kdumppae-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-syms-debuginfo, kernel-vmi, kernel-vmi-debuginfo, kernel-vmipae, kernel-vmipae-debuginfo, kernel-xen, kernel-xen-debuginfo, kernel-xenpae, kernel-xenpae-debuginfo Products: SLE-DEBUGINFO 10-SP4 (i386) SLE-DESKTOP 10-SP4 (i386) SLE-SDK 10-SP4 (i386) SLE-SERVER 10-SP4 (i386)
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 10-SP4 (ia64) SLE-SDK 10-SP4 (ia64) SLE-SERVER 10-SP4 (ia64)
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo Products: SLE-DEBUGINFO 10-SP4 (x86_64) SLE-DESKTOP 10-SP4 (x86_64) SLE-SDK 10-SP4 (x86_64) SLE-SERVER 10-SP4 (x86_64)
Update released for: kernel-default, kernel-default-debuginfo, kernel-iseries64, kernel-iseries64-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-ppc64, kernel-ppc64-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 10-SP4 (ppc) SLE-SDK 10-SP4 (ppc) SLE-SERVER 10-SP4 (ppc)
Update released for: kernel-default, kernel-default-debuginfo, kernel-source, kernel-syms Products: SLE-DEBUGINFO 10-SP4 (s390x) SLE-SERVER 10-SP4 (s390x)
openSUSE-SU-2012:0799-1: An update that solves 25 vulnerabilities and has 22 fixes is now available. Category: security (moderate) Bug References: 466279,651219,653260,655696,676204,681186,681639,683671,689860,703410,707332,711941,713430,714455,717209,717749,721366,726045,726600,729247,730118,731673,732908,737624,738644,740448,740703,740745,744658,745832,746980,747038,747660,748859,749569,750079,750959,756203,756840,757278,758243,758260,758813,759545,760902,765102,765320 CVE References: CVE-2009-4020,CVE-2010-3873,CVE-2010-4164,CVE-2010-4249,CVE-2011-1083,CVE-2011-1173,CVE-2011-2517,CVE-2011-2700,CVE-2011-2909,CVE-2011-2928,CVE-2011-3619,CVE-2011-3638,CVE-2011-4077,CVE-2011-4086,CVE-2011-4330,CVE-2012-0038,CVE-2012-0044,CVE-2012-0207,CVE-2012-1090,CVE-2012-1097,CVE-2012-1146,CVE-2012-2119,CVE-2012-2123,CVE-2012-2136,CVE-2012-2663 Sources used: openSUSE 11.4 (src): kernel-docs-2.6.37.6-0.20.2, kernel-source-2.6.37.6-0.20.1, kernel-syms-2.6.37.6-0.20.1, preload-1.2-6.17.1
Update released for: brocade-bna-kmp-rt, cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-source-rt, kernel-syms-rt, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt Products: SLE-RT 11-SP1 (x86_64)
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-xen, kernel-default-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (x86_64)
Update released for: ext4-writeable-kmp-default, kernel-default-extra Products: SLE-SERVER 11-EXTRA (s390x)
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen Products: SLE-DEBUGINFO 11-SP2 (x86_64) SLE-DESKTOP 11-SP2 (x86_64) SLE-HAE 11-SP2 (x86_64) SLE-SERVER 11-SP2 (x86_64) SLES4VMWARE 11-SP2 (x86_64)
openSUSE-SU-2012:1439-1: An update that solves 26 vulnerabilities and has 28 fixes is now available. Category: security (moderate) Bug References: 466279,651219,653260,655696,676204,681186,681639,683671,689860,703410,707332,711941,713430,714455,717209,717749,721366,726045,726600,729247,730118,731673,732908,734056,737624,738644,740448,740703,740745,744658,745832,746980,747038,747660,748859,749569,750079,750959,755546,756203,756840,757278,758243,758260,758813,759545,760902,765102,765320,769408,769784,769896,774285,781134 CVE References: CVE-2009-4020,CVE-2010-3873,CVE-2010-4164,CVE-2010-4249,CVE-2011-1083,CVE-2011-1173,CVE-2011-2517,CVE-2011-2700,CVE-2011-2909,CVE-2011-2928,CVE-2011-3619,CVE-2011-3638,CVE-2011-4077,CVE-2011-4086,CVE-2011-4110,CVE-2011-4330,CVE-2012-0038,CVE-2012-0044,CVE-2012-0207,CVE-2012-1090,CVE-2012-1097,CVE-2012-1146,CVE-2012-2119,CVE-2012-2123,CVE-2012-2136,CVE-2012-2663 Sources used: openSUSE 11.4 (src): kernel-docs-2.6.37.6-24.2, kernel-source-2.6.37.6-24.1, kernel-syms-2.6.37.6-24.1, preload-1.2-6.19.1
The SWAMPID for this issue is 54954. This issue was rated as moderate. Please submit fixed packages until 2013-11-20. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: kernel-default, kernel-default-debuginfo, kernel-source, kernel-syms Products: SLE-DEBUGINFO 10-SP3 (s390x) SLE-SERVER 10-SP3-LTSS (s390x)
Update released for: kernel-bigsmp, kernel-bigsmp-debuginfo, kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-kdumppae, kernel-kdumppae-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-syms-debuginfo, kernel-vmi, kernel-vmi-debuginfo, kernel-vmipae, kernel-vmipae-debuginfo, kernel-xen, kernel-xen-debuginfo, kernel-xenpae, kernel-xenpae-debuginfo Products: SLE-DEBUGINFO 10-SP3 (i386) SLE-SERVER 10-SP3-LTSS (i386)
SUSE-SU-2015:0812-1: An update that fixes 39 vulnerabilities is now available. Category: security (important) Bug References: 677286,679812,681175,681999,683282,685402,687812,730118,730200,738400,758813,760902,769784,823260,846404,853040,854722,863335,874307,875051,880484,883223,883795,885422,891844,892490,896390,896391,896779,902346,907818,908382,910251,911325 CVE References: CVE-2011-1090,CVE-2011-1163,CVE-2011-1476,CVE-2011-1477,CVE-2011-1493,CVE-2011-1494,CVE-2011-1495,CVE-2011-1585,CVE-2011-4127,CVE-2011-4132,CVE-2011-4913,CVE-2011-4914,CVE-2012-2313,CVE-2012-2319,CVE-2012-3400,CVE-2012-6657,CVE-2013-2147,CVE-2013-4299,CVE-2013-6405,CVE-2013-6463,CVE-2014-0181,CVE-2014-1874,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-5471,CVE-2014-5472,CVE-2014-9090,CVE-2014-9322,CVE-2014-9420,CVE-2014-9584,CVE-2015-2041 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): kernel-bigsmp-2.6.16.60-0.132.1, kernel-debug-2.6.16.60-0.132.1, kernel-default-2.6.16.60-0.132.1, kernel-kdump-2.6.16.60-0.132.1, kernel-kdumppae-2.6.16.60-0.132.1, kernel-smp-2.6.16.60-0.132.1, kernel-source-2.6.16.60-0.132.1, kernel-syms-2.6.16.60-0.132.1, kernel-vmi-2.6.16.60-0.132.1, kernel-vmipae-2.6.16.60-0.132.1, kernel-xen-2.6.16.60-0.132.1, kernel-xenpae-2.6.16.60-0.132.1