Am Freitag, den 15.10.2010, 16:28 +0200 schrieb Marcus Meissner:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel Announcement ID: SUSE-SA:2010:051 Date: Fri, 15 Oct 2010 14:00:00 +0000 Affected Products: openSUSE 11.3 Vulnerability Type: local privilege escalation CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) SUSE Default Package: yes Cross-References: CVE-2010-2962, CVE-2010-3310
Content of This Advisory: 1) Security Vulnerability Resolved: Linux kernel security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
This updated openSUSE 11.3 kernel fixes the following security bugs:
CVE-2010-3310: local users could corrupt kernel heap memory via ROSE sockets.
CVE-2010-2962: local users could write to any kernel memory location via the i915 GEM ioctl interface. Exploitability requires the presence of a i915 compatible graphics card.
Additionally the update restores the compat_alloc_userspace() inline function and includes several other bug fixes.
Hi! I did set up a PC with i915 graphic chipset 00:02.0 VGA compatible controller: Intel Corporation 82915G/GV/910GL Integrated Graphics Controller (rev 04) 00:02.1 Display controller: Intel Corporation 82915G Integrated Graphics Controller (rev 04) an openSUSE 11.3 x86/ 32Bit running the kernel 2.6.34-7-desktop. I did apply all updates including this Kernel-Update 2.6.34-12-desktop. Now when I try to log on KDE4 the KDE splash screen appears and the system freezes (no reaction on keyboard, mouse or ACPI "on/ off" button). Ĺoging on to IceWM e.g. still works. Rolling back to the 2.6.34-7-desktop does help. Any tips what to do? Try other kernel "flavor"? Is it a bug?! Regards, David. -- Eat, sleep and go running, ;-) David Hücking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216 -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org