Mailinglist Archive: opensuse-security-announce (31 mails)

< Previous Next >
[security-announce] SUSE-SU-2011:1058-1: important: Security update for the Linux kernel
SUSE Security Update: Security update for the Linux kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2011:1058-1
Rating: important
References: #635880 #665543 #677676 #684297 #687812 #689797
#692784 #693043 #696107 #698221 #701254 #701355
#702013 #702285 #705463 #714001
Cross-References: CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
CVE-2011-1585 CVE-2011-1745 CVE-2011-1746
CVE-2011-1776 CVE-2011-2022 CVE-2011-2182
CVE-2011-2491 CVE-2011-2496 CVE-2011-3191

Affected Products:
SUSE Linux Enterprise Server 10 SP3
SLE SDK 10 SP3
______________________________________________________________________________

An update that solves 12 vulnerabilities and has four fixes
is now available.

Description:


This kernel update for the SUSE Linux Enterprise 10 SP3
kernel fixes several security issues and bugs.

The following security issues have been fixed:

*

CVE-2011-3191: A signedness issue in CIFS could
possibly have lead to to memory corruption, if a malicious
server could send crafted replies to the host.

*

CVE-2011-1776: Timo Warns reported an issue in the
Linux implementation for GUID partitions. Users with
physical access could gain access to sensitive kernel
memory by adding a storage device with a specially crafted
corrupted invalid partition table.

*

CVE-2011-1093: The dccp_rcv_state_process function in
net/dccp/input.c in the Datagram Congestion Control
Protocol (DCCP) implementation in the Linux kernel did not
properly handle packets for a CLOSED endpoint, which
allowed remote attackers to cause a denial of service (NULL
pointer dereference and OOPS) by sending a DCCP-Close
packet followed by a DCCP-Reset packet.

*

CVE-2011-1745: Integer overflow in the
agp_generic_insert_memory function in
drivers/char/agp/generic.c in the Linux kernel allowed
local users to gain privileges or cause a denial of service
(system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
call.

*

CVE-2011-1746: Multiple integer overflows in the (1)
agp_allocate_memory and (2) agp_create_user_memory
functions in drivers/char/agp/generic.c in the Linux kernel
allowed local users to trigger buffer overflows, and
consequently cause a denial of service (system crash) or
possibly have unspecified other impact, via vectors related
to calls that specify a large number of memory pages.

*

CVE-2011-2022: The agp_generic_remove_memory function
in drivers/char/agp/generic.c in the Linux kernel before
2.6.38.5 did not validate a certain start parameter, which
allowed local users to gain privileges or cause a denial of
service (system crash) via a crafted AGPIOC_UNBIND
agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.

*

CVE-2011-0726: The do_task_stat function in
fs/proc/array.c in the Linux kernel did not perform an
expected uid check, which made it easier for local users to
defeat the ASLR protection mechanism by reading the
start_code and end_code fields in the /proc/#####/stat file
for a process executing a PIE binary.

*

CVE-2011-2496: The normal mmap paths all avoid
creating a mapping where the pgoff inside the mapping could
wrap around due to overflow. However, an expanding mremap()
can take such a non-wrapping mapping and make it bigger and
cause a wrapping condition.

*

CVE-2011-2491: A local unprivileged user able to
access a NFS filesystem could use file locking to deadlock
parts of an nfs server under some circumstance.

*

CVE-2011-1017,CVE-2011-2182: The code for evaluating
LDM partitions (in fs/partitions/ldm.c) contained bugs that
could crash the kernel for certain corrupted LDM partitions.

*

CVE-2011-1585: When using a setuid root mount.cifs,
local users could hijack password protected mounted CIFS
shares of other local users.

Also following non-security bugs were fixed:

*
patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldmem-to
-check-for-non-ram-pages.patch: fs/proc/vmcore.c: add hook
to read_from_oldmem() to check for non-ram pages
(bnc#684297).
* patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix
memory leak on release.
* patches.xen/1074-xenbus_conn-type.patch: xenbus: fix
type inconsistency with xenbus_conn().
* patches.xen/1080-blkfront-xenbus-gather-format.patch:
blkfront: fix data size for xenbus_gather in connect().
*
patches.xen/1081-blkback-resize-transaction-end.patch:
xenbus: fix xenbus_transaction_start() hang caused by
double xenbus_transaction_end().
* patches.xen/1089-blkback-barrier-check.patch:
blkback: dont fail empty barrier requests.
* patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus:
dont BUG() on user mode induced conditions (bnc#696107).
* patches.xen/1098-blkfront-cdrom-ioctl-check.patch:
blkfront: avoid NULL de-reference in CDROM ioctl handling
(bnc#701355).
* patches.xen/1102-x86-max-contig-order.patch: x86: use
dynamically adjusted upper bound for contiguous regions
(bnc#635880).
*
patches.xen/xen3-x86-sanitize-user-specified-e820-memmap-val
ues.patch: x86: sanitize user specified e820 memmap values
(bnc#665543).
*
patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
ing-progress: Fix typo, which was uncovered in debug mode.
* patches.fixes/pacct-fix-sighand-siglock-usage.patch:
Fix sighand->siglock usage in kernel/acct.c (bnc#705463).

Security Issue references:

* CVE-2011-0726
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726
>
* CVE-2011-1017
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017
>
* CVE-2011-1093
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093
>
* CVE-2011-1745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
>
* CVE-2011-1746
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
>
* CVE-2011-1776
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
>
* CVE-2011-2022
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022
>
* CVE-2011-2182
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182
>
* CVE-2011-2491
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491
>
* CVE-2011-2496
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496
>
* CVE-2011-3191
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191
>
* CVE-2011-1585
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585
>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.


Package List:

- SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64):

kernel-default-2.6.16.60-0.83.2
kernel-source-2.6.16.60-0.83.2
kernel-syms-2.6.16.60-0.83.2

- SUSE Linux Enterprise Server 10 SP3 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.83.2

- SUSE Linux Enterprise Server 10 SP3 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.83.2

- SUSE Linux Enterprise Server 10 SP3 (i586 x86_64):

kernel-smp-2.6.16.60-0.83.2
kernel-xen-2.6.16.60-0.83.2

- SUSE Linux Enterprise Server 10 SP3 (i586):

kernel-bigsmp-2.6.16.60-0.83.2
kernel-kdumppae-2.6.16.60-0.83.2
kernel-vmi-2.6.16.60-0.83.2
kernel-vmipae-2.6.16.60-0.83.2
kernel-xenpae-2.6.16.60-0.83.2

- SUSE Linux Enterprise Server 10 SP3 (ppc):

kernel-iseries64-2.6.16.60-0.83.2
kernel-ppc64-2.6.16.60-0.83.2

- SLE SDK 10 SP3 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.83.2

- SLE SDK 10 SP3 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.83.2

- SLE SDK 10 SP3 (i586 x86_64):

kernel-xen-2.6.16.60-0.83.2

- SLE SDK 10 SP3 (i586):

kernel-xenpae-2.6.16.60-0.83.2


References:

http://support.novell.com/security/cve/CVE-2011-0726.html
http://support.novell.com/security/cve/CVE-2011-1017.html
http://support.novell.com/security/cve/CVE-2011-1093.html
http://support.novell.com/security/cve/CVE-2011-1585.html
http://support.novell.com/security/cve/CVE-2011-1745.html
http://support.novell.com/security/cve/CVE-2011-1746.html
http://support.novell.com/security/cve/CVE-2011-1776.html
http://support.novell.com/security/cve/CVE-2011-2022.html
http://support.novell.com/security/cve/CVE-2011-2182.html
http://support.novell.com/security/cve/CVE-2011-2491.html
http://support.novell.com/security/cve/CVE-2011-2496.html
http://support.novell.com/security/cve/CVE-2011-3191.html
https://bugzilla.novell.com/635880
https://bugzilla.novell.com/665543
https://bugzilla.novell.com/677676
https://bugzilla.novell.com/684297
https://bugzilla.novell.com/687812
https://bugzilla.novell.com/689797
https://bugzilla.novell.com/692784
https://bugzilla.novell.com/693043
https://bugzilla.novell.com/696107
https://bugzilla.novell.com/698221
https://bugzilla.novell.com/701254
https://bugzilla.novell.com/701355
https://bugzilla.novell.com/702013
https://bugzilla.novell.com/702285
https://bugzilla.novell.com/705463
https://bugzilla.novell.com/714001

http://download.novell.com/patch/finder/?keywords=14f999b2da14400252037984b14f317a

http://download.novell.com/patch/finder/?keywords=4f2403980de031813f91f813b6171179

http://download.novell.com/patch/finder/?keywords=8c7d79d86d626d9e405009e6174cabd5

http://download.novell.com/patch/finder/?keywords=a2be52185ebaeba245a1c8aff0c659e2

http://download.novell.com/patch/finder/?keywords=a70d925c5736ccbb5c46bf7c01dfdfb6

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages