Mailinglist Archive: opensuse-updates (57 mails)

< Previous Next >
openSUSE-SU-2010:0397-1 (important): Linux Kernel: Security/Bugfix update to 2.6.27.48
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Mon, 19 Jul 2010 20:08:13 +0200 (CEST)
  • Message-id: <20100719180813.0A77ABE27@xxxxxxxxxxxxxx>
openSUSE Security Update: Linux Kernel: Security/Bugfix update to 2.6.27.48
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0397-1
Rating: important
References: #465707 #543480 #557710 #559111 #567376 #569916
#574006 #577967 #583677 #584216 #590415 #591371
#591556 #593881 #596113 #596462 #597337 #599213
#599955 #600774 #601283 #602969 #604183 #608366
#608576 #608933 #609134 #610296 #612213
Affected Products:
openSUSE 11.1
______________________________________________________________________________

An update that contains security fixes can now be
installed. It includes one version update.

Description:

The SUSE Linux Enterprise 11 Kernel was updated to
2.6.27.48 fixing various bugs and security issues.

CVE-2010-1641: The do_gfs2_set_flags function in
fs/gfs2/file.c in the Linux kernel does not verify the
ownership of a file, which allows local users to bypass
intended access restrictions via a SETFLAGS ioctl request.

CVE-2010-1087: The nfs_wait_on_request function in
fs/nfs/pagelist.c in the Linux kernel allows attackers to
cause a denial of service (Oops) via unknown vectors
related to truncating a file and an operation that is not
interruptible.

CVE-2010-1643: mm/shmem.c in the Linux kernel, when strict
overcommit is enabled, does not properly handle the export
of shmemfs objects by knfsd, which allows attackers to
cause a denial of service (NULL pointer dereference and
knfsd crash) or possibly have unspecified other impact via
unknown vectors.

CVE-2010-1437: Race condition in the find_keyring_by_name
function in security/keys/keyring.c in the Linux kernel
allows local users to cause a denial of service (memory
corruption and system crash) or possibly have unspecified
other impact via keyctl session commands that trigger
access to a dead keyring that is undergoing deletion by the
key_cleanup function.

CVE-2010-1446: arch/powerpc/mm/fsl_booke_mmu.c in KGDB in
the Linux kernel, when running on PowerPC, does not
properly perform a security check for access to a kernel
page, which allows local users to overwrite arbitrary
kernel memory, related to Fsl booke.

CVE-2010-1162: The release_one_tty function in
drivers/char/tty_io.c in the Linux kernel omits certain
required calls to the put_pid function, which has
unspecified impact and local attack vectors.

CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in
the Linux kernel does not properly check the size of an
Ethernet frame that exceeds the MTU, which allows remote
attackers to (1) cause a denial of service (temporary
network outage) via a packet with a crafted size, in
conjunction with certain packets containing A characters
and certain packets containing E characters; or (2) cause a
denial of service (system crash) via a packet with a
crafted size, in conjunction with certain packets
containing '\0' characters, related to the value of the
status register and erroneous behavior associated with the
RxMaxSize register. NOTE: this vulnerability exists because
of an incorrect fix for CVE-2009-1389.


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.1:

zypper in -t patch kernel-2695

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.1 (i586 ppc src x86_64) [New Version: 2.6.27.48]:

kernel-source-2.6.27.48-0.1.1
kernel-syms-2.6.27.48-0.1.1

- openSUSE 11.1 (i586 ppc x86_64) [New Version: 2.6.27.48]:

kernel-default-2.6.27.48-0.1.1
kernel-default-base-2.6.27.48-0.1.1
kernel-default-extra-2.6.27.48-0.1.1
kernel-vanilla-2.6.27.48-0.1.1

- openSUSE 11.1 (i586 x86_64) [New Version: 2.6.27.48]:

kernel-debug-2.6.27.48-0.1.1
kernel-debug-base-2.6.27.48-0.1.1
kernel-debug-extra-2.6.27.48-0.1.1
kernel-trace-2.6.27.48-0.1.1
kernel-trace-base-2.6.27.48-0.1.1
kernel-trace-extra-2.6.27.48-0.1.1
kernel-xen-2.6.27.48-0.1.1
kernel-xen-base-2.6.27.48-0.1.1
kernel-xen-extra-2.6.27.48-0.1.1

- openSUSE 11.1 (noarch src):

kernel-docs-2.6.3-3.13.109

- openSUSE 11.1 (i586) [New Version: 2.6.27.48]:

kernel-pae-2.6.27.48-0.1.1
kernel-pae-base-2.6.27.48-0.1.1
kernel-pae-extra-2.6.27.48-0.1.1

- openSUSE 11.1 (ppc) [New Version: 2.6.27.48]:

kernel-kdump-2.6.27.48-0.1.1
kernel-ppc64-2.6.27.48-0.1.1
kernel-ppc64-base-2.6.27.48-0.1.1
kernel-ppc64-extra-2.6.27.48-0.1.1
kernel-ps3-2.6.27.48-0.1.1


References:

https://bugzilla.novell.com/465707
https://bugzilla.novell.com/543480
https://bugzilla.novell.com/557710
https://bugzilla.novell.com/559111
https://bugzilla.novell.com/567376
https://bugzilla.novell.com/569916
https://bugzilla.novell.com/574006
https://bugzilla.novell.com/577967
https://bugzilla.novell.com/583677
https://bugzilla.novell.com/584216
https://bugzilla.novell.com/590415
https://bugzilla.novell.com/591371
https://bugzilla.novell.com/591556
https://bugzilla.novell.com/593881
https://bugzilla.novell.com/596113
https://bugzilla.novell.com/596462
https://bugzilla.novell.com/597337
https://bugzilla.novell.com/599213
https://bugzilla.novell.com/599955
https://bugzilla.novell.com/600774
https://bugzilla.novell.com/601283
https://bugzilla.novell.com/602969
https://bugzilla.novell.com/604183
https://bugzilla.novell.com/608366
https://bugzilla.novell.com/608576
https://bugzilla.novell.com/608933
https://bugzilla.novell.com/609134
https://bugzilla.novell.com/610296
https://bugzilla.novell.com/612213


< Previous Next >
This Thread
  • No further messages