openSUSE Security Update: kernel: security and bugfix update. ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0860-1 Rating: moderate References: #584493 #595586 #655693 #661979 #666423 #669889 #672008 #674648 #674982 #677827 #679545 #681826 #681840 #687368 #688432 #689583 #689797 #692497 #692502 #693013 #693043 #693374 #693382 #694498 #697859 #698221 #698247 #699123 #701998 #702013 #702285 #702579 #703155 #704788 Cross-References: CVE-2011-1017 CVE-2011-1020 CVE-2011-1479 CVE-2011-1593 CVE-2011-1745 CVE-2011-1927 CVE-2011-2022 CVE-2011-2182 CVE-2011-2484 CVE-2011-2491 CVE-2011-2493 CVE-2011-2495 CVE-2011-2496 CVE-2011-2498 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 20 fixes is now available. It includes one version update. Description: The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues. Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. CVE-2011-2022: The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. CVE-2011-1745: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. CVE-2011-2493: A denial of service on mounting invalid ext4 filesystems was fixed. CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. CVE-2011-2498: Also account PTE pages when calculating OOM scoring, which could have lead to a denial of service. CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system. CVE-2011-1927: A missing route validation issue in ip_expire() could be used by remote attackers to trigger a NULL ptr dereference, crashing parts of the kernel. CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch kernel-4932 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 2.6.37.6]: kernel-debug-2.6.37.6-0.7.1 kernel-debug-base-2.6.37.6-0.7.1 kernel-debug-devel-2.6.37.6-0.7.1 kernel-default-2.6.37.6-0.7.1 kernel-default-base-2.6.37.6-0.7.1 kernel-default-devel-2.6.37.6-0.7.1 kernel-desktop-2.6.37.6-0.7.1 kernel-desktop-base-2.6.37.6-0.7.1 kernel-desktop-devel-2.6.37.6-0.7.1 kernel-ec2-2.6.37.6-0.7.1 kernel-ec2-base-2.6.37.6-0.7.1 kernel-ec2-devel-2.6.37.6-0.7.1 kernel-ec2-extra-2.6.37.6-0.7.1 kernel-syms-2.6.37.6-0.7.1 kernel-trace-2.6.37.6-0.7.1 kernel-trace-base-2.6.37.6-0.7.1 kernel-trace-devel-2.6.37.6-0.7.1 kernel-vanilla-2.6.37.6-0.7.1 kernel-vanilla-base-2.6.37.6-0.7.1 kernel-vanilla-devel-2.6.37.6-0.7.1 kernel-xen-2.6.37.6-0.7.1 kernel-xen-base-2.6.37.6-0.7.1 kernel-xen-devel-2.6.37.6-0.7.1 preload-kmp-default-1.2_k2.6.37.6_0.7-6.7.12 preload-kmp-desktop-1.2_k2.6.37.6_0.7-6.7.12 - openSUSE 11.4 (noarch) [New Version: 2.6.37.6]: kernel-devel-2.6.37.6-0.7.1 kernel-docs-2.6.37.6-0.7.1 kernel-source-2.6.37.6-0.7.1 kernel-source-vanilla-2.6.37.6-0.7.1 - openSUSE 11.4 (i586) [New Version: 2.6.37.6]: kernel-pae-2.6.37.6-0.7.1 kernel-pae-base-2.6.37.6-0.7.1 kernel-pae-devel-2.6.37.6-0.7.1 kernel-vmi-2.6.37.6-0.7.1 kernel-vmi-base-2.6.37.6-0.7.1 kernel-vmi-devel-2.6.37.6-0.7.1 References: http://support.novell.com/security/cve/CVE-2011-1017.html http://support.novell.com/security/cve/CVE-2011-1020.html http://support.novell.com/security/cve/CVE-2011-1479.html http://support.novell.com/security/cve/CVE-2011-1593.html http://support.novell.com/security/cve/CVE-2011-1745.html http://support.novell.com/security/cve/CVE-2011-1927.html http://support.novell.com/security/cve/CVE-2011-2022.html http://support.novell.com/security/cve/CVE-2011-2182.html http://support.novell.com/security/cve/CVE-2011-2484.html http://support.novell.com/security/cve/CVE-2011-2491.html http://support.novell.com/security/cve/CVE-2011-2493.html http://support.novell.com/security/cve/CVE-2011-2495.html http://support.novell.com/security/cve/CVE-2011-2496.html http://support.novell.com/security/cve/CVE-2011-2498.html https://bugzilla.novell.com/584493 https://bugzilla.novell.com/595586 https://bugzilla.novell.com/655693 https://bugzilla.novell.com/661979 https://bugzilla.novell.com/666423 https://bugzilla.novell.com/669889 https://bugzilla.novell.com/672008 https://bugzilla.novell.com/674648 https://bugzilla.novell.com/674982 https://bugzilla.novell.com/677827 https://bugzilla.novell.com/679545 https://bugzilla.novell.com/681826 https://bugzilla.novell.com/681840 https://bugzilla.novell.com/687368 https://bugzilla.novell.com/688432 https://bugzilla.novell.com/689583 https://bugzilla.novell.com/689797 https://bugzilla.novell.com/692497 https://bugzilla.novell.com/692502 https://bugzilla.novell.com/693013 https://bugzilla.novell.com/693043 https://bugzilla.novell.com/693374 https://bugzilla.novell.com/693382 https://bugzilla.novell.com/694498 https://bugzilla.novell.com/697859 https://bugzilla.novell.com/698221 https://bugzilla.novell.com/698247 https://bugzilla.novell.com/699123 https://bugzilla.novell.com/701998 https://bugzilla.novell.com/702013 https://bugzilla.novell.com/702285 https://bugzilla.novell.com/702579 https://bugzilla.novell.com/703155 https://bugzilla.novell.com/704788