SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:0832-1 Rating: important References: #466279 #584493 #626119 #638985 #649000 #650545 #653850 #654501 #655973 #662432 #663513 #666423 #667226 #668483 #668927 #669889 #670465 #670816 #670868 #674648 #674982 #676601 #676602 #677443 #677563 #678728 #680040 #680845 #681180 #681181 #681182 #681185 #681186 #681639 #682076 #682251 #682319 #682482 #682567 #683107 #683282 #684297 #684472 #684852 #684927 #685226 #685276 #686325 #686404 #686412 #686921 #686980 #687113 #687478 #687759 #687760 #687789 #688326 #688432 #688685 #689041 #689290 #689596 #689746 #689797 #690683 #691216 #691269 #691408 #691536 #691538 #691632 #691633 #691693 #691829 #692343 #692454 #692459 #692460 #692502 #693013 #693149 #693374 #693382 #693636 #696107 #696586 #697181 #697901 #698221 #698247 #698604 #699946 #700401 #700879 #701170 #701622 #701977 #702013 #702285 #703013 #703410 #703490 #703786 Cross-References: CVE-2011-1012 CVE-2011-1017 CVE-2011-1020 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1160 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1577 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-2182 CVE-2011-2183 CVE-2011-2213 CVE-2011-2491 CVE-2011-2496 CVE-2011-2517 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise High Availability Extension 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 80 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.43 and fixes various bugs and security issues. The following security issues were fixed: * CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. * CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. * CVE-2011-2183: Fixed a race between ksmd and other memory management code, which could result in a NULL ptr dereference and kernel crash. * CVE-2011-2517: In both trigger_scan and sched_scan operations, we were checking for the SSID length before assigning the value correctly. Since the memory was just kzalloced, the check was always failing and SSID with over 32 characters were allowed to go through. This required CAP_NET_ADMIN privileges to be exploited. * CVE-2011-2213: A malicious user or buggy application could inject diagnosing byte code and trigger an infinite loop in inet_diag_bc_audit(). * CVE-2011-1017,CVE-2011-1012,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. * CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. * CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. * CVE-2011-1585: When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. * CVE-2011-1160: Kernel information via the TPM devices could by used by local attackers to read kernel memory. * CVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. * CVE-2011-1078: In a bluetooth ioctl, struct sco_conninfo has one padding byte in the end. Local variable cinfo of type sco_conninfo was copied to userspace with this uninizialized one byte, leading to an old stack contents leak. * CVE-2011-1079: In a bluetooth ioctl, struct ca is copied from userspace. It was not checked whether the "device" field was NULL terminated. This potentially leads to BUG() inside of alloc_netdev_mqs() and/or information leak by creating a device with a name made of contents of kernel stack. * CVE-2011-1080: In ebtables rule loading, struct tmp is copied from userspace. It was not checked whether the "name" field is NULL terminated. This may have lead to buffer overflow and passing contents of kernel stack as a module name to try_then_request_module() and, consequently, to modprobe commandline. It would be seen by all userspace processes. * CVE-2011-1173: The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel on the x86_64 platform allowed remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. * CVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel did not place the expected '0' character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. * CVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel did not place the expected '0' character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. * CVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel did not place the expected '0' character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. * CVE-2011-1746: Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. * CVE-2011-1745: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. * CVE-2011-1598: The bcm_release function in net/can/bcm.c in the Linux kernel did not properly validate a socket data structure, which allowed local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. * CVE-2011-1748: The raw_release function in net/can/raw.c in the Linux kernel did not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. Security Issue references: * CVE-2011-1012 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1012
* CVE-2011-1017 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017
* CVE-2011-1020 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1020
* CVE-2011-1078 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078
* CVE-2011-1079 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079
* CVE-2011-1080 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080
* CVE-2011-1160 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160
* CVE-2011-1170 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170
* CVE-2011-1171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171
* CVE-2011-1172 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172
* CVE-2011-1173 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1173
* CVE-2011-1577 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
* CVE-2011-1585 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585
* CVE-2011-1593 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593
* CVE-2011-1598 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1598
* CVE-2011-1745 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
* CVE-2011-1746 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
* CVE-2011-1748 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1748
* CVE-2011-2182 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182
* CVE-2011-2496 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496
* CVE-2011-2491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491
* CVE-2011-2183 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2183
* CVE-2011-2517 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517
* CVE-2011-2213 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-kernel-4884 slessp1-kernel-4889 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-kernel-4884 slessp1-kernel-4885 slessp1-kernel-4887 slessp1-kernel-4888 slessp1-kernel-4889 - SUSE Linux Enterprise High Availability Extension 11 SP1: zypper in -t patch sleshasp1-kernel-4884 sleshasp1-kernel-4885 sleshasp1-kernel-4887 sleshasp1-kernel-4888 sleshasp1-kernel-4889 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-kernel-4884 sledsp1-kernel-4889 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.32.43]: btrfs-kmp-default-0_2.6.32.43_0.4-0.3.50 ext4dev-kmp-default-0_2.6.32.43_0.4-7.9.17 hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8 kernel-default-2.6.32.43-0.4.1 kernel-default-base-2.6.32.43-0.4.1 kernel-default-devel-2.6.32.43-0.4.1 kernel-source-2.6.32.43-0.4.1 kernel-syms-2.6.32.43-0.4.1 kernel-trace-2.6.32.43-0.4.1 kernel-trace-base-2.6.32.43-0.4.1 kernel-trace-devel-2.6.32.43-0.4.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.43]: btrfs-kmp-pae-0_2.6.32.43_0.4-0.3.50 ext4dev-kmp-pae-0_2.6.32.43_0.4-7.9.17 hyper-v-kmp-pae-0_2.6.32.43_0.4-0.14.8 kernel-pae-2.6.32.43-0.4.1 kernel-pae-base-2.6.32.43-0.4.1 kernel-pae-devel-2.6.32.43-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.32.43]: btrfs-kmp-default-0_2.6.32.43_0.4-0.3.50 ext4dev-kmp-default-0_2.6.32.43_0.4-7.9.17 kernel-default-2.6.32.43-0.4.1 kernel-default-base-2.6.32.43-0.4.1 kernel-default-devel-2.6.32.43-0.4.1 kernel-source-2.6.32.43-0.4.1 kernel-syms-2.6.32.43-0.4.1 kernel-trace-2.6.32.43-0.4.1 kernel-trace-base-2.6.32.43-0.4.1 kernel-trace-devel-2.6.32.43-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 2.6.32.43]: btrfs-kmp-xen-0_2.6.32.43_0.4-0.3.50 ext4dev-kmp-xen-0_2.6.32.43_0.4-7.9.17 hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8 kernel-ec2-2.6.32.43-0.4.1 kernel-ec2-base-2.6.32.43-0.4.1 kernel-xen-2.6.32.43-0.4.1 kernel-xen-base-2.6.32.43-0.4.1 kernel-xen-devel-2.6.32.43-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.43]: kernel-default-man-2.6.32.43-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.43]: ext4dev-kmp-ppc64-0_2.6.32.43_0.4-7.9.17 kernel-ppc64-2.6.32.43-0.4.1 kernel-ppc64-base-2.6.32.43-0.4.1 kernel-ppc64-devel-2.6.32.43-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.43]: btrfs-kmp-pae-0_2.6.32.43_0.4-0.3.50 ext4dev-kmp-pae-0_2.6.32.43_0.4-7.9.17 hyper-v-kmp-pae-0_2.6.32.43_0.4-0.14.8 kernel-pae-2.6.32.43-0.4.1 kernel-pae-base-2.6.32.43-0.4.1 kernel-pae-devel-2.6.32.43-0.4.1 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_2.6.32.43_0.4-2.5.1 gfs2-kmp-default-2_2.6.32.43_0.4-0.2.49 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 x86_64): cluster-network-kmp-xen-1.4_2.6.32.43_0.4-2.5.1 gfs2-kmp-xen-2_2.6.32.43_0.4-0.2.49 - SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64): cluster-network-kmp-ppc64-1.4_2.6.32.43_0.4-2.5.1 gfs2-kmp-ppc64-2_2.6.32.43_0.4-0.2.49 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586): cluster-network-kmp-pae-1.4_2.6.32.43_0.4-2.5.1 gfs2-kmp-pae-2_2.6.32.43_0.4-0.2.49 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 2.6.32.43]: btrfs-kmp-default-0_2.6.32.43_0.4-0.3.50 btrfs-kmp-xen-0_2.6.32.43_0.4-0.3.50 hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8 kernel-default-2.6.32.43-0.4.1 kernel-default-base-2.6.32.43-0.4.1 kernel-default-devel-2.6.32.43-0.4.1 kernel-default-extra-2.6.32.43-0.4.1 kernel-desktop-devel-2.6.32.43-0.4.1 kernel-source-2.6.32.43-0.4.1 kernel-syms-2.6.32.43-0.4.1 kernel-xen-2.6.32.43-0.4.1 kernel-xen-base-2.6.32.43-0.4.1 kernel-xen-devel-2.6.32.43-0.4.1 kernel-xen-extra-2.6.32.43-0.4.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.43]: btrfs-kmp-pae-0_2.6.32.43_0.4-0.3.50 hyper-v-kmp-pae-0_2.6.32.43_0.4-0.14.8 kernel-pae-2.6.32.43-0.4.1 kernel-pae-base-2.6.32.43-0.4.1 kernel-pae-devel-2.6.32.43-0.4.1 kernel-pae-extra-2.6.32.43-0.4.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-2.6.32.43-0.4.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-2.6.32.43-0.4.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-2.6.32.43-0.4.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-2.6.32.43-0.4.1 References: http://support.novell.com/security/cve/CVE-2011-1012.html http://support.novell.com/security/cve/CVE-2011-1017.html http://support.novell.com/security/cve/CVE-2011-1020.html http://support.novell.com/security/cve/CVE-2011-1078.html http://support.novell.com/security/cve/CVE-2011-1079.html http://support.novell.com/security/cve/CVE-2011-1080.html http://support.novell.com/security/cve/CVE-2011-1160.html http://support.novell.com/security/cve/CVE-2011-1170.html http://support.novell.com/security/cve/CVE-2011-1171.html http://support.novell.com/security/cve/CVE-2011-1172.html http://support.novell.com/security/cve/CVE-2011-1173.html http://support.novell.com/security/cve/CVE-2011-1577.html http://support.novell.com/security/cve/CVE-2011-1585.html http://support.novell.com/security/cve/CVE-2011-1593.html http://support.novell.com/security/cve/CVE-2011-1598.html http://support.novell.com/security/cve/CVE-2011-1745.html http://support.novell.com/security/cve/CVE-2011-1746.html http://support.novell.com/security/cve/CVE-2011-1748.html http://support.novell.com/security/cve/CVE-2011-2182.html http://support.novell.com/security/cve/CVE-2011-2183.html http://support.novell.com/security/cve/CVE-2011-2213.html http://support.novell.com/security/cve/CVE-2011-2491.html http://support.novell.com/security/cve/CVE-2011-2496.html http://support.novell.com/security/cve/CVE-2011-2517.html https://bugzilla.novell.com/466279 https://bugzilla.novell.com/584493 https://bugzilla.novell.com/626119 https://bugzilla.novell.com/638985 https://bugzilla.novell.com/649000 https://bugzilla.novell.com/650545 https://bugzilla.novell.com/653850 https://bugzilla.novell.com/654501 https://bugzilla.novell.com/655973 https://bugzilla.novell.com/662432 https://bugzilla.novell.com/663513 https://bugzilla.novell.com/666423 https://bugzilla.novell.com/667226 https://bugzilla.novell.com/668483 https://bugzilla.novell.com/668927 https://bugzilla.novell.com/669889 https://bugzilla.novell.com/670465 https://bugzilla.novell.com/670816 https://bugzilla.novell.com/670868 https://bugzilla.novell.com/674648 https://bugzilla.novell.com/674982 https://bugzilla.novell.com/676601 https://bugzilla.novell.com/676602 https://bugzilla.novell.com/677443 https://bugzilla.novell.com/677563 https://bugzilla.novell.com/678728 https://bugzilla.novell.com/680040 https://bugzilla.novell.com/680845 https://bugzilla.novell.com/681180 https://bugzilla.novell.com/681181 https://bugzilla.novell.com/681182 https://bugzilla.novell.com/681185 https://bugzilla.novell.com/681186 https://bugzilla.novell.com/681639 https://bugzilla.novell.com/682076 https://bugzilla.novell.com/682251 https://bugzilla.novell.com/682319 https://bugzilla.novell.com/682482 https://bugzilla.novell.com/682567 https://bugzilla.novell.com/683107 https://bugzilla.novell.com/683282 https://bugzilla.novell.com/684297 https://bugzilla.novell.com/684472 https://bugzilla.novell.com/684852 https://bugzilla.novell.com/684927 https://bugzilla.novell.com/685226 https://bugzilla.novell.com/685276 https://bugzilla.novell.com/686325 https://bugzilla.novell.com/686404 https://bugzilla.novell.com/686412 https://bugzilla.novell.com/686921 https://bugzilla.novell.com/686980 https://bugzilla.novell.com/687113 https://bugzilla.novell.com/687478 https://bugzilla.novell.com/687759 https://bugzilla.novell.com/687760 https://bugzilla.novell.com/687789 https://bugzilla.novell.com/688326 https://bugzilla.novell.com/688432 https://bugzilla.novell.com/688685 https://bugzilla.novell.com/689041 https://bugzilla.novell.com/689290 https://bugzilla.novell.com/689596 https://bugzilla.novell.com/689746 https://bugzilla.novell.com/689797 https://bugzilla.novell.com/690683 https://bugzilla.novell.com/691216 https://bugzilla.novell.com/691269 https://bugzilla.novell.com/691408 https://bugzilla.novell.com/691536 https://bugzilla.novell.com/691538 https://bugzilla.novell.com/691632 https://bugzilla.novell.com/691633 https://bugzilla.novell.com/691693 https://bugzilla.novell.com/691829 https://bugzilla.novell.com/692343 https://bugzilla.novell.com/692454 https://bugzilla.novell.com/692459 https://bugzilla.novell.com/692460 https://bugzilla.novell.com/692502 https://bugzilla.novell.com/693013 https://bugzilla.novell.com/693149 https://bugzilla.novell.com/693374 https://bugzilla.novell.com/693382 https://bugzilla.novell.com/693636 https://bugzilla.novell.com/696107 https://bugzilla.novell.com/696586 https://bugzilla.novell.com/697181 https://bugzilla.novell.com/697901 https://bugzilla.novell.com/698221 https://bugzilla.novell.com/698247 https://bugzilla.novell.com/698604 https://bugzilla.novell.com/699946 https://bugzilla.novell.com/700401 https://bugzilla.novell.com/700879 https://bugzilla.novell.com/701170 https://bugzilla.novell.com/701622 https://bugzilla.novell.com/701977 https://bugzilla.novell.com/702013 https://bugzilla.novell.com/702285 https://bugzilla.novell.com/703013 https://bugzilla.novell.com/703410 https://bugzilla.novell.com/703490 https://bugzilla.novell.com/703786 http://download.novell.com/patch/finder/?keywords=318b8dd82438317a3b490cab81... http://download.novell.com/patch/finder/?keywords=5d2bd31a57aa1e800811d0c0a4... http://download.novell.com/patch/finder/?keywords=5d69352e58309ed0c7848b758f... http://download.novell.com/patch/finder/?keywords=78c869c41b21cba62d748dc435... http://download.novell.com/patch/finder/?keywords=919ffb2c0ec1b104bf85557484... http://download.novell.com/patch/finder/?keywords=9ebb4a91c4cec4344e6dec8422... http://download.novell.com/patch/finder/?keywords=a6c7e8b67f942c75a3f7e6e766... http://download.novell.com/patch/finder/?keywords=ab6bc73efff4bb12a70b6df584... http://download.novell.com/patch/finder/?keywords=ac5c14d292b933a3acdcbe129e... http://download.novell.com/patch/finder/?keywords=fa5f3b489f8749e53517f26793... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org