SUSE Security Update: kernel update for SLE11 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:0984-1 Rating: important References: #225091 #602150 #635880 #649625 #663678 #685226 #692784 #693513 #694315 #699354 #699916 #701355 #703155 #703786 #704361 #704957 #705433 #705903 #706696 #707332 #707644 #708160 #708376 #708730 #710352 #711752 #711941 #712316 #712366 Cross-References: CVE-2010-3881 CVE-2011-1776 CVE-2011-2495 CVE-2011-2700 CVE-2011-2909 CVE-2011-2918 Affected Products: SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 23 fixes is now available. Description: The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.45 and fixes various bugs and security issues. Following security issues were fixed: CVE-2011-1776: Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. CVE-2010-3881: The second part of this fix was not yet applied to our kernel: arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. CVE-2011-2700: A small buffer overflow in the radio driver si4713-i2c was fixed that could potentially used by local attackers to crash the kernel or potentially execute code. CVE-2011-2909: A kernel information leak in the comedi driver from kernel to userspace was fixed. CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 x86_64): kernel-default-extra-2.6.32.45-0.3.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-2.6.32.45-0.3.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-2.6.32.45-0.3.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-2.6.32.45-0.3.1 References: http://support.novell.com/security/cve/CVE-2010-3881.html http://support.novell.com/security/cve/CVE-2011-1776.html http://support.novell.com/security/cve/CVE-2011-2495.html http://support.novell.com/security/cve/CVE-2011-2700.html http://support.novell.com/security/cve/CVE-2011-2909.html http://support.novell.com/security/cve/CVE-2011-2918.html https://bugzilla.novell.com/225091 https://bugzilla.novell.com/602150 https://bugzilla.novell.com/635880 https://bugzilla.novell.com/649625 https://bugzilla.novell.com/663678 https://bugzilla.novell.com/685226 https://bugzilla.novell.com/692784 https://bugzilla.novell.com/693513 https://bugzilla.novell.com/694315 https://bugzilla.novell.com/699354 https://bugzilla.novell.com/699916 https://bugzilla.novell.com/701355 https://bugzilla.novell.com/703155 https://bugzilla.novell.com/703786 https://bugzilla.novell.com/704361 https://bugzilla.novell.com/704957 https://bugzilla.novell.com/705433 https://bugzilla.novell.com/705903 https://bugzilla.novell.com/706696 https://bugzilla.novell.com/707332 https://bugzilla.novell.com/707644 https://bugzilla.novell.com/708160 https://bugzilla.novell.com/708376 https://bugzilla.novell.com/708730 https://bugzilla.novell.com/710352 https://bugzilla.novell.com/711752 https://bugzilla.novell.com/711941 https://bugzilla.novell.com/712316 https://bugzilla.novell.com/712366 http://download.novell.com/patch/finder/?keywords=2c008d324a5017bbf31069d01b... http://download.novell.com/patch/finder/?keywords=5efdf70977ca2033f5801839d7... http://download.novell.com/patch/finder/?keywords=90b4172ccdf696ff763a578516... http://download.novell.com/patch/finder/?keywords=dc81f86fa9b2b3e014159918dd... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org