SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:0984-2 Rating: important References: #225091 #602150 #635880 #649625 #663678 #685226 #692784 #693513 #694315 #699354 #699916 #701355 #703155 #703786 #704361 #704957 #705433 #705903 #706696 #707332 #707644 #708160 #708376 #708730 #710352 #711752 #711941 #712316 #712366 Cross-References: CVE-2010-3881 CVE-2011-1776 CVE-2011-2495 CVE-2011-2700 CVE-2011-2909 CVE-2011-2918 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise High Availability Extension 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 23 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.45 and fixes various bugs and security issues. The following security issues have been fixed: * CVE-2011-1776: Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. * CVE-2010-3881: The second part of this fix was not yet applied to our kernel: arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. * CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. * CVE-2011-2700: A small buffer overflow in the radio driver si4713-i2c was fixed that could potentially used by local attackers to crash the kernel or potentially execute code. * CVE-2011-2909: A kernel information leak in the comedi driver from kernel to userspace was fixed. * CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer. Security Issue references: * CVE-2011-1776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776

* CVE-2010-3881 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3881

* CVE-2011-2495 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495

* CVE-2011-2700 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2700

* CVE-2011-2909 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2909

* CVE-2011-2918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2918

Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-kernel-5055 slessp1-kernel-5056 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-kernel-5031 slessp1-kernel-5054 slessp1-kernel-5055 slessp1-kernel-5056 slessp1-kernel-5059 - SUSE Linux Enterprise High Availability Extension 11 SP1: zypper in -t patch sleshasp1-kernel-5031 sleshasp1-kernel-5054 sleshasp1-kernel-5055 sleshasp1-kernel-5056 sleshasp1-kernel-5059 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-kernel-5055 sledsp1-kernel-5056 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): btrfs-kmp-default-0_2.6.32.45_0.3-0.3.54 ext4dev-kmp-default-0_2.6.32.45_0.3-7.9.21 hyper-v-kmp-default-0_2.6.32.45_0.3-0.14.10 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 2.6.32.45]: kernel-default-2.6.32.45-0.3.2 kernel-default-base-2.6.32.45-0.3.2 kernel-default-devel-2.6.32.45-0.3.2 kernel-source-2.6.32.45-0.3.2 kernel-syms-2.6.32.45-0.3.2 kernel-trace-2.6.32.45-0.3.2 kernel-trace-base-2.6.32.45-0.3.2 kernel-trace-devel-2.6.32.45-0.3.2 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.45]: btrfs-kmp-pae-0_2.6.32.45_0.3-0.3.54 ext4dev-kmp-pae-0_2.6.32.45_0.3-7.9.21 hyper-v-kmp-pae-0_2.6.32.45_0.3-0.14.10 kernel-default-2.6.32.45-0.3.1 kernel-default-base-2.6.32.45-0.3.1 kernel-default-devel-2.6.32.45-0.3.1 kernel-pae-2.6.32.45-0.3.1 kernel-pae-base-2.6.32.45-0.3.1 kernel-pae-devel-2.6.32.45-0.3.1 kernel-source-2.6.32.45-0.3.1 kernel-syms-2.6.32.45-0.3.1 kernel-trace-2.6.32.45-0.3.1 kernel-trace-base-2.6.32.45-0.3.1 kernel-trace-devel-2.6.32.45-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): btrfs-kmp-default-0_2.6.32.45_0.3-0.3.54 ext4dev-kmp-default-0_2.6.32.45_0.3-7.9.21 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x) [New Version: 2.6.32.45]: kernel-default-2.6.32.45-0.3.1 kernel-default-base-2.6.32.45-0.3.1 kernel-default-devel-2.6.32.45-0.3.1 kernel-source-2.6.32.45-0.3.1 kernel-syms-2.6.32.45-0.3.1 kernel-trace-2.6.32.45-0.3.1 kernel-trace-base-2.6.32.45-0.3.1 kernel-trace-devel-2.6.32.45-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64): btrfs-kmp-xen-0_2.6.32.45_0.3-0.3.54 ext4dev-kmp-xen-0_2.6.32.45_0.3-7.9.21 hyper-v-kmp-default-0_2.6.32.45_0.3-0.14.10 - SUSE Linux Enterprise Server 11 SP1 (x86_64) [New Version: 2.6.32.45]: kernel-default-2.6.32.45-0.3.2 kernel-default-base-2.6.32.45-0.3.2 kernel-default-devel-2.6.32.45-0.3.2 kernel-ec2-2.6.32.45-0.3.2 kernel-ec2-base-2.6.32.45-0.3.2 kernel-source-2.6.32.45-0.3.2 kernel-syms-2.6.32.45-0.3.2 kernel-trace-2.6.32.45-0.3.2 kernel-trace-base-2.6.32.45-0.3.2 kernel-trace-devel-2.6.32.45-0.3.2 kernel-xen-2.6.32.45-0.3.2 kernel-xen-base-2.6.32.45-0.3.2 kernel-xen-devel-2.6.32.45-0.3.2 - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.45]: kernel-default-man-2.6.32.45-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.45]: ext4dev-kmp-ppc64-0_2.6.32.45_0.3-7.9.21 kernel-ppc64-2.6.32.45-0.3.1 kernel-ppc64-base-2.6.32.45-0.3.1 kernel-ppc64-devel-2.6.32.45-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.45]: btrfs-kmp-pae-0_2.6.32.45_0.3-0.3.54 ext4dev-kmp-pae-0_2.6.32.45_0.3-7.9.21 hyper-v-kmp-pae-0_2.6.32.45_0.3-0.14.10 kernel-ec2-2.6.32.45-0.3.1 kernel-ec2-base-2.6.32.45-0.3.1 kernel-pae-2.6.32.45-0.3.1 kernel-pae-base-2.6.32.45-0.3.1 kernel-pae-devel-2.6.32.45-0.3.1 kernel-xen-2.6.32.45-0.3.1 kernel-xen-base-2.6.32.45-0.3.1 kernel-xen-devel-2.6.32.45-0.3.1 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_2.6.32.45_0.3-2.5.5 gfs2-kmp-default-2_2.6.32.45_0.3-0.2.53 ocfs2-kmp-default-1.6_2.6.32.45_0.3-0.4.2.5 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 x86_64): cluster-network-kmp-xen-1.4_2.6.32.45_0.3-2.5.5 gfs2-kmp-xen-2_2.6.32.45_0.3-0.2.53 ocfs2-kmp-xen-1.6_2.6.32.45_0.3-0.4.2.5 - SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64): cluster-network-kmp-ppc64-1.4_2.6.32.45_0.3-2.5.5 gfs2-kmp-ppc64-2_2.6.32.45_0.3-0.2.53 ocfs2-kmp-ppc64-1.6_2.6.32.45_0.3-0.4.2.5 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586): cluster-network-kmp-pae-1.4_2.6.32.45_0.3-2.5.5 gfs2-kmp-pae-2_2.6.32.45_0.3-0.2.53 ocfs2-kmp-pae-1.6_2.6.32.45_0.3-0.4.2.5 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): btrfs-kmp-default-0_2.6.32.45_0.3-0.3.54 btrfs-kmp-xen-0_2.6.32.45_0.3-0.3.54 hyper-v-kmp-default-0_2.6.32.45_0.3-0.14.10 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 2.6.32.45]: kernel-default-2.6.32.45-0.3.2 kernel-default-base-2.6.32.45-0.3.2 kernel-default-devel-2.6.32.45-0.3.2 kernel-default-extra-2.6.32.45-0.3.2 kernel-desktop-devel-2.6.32.45-0.3.2 kernel-source-2.6.32.45-0.3.2 kernel-syms-2.6.32.45-0.3.2 kernel-xen-2.6.32.45-0.3.2 kernel-xen-base-2.6.32.45-0.3.2 kernel-xen-devel-2.6.32.45-0.3.2 kernel-xen-extra-2.6.32.45-0.3.2 - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.45]: btrfs-kmp-pae-0_2.6.32.45_0.3-0.3.54 hyper-v-kmp-pae-0_2.6.32.45_0.3-0.14.10 kernel-default-2.6.32.45-0.3.1 kernel-default-base-2.6.32.45-0.3.1 kernel-default-devel-2.6.32.45-0.3.1 kernel-default-extra-2.6.32.45-0.3.1 kernel-desktop-devel-2.6.32.45-0.3.1 kernel-pae-2.6.32.45-0.3.1 kernel-pae-base-2.6.32.45-0.3.1 kernel-pae-devel-2.6.32.45-0.3.1 kernel-pae-extra-2.6.32.45-0.3.1 kernel-source-2.6.32.45-0.3.1 kernel-syms-2.6.32.45-0.3.1 kernel-xen-2.6.32.45-0.3.1 kernel-xen-base-2.6.32.45-0.3.1 kernel-xen-devel-2.6.32.45-0.3.1 kernel-xen-extra-2.6.32.45-0.3.1 References: http://support.novell.com/security/cve/CVE-2010-3881.html http://support.novell.com/security/cve/CVE-2011-1776.html http://support.novell.com/security/cve/CVE-2011-2495.html http://support.novell.com/security/cve/CVE-2011-2700.html http://support.novell.com/security/cve/CVE-2011-2909.html http://support.novell.com/security/cve/CVE-2011-2918.html https://bugzilla.novell.com/225091 https://bugzilla.novell.com/602150 https://bugzilla.novell.com/635880 https://bugzilla.novell.com/649625 https://bugzilla.novell.com/663678 https://bugzilla.novell.com/685226 https://bugzilla.novell.com/692784 https://bugzilla.novell.com/693513 https://bugzilla.novell.com/694315 https://bugzilla.novell.com/699354 https://bugzilla.novell.com/699916 https://bugzilla.novell.com/701355 https://bugzilla.novell.com/703155 https://bugzilla.novell.com/703786 https://bugzilla.novell.com/704361 https://bugzilla.novell.com/704957 https://bugzilla.novell.com/705433 https://bugzilla.novell.com/705903 https://bugzilla.novell.com/706696 https://bugzilla.novell.com/707332 https://bugzilla.novell.com/707644 https://bugzilla.novell.com/708160 https://bugzilla.novell.com/708376 https://bugzilla.novell.com/708730 https://bugzilla.novell.com/710352 https://bugzilla.novell.com/711752 https://bugzilla.novell.com/711941 https://bugzilla.novell.com/712316 https://bugzilla.novell.com/712366 http://download.novell.com/patch/finder/?keywords=59c338a7210363a87ce60c5448... http://download.novell.com/patch/finder/?keywords=6499f4c180072d54d54780ca1a... http://download.novell.com/patch/finder/?keywords=6fe973a3186c5d88981a175a25... http://download.novell.com/patch/finder/?keywords=73bec7d5d91bb11febbcb08523... http://download.novell.com/patch/finder/?keywords=7d158b734b5f3b91e58c550a6b... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org