openSUSE Security Update: Linux Kernel: Security/Bugfix update to 2.6.27.48 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0397-1 Rating: important References: #465707 #543480 #557710 #559111 #567376 #569916 #574006 #577967 #583677 #584216 #590415 #591371 #591556 #593881 #596113 #596462 #597337 #599213 #599955 #600774 #601283 #602969 #604183 #608366 #608576 #608933 #609134 #610296 #612213 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.48 fixing various bugs and security issues. CVE-2010-1641: The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. CVE-2010-1087: The nfs_wait_on_request function in fs/nfs/pagelist.c in the Linux kernel allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. CVE-2010-1643: mm/shmem.c in the Linux kernel, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. CVE-2010-1437: Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. CVE-2010-1446: arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke. CVE-2010-1162: The release_one_tty function in drivers/char/tty_io.c in the Linux kernel omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors. CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch kernel-2695 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc src x86_64) [New Version: 2.6.27.48]: kernel-source-2.6.27.48-0.1.1 kernel-syms-2.6.27.48-0.1.1 - openSUSE 11.1 (i586 ppc x86_64) [New Version: 2.6.27.48]: kernel-default-2.6.27.48-0.1.1 kernel-default-base-2.6.27.48-0.1.1 kernel-default-extra-2.6.27.48-0.1.1 kernel-vanilla-2.6.27.48-0.1.1 - openSUSE 11.1 (i586 x86_64) [New Version: 2.6.27.48]: kernel-debug-2.6.27.48-0.1.1 kernel-debug-base-2.6.27.48-0.1.1 kernel-debug-extra-2.6.27.48-0.1.1 kernel-trace-2.6.27.48-0.1.1 kernel-trace-base-2.6.27.48-0.1.1 kernel-trace-extra-2.6.27.48-0.1.1 kernel-xen-2.6.27.48-0.1.1 kernel-xen-base-2.6.27.48-0.1.1 kernel-xen-extra-2.6.27.48-0.1.1 - openSUSE 11.1 (noarch src): kernel-docs-2.6.3-3.13.109 - openSUSE 11.1 (i586) [New Version: 2.6.27.48]: kernel-pae-2.6.27.48-0.1.1 kernel-pae-base-2.6.27.48-0.1.1 kernel-pae-extra-2.6.27.48-0.1.1 - openSUSE 11.1 (ppc) [New Version: 2.6.27.48]: kernel-kdump-2.6.27.48-0.1.1 kernel-ppc64-2.6.27.48-0.1.1 kernel-ppc64-base-2.6.27.48-0.1.1 kernel-ppc64-extra-2.6.27.48-0.1.1 kernel-ps3-2.6.27.48-0.1.1 References: https://bugzilla.novell.com/465707 https://bugzilla.novell.com/543480 https://bugzilla.novell.com/557710 https://bugzilla.novell.com/559111 https://bugzilla.novell.com/567376 https://bugzilla.novell.com/569916 https://bugzilla.novell.com/574006 https://bugzilla.novell.com/577967 https://bugzilla.novell.com/583677 https://bugzilla.novell.com/584216 https://bugzilla.novell.com/590415 https://bugzilla.novell.com/591371 https://bugzilla.novell.com/591556 https://bugzilla.novell.com/593881 https://bugzilla.novell.com/596113 https://bugzilla.novell.com/596462 https://bugzilla.novell.com/597337 https://bugzilla.novell.com/599213 https://bugzilla.novell.com/599955 https://bugzilla.novell.com/600774 https://bugzilla.novell.com/601283 https://bugzilla.novell.com/602969 https://bugzilla.novell.com/604183 https://bugzilla.novell.com/608366 https://bugzilla.novell.com/608576 https://bugzilla.novell.com/608933 https://bugzilla.novell.com/609134 https://bugzilla.novell.com/610296 https://bugzilla.novell.com/612213