openSUSE-SU-2011:0048-1 (important): SLE11 SP1

19 Jan 2011

      openSUSE Security Update: SLE11 SP1
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2011:0048-1
Rating:             important
References:         #595215 #602838 #615630 #628180 #636672 #637542 
                    #638258 #639803 #640878 #641105 #641811 #642043 
                    #642313 #642314 #642486 #643173 #643477 #645659 
                    #646226 #646542 #646702 #646908 #647567 #648112 
                    #648701 #649187 #649548 #650067 #650185 #650487 
                    #650748 #651066 #651218 #651596 #652024 #652293 
                    #652563 #652603 #652842 #652939 #652940 #652945 
                    #653148 #653258 #653260 #653266 #653800 #653930 
                    #654150 #654530 #654581 #654701 #654837 #654967 
                    #655027 #655278 #656471 #657324 #657350 #657412 
                    #657415 #657976 #658464 #658829 #659144 
Cross-References:   CVE-2010-3437 CVE-2010-3861 CVE-2010-3874
                    CVE-2010-3881 CVE-2010-4072 CVE-2010-4073
                    CVE-2010-4082 CVE-2010-4083 CVE-2010-4157
                    CVE-2010-4158 CVE-2010-4160 CVE-2010-4162
                    CVE-2010-4163 CVE-2010-4164 CVE-2010-4165
                    CVE-2010-4169 CVE-2010-4175 CVE-2010-4258

Affected Products:
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 18 vulnerabilities and has 47 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 11 Service Pack 1 kernel was
   updated to 2.6.32.27 and fixes various bugs and security
   issues.

   Following security issues were fixed: CVE-2010-4258: A
   local attacker could use a Oops (kernel crash) caused by
   other flaws to write a 0 byte to a attacker controlled
   address in the kernel. This could lead to privilege
   escalation together with other issues.

   CVE-2010-4160: A overflow in sendto() and recvfrom()
   routines was fixed that could be used by local attackers to
   potentially crash the kernel using some socket families
   like L2TP.

   CVE-2010-4157: A 32bit vs 64bit integer mismatch in
   gdth_ioctl_alloc could lead to memory corruption in the
   GDTH driver.

   CVE-2010-4165: The do_tcp_setsockopt function in
   net/ipv4/tcp.c in the Linux kernel did not properly
   restrict TCP_MAXSEG (aka MSS) values, which allowed local
   users to cause a denial of service (OOPS) via a setsockopt
   call that specifies a small value, leading to a
   divide-by-zero error or incorrect use of a signed integer.

   CVE-2010-4164: A remote (or local) attacker communicating
   over X.25 could cause a kernel panic by attempting to
   negotiate malformed facilities.

   CVE-2010-4175: A local attacker could cause memory overruns
   in the RDS protocol stack, potentially crashing the kernel.
   So far it is considered not to be exploitable.

   CVE-2010-4169: Use-after-free vulnerability in
   mm/mprotect.c in the Linux kernel allwed local users to
   cause a denial of service via vectors involving an mprotect
   system call.

   CVE-2010-3874: A minor heap overflow in the CAN network
   module was fixed. Due to nature of the memory allocator it
   is likely not exploitable.

   CVE-2010-4158: A memory information leak in berkely packet
   filter rules allowed local attackers to read uninitialized
   memory of the kernel stack.

   CVE-2010-4162: A local denial of service in the blockdevice
   layer was fixed.

   CVE-2010-4163: By submitting certain I/O requests with 0
   length, a local user could have caused a kernel panic.

   CVE-2010-3861: The ethtool_get_rxnfc function in
   net/core/ethtool.c in the Linux kernel did not initialize a
   certain block of heap memory, which allowed local users to
   obtain potentially sensitive information via an
   ETHTOOL_GRXCLSRLALL ethtool command with a large
   info.rule_cnt value.

   CVE-2010-3881: arch/x86/kvm/x86.c in the Linux kernel did
   not initialize certain structure members, which allowed
   local users to obtain potentially sensitive information
   from kernel stack memory via read operations on the
   /dev/kvm device.

   CVE-2010-3437: A range checking overflow in pktcdvd ioctl
   was fixed.

   CVE-2010-4082: The viafb_ioctl_get_viafb_info function in
   drivers/video/via/ioctl.c in the Linux kernel did not
   properly initialize a certain structure member, which
   allowed local users to obtain potentially sensitive
   information from kernel stack memory via a VIAFB_GET_INFO
   ioctl call.

   CVE-2010-4073: The ipc subsystem in the Linux kernel did
   not initialize certain structures, which allowed local
   users to obtain potentially sensitive information from
   kernel stack memory via vectors related to the (1)
   compat_sys_semctl, (2) compat_sys_msgctl, and (3)
   compat_sys_shmctl functions in ipc/compat.c; and the (4)
   compat_sys_mq_open and (5) compat_sys_mq_getsetattr
   functions in ipc/compat_mq.c.

   CVE-2010-4072: The copy_shmid_to_user function in ipc/shm.c
   in the Linux kernel did not initialize a certain structure,
   which allowed local users to obtain potentially sensitive
   information from kernel stack memory via vectors related to
   the shmctl system call and the "old shm interface."

   CVE-2010-4083: The copy_semid_to_user function in ipc/sem.c
   in the Linux kernel did not initialize a certain structure,
   which allowed local users to obtain potentially sensitive
   information from kernel stack memory via a (1) IPC_INFO,
   (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a
   semctl system call.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Package List:

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-2.6.32.27-0.2.2

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-2.6.32.27-0.2.2

   - SLE 11 SERVER Unsupported Extras (ppc64):

      kernel-ppc64-extra-2.6.32.27-0.2.2

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-2.6.32.27-0.2.2

References:

   http://support.novell.com/security/cve/CVE-2010-3437.html
   http://support.novell.com/security/cve/CVE-2010-3861.html
   http://support.novell.com/security/cve/CVE-2010-3874.html
   http://support.novell.com/security/cve/CVE-2010-3881.html
   http://support.novell.com/security/cve/CVE-2010-4072.html
   http://support.novell.com/security/cve/CVE-2010-4073.html
   http://support.novell.com/security/cve/CVE-2010-4082.html
   http://support.novell.com/security/cve/CVE-2010-4083.html
   http://support.novell.com/security/cve/CVE-2010-4157.html
   http://support.novell.com/security/cve/CVE-2010-4158.html
   http://support.novell.com/security/cve/CVE-2010-4160.html
   http://support.novell.com/security/cve/CVE-2010-4162.html
   http://support.novell.com/security/cve/CVE-2010-4163.html
   http://support.novell.com/security/cve/CVE-2010-4164.html
   http://support.novell.com/security/cve/CVE-2010-4165.html
   http://support.novell.com/security/cve/CVE-2010-4169.html
   http://support.novell.com/security/cve/CVE-2010-4175.html
   http://support.novell.com/security/cve/CVE-2010-4258.html
   https://bugzilla.novell.com/595215
   https://bugzilla.novell.com/602838
   https://bugzilla.novell.com/615630
   https://bugzilla.novell.com/628180
   https://bugzilla.novell.com/636672
   https://bugzilla.novell.com/637542
   https://bugzilla.novell.com/638258
   https://bugzilla.novell.com/639803
   https://bugzilla.novell.com/640878
   https://bugzilla.novell.com/641105
   https://bugzilla.novell.com/641811
   https://bugzilla.novell.com/642043
   https://bugzilla.novell.com/642313
   https://bugzilla.novell.com/642314
   https://bugzilla.novell.com/642486
   https://bugzilla.novell.com/643173
   https://bugzilla.novell.com/643477
   https://bugzilla.novell.com/645659
   https://bugzilla.novell.com/646226
   https://bugzilla.novell.com/646542
   https://bugzilla.novell.com/646702
   https://bugzilla.novell.com/646908
   https://bugzilla.novell.com/647567
   https://bugzilla.novell.com/648112
   https://bugzilla.novell.com/648701
   https://bugzilla.novell.com/649187
   https://bugzilla.novell.com/649548
   https://bugzilla.novell.com/650067
   https://bugzilla.novell.com/650185
   https://bugzilla.novell.com/650487
   https://bugzilla.novell.com/650748
   https://bugzilla.novell.com/651066
   https://bugzilla.novell.com/651218
   https://bugzilla.novell.com/651596
   https://bugzilla.novell.com/652024
   https://bugzilla.novell.com/652293
   https://bugzilla.novell.com/652563
   https://bugzilla.novell.com/652603
   https://bugzilla.novell.com/652842
   https://bugzilla.novell.com/652939
   https://bugzilla.novell.com/652940
   https://bugzilla.novell.com/652945
   https://bugzilla.novell.com/653148
   https://bugzilla.novell.com/653258
   https://bugzilla.novell.com/653260
   https://bugzilla.novell.com/653266
   https://bugzilla.novell.com/653800
   https://bugzilla.novell.com/653930
   https://bugzilla.novell.com/654150
   https://bugzilla.novell.com/654530
   https://bugzilla.novell.com/654581
   https://bugzilla.novell.com/654701
   https://bugzilla.novell.com/654837
   https://bugzilla.novell.com/654967
   https://bugzilla.novell.com/655027
   https://bugzilla.novell.com/655278
   https://bugzilla.novell.com/656471
   https://bugzilla.novell.com/657324
   https://bugzilla.novell.com/657350
   https://bugzilla.novell.com/657412
   https://bugzilla.novell.com/657415
   https://bugzilla.novell.com/657976
   https://bugzilla.novell.com/658464
   https://bugzilla.novell.com/658829
   https://bugzilla.novell.com/659144

opensuse-security＠opensuse.org

tags

participants (1)